Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1524651
MD5: f37e0267c53ae8e94fe38e87524b8c45
SHA1: facaa93a619ab87da8ac448dd1fc71fb72e5380e
SHA256: 3ecf0a5fdc66d37c9e726334a0e57d6dc1e3ab622653d032f8db827185cc7c80
Tags: exeuser-Bitsight
Infos:

Detection

Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Creates multiple autostart registry keys
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Sigma detected: New RUN Key Pointing to Suspicious Folder
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for domain / URL
Source: https://yalubluseks.eu/get_updatX Virustotal: Detection: 7% Perma Link
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Virustotal: Detection: 23% Perma Link
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Virustotal: Detection: 23% Perma Link
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 18%
Source: file.exe Virustotal: Detection: 23% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.8% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Source: unknown HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52933 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52954 version: TLS 1.2
Source: file.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb=" source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbTM source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.pdbpdbtem.pdbon n source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\exe\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 3{C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb_+f source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbL}) source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs' source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: m0C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb( source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb`V source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbt source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB0 source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbrL source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.PDBgi~m source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\exe\LKSM.pdbo+v source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb35$ source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Core.pdbte source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor$ source: GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: {%%.pdb source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Core.pdbSe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdbN source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source: Binary string: \??\C:\Windows\System.Core.pdby source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdbV source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Core.pdb%&, source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor4 source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: m0C:\Windows\mscorlib.pdby source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb ~, source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: osymbols\dll\mscorlib.pdbLb source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb-Vs source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb9 source: GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: LKSM.pdb< source: WER951D.tmp.dmp.17.dr
Source: Binary string: mscorlib.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tLKSM.pdbpo source: LKMService.exe, 0000000F.00000002.2519054896.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Core.pdbps source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\LKSM.pdbpdbKSM.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: LKSM.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbe6 source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb@=B source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbo source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb/# source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: %%.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.pdbti source: WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdbe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbY= source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbt source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: m.pdb# source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Core.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: System.pdb4 source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr
Source: Binary string: symbols\dll\mscorlib.pdbLb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb3 source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdb source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb**# source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: m.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbp source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Jump to behavior
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View IP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox View IP Address: 172.67.74.152 172.67.74.152
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
May check the online IP address of the machine
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Source: unknown DNS query: name: api.ipify.org
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52934 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52966 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52928 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49715 -> 172.67.74.152:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52925 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52964 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52958 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52953 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52937 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52960 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52932 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52972 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52955 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52942 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52967 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52918 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52923 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52939 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52948 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52950 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52926 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52974 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52944 -> 104.26.12.205:80
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52969 -> 104.26.12.205:80
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic DNS traffic detected: DNS query: api.ipify.org
Source: global traffic DNS traffic detected: DNS query: yalubluseks.eu
Source: global traffic DNS traffic detected: DNS query: 57.122.6.0.in-addr.arpa
Source: unknown HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://api.ipify.org
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.ipify.org/
Source: LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.ipify.orgD
Source: LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.ipify.orgd
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: LKMService.exe, 00000002.00000002.4677000904.00000000058B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://yalubluseks.eu
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://yalubluseks.eud
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: https://pidgin.im0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: https://sectigo.com/CPS0
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr String found in binary or memory: https://yalubluseks.eu/
Source: LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/get_filT
Source: LKMService.exe, 00000002.00000002.4661088450.000000000246A000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000024E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/get_file.php
Source: LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/get_updatX
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000024E3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/get_update.php
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/get_update.phpT
Source: LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/receiPt
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.000000000246A000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000024E3000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002412000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/receive.php
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.eu/t
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yalubluseks.euD
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52956
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52954
Source: unknown Network traffic detected: HTTP traffic on port 52949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52959
Source: unknown Network traffic detected: HTTP traffic on port 52970 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52952
Source: unknown Network traffic detected: HTTP traffic on port 52959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52951
Source: unknown Network traffic detected: HTTP traffic on port 52935 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52941 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52945 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52919
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52921
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 52975 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52927
Source: unknown Network traffic detected: HTTP traffic on port 52954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52927 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52920
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52961
Source: unknown Network traffic detected: HTTP traffic on port 52979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52962
Source: unknown Network traffic detected: HTTP traffic on port 52938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52940 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52929
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52979
Source: unknown Network traffic detected: HTTP traffic on port 52976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52933
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52938
Source: unknown Network traffic detected: HTTP traffic on port 52930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52936
Source: unknown Network traffic detected: HTTP traffic on port 52920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52970
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52971
Source: unknown Network traffic detected: HTTP traffic on port 52957 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52930
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52973
Source: unknown Network traffic detected: HTTP traffic on port 52962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52933 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52943
Source: unknown Network traffic detected: HTTP traffic on port 52973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52949
Source: unknown Network traffic detected: HTTP traffic on port 52929 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52981
Source: unknown Network traffic detected: HTTP traffic on port 52921 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52980
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52941
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 52940
Source: unknown Network traffic detected: HTTP traffic on port 52936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52980 -> 443
Source: unknown HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52933 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52954 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name: ."Rv
Source: LKMService.exe.0.dr Static PE information: section name: ."Rv
Source: GoogleUpdater.exe.2.dr Static PE information: section name: ."Rv
Contains functionality to call native functions
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF5D50 NtProtectVirtualMemory, 0_2_04DF5D50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF6230 NtAllocateVirtualMemory, 0_2_04DF6230
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF61F8 NtAllocateVirtualMemory, 0_2_04DF61F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF5D49 NtProtectVirtualMemory, 0_2_04DF5D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B5D50 NtProtectVirtualMemory, 2_2_049B5D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B6230 NtAllocateVirtualMemory, 2_2_049B6230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B5D49 NtProtectVirtualMemory, 2_2_049B5D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E5D50 NtProtectVirtualMemory, 3_2_050E5D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E6230 NtAllocateVirtualMemory, 3_2_050E6230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E5D49 NtProtectVirtualMemory, 3_2_050E5D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05255D50 NtProtectVirtualMemory, 4_2_05255D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05256230 NtAllocateVirtualMemory, 4_2_05256230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05255D49 NtProtectVirtualMemory, 4_2_05255D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_052561F2 NtAllocateVirtualMemory, 4_2_052561F2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05205D50 NtProtectVirtualMemory, 11_2_05205D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05206230 NtAllocateVirtualMemory, 11_2_05206230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05205D49 NtProtectVirtualMemory, 11_2_05205D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05206213 NtAllocateVirtualMemory, 11_2_05206213
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04885D50 NtProtectVirtualMemory, 15_2_04885D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04886230 NtAllocateVirtualMemory, 15_2_04886230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04885D49 NtProtectVirtualMemory, 15_2_04885D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0488620D NtAllocateVirtualMemory, 15_2_0488620D
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC5D50 NtProtectVirtualMemory, 18_2_04AC5D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC6230 NtAllocateVirtualMemory, 18_2_04AC6230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC61F2 NtAllocateVirtualMemory, 18_2_04AC61F2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC5D49 NtProtectVirtualMemory, 18_2_04AC5D49
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE1098 0_2_00FE1098
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE9028 0_2_00FE9028
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEC1B8 0_2_00FEC1B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE9198 0_2_00FE9198
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE9A30 0_2_00FE9A30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEDE07 0_2_00FEDE07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEA604 0_2_00FEA604
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEB7B8 0_2_00FEB7B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEA0A8 0_2_00FEA0A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE9019 0_2_00FE9019
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEC1A9 0_2_00FEC1A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE9187 0_2_00FE9187
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE0AB9 0_2_00FE0AB9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEA280 0_2_00FEA280
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEA270 0_2_00FEA270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEBE99 0_2_00FEBE99
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEDFC7 0_2_00FEDFC7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE8FB0 0_2_00FE8FB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF0040 0_2_04DF0040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF2DF0 0_2_04DF2DF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF76B0 0_2_04DF76B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF0007 0_2_04DF0007
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF6DC8 0_2_04DF6DC8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF55C8 0_2_04DF55C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF39EF 0_2_04DF39EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF2DEC 0_2_04DF2DEC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF858F 0_2_04DF858F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF85A0 0_2_04DF85A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF4538 0_2_04DF4538
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF3290 0_2_04DF3290
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF4E40 0_2_04DF4E40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF3A00 0_2_04DF3A00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF5200 0_2_04DF5200
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF2BB8 0_2_04DF2BB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF3758 0_2_04DF3758
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF4750 0_2_04DF4750
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF3748 0_2_04DF3748
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF8B70 0_2_04DF8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E1098 2_2_009E1098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E9028 2_2_009E9028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E9198 2_2_009E9198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EC1B8 2_2_009EC1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E9A30 2_2_009E9A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EC3D8 2_2_009EC3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EB7B8 2_2_009EB7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E108A 2_2_009E108A
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EA0A8 2_2_009EA0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EA0A0 2_2_009EA0A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E9187 2_2_009E9187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EC1A9 2_2_009EC1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EA280 2_2_009EA280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E0A81 2_2_009E0A81
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EBE99 2_2_009EBE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EDE07 2_2_009EDE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009E7FA7 2_2_009E7FA7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_009EDFC7 2_2_009EDFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B2DF0 2_2_049B2DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B76B0 2_2_049B76B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049BEE50 2_2_049BEE50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B0040 2_2_049B0040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049BBCF5 2_2_049BBCF5
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B85A0 2_2_049B85A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B55C8 2_2_049B55C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B6DC8 2_2_049B6DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B2DE2 2_2_049B2DE2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B4538 2_2_049B4538
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049BEE41 2_2_049BEE41
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B4E40 2_2_049B4E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B3758 2_2_049B3758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B4750 2_2_049B4750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B3748 2_2_049B3748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B39EF 2_2_049B39EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B3290 2_2_049B3290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B3A00 2_2_049B3A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B5200 2_2_049B5200
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B2BB8 2_2_049B2BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B2BA9 2_2_049B2BA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B8B70 2_2_049B8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_0120C1B8 3_2_0120C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_01209028 3_2_01209028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_01201098 3_2_01201098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_01209AC5 3_2_01209AC5
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_0120C480 3_2_0120C480
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_0120B7B8 3_2_0120B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_01209187 3_2_01209187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_0120A0A8 3_2_0120A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_0120A280 3_2_0120A280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_0120DFC7 3_2_0120DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_0120DE07 3_2_0120DE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E2DF0 3_2_050E2DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E0040 3_2_050E0040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E76B0 3_2_050E76B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E453D 3_2_050E453D
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E85A0 3_2_050E85A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E6DC8 3_2_050E6DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E55DD 3_2_050E55DD
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E39EF 3_2_050E39EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E2DEC 3_2_050E2DEC
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E3748 3_2_050E3748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E3758 3_2_050E3758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E4765 3_2_050E4765
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E8B70 3_2_050E8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E2BBD 3_2_050E2BBD
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E2BB8 3_2_050E2BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E3A00 3_2_050E3A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E3290 3_2_050E3290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E4EC5 3_2_050E4EC5
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BB9A30 4_2_02BB9A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBC3D8 4_2_02BBC3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BB1098 4_2_02BB1098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BB9028 4_2_02BB9028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBC1B8 4_2_02BBC1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BB9198 4_2_02BB9198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBB7B8 4_2_02BBB7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBA4A8 4_2_02BBA4A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBA280 4_2_02BBA280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBA270 4_2_02BBA270
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBA0A8 4_2_02BBA0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BB108A 4_2_02BB108A
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BB9018 4_2_02BB9018
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBC1A9 4_2_02BBC1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BB9187 4_2_02BB9187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBBE99 4_2_02BBBE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBDE07 4_2_02BBDE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_02BBDFC7 4_2_02BBDFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05252DF0 4_2_05252DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05250040 4_2_05250040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_052576B0 4_2_052576B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05254529 4_2_05254529
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_052585A0 4_2_052585A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_0525858F 4_2_0525858F
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05252DE2 4_2_05252DE2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_052539EF 4_2_052539EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05256DC8 4_2_05256DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_052555C8 4_2_052555C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05250006 4_2_05250006
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05258B70 4_2_05258B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05253748 4_2_05253748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05254750 4_2_05254750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05253758 4_2_05253758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05252BB8 4_2_05252BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05253A00 4_2_05253A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05254E40 4_2_05254E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05253290 4_2_05253290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120C1B8 11_2_0120C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_01209198 11_2_01209198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_01209028 11_2_01209028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_01201098 11_2_01201098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120C3D8 11_2_0120C3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_01209A30 11_2_01209A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120B7B8 11_2_0120B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120C1A9 11_2_0120C1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_01209187 11_2_01209187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120A069 11_2_0120A069
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120A0A8 11_2_0120A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_01201093 11_2_01201093
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120A280 11_2_0120A280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120DFC7 11_2_0120DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120DE07 11_2_0120DE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0120BE99 11_2_0120BE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05202DF0 11_2_05202DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05200040 11_2_05200040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_052076B0 11_2_052076B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05204529 11_2_05204529
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_052085A0 11_2_052085A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05202DEC 11_2_05202DEC
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_052039EF 11_2_052039EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05206DC8 11_2_05206DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_052055C8 11_2_052055C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05208B70 11_2_05208B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05203748 11_2_05203748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05204750 11_2_05204750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05203758 11_2_05203758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05202BA9 11_2_05202BA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05202BB8 11_2_05202BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05203A00 11_2_05203A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05204E40 11_2_05204E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05203290 11_2_05203290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_00689028 15_2_00689028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_00681098 15_2_00681098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068C1B8 15_2_0068C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_00689A30 15_2_00689A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068C480 15_2_0068C480
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068B7B8 15_2_0068B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068A0A8 15_2_0068A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068A280 15_2_0068A280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068DE07 15_2_0068DE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068BE99 15_2_0068BE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_0068DFC7 15_2_0068DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04880040 15_2_04880040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04882DF0 15_2_04882DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_048876B0 15_2_048876B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_048885A0 15_2_048885A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04886DC8 15_2_04886DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_048855C8 15_2_048855C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_048839EF 15_2_048839EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04882DE4 15_2_04882DE4
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04884538 15_2_04884538
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04883290 15_2_04883290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04883A00 15_2_04883A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04884E40 15_2_04884E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04882BB8 15_2_04882BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04883748 15_2_04883748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04883758 15_2_04883758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04884750 15_2_04884750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04888B70 15_2_04888B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A01098 18_2_00A01098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A09028 18_2_00A09028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0C1B8 18_2_00A0C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A09198 18_2_00A09198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A09A30 18_2_00A09A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0C3D8 18_2_00A0C3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0A4A8 18_2_00A0A4A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0B7B8 18_2_00A0B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0A0A8 18_2_00A0A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0108A 18_2_00A0108A
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0C1A9 18_2_00A0C1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A09187 18_2_00A09187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A00AC0 18_2_00A00AC0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0A270 18_2_00A0A270
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0A3C9 18_2_00A0A3C9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0BE99 18_2_00A0BE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0DE12 18_2_00A0DE12
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A08FFF 18_2_00A08FFF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_00A0DFC7 18_2_00A0DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC0040 18_2_04AC0040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC2DF0 18_2_04AC2DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC76B0 18_2_04AC76B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC0006 18_2_04AC0006
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC85A0 18_2_04AC85A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC858F 18_2_04AC858F
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC39EF 18_2_04AC39EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC2DE2 18_2_04AC2DE2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC6DC8 18_2_04AC6DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC55C8 18_2_04AC55C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC4529 18_2_04AC4529
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC3290 18_2_04AC3290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC3A00 18_2_04AC3A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC4E40 18_2_04AC4E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC2BA9 18_2_04AC2BA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC2BB8 18_2_04AC2BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC8B70 18_2_04AC8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC3748 18_2_04AC3748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC3758 18_2_04AC3758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC4750 18_2_04AC4750
One or more processes crash
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 932
PE / OLE file has an invalid certificate
Source: file.exe Static PE information: invalid certificate
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.2203991807.00000000009CE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.2208484038.0000000008100000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: file.exe, 00000000.00000000.2197367988.00000000005D0000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: file.exe Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: classification engine Classification label: mal88.winEXE@13/88@6/3
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3172
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6280
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess884
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6856
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater Jump to behavior
Source: file.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe ReversingLabs: Detection: 18%
Source: file.exe Virustotal: Detection: 23%
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 932
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 932
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 932
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 932
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32 Jump to behavior
Source: LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk.0.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f5a844d131a542409d15c7be5595addc.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e473bf015e6148daa821e9cdba096597.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_513aa6e3c652483682fd1f51e46a8bd3.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c365a14f7cc645439df5ba22b5f10906.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_38b12ffdc3054b75a4cc42355d27321a.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6bbe8cc63bcf4ed199794d58d51e869f.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_88f655959b0548ed994a963bf2f1d4d9.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_80b58aa1ecd34f41b1ed729e00929f51.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_baaca187cd3746ad83aad8ceea07a8c5.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_385556207e4d49bb88bb33a72ac98a68.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d827f342fe9c4f3d948a33ec240811fd.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7e8ecf4f001c41edb4100bd58d1d004f.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2d708224935546eb848b785f0206ad51.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9e92297ac52847c3a122730984e5abd1.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d5b565aee0b842f89c22c5f172678df9.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_aa8be52a868740eab8f8ec82641ac0c1.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f619a40d28e44231bbc0b75adc7e6593.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3a7884e208224a6c873f89801ccde078.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_70b4bf6c89434abb9c4a92d4a3107a31.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a37d9ccfb0194adf8213dc3f6997f78f.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ec7e774008154f3596c8e5c3ca65b43a.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\GoogleUpdater.exe
Source: LKMService_8b0b963caf834d029f35df17c1c436c7.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1bc86309aad64beaaba50da47f1fe248.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7a283f2dc44047f9b90f76f7687c84db.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3334419e53b3488ca85ae4de076f47dc.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_621b8830c943464c9d47e42d99b46857.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a0df83e3640e4d8d8bc92cc51336f2f5.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1260347513fa42eb8dbca954b1f9766f.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_30649bb19ccb493bae273224706f8bba.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7b11985b0f4a44efbcfa9ebcdda85610.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f259adaf5ff645509c195bf263dfd55e.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c894375b99af48eb88116328de9ffb98.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_856eb967065a4a3faa5cc998ae92f005.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0f1fdcd72fa2443cb400c03502902fe9.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8127c9e300df4816a3f8c0b347934bf0.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e64ab677b62d4831a2902f3e6bff49df.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d97d239314814309aa82de22ff2626e0.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d9ae47459b854ee78156fea739ee2eba.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f398b917ebdf42d684e3df08d449596d.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d550e8040e9f44f19bffddc3e8e06d5e.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_28a5b517ff724da4be16ea4aaf5a357c.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ed539e9b377a47aebbf43d3ea0cb839e.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7d29b77eb5544048bf84a48c0bc966be.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a97a4cd7e177496cae1d18f2d60edeb6.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_fff188210d924c868774a26b37b1f9c9.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_acbb346df900467ebd8c2c0ce13844f9.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2d07a0547ac04ab9af7372ee910ba6b1.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b87af243048a4cb58e7fbbcc09d4d0bb.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_687a9749c9a44df689e436ec246c5fcc.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_92fa881b504c497db058025dd6cb3bc4.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7172ee7a982744218b205a6832554ab3.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_17b0682e31094ae8b61542e0fc483319.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8f3c4b00bddc456e9c6e890ed0339b68.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_111bb590f9e24471b247ca4b4d7fd194.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_270b1265d8e74892bac3d731d24190c0.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_59312c45173e49bd8b855b176d5a495f.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_284cd24aa4e1493cb8422375a300e535.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_75bc3afdb6384591b03d648ecbb02287.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c460e1bb0908400c8719e2ff6efc6472.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_255ec7c5f6124168899ab52eb1fb3db9.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ee6262db977148f9b6ce41041a0fbdf7.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_46234ffc04244b23ac4dc3e0979a0b7d.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_41851dcfce50420bb4154e63f25f2a8e.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5f419d2562814795914a60f7e574128b.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ba60f2e1542943c49cb63fcb463703a8.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9dac438bfec04a60812adddf7761318f.lnk.2.dr LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: file.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: file.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb=" source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbTM source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.pdbpdbtem.pdbon n source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\exe\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 3{C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb_+f source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbL}) source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs' source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: m0C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb( source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb`V source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Core.pdbpdbore.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbt source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB0 source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbrL source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.PDBgi~m source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\exe\LKSM.pdbo+v source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb35$ source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Core.pdbte source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor$ source: GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: {%%.pdb source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Core.pdbSe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdbN source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source: Binary string: \??\C:\Windows\System.Core.pdby source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdbV source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Core.pdb%&, source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor4 source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: m0C:\Windows\mscorlib.pdby source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb ~, source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: osymbols\dll\mscorlib.pdbLb source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb-Vs source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb9 source: GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: LKSM.pdb< source: WER951D.tmp.dmp.17.dr
Source: Binary string: mscorlib.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tLKSM.pdbpo source: LKMService.exe, 0000000F.00000002.2519054896.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Core.pdbps source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\LKSM.pdbpdbKSM.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: LKSM.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbe6 source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb@=B source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbo source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb/# source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: %%.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.pdbti source: WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Windows\symbols\dll\System.Core.pdbe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbY= source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbt source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: m.pdb# source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Core.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: System.pdb4 source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr
Source: Binary string: symbols\dll\mscorlib.pdbLb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb3 source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdb source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb**# source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: m.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbp source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: System.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source: Binary string: System.Core.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Binary contains a suspicious time stamp
Source: file.exe Static PE information: 0xD12A4096 [Fri Mar 14 19:46:30 2081 UTC]
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: ."Rv
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name: .wyi
Source: file.exe Static PE information: section name: ."Rv
Source: LKMService.exe.0.dr Static PE information: section name: .wyi
Source: LKMService.exe.0.dr Static PE information: section name: ."Rv
Source: GoogleUpdater.exe.2.dr Static PE information: section name: .wyi
Source: GoogleUpdater.exe.2.dr Static PE information: section name: ."Rv
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF5EE7 pushfd ; retf 0_2_04DF5EF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF7FA8 push esp; iretd 0_2_04DF7FA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_04DF7F48 pushad ; iretd 0_2_04DF7FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B5EE7 pushfd ; retf 2_2_049B5EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 2_2_049B7F48 pushad ; iretd 2_2_049B7FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E7F48 pushad ; iretd 3_2_050E7FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E7FA8 push esp; iretd 3_2_050E7FA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 3_2_050E5EE7 pushfd ; retf 3_2_050E5EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05257F48 pushad ; iretd 4_2_05257FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 4_2_05255EE7 pushfd ; retf 4_2_05255EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_0520801D push es; ret 11_2_0520801E
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05207F10 push cs; ret 11_2_05207F16
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05207F48 pushad ; iretd 11_2_05207FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05207FA8 push esp; iretd 11_2_05207FA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 11_2_05205EE7 pushfd ; retf 11_2_05205EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04887FA2 push esp; iretd 15_2_04887FA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Code function: 15_2_04887F58 pushad ; iretd 15_2_04887FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC5EE7 pushfd ; retf 18_2_04AC5EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Code function: 18_2_04AC7F48 pushad ; iretd 18_2_04AC7FA1
Source: file.exe Static PE information: section name: ."Rv entropy: 7.004647399293236
Source: LKMService.exe.0.dr Static PE information: section name: ."Rv entropy: 7.004647399293236
Source: GoogleUpdater.exe.2.dr Static PE information: section name: ."Rv entropy: 7.004647399293236
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Jump to dropped file

Boot Survival
barindex
Creates multiple autostart registry keys
Source: C:\Users\user\Desktop\file.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0 Jump to behavior
Creates a start menu entry (Start Menu\Programs\Startup)
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ec7e774008154f3596c8e5c3ca65b43a.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8b0b963caf834d029f35df17c1c436c7.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1bc86309aad64beaaba50da47f1fe248.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7a283f2dc44047f9b90f76f7687c84db.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_385556207e4d49bb88bb33a72ac98a68.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7e8ecf4f001c41edb4100bd58d1d004f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9e92297ac52847c3a122730984e5abd1.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d5b565aee0b842f89c22c5f172678df9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_aa8be52a868740eab8f8ec82641ac0c1.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f619a40d28e44231bbc0b75adc7e6593.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3a7884e208224a6c873f89801ccde078.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_70b4bf6c89434abb9c4a92d4a3107a31.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a37d9ccfb0194adf8213dc3f6997f78f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3334419e53b3488ca85ae4de076f47dc.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_621b8830c943464c9d47e42d99b46857.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a0df83e3640e4d8d8bc92cc51336f2f5.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1260347513fa42eb8dbca954b1f9766f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_30649bb19ccb493bae273224706f8bba.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7b11985b0f4a44efbcfa9ebcdda85610.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f259adaf5ff645509c195bf263dfd55e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c894375b99af48eb88116328de9ffb98.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_856eb967065a4a3faa5cc998ae92f005.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0f1fdcd72fa2443cb400c03502902fe9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8127c9e300df4816a3f8c0b347934bf0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e64ab677b62d4831a2902f3e6bff49df.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d97d239314814309aa82de22ff2626e0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d9ae47459b854ee78156fea739ee2eba.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f398b917ebdf42d684e3df08d449596d.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d550e8040e9f44f19bffddc3e8e06d5e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_28a5b517ff724da4be16ea4aaf5a357c.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ed539e9b377a47aebbf43d3ea0cb839e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7d29b77eb5544048bf84a48c0bc966be.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a97a4cd7e177496cae1d18f2d60edeb6.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fff188210d924c868774a26b37b1f9c9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_acbb346df900467ebd8c2c0ce13844f9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d07a0547ac04ab9af7372ee910ba6b1.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b87af243048a4cb58e7fbbcc09d4d0bb.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_687a9749c9a44df689e436ec246c5fcc.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_92fa881b504c497db058025dd6cb3bc4.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7172ee7a982744218b205a6832554ab3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17b0682e31094ae8b61542e0fc483319.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8f3c4b00bddc456e9c6e890ed0339b68.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_111bb590f9e24471b247ca4b4d7fd194.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c460e1bb0908400c8719e2ff6efc6472.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_255ec7c5f6124168899ab52eb1fb3db9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ee6262db977148f9b6ce41041a0fbdf7.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_46234ffc04244b23ac4dc3e0979a0b7d.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_41851dcfce50420bb4154e63f25f2a8e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f419d2562814795914a60f7e574128b.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ba60f2e1542943c49cb63fcb463703a8.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9dac438bfec04a60812adddf7761318f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f5a844d131a542409d15c7be5595addc.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e473bf015e6148daa821e9cdba096597.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_513aa6e3c652483682fd1f51e46a8bd3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c365a14f7cc645439df5ba22b5f10906.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_38b12ffdc3054b75a4cc42355d27321a.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6bbe8cc63bcf4ed199794d58d51e869f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_88f655959b0548ed994a963bf2f1d4d9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_80b58aa1ecd34f41b1ed729e00929f51.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_baaca187cd3746ad83aad8ceea07a8c5.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d827f342fe9c4f3d948a33ec240811fd.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d708224935546eb848b785f0206ad51.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_270b1265d8e74892bac3d731d24190c0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_59312c45173e49bd8b855b176d5a495f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_284cd24aa4e1493cb8422375a300e535.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_75bc3afdb6384591b03d648ecbb02287.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e4c3b32db63d4c3385d74139e1cfcce9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9b99dd99249a49b197b20c73f033070f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5589ec67c0e2448ca25656e7e16c73e3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_958c0b6e979e435bb4f60be1aee3dd03.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fc51083f46e44479828e6d9a79b9bb37.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a808b141de384ba28209e8f85ffef996.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_526295f827514b53bd18028cd35e87bd.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dd48efc11113448d9c44e8a8c157ad39.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_73b75d6015d7483b9bdcb14e44c1505c.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c6c8adfab8504d9095f55a114049f3d3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7854577d09e6431c88169fff1770e32e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0792a7c0e50544d6a4b11823b693efec.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a91dde4ec0654d5faa715ea0cd5636bb.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e7aec97c8bc4c58bc7e320cf8c9aed1.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ca5d77cba2b7460a9aed12793456440c.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5aba0e48cc6c41bfa9cec8d6d308f4e7.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f5ff322f4090403981ac575d9069d8a6.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f8222af956df4e9392ff70bf6cb8c75f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cfdb367c887a433aa95af059e0afbe21.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55d106e32ce949238a924c643bdcf373.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_26b5f12dcabf46c3b77f132db9dad925.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3db40f8d96c747958926b1eb567e5bd4.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_be81e1a44f8f4c5f9242ff357075b5d3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a278fa9619bf4a8490c564cef196d074.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_02e8a991ef3544eabda639153e7216b6.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_952cc57250e64b97b914a2957a5939ed.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_713d13d93ba54ba4a2bee5c605c845a3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9707391c32974477b52700f130ac1cb7.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_65b508a372044eed8b833fd4041f8819.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e223acbd469940358b359937201eb9b2.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d14ccb5487c8433d95506ecb32cb2690.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8aa4e48ffd54477592e44b825a1ff1b6.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6d603333c2b541768926d493700133a8.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_13feffee078442b98f35e9a38ad41756.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d9e42d35c8e343bdb56129036edf99d4.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_25338c699d96421aaf0a1ba93df7312c.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c36777343f8646bc9f8bb6efc22ef9b8.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_804cc7eb4d3c4c02a2c32d147219089a.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6231bf02d45e427bbb9b828041a02394.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_62cafd5f07ce4a59b8e60ed14dc1f8db.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_56db164c9f4845029d70161044c07596.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4cf4ef635c4442808a5c60a03abd63ad.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_878d667d16cd425ca300e21a7c362397.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d4b6a2fbd44d4fb2aa670d38ec1c4171.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b86cea4c7b9b4145a39b8715df791841.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_45ea511973cf478ba32bd0e0968190a7.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_38cb31f846c74a0983c4f6c57afbdef9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e3c5548913e44c70a6c8fd8334fb936e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b47ea55076ae47399a1e118ab814c225.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c42d1852306b4504949cf6ca50578a33.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5c3891242d6e480991eaf7fb6a231975.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_366bac00d9ea42899c996b8ef7ae09ac.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ac7edd4c5ae54bc6b3380c57aecd027e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5ebe19dd30dc44edb6e3a49112c74b32.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_273b67199e3d4092b2105bd699526255.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5a4812cb23b84f2e95f65dd4fa039549.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_350e2bcd0734472ab3901d5d2bd51ce7.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2a0472589b8d49d580c1e14bce93ad8e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4519eb4cbc3c4d47bc3f7d639374071e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9fb0273bb2b644a781d6c331178faddc.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a9acfe3ccaec43ec9fdb813dab7ecbc6.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_664fbf9e6e51431582fc5b1c0af457e3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1256348d10fc4ee0a7d0b9467a5418cd.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e28183393aa348268ac8c573d5502b1f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0afece5840df4176899b844c1d5c9e69.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_125c1fe126e14d0d9fac45186eb04ff2.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1e1d845915194135b12cc660ab6ebb4d.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5bac9b12a35b4a8abee5d849350d4cfe.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ece45098690b4892864172a47d52cf8f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ff0b2c7a1da5470f8bdba4c7d0d1baed.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_320177e11fbb4babb85356abf55e0b99.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c1e52c3798cb4024a6fd45d78ef65340.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_daef8724ed6347b895466620f5e665dc.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_640dcb995346434c96839d2d83742599.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bff12266345e44a9b496133053c7f263.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9b86ceab65de49c49beb8cb12c410381.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e0cda6700e20438397545917b25b60bc.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_167367bbfef04c4481dd697d094f8b63.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ae0f52f74f9348768b6eef36b80bbf5a.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c851befd38d2427d8d269a98d294e3a5.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f2bed5be759242edaf28dfd23e60fbb4.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dcfe5a74920d4318a87257b3fafacc01.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_34321b2281664b27a83ad01fa13bc0b3.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d7a9e1f71e674259bc6770546141070b.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bd6a94e54b01443cb6021458218b9ec9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_92941d340d434f5a9e68942462246f22.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_39159887f3204d8e8fefe4810af69af9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ae36cbf57bba423faea52eafbd67d52e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c282045190e841bc8018c75ed34f2677.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0760bad1395b4e6d9229cd7290d0bfd6.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dfb16a4487ec4beaa1b1d78b04a99008.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7dd43a72555644e192d6a68d17c5b960.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_10b941cabe434db3b065299af6c79bcc.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5e5ea231ea4e4ffca8c6bf1323ff31d9.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_82d2f3a5637a4c2080f8baf85285f4da.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_13c709e1909a4ba0924f2c6a918a488b.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_190b0e7ea3364aab9ab02f751d3fa36e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3facc06f597b4bdd8a739c4670a80246.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_575324352462440e8b12a1e982435c9f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b3aacf1dbd5e4d3392e7bf3232dc57cf.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d931f0e9333144269687eae7d6b8ea59.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_03b6bab1fde244d28447e08c325e4a07.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3f0be1f466f84181ba333a6df3a516b0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d65cc542a34b4da38cbe8960d3e8424b.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a36516a4c8cc471293cc601e09c286c1.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5176400ea1bc450d9688dfefc752db32.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ef824ea0ab1e402c87f6f1bf359c96ac.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_162795bda5fa46828118263a399b42b7.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1754dd6b32b448c08e8885636a675bf1.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_41af698d57e841f7a97a18d762254e95.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1e404b68114e438ea737eac2a2fab6e6.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8cc3aebaced943f9b806b6cb451bf3a1.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c1bdb7ca33394ca6a68f9cffd90716fd.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9435b417d7174818bc725d53c084ad74.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1a146399d9db47d9bee8edf48f4efb76.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_14b6d09a20e948a5a8f9a9a0b7ab87d8.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4bd582915a8c4bfb97fa91bd4328b1e0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f8ba6889c254ba58b476a41f22439d0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b26e46310f2a4f6d8edad21044105f29.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_34d44aca968f4415baf4a94db6ea8d00.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c74ff54973c3482b858e648393044bee.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d62bbecc00364362b14e059934ea6472.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7e2b335500384003acb1b579c9875623.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_90a28a31d7ae459b91fdf94045fbc96f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_97c93c184ade485a8a064ccc1c9187f0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_acf87a42bf4b41579f8273f723e7d17d.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ffdc1a459af0433ab31a6499a0a0e333.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e4514974b9824faaadddc6ac58593bda.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_78f230ec7acf4b448fe76a84bdefb047.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9a583ee01cd34464bae9e4d0a80d99f0.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8e2bc38730ba4c8c9b07b18681955891.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_66e1e244985c436985d58ec91647105d.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0f1fa8cf3f2b4bf2a7574c0e4b2f376c.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9de743c8e437443b88530f3fe7688358.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0c043eea2c7a4b4182fb993ee1edaf06.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_43e7d75dce6f4a87860706dd852faaba.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f4d1bce3b46d49aab44bc8d0febe542e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_61650c5e6ecd479ea5598de8190804d8.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_98e24bddde1946faad7ab9a2f3a7aa3f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17f7fee4e5104f968c19a4a9e6178d67.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3be1c6c02fcd4cbca121074b848dedc4.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e7e24d5a8d344423913a68fb440786f2.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_54d66de5935d4ecabaf6a00f0432d71e.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6d091b3309424e76ae47b7d1edd0307f.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3c9988356a104a099db4a06d01085945.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2bce08fd547d45aea7adcaabe45db843.lnk Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0 Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: F40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 2990000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: F40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4E00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 6E00000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 9E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 23B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 44B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 49C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 69C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 1200000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 2C20000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 1280000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 50F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 70F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 2B70000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 2DE0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 2BF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 5260000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 7260000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 1200000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 2DA0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 2B50000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 5210000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 7210000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 680000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 2340000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 4340000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 4890000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Memory allocated: 6890000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: A00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 25D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 2420000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 4AD0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Memory allocated: 6AD0000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Window / User API: threadDelayed 5467 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Window / User API: threadDelayed 4195 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Window / User API: threadDelayed 5484 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Window / User API: threadDelayed 4333 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 6392 Thread sleep count: 157 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6392 Thread sleep count: 123 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6036 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 3004 Thread sleep count: 5467 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 3004 Thread sleep count: 4195 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 2196 Thread sleep time: -13835058055282155s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 4368 Thread sleep time: -22136092888451448s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 1456 Thread sleep count: 5484 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 1456 Thread sleep count: 4333 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 4368 Thread sleep count: 34 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local\Temp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Jump to behavior
Source: LKMService.exe, 00000002.00000002.4677000904.00000000058A0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process queried: DebugPort
Enables debug privileges
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: unknown VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524651 Sample: file.exe Startdate: 03/10/2024 Architecture: WINDOWS Score: 88 44 yalubluseks.eu 2->44 46 api.ipify.org 2->46 48 57.122.6.0.in-addr.arpa 2->48 56 Multi AV Scanner detection for domain / URL 2->56 58 Multi AV Scanner detection for submitted file 2->58 60 Sigma detected: New RUN Key Pointing to Suspicious Folder 2->60 62 3 other signatures 2->62 8 file.exe 1 6 2->8         started        12 LKMService.exe 2->12         started        14 GoogleUpdater.exe 2->14         started        16 2 other processes 2->16 signatures3 process4 file5 38 C:\Users\user\AppData\...\LKMService.exe, PE32 8->38 dropped 40 C:\Users\...\LKMService.exe:Zone.Identifier, ASCII 8->40 dropped 42 C:\Users\user\AppData\Local\...\file.exe.log, CSV 8->42 dropped 70 Creates multiple autostart registry keys 8->70 18 LKMService.exe 16 217 8->18         started        23 WerFault.exe 3 21 12->23         started        25 WerFault.exe 14->25         started        27 WerFault.exe 16->27         started        29 WerFault.exe 16->29         started        signatures6 process7 dnsIp8 50 yalubluseks.eu 104.21.54.163, 443, 49716, 49717 CLOUDFLARENETUS United States 18->50 52 104.26.12.205, 52918, 52923, 52925 CLOUDFLARENETUS United States 18->52 54 api.ipify.org 172.67.74.152, 49715, 80 CLOUDFLARENETUS United States 18->54 34 C:\Users\user\AppData\...behaviorgraphoogleUpdater.exe, PE32 18->34 dropped 36 C:\...behaviorgraphoogleUpdater.exe:Zone.Identifier, ASCII 18->36 dropped 64 Multi AV Scanner detection for dropped file 18->64 66 Machine Learning detection for dropped file 18->66 68 Creates multiple autostart registry keys 18->68 31 GoogleUpdater.exe 18->31         started        file9 signatures10 process11 signatures12 72 Multi AV Scanner detection for dropped file 31->72 74 Machine Learning detection for dropped file 31->74
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.26.12.205
 unknown United States
13335 CLOUDFLARENETUS false
104.21.54.163
 yalubluseks.eu United States
13335 CLOUDFLARENETUS false
172.67.74.152
 api.ipify.org United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
api.ipify.org 172.67.74.152 true
yalubluseks.eu 104.21.54.163 true
57.122.6.0.in-addr.arpa unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://api.ipify.org/ false unknown
https://yalubluseks.eu/get_update.php false unknown
https://yalubluseks.eu/receive.php false unknown
https://yalubluseks.eu/get_file.php false unknown