Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1524705
MD5:	cdb17e17bc4e4d51fde6a4620cec014c
SHA1:	c184c6c58a66555685be713dcd2d11e6f0af7c37
SHA256:	b10c9d5286c17c05f587660664ab7f5723817fc98343c02c6b91ccc562e1019f
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Creates multiple autostart registry keys

Machine Learning detection for dropped file

Machine Learning detection for sample

Sigma detected: New RUN Key Pointing to Suspicious Folder

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 7128 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CDB17E17BC4E4D51FDE6A4620CEC014C)

LKMService.exe (PID: 6480 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: CDB17E17BC4E4D51FDE6A4620CEC014C)

GoogleUpdater.exe (PID: 3704 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker MD5: CDB17E17BC4E4D51FDE6A4620CEC014C)

LKMService.exe (PID: 6576 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: CDB17E17BC4E4D51FDE6A4620CEC014C)

WerFault.exe (PID: 6336 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

GoogleUpdater.exe (PID: 5316 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" MD5: CDB17E17BC4E4D51FDE6A4620CEC014C)

WerFault.exe (PID: 6092 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 948 MD5: C31336C1EFC2CCB44B4326EA793040F2)

LKMService.exe (PID: 2488 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: CDB17E17BC4E4D51FDE6A4620CEC014C)

GoogleUpdater.exe (PID: 7124 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" MD5: CDB17E17BC4E4D51FDE6A4620CEC014C)

cleanup

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7128, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKMService_fb6c211cefa74248b703266e5d81f6eb

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7128, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKMService_fb6c211cefa74248b703266e5d81f6eb

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7128, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_472749f636994be5bfcb24189b3266c5.lnk

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T06:52:22.284067+0200	2803305	3	Unknown Traffic	192.168.2.4	49730	104.26.13.205	80	TCP
2024-10-03T06:52:50.002947+0200	2803305	3	Unknown Traffic	192.168.2.4	49749	104.26.13.205	80	TCP
2024-10-03T06:52:58.253241+0200	2803305	3	Unknown Traffic	192.168.2.4	49753	104.26.13.205	80	TCP
2024-10-03T06:53:26.706160+0200	2803305	3	Unknown Traffic	192.168.2.4	49758	104.26.13.205	80	TCP
2024-10-03T06:53:28.096804+0200	2803305	3	Unknown Traffic	192.168.2.4	49760	104.26.13.205	80	TCP
2024-10-03T06:53:34.768713+0200	2803305	3	Unknown Traffic	192.168.2.4	49763	104.26.13.205	80	TCP
2024-10-03T06:53:36.121497+0200	2803305	3	Unknown Traffic	192.168.2.4	49765	104.26.13.205	80	TCP
2024-10-03T06:53:41.940710+0200	2803305	3	Unknown Traffic	192.168.2.4	49770	104.26.13.205	80	TCP
2024-10-03T06:54:03.768921+0200	2803305	3	Unknown Traffic	192.168.2.4	49773	104.26.13.205	80	TCP
2024-10-03T06:54:05.441049+0200	2803305	3	Unknown Traffic	192.168.2.4	49775	104.26.13.205	80	TCP
2024-10-03T06:54:36.768983+0200	2803305	3	Unknown Traffic	192.168.2.4	49780	104.26.13.205	80	TCP
2024-10-03T06:54:41.566411+0200	2803305	3	Unknown Traffic	192.168.2.4	49785	104.26.13.205	80	TCP
2024-10-03T06:54:46.924616+0200	2803305	3	Unknown Traffic	192.168.2.4	49788	104.26.13.205	80	TCP
2024-10-03T06:54:53.534701+0200	2803305	3	Unknown Traffic	192.168.2.4	49792	104.26.13.205	80	TCP
2024-10-03T06:54:55.154634+0200	2803305	3	Unknown Traffic	192.168.2.4	49794	104.26.13.205	80	TCP
2024-10-03T06:55:10.831557+0200	2803305	3	Unknown Traffic	192.168.2.4	49797	104.26.13.205	80	TCP
2024-10-03T06:55:11.940926+0200	2803305	3	Unknown Traffic	192.168.2.4	49797	104.26.13.205	80	TCP
2024-10-03T06:55:20.659777+0200	2803305	3	Unknown Traffic	192.168.2.4	49801	104.26.13.205	80	TCP
2024-10-03T06:55:22.331566+0200	2803305	3	Unknown Traffic	192.168.2.4	49803	104.26.13.205	80	TCP
2024-10-03T06:55:26.644055+0200	2803305	3	Unknown Traffic	192.168.2.4	49803	104.26.13.205	80	TCP
2024-10-03T06:55:27.644138+0200	2803305	3	Unknown Traffic	192.168.2.4	49803	104.26.13.205	80	TCP
2024-10-03T06:55:27.831777+0200	2803305	3	Unknown Traffic	192.168.2.4	49806	104.26.13.205	80	TCP
2024-10-03T06:55:27.862920+0200	2803305	3	Unknown Traffic	192.168.2.4	49807	104.26.13.205	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for domain / URL

Source: https://yalubluseks.eu/get_updatX	Virustotal: Detection: 7%			Perma Link
Source: https://yalubluseks.eu/receiP	Virustotal: Detection: 7%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	ReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Virustotal: Detection: 34%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	ReversingLabs: Detection: 16%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Virustotal: Detection: 34%	Perma Link

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 15%
Source: file.exe	Virustotal: Detection: 34%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb$_ source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: n0C:\Windows\mscorlib.pdb source: GoogleUpdater.exe, 00000009.00000002.2253480045.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdbtq" source: GoogleUpdater.exe, 00000009.00000002.2253802251.0000000000F86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: SHA1ows\mscorlib.pdb source: GoogleUpdater.exe, 00000009.00000002.2253802251.0000000000F86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbL0 source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: ws\mscorlib.pdb) source: LKMService.exe, 00000003.00000002.2242706882.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: orlib.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2253802251.0000000000F86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.ni.pdb source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.Core.ni.pdb source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49758 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49763 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49730 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49775 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49770 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49785 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49780 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49792 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49801 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49803 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49794 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49788 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49753 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49807 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49760 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49797 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49806 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49773 -> 104.26.13.205:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: yalubluseks.eu

Source: unknown

HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continueConnection: Keep-Alive

Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000028B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002810000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000296C000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000028B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgD
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002810000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000296C000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000028B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgd
Source: LKMService.exe, 00000001.00000002.3531953099.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 0000000E.00000002.3531804895.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000291D000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002810000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eu
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000291D000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002810000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eud
Source: LKMService.exe, 00000001.00000002.3531953099.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 0000000E.00000002.3531804895.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000027D3000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_filT
Source: LKMService.exe, 00000001.00000002.3531953099.0000000003372000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000028FD000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000027D3000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_file.php
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000028FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_file.phpT
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_updatX
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000291D000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000027D3000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_update.php
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000291D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_update.phpT
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receiP
Source: LKMService.exe, 00000001.00000002.3531953099.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 0000000E.00000002.3531804895.0000000002D14000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000027D3000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002721000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002810000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receive.php
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002810000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receive.phpT
Source: LKMService.exe, 00000001.00000002.3531953099.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 0000000E.00000002.3531804895.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/t
Source: GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000291D000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002810000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.0000000002B37000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.000000000296C000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3531140102.00000000028BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.euD

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 1_2_03104A98	1_2_03104A98
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 1_2_03106E58	1_2_03106E58
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 1_2_03106E49	1_2_03106E49
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 14_2_00E46560	14_2_00E46560
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 14_2_00E43B00	14_2_00E43B00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 14_2_00E46551	14_2_00E46551
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 15_2_04C06558	15_2_04C06558
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 15_2_04C03B00	15_2_04C03B00
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Code function: 15_2_04C06549	15_2_04C06549

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 948

Source: file.exe, 00000000.00000002.1680793180.0000000000E91000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: file.exe, 00000000.00000000.1674016661.00000000006A2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: file.exe, 00000000.00000002.1679995223.0000000000DBE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe

Source: file.exe, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: LKMService.exe.0.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: GoogleUpdater.exe.1.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: file.exe, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'w5/7oMbfowSJvsh5jMMWJLLTn3ekxrnqMrvnOJe0Rwq2bcqpENkunA==', 'u7YI7sK9XHgtCcP/i+WsqWucGd18OLkhfe7vCyEjkXq0GG/3IKYaV7sR7uJpZvOPt4UmEvmjDbc=', 'w5/7oMbfowSJvsh5jMMWJLLTn3ekxrnqMrvnOJe0Rwq2bcqpENkunA=='
Source: LKMService.exe.0.dr, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'w5/7oMbfowSJvsh5jMMWJLLTn3ekxrnqMrvnOJe0Rwq2bcqpENkunA==', 'u7YI7sK9XHgtCcP/i+WsqWucGd18OLkhfe7vCyEjkXq0GG/3IKYaV7sR7uJpZvOPt4UmEvmjDbc=', 'w5/7oMbfowSJvsh5jMMWJLLTn3ekxrnqMrvnOJe0Rwq2bcqpENkunA=='
Source: GoogleUpdater.exe.1.dr, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'w5/7oMbfowSJvsh5jMMWJLLTn3ekxrnqMrvnOJe0Rwq2bcqpENkunA==', 'u7YI7sK9XHgtCcP/i+WsqWucGd18OLkhfe7vCyEjkXq0GG/3IKYaV7sR7uJpZvOPt4UmEvmjDbc=', 'w5/7oMbfowSJvsh5jMMWJLLTn3ekxrnqMrvnOJe0Rwq2bcqpENkunA=='

Source: classification engine

Classification label: mal84.winEXE@11/214@2/2

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_472749f636994be5bfcb24189b3266c5.lnk

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6576
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5316

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	ReversingLabs: Detection: 15%
Source: file.exe	Virustotal: Detection: 34%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 948
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 948
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: gpapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32

Jump to behavior

Source: LKMService_472749f636994be5bfcb24189b3266c5.lnk.0.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_62a9c111b7024bf1b7e3427143df5dbe.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_620a46450f79496ba4eff1761b5fc9f5.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_12f721a10ead40b1ae55ac94282a3417.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b468a5a753b74bc88784ee58a23f7452.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_13ab457068c342afb09cdd1b1fab564b.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_99873ac9e6374501a7d41a5bd5c0fd01.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3f3cf56c6562461aadeb1c83fa5ecd0e.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_dea9ababe47c4fed9cac73f27b471539.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9d459e8b7367496aa7d4137895062eab.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6ab7ab4f25cd4db2b5e6cb0bcc44772f.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f526512d48414187b35310aa42fee7db.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\GoogleUpdater.exe
Source: LKMService_114cb2fd114a4308b1d249db48cea183.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5f854f00a78f4123bec07a2538a7dbef.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f31747700de84b3a92dfed1987c441e3.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_16b570f0f5a744ad926af9b2e57a508a.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_619c5004471c4a2e938c1cf940f0681c.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9fdd6a820df34e0eb28e36d0925da6c6.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_217ab5a39a494a84a9c9b9f3d9267445.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0041bb5e6a304e3ab1306a0efb97daf8.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6ea984856cb5485087be0cf5fe4dd6e3.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6bfc3d831634488eb95b5f6dc4e48e8a.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c06a49c31e2542078c328f3120042026.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_89af2bd216d24a638611f396b3694166.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e04c76b26907405f8b42d142ea72b766.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2a9e24b71ad64e13a03132b58a8b4eab.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f44d584e4b3948aa825fd2f68c303c08.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2f9c2e9b402944f78763aeed507ed556.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_bf3d70f4207b43b4bc47b0d0a079ad33.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a99a1993b439401f8f9f511e8b1cab25.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_09c0a750f11d494884999ce6371b08dc.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_df0c8781cbf24bb98a87ed8f61b85265.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_11d6fb0fd17b41be87fc848fec0a2b18.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_129c899e2a1c42be9a3e41a8dce953d5.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_cbebdd2c256b4831ad44ea21342751ad.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_22e5f086ff884c3b88899dd69f5e7c0e.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9fa69efc61d8406e9ae080ac03b2ddac.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7f260e4f58884f45b068a139c48f5940.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c6f25293ec71400f86d2e01a8de3f46c.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_eaca1c41ed604f6da9538b1fd6021e47.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e05b7c485c4c49f6bf0093aaff493eff.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_77738e661f3246e584f8f20af07fcb93.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_27fadb4ee6b8480ca7125165a4d8a93f.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9107ab1018104d86afb2b29045417219.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_993bca652c984e3cb4f54ae35b7beba3.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5b50692f0eb542fc82e477637a3c95e7.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8f1575a7977249ee8142529527c6864d.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c51579a471264286a0d2c75645c3353a.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ce6d0bc2d0d94fdfb46a0759e7eb30c5.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3caf0b3215974f25bbce13006a6e409f.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e87ed31dd38847b9863b43efda133083.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_23d13120aeed491f8ae1f8e810449fbe.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_68c1135d3fad4aa09b4f4ad7ae1c7dc4.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_84ee45b1bccc4282b4866d9ebc85c5a7.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_dda1a20d76bd48cb838ceb893ee1a0a6.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9af8740e43af44ca9c5665f7d56f347a.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_cd7d446af3914ebfa3ac1a9d7e1db77a.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b93973676d654650883a89137d148cc4.lnk.14.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1719a5a28a504c3f8cfaf2bf69f48e5a.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_81fca9e9963945bc9a7493854f2e8af2.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_13d93427430c4866a3935999ad0995c5.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d8fa50569dae47d69e7c5ff511c892d0.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6d97a038d70f4468925fede4d9ead8ab.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7af78047100249ada2a191b93972e1e4.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ef0554e7e63746c2aa90a14599fe3c36.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_bf9ce0e7dfb04385bf933b54f7f8dcd2.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_da01d2306a8546388ad8c326f554e1cf.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9e2a78212fe8413a986a763f0b5e8fba.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_93ca087eb9804602bcd2d31eb09648c5.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_493e11df656c4fb9b35808a9da5378e7.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4a4e2ffe0af24c70af7bd986e036b820.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a5265f5a68b342f2a3967949eb8a1dc0.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_fb67aed691754eceb4ae504dcc3e303c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1c59d7c5c608484bb0c3974b253504b8.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_880d55a39b684695a9f1b905ca28ee65.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0a928f8bb10c4b24913a1e69cb92f473.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_93b05c4d627146df84959b78c065b170.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1aa037cc08fd4a80b821b3bca1553c25.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_48e69eb5636c4f0496341c744955f7d8.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1b84567656d54760af0052b6067e3308.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_cdaed61dc250465a90921d9a7c219828.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1ea4621d390848b0a71a0c8dffe5156b.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d8437af857764d59a5dbfc7828dd8470.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_90b3e32a008f42d1afff99ab33d59e72.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4fdd3c21ead4408daf5823c744170210.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ed7e14576ef74cdbb885f4240316373d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_492ea8a68d4044e2835e2e1f3798803c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_930f00d034644c5886641a2ab7b8e45e.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ddd5f525ed5b46b4872a7b2f5f49c219.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1238fd8ee71240d68ed02f257e4f6ebe.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1eedc420d3c442fca18214337e8a8d48.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a79d86293eaf46ee8d360f284e34f44f.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_bd1d67eb73f3420f923c5e59d72d7657.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ffa014cd80d545b8a6494da3aa96fbd6.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6c6b588caa844b57a0a5088c0caff79d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0af13e2ef0b74df9b26b0013003308c2.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ec672003c90e43629a85b9ccedf8a3ad.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_45b918bfe3fa429eb04af0188bc6f769.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_234289a5f34e4afaa6298bf5e89a18ab.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_44e91de48d86446e9134d06d32e74ccb.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b1c891a87f2a424090032bbca24d6957.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4dcacfa1a86c432083bf8b0b5a0271f9.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a48a60e92d6d49858ff57468d0ccb13b.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_20184c95f91148f28d199e72f5151a5e.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_04b170d6c7ce4a1cbf80adf59681ef6c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4d41daae070349c7bb4da78c00b33aa2.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b74ce5e43287458c924871cbb9cb6a01.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_94e5a6ccc49c4da3b45df093f1e6b9a0.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_443763e809b44174b5ff2a4a08c59b57.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7b8222f05a2243e4bcea1ad9fe8366cb.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_94e6b20f455d4378b2984888b22868f6.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f8e58d825fa74171bfeca8fc739bf90c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_67aa16d8cbb54193b4cc6a43ae987154.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_06a2df6d73e84a5e813020c8b6294cb5.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5a4a50916973408ead1e547cb01eafdc.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_bd22ce9b6a094cc699e66f19004446a8.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e17a0145e1874fd581df00f92fad4d95.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ba265ae44a0846b0b141c88b4de7385c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_aa4c217e90064fdba31aee42ef5f94e3.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ef03ebc379144cfbacc3c963398c9e84.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0657835699574d798ee14fa601ae70ef.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7edecea1f3264cb48b56c5beb7775ec4.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_95a947d800db4421aaa1b0527996e996.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_29e9667de0f44cee8802f9fd6fe0c816.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d8ccb28aeeba4f978466d5b95b50a361.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f75f552ad5d747d0a6f42fcc49bc195c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_efba153a21ad49929ad2ae53a48fbeac.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d92578193ef04bd18e26b1044e69116f.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4fb0dcab88cc400091f460159d26935b.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_427256daf11446c5b6457ba6028fbd14.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_90ff9500f00e4c0f837777ff468b61ea.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_09cca5bcef6544df9edf8d1207550362.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_dd72185e7b4248d8bbba73eea6b6752b.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3244f43be22c4cf6b2b13ef99bd1ce28.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d58922b348994a7682e59305fdb4fdae.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_60b87a4435fa46038c0b62cc0d3511f4.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_596193a42f0a43ae9dcad375648995a0.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_82ea9cf6c7074533a8c476ada3009643.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_191408fc2b864810b50a973cb5e264d7.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9925415a031b4e0da32b28ed8dc8d494.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_de2ff563f8fe48b1a26a389369ec8b31.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_12db5bdc2a9e479eabc4a4ddf27d359b.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e56d9ed9f100469b82435697a23ad99a.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ac1ef3cc13134c499fb23787e8ff5888.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_645de0150d874163869d6670072f2b6d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1247b6d2ce8949e89d6283471c3c994c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6815355ca8ca458cb90615cdfafe5e99.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_189716ad4c76443991e531bde2b1e834.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_13d33fad7e1144ec89102dc080b31912.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1adef8d2980c4340a53115438b966ff1.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_411d1b5be20944329c2f73c2360baac5.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4d182f3f8aa84fdc8429a68b7cb680b5.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e96cb81d930d44f689b031296e548724.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4723ef536bc343598f2bfc0f06e4eee9.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c6f4a0d196f1431b97c1ca0a54d6a5f6.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_128c02f1ec9541c28fa9b464dfde3dda.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_34f83a48c94b451684bc20e7bbce765c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9661d0a630474f7f8558ad549a470686.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_18736ad6e96149a8837bebc178909564.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_831b0a55c2c64cd583480350d1483906.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6023d90ba84e4cc287bbd7dad0b0f370.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3487f4a78e4c4ed692c3a4dd9d37da1d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_385e0454507a4cbc8028a419a3f3575b.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_395dc20f388c493cb2e340e45a0e2bc4.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9da6de5b91dd464894979aaebd48db19.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_299ef4500ff444a7878c71276737d16a.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7a8f788e11724f0ca5a9d1fc5ab7c538.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8e54c670959a454a97ad13aa773c1f60.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_caed82bb3f0e4a7ea707bc76a6fc3777.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9ac0c69395954e38900ffb3ca58d3ba1.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_fd3d815983104781b859fdd43d84f2e3.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1af8b363b24d45a5bab49af667a231a4.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_50b063bc160540a7950a6a8c30d9d6cb.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b37c7c98fe524dcca19f991542895064.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6de9ad61d05342bbaea8461c36d48f9d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5b8c9e27885442bd89a02ee583af0859.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_30da072590d94300b55427151208c02e.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_97548214d28742fca3e97ce5dd7a7648.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_dc072b743b6f4e9aafacf04709fae9af.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4c1a1fdb17a948d39ccd99e8dd33f60c.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_57e4af9a92374b1ab3386fa9fa0b2365.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0f7a229e62c443b3836c558cdada5568.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8fc7e022430f4c0eb32963c90cabc375.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2879c60006bd4f64b15209bb1ee6cebf.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_151ad724e88b4541bb35e81bd15c75d7.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8fc872a122124b5bbd1ebd05e7c8393f.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0d1f41de375d4af797c518995ef8714e.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6f1dda9a1a0d426cb156e1fa46783ff7.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_12a614bbc4f9486c994c34e5055220c6.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_067c27cc5a44493a9de076a306d25402.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9fe90a3eb53548088fb8d5fcf5dccd44.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7800bd24845d49299ad4b57254cf405d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_39d434e7593546b9aa5fb10c43e7790d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_959eb1234d0a483ba52c54a8a3da24cd.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_92e71b09f6eb49e190831f59b9874117.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_da9dbf1a1a2949a39893e1500ebb68c7.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_56861caf39d047a594a24b96a3ef7d20.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_93b2bcec93924441bf062241cac8bcfa.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a3578f11b7fb408c9f12c011070ccf44.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9d949db4125f402aa0319cfce5bd7f56.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d057c138b8c54fc8848d4d1b7cca215d.lnk.15.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb$_ source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdb source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: n0C:\Windows\mscorlib.pdb source: GoogleUpdater.exe, 00000009.00000002.2253480045.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdbtq" source: GoogleUpdater.exe, 00000009.00000002.2253802251.0000000000F86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: SHA1ows\mscorlib.pdb source: GoogleUpdater.exe, 00000009.00000002.2253802251.0000000000F86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbL0 source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: ws\mscorlib.pdb) source: LKMService.exe, 00000003.00000002.2242706882.0000000000CF8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: orlib.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2253802251.0000000000F86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000003.00000002.2242749531.0000000000D5B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: LKMService.exe, 00000003.00000002.2243589485.0000000002CE6000.00000004.00000800.00020000.00000000.sdmp, GoogleUpdater.exe, 00000009.00000002.2254336605.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.ni.pdb source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr
Source:	Binary string: System.Core.ni.pdb source: WERA691.tmp.dmp.6.dr, WERC4F6.tmp.dmp.11.dr

Source: file.exe

Static PE information: 0xBABCC4CF [Thu Apr 11 19:15:27 2069 UTC]

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Code function: 1_2_031006BF push edi; retf

1_2_031006C2

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe			Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_fb6c211cefa74248b703266e5d81f6eb			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_95ddeae38f2d454fad2ebf219c344fc9			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_472749f636994be5bfcb24189b3266c5.lnk

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_472749f636994be5bfcb24189b3266c5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f526512d48414187b35310aa42fee7db.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_114cb2fd114a4308b1d249db48cea183.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f854f00a78f4123bec07a2538a7dbef.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f31747700de84b3a92dfed1987c441e3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_62a9c111b7024bf1b7e3427143df5dbe.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_620a46450f79496ba4eff1761b5fc9f5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_12f721a10ead40b1ae55ac94282a3417.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b468a5a753b74bc88784ee58a23f7452.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_13ab457068c342afb09cdd1b1fab564b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_99873ac9e6374501a7d41a5bd5c0fd01.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3f3cf56c6562461aadeb1c83fa5ecd0e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dea9ababe47c4fed9cac73f27b471539.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9d459e8b7367496aa7d4137895062eab.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6ab7ab4f25cd4db2b5e6cb0bcc44772f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_16b570f0f5a744ad926af9b2e57a508a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_619c5004471c4a2e938c1cf940f0681c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9fdd6a820df34e0eb28e36d0925da6c6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_217ab5a39a494a84a9c9b9f3d9267445.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0041bb5e6a304e3ab1306a0efb97daf8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6ea984856cb5485087be0cf5fe4dd6e3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6bfc3d831634488eb95b5f6dc4e48e8a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c06a49c31e2542078c328f3120042026.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_89af2bd216d24a638611f396b3694166.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e04c76b26907405f8b42d142ea72b766.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2a9e24b71ad64e13a03132b58a8b4eab.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f44d584e4b3948aa825fd2f68c303c08.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2f9c2e9b402944f78763aeed507ed556.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bf3d70f4207b43b4bc47b0d0a079ad33.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a99a1993b439401f8f9f511e8b1cab25.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_09c0a750f11d494884999ce6371b08dc.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_df0c8781cbf24bb98a87ed8f61b85265.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_11d6fb0fd17b41be87fc848fec0a2b18.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_129c899e2a1c42be9a3e41a8dce953d5.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cbebdd2c256b4831ad44ea21342751ad.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_22e5f086ff884c3b88899dd69f5e7c0e.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9fa69efc61d8406e9ae080ac03b2ddac.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7f260e4f58884f45b068a139c48f5940.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c6f25293ec71400f86d2e01a8de3f46c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_eaca1c41ed604f6da9538b1fd6021e47.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e05b7c485c4c49f6bf0093aaff493eff.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_77738e661f3246e584f8f20af07fcb93.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_27fadb4ee6b8480ca7125165a4d8a93f.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9107ab1018104d86afb2b29045417219.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_993bca652c984e3cb4f54ae35b7beba3.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5b50692f0eb542fc82e477637a3c95e7.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8f1575a7977249ee8142529527c6864d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c51579a471264286a0d2c75645c3353a.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ce6d0bc2d0d94fdfb46a0759e7eb30c5.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3caf0b3215974f25bbce13006a6e409f.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e87ed31dd38847b9863b43efda133083.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_23d13120aeed491f8ae1f8e810449fbe.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_68c1135d3fad4aa09b4f4ad7ae1c7dc4.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_84ee45b1bccc4282b4866d9ebc85c5a7.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dda1a20d76bd48cb838ceb893ee1a0a6.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9af8740e43af44ca9c5665f7d56f347a.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cd7d446af3914ebfa3ac1a9d7e1db77a.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b93973676d654650883a89137d148cc4.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_94e5a6ccc49c4da3b45df093f1e6b9a0.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_aa4c217e90064fdba31aee42ef5f94e3.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ef03ebc379144cfbacc3c963398c9e84.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0657835699574d798ee14fa601ae70ef.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7edecea1f3264cb48b56c5beb7775ec4.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_95a947d800db4421aaa1b0527996e996.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3244f43be22c4cf6b2b13ef99bd1ce28.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d58922b348994a7682e59305fdb4fdae.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_60b87a4435fa46038c0b62cc0d3511f4.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_596193a42f0a43ae9dcad375648995a0.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_82ea9cf6c7074533a8c476ada3009643.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_13d33fad7e1144ec89102dc080b31912.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1adef8d2980c4340a53115438b966ff1.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_411d1b5be20944329c2f73c2360baac5.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4d182f3f8aa84fdc8429a68b7cb680b5.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e96cb81d930d44f689b031296e548724.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_395dc20f388c493cb2e340e45a0e2bc4.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9da6de5b91dd464894979aaebd48db19.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_299ef4500ff444a7878c71276737d16a.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7a8f788e11724f0ca5a9d1fc5ab7c538.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_067c27cc5a44493a9de076a306d25402.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7800bd24845d49299ad4b57254cf405d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_959eb1234d0a483ba52c54a8a3da24cd.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_da9dbf1a1a2949a39893e1500ebb68c7.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_56861caf39d047a594a24b96a3ef7d20.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_93b2bcec93924441bf062241cac8bcfa.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a3578f11b7fb408c9f12c011070ccf44.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9d949db4125f402aa0319cfce5bd7f56.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d057c138b8c54fc8848d4d1b7cca215d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1719a5a28a504c3f8cfaf2bf69f48e5a.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_81fca9e9963945bc9a7493854f2e8af2.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_13d93427430c4866a3935999ad0995c5.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d8fa50569dae47d69e7c5ff511c892d0.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6d97a038d70f4468925fede4d9ead8ab.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7af78047100249ada2a191b93972e1e4.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ef0554e7e63746c2aa90a14599fe3c36.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bf9ce0e7dfb04385bf933b54f7f8dcd2.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_da01d2306a8546388ad8c326f554e1cf.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9e2a78212fe8413a986a763f0b5e8fba.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_93ca087eb9804602bcd2d31eb09648c5.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_493e11df656c4fb9b35808a9da5378e7.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4a4e2ffe0af24c70af7bd986e036b820.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a5265f5a68b342f2a3967949eb8a1dc0.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fb67aed691754eceb4ae504dcc3e303c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1c59d7c5c608484bb0c3974b253504b8.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_880d55a39b684695a9f1b905ca28ee65.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0a928f8bb10c4b24913a1e69cb92f473.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_93b05c4d627146df84959b78c065b170.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1aa037cc08fd4a80b821b3bca1553c25.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_48e69eb5636c4f0496341c744955f7d8.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1b84567656d54760af0052b6067e3308.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cdaed61dc250465a90921d9a7c219828.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1ea4621d390848b0a71a0c8dffe5156b.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d8437af857764d59a5dbfc7828dd8470.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_90b3e32a008f42d1afff99ab33d59e72.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4fdd3c21ead4408daf5823c744170210.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ed7e14576ef74cdbb885f4240316373d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_492ea8a68d4044e2835e2e1f3798803c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_930f00d034644c5886641a2ab7b8e45e.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ddd5f525ed5b46b4872a7b2f5f49c219.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1238fd8ee71240d68ed02f257e4f6ebe.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1eedc420d3c442fca18214337e8a8d48.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a79d86293eaf46ee8d360f284e34f44f.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bd1d67eb73f3420f923c5e59d72d7657.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ffa014cd80d545b8a6494da3aa96fbd6.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6c6b588caa844b57a0a5088c0caff79d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0af13e2ef0b74df9b26b0013003308c2.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ec672003c90e43629a85b9ccedf8a3ad.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_45b918bfe3fa429eb04af0188bc6f769.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_234289a5f34e4afaa6298bf5e89a18ab.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_44e91de48d86446e9134d06d32e74ccb.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b1c891a87f2a424090032bbca24d6957.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4dcacfa1a86c432083bf8b0b5a0271f9.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a48a60e92d6d49858ff57468d0ccb13b.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_20184c95f91148f28d199e72f5151a5e.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_04b170d6c7ce4a1cbf80adf59681ef6c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4d41daae070349c7bb4da78c00b33aa2.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b74ce5e43287458c924871cbb9cb6a01.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_443763e809b44174b5ff2a4a08c59b57.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7b8222f05a2243e4bcea1ad9fe8366cb.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_94e6b20f455d4378b2984888b22868f6.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f8e58d825fa74171bfeca8fc739bf90c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_67aa16d8cbb54193b4cc6a43ae987154.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_06a2df6d73e84a5e813020c8b6294cb5.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5a4a50916973408ead1e547cb01eafdc.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bd22ce9b6a094cc699e66f19004446a8.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e17a0145e1874fd581df00f92fad4d95.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ba265ae44a0846b0b141c88b4de7385c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_29e9667de0f44cee8802f9fd6fe0c816.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d8ccb28aeeba4f978466d5b95b50a361.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f75f552ad5d747d0a6f42fcc49bc195c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_efba153a21ad49929ad2ae53a48fbeac.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d92578193ef04bd18e26b1044e69116f.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4fb0dcab88cc400091f460159d26935b.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_427256daf11446c5b6457ba6028fbd14.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_90ff9500f00e4c0f837777ff468b61ea.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_09cca5bcef6544df9edf8d1207550362.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dd72185e7b4248d8bbba73eea6b6752b.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_191408fc2b864810b50a973cb5e264d7.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9925415a031b4e0da32b28ed8dc8d494.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_de2ff563f8fe48b1a26a389369ec8b31.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_12db5bdc2a9e479eabc4a4ddf27d359b.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e56d9ed9f100469b82435697a23ad99a.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ac1ef3cc13134c499fb23787e8ff5888.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_645de0150d874163869d6670072f2b6d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1247b6d2ce8949e89d6283471c3c994c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6815355ca8ca458cb90615cdfafe5e99.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_189716ad4c76443991e531bde2b1e834.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4723ef536bc343598f2bfc0f06e4eee9.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c6f4a0d196f1431b97c1ca0a54d6a5f6.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_128c02f1ec9541c28fa9b464dfde3dda.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_34f83a48c94b451684bc20e7bbce765c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9661d0a630474f7f8558ad549a470686.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_18736ad6e96149a8837bebc178909564.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_831b0a55c2c64cd583480350d1483906.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6023d90ba84e4cc287bbd7dad0b0f370.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3487f4a78e4c4ed692c3a4dd9d37da1d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_385e0454507a4cbc8028a419a3f3575b.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8e54c670959a454a97ad13aa773c1f60.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_caed82bb3f0e4a7ea707bc76a6fc3777.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9ac0c69395954e38900ffb3ca58d3ba1.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fd3d815983104781b859fdd43d84f2e3.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1af8b363b24d45a5bab49af667a231a4.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_50b063bc160540a7950a6a8c30d9d6cb.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b37c7c98fe524dcca19f991542895064.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6de9ad61d05342bbaea8461c36d48f9d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5b8c9e27885442bd89a02ee583af0859.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_30da072590d94300b55427151208c02e.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_97548214d28742fca3e97ce5dd7a7648.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_dc072b743b6f4e9aafacf04709fae9af.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4c1a1fdb17a948d39ccd99e8dd33f60c.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_57e4af9a92374b1ab3386fa9fa0b2365.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0f7a229e62c443b3836c558cdada5568.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8fc7e022430f4c0eb32963c90cabc375.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2879c60006bd4f64b15209bb1ee6cebf.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_151ad724e88b4541bb35e81bd15c75d7.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8fc872a122124b5bbd1ebd05e7c8393f.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0d1f41de375d4af797c518995ef8714e.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6f1dda9a1a0d426cb156e1fa46783ff7.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_12a614bbc4f9486c994c34e5055220c6.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9fe90a3eb53548088fb8d5fcf5dccd44.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_39d434e7593546b9aa5fb10c43e7790d.lnk
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_92e71b09f6eb49e190831f59b9874117.lnk

Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_fb6c211cefa74248b703266e5d81f6eb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_fb6c211cefa74248b703266e5d81f6eb	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_95ddeae38f2d454fad2ebf219c344fc9	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_95ddeae38f2d454fad2ebf219c344fc9	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 1000000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2AE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 30C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 32F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 52F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 21A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 2360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 21A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 1160000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2C90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2BA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: F40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 2EB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 1670000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: E40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2CE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 1500000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: D10000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 2720000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 4720000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 394	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 6365	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 3286	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 3397	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 5631	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 692	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 6141
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 3382
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 4832
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 4747

Source: C:\Users\user\Desktop\file.exe TID: 6388	Thread sleep count: 394 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6408	Thread sleep count: 83 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6216	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 5956	Thread sleep count: 6365 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 5956	Thread sleep count: 3286 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 4408	Thread sleep time: -12912720851596678s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 4944	Thread sleep time: -21213755684765971s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 1720	Thread sleep count: 3397 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 1720	Thread sleep count: 5631 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 4944	Thread sleep count: 692 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 4944	Thread sleep count: 143 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 432	Thread sleep count: 6141 > 30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 1344	Thread sleep time: -13835058055282155s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 5672	Thread sleep count: 3382 > 30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 3396	Thread sleep time: -13835058055282155s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 5312	Thread sleep count: 4832 > 30
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 5312	Thread sleep count: 4747 > 30

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: LKMService.exe, 00000001.00000002.3546175725.0000000006AC8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA
Source: LKMService.exe, 0000000E.00000002.3528783127.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdater.exe, 0000000F.00000002.3529451244.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	121 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Query Registry	Remote Services	11 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	121 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	111 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	41 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Obfuscated Files or Information	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	2 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	12 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
file.exe