Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 23, 2024, 8:05 p.m.	Aug. 23, 2024, 8:08 p.m.

Size	1.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d09a787b5982cf6eccd6e4bbe6290850`
SHA256	`fe348d2b311b9557d62c3d2e8aeff986bb9d53275a269d004d8b371b4a460ece`
CRC32	`9B2B7483`
ssdeep	`24576:BLKM91coozik2PZPzoOxLh8exZwmpqLlKXA6TZY2g8:FKM9iIPho2LvZLuOAIjz`
PDB Path	mi_exe_stub.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

lum_agent_online.exe "C:\Users\test22\AppData\Local\Temp\lum_agent_online.exe"
2580
- LumuUpdate.exe "C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\LumuUpdate.exe" /installsource taggedmi /install "appguid={F29544FA-DF33-470F-90E9-B19EF24DF010}&appname=LumuAgent&needsadmin=True&usagestats=1"
  2632
  - LumuUpdate.exe "C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" /regsvc
    2708
  - LumuUpdate.exe "C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" /regserver
    2804
    - LumuUpdateComRegisterShell64.exe "C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe"
      2876
    - LumuUpdateComRegisterShell64.exe "C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe"
      2932
    - LumuUpdateComRegisterShell64.exe "C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe"
      2988
  - LumuUpdate.exe "C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xMDcuMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjEwNy4xIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezBDRTBEQkJCLUMwRTgtNEU4OC05RDI2LTk0Q0JCNjUwN0ZGNn0iIHVzZXJpZD0ie0NGMjYzODI5LTBFOTgtNDAxNC05NDJGLTcyRTNBQkMxNjY2RX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InswQzA1MzBGOS0xNjc2LTQ4MzgtOTRCQi0xMDZGNUY4MEU0NDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjUiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezgwODZCRDkzLTJFNzItNDk2QS05QUJDLUI5NEFGNkE2QzlDRn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xMDcuMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyNzUwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    3056
  - LumuUpdate.exe "C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" /handoff "appguid={F29544FA-DF33-470F-90E9-B19EF24DF010}&appname=LumuAgent&needsadmin=True&usagestats=1" /installsource taggedmi /sessionid "{0CE0DBBB-C0E8-4E88-9D26-94CBB6507FF6}"
    1152

Name	Response	Post-Analysis Lookup
client-updates.lumu.io	A 3.229.137.113	3.229.137.113
lumu-updates.s3.amazonaws.com	A 54.231.235.81 CNAME s3-w.us-east-1.amazonaws.com A 3.5.25.143 A 54.231.194.33 CNAME s3-1-w.amazonaws.com A 54.231.132.57 A 3.5.27.139 A 52.216.58.89 A 54.231.131.153 A 52.217.168.41	54.231.203.249
x1.i.lencr.org	CNAME crl.root-x1.letsencrypt.org.edgekey.net CNAME e8652.dscx.akamaiedge.net A 23.52.33.11 A 23.41.113.9	23.207.177.83

IP Address	Status	Action
164.124.101.2	Active	Moloch
23.41.113.9	Active	Moloch
23.52.33.11	Active	Moloch
3.229.137.113	Active	Moloch
54.231.194.33	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49175 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 54.231.194.33:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49191 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 3.229.137.113:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 54.231.194.33:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.101:49175 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49179 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49173 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49188 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49205 54.231.194.33:443	C=US, O=Amazon, CN=Amazon RSA 2048 M01	CN=*.s3.amazonaws.com	57:fe:c9:73:13:31:ca:2c:91:7f:05:c3:3b:16:ff:3f:1b:d8:7d:e2
TLS 1.2 192.168.56.101:49191 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49178 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49189 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49192 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49214 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49213 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49215 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e
TLS 1.2 192.168.56.101:49216 3.229.137.113:443	C=US, O=Let's Encrypt, CN=E5	CN=client-updates.lumu.io	ea:b7:e2:ce:8f:e9:1f:e8:31:28:68:38:19:6d:89:0f:7e:6b:be:8e

Queries for the computername (8 events)

Time & API	Arguments	Status	Return
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 23, 2024, 8:05 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 23, 2024, 8:05 p.m.			0	0

This executable has a PDB path (1 event)

pdb_path

mi_exe_stub.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 23, 2024, 8:05 p.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	B
resource name	GOOGLEUPDATE

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	POST method with no referer header				suspicious_request	POST http://client-updates.lumu.io/service/update2
suspicious_features	POST method with no referer header				suspicious_request	POST http://client-updates.lumu.io/service/update2?cup2key=1:aiyktIlMWjC_YDIJkn6k3-6XqffwkP2DaBfamURTQIA&cup2hreq=a4125a8074c9af063159ba78027272f9671c42488dea9878a9c5f20b4b7c8dc7

Performs some HTTP requests (4 events)

request	GET http://x1.i.lencr.org/
request	POST http://client-updates.lumu.io/service/update2
request	POST http://client-updates.lumu.io/service/update2?cup2key=1:aiyktIlMWjC_YDIJkn6k3-6XqffwkP2DaBfamURTQIA&cup2hreq=a4125a8074c9af063159ba78027272f9671c42488dea9878a9c5f20b4b7c8dc7
request	GET https://lumu-updates.s3.amazonaws.com/build/Agent/win/2203318943744/desktop_single_agent-d47545d41d.exe

Sends data using the HTTP POST Method (2 events)

request	POST http://client-updates.lumu.io/service/update2
request	POST http://client-updates.lumu.io/service/update2?cup2key=1:aiyktIlMWjC_YDIJkn6k3-6XqffwkP2DaBfamURTQIA&cup2hreq=a4125a8074c9af063159ba78027272f9671c42488dea9878a9c5f20b4b7c8dc7

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 23, 2024, 8:05 p.m.	process_identifier: 2632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ce2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 23, 2024, 8:05 p.m.	process_identifier: 2632 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 23, 2024, 8:05 p.m.	process_identifier: 1152 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 23, 2024, 8:05 p.m.	process_identifier: 1152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72ce2000 process_handle: 0xffffffff	1

Foreign language identified in PE resource (50 out of 55 events)

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

name

RT_STRING

language

LANG_SERBIAN

filetype

data

sublanguage

SUBLANG_SERBIAN_CYRILLIC

offset

0x001176e8

size

0x000001a6

Creates executable files on the filesystem (50 out of 67 events)

file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_pt-PT.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_it.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\LumuUpdateComRegisterShell64.exe
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_bn.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_sl.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_nl.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_ml.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_hu.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_fi.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_lv.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_ko.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_fr.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_tr.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_de.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_pl.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_es.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_ja.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_hr.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_no.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\LumuCrashHandler.exe
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_fa.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_sk.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\psmachine.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_is.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdate.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_vi.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_en-GB.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_sv.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_cs.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\psuser_64.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_kn.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_en.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_uk.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\psmachine_64.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_hi.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_et.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\LumuUpdate.exe
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_iw.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\LumuUpdateCore.exe
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_bg.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\psuser.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_el.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_id.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_ar.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_th.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_te.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_pt-BR.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_sr.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_mr.dll
file	C:\Program Files (x86)\Lumu\Temp\GUMF00D.tmp\goopdateres_sw.dll

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Aug. 23, 2024, 8:05 p.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x000f6200', u'virtual_address': u'0x00022000', u'entropy': 7.983104756681283, u'name': u'.rsrc', u'virtual_size': u'0x000f60f0'}

entropy

7.98310475668

description

A section with a high entropy has been found

entropy

0.887736699729

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (3 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Aug. 23, 2024, 8:05 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 23, 2024, 8:05 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 23, 2024, 8:05 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xMDcuMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjEwNy4xIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezBDRTBEQkJCLUMwRTgtNEU4OC05RDI2LTk0Q0JCNjUwN0ZGNn0iIHVzZXJpZD0ie0NGMjYzODI5LTBFOTgtNDAxNC05NDJGLTcyRTNBQkMxNjY2RX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9InswQzA1MzBGOS0xNjc2LTQ4MzgtOTRCQi0xMDZGNUY4MEU0NDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjUiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezgwODZCRDkzLTJFNzItNDk2QS05QUJDLUI5NEFGNkE2QzlDRn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4xMDcuMSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyNzUwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

Installs itself for autorun at Windows startup (10 events)

service_name	lumu	service_path	C:\Program Files (x86)\Lumu\Update\1.3.107.1\"C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" \svc
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5391887A-B2A6-4ED8-BFF9-5F0F497CE1CB}\InprocServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E62DAFC-CBA5-45A8-B69A-6730467A94C2}\InprocServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D81A6C20-7794-49AC-A20E-1218FC0E12A8}\InProcServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5391887A-B2A6-4ED8-BFF9-5F0F497CE1CB}\InprocServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E62DAFC-CBA5-45A8-B69A-6730467A94C2}\InprocServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D81A6C20-7794-49AC-A20E-1218FC0E12A8}\InProcServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5391887A-B2A6-4ED8-BFF9-5F0F497CE1CB}\InprocServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E62DAFC-CBA5-45A8-B69A-6730467A94C2}\InprocServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D81A6C20-7794-49AC-A20E-1218FC0E12A8}\InProcServer32\(Default)	reg_value	C:\Program Files (x86)\Lumu\Update\1.3.107.1\psmachine_64.dll

Created a service where a service was also not started (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW Aug. 23, 2024, 8:05 p.m.	service_start_name: start_type: 2 password: display_name: Lumu 업데이트 서비스 (lumu) filepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\"C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" \svc service_name: lumu filepath_r: "C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" /svc desired_access: 983551 service_handle: 0x005acf78 error_control: 1 service_type: 16 service_manager_handle: 0x005a9950	1	5951352	0
CreateServiceW Aug. 23, 2024, 8:05 p.m.	service_start_name: start_type: 3 password: display_name: Lumu 업데이트 서비스 (lumum) filepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\"C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" \medsvc service_name: lumum filepath_r: "C:\Program Files (x86)\Lumu\Update\LumuUpdate.exe" /medsvc desired_access: 983551 service_handle: 0x005acf50 error_control: 1 service_type: 16 service_manager_handle: 0x005acfa0	1	5951312	0

Performs 68 file moves indicative of a ransomware file encryption process (50 out of 68 events)

Time & API	Arguments	Status	Return	Repeated
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll		0	0

Appends a new file extension or content to 68 files indicative of a ransomware file encryption process (50 out of 68 events)

Time & API	Arguments	Status	Return	Repeated
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdate.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdate.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateCore.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuCrashHandler64.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\LumuUpdateComRegisterShell64.exe		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_am.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ar.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bg.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_bn.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ca.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_cs.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_da.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_de.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_el.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_en-GB.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_es-419.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_et.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fa.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fi.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fil.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_fr.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_gu.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hi.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hr.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_hu.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_id.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_is.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_it.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_iw.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ja.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_kn.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ko.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lt.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_lv.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ml.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_mr.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ms.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_nl.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_no.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pl.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-BR.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_pt-PT.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ro.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_ru.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sk.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sl.dll		0	0
MoveFileWithProgressW Aug. 23, 2024, 8:05 p.m.	newfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll.old flags: 11 oldfilepath_r: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll newfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll.old oldfilepath: C:\Program Files (x86)\Lumu\Update\1.3.107.1\goopdateres_sr.dll		0	0

lum_agent_online.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All