Windows Analysis Report
LuxaforApp.Setup.exe

Overview

General Information

Sample Name:	LuxaforApp.Setup.exe
Analysis ID:	787981
MD5:	3745aeaa0f2d8818a581a5361be85193
SHA1:	32f6174b039cfed524abb96ea4d387ff8c106810
SHA256:	ff79b37318e64e6a7aac91978c7121b079c9821185fcf4a463037c1ea8a117eb
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Compliance

Score:	35
Range:	0 - 100

Signatures

.NET source code references suspicious native API functions

Yara detected Generic Downloader

Drops PE files to the application program directory (C:\ProgramData)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Found evasive API chain (date check)

Detected potential crypto function

Stores files to the Windows start menu directory

JA3 SSL client fingerprint seen in connection with other malware

Uses the system / local time for branch decision (may execute only at specific dates)

HTTP GET or POST without a user agent

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Adds / modifies Windows certificates

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Drops PE files to the windows directory (C:\Windows)

Found evasive API chain checking for process token information

Binary contains a suspicious time stamp

Launches processes in debugging mode, may be used to hinder debugging

Checks for available system drives (often done to infect USB drives)

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Deletes files inside the Windows folder

Creates files inside the system directory

PE file contains sections with non-standard names

Found potential string decryption / allocating functions

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Signatures

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01369F8F DecryptFileW,	0_2_01369F8F
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138F340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	0_2_0138F340
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01369D74 DecryptFileW,DecryptFileW,	0_2_01369D74
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9F8F DecryptFileW,	1_2_011A9F8F
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CF340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	1_2_011CF340
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9D74 DecryptFileW,DecryptFileW,	1_2_011A9D74

Source: LuxaforApp.exe, 00000005.00000002.619716982.0000000010632000.00000002.00000001.01000000.0000003A.sdmp

Binary or memory string: ed25519=Unknown public key algorithm: 9-----BEGIN PUBLIC KEY-----

Compliance

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49700 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49701 version: TLS 1.0

Uses 32bit PE files

Source: LuxaforApp.Setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone

Jump to behavior

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\license.rtf			Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	File created: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\license.rtf

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Luxafor_20230120034719_000_LuxaforApp_Setup.msi.log

Jump to behavior

Source: LuxaforApp.Setup.exe

Static PE information: certificate valid

Source: LuxaforApp.Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer\obj\Release\HtmlRenderer.pdb source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdbpw source: LuxaforCLI.exe.4.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdbn source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdb source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdbSHA256t source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb(MBM 4M_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb0# source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdb source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\libs\LuxaforSharp\obj\Release\LuxaforSharp.pdb source: LuxaforApp.exe, 00000005.00000002.586340360.0000000006172000.00000002.00000001.01000000.00000010.sdmp, LuxaforSharp.dll1.4.dr, LuxaforSharp.dll.4.dr, LuxaforSharp.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdb source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet\obj\Debug\JabberNet.pdb source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdbDk source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdb source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdb source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdb source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\webhook\PluginWebhook\obj\Release\PluginWebhook.pdb source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: E:\GitHub\Zlib.Portable\src\Zlib.Portable\obj\Release-Signed\Zlib.Portable.pdb source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdb source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: LuxaforApp.Setup.exe, 00000001.00000002.572305653.000000006CAEF000.00000002.00000001.01000000.00000007.sdmp, LuxaforApp.Setup.exe, 00000008.00000002.571896935.0000000068DEF000.00000002.00000001.01000000.0000002E.sdmp, wixstdba.dll.1.dr
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.594400377.0000000006E72000.00000002.00000001.01000000.00000021.sdmp, Newtonsoft.Json.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdb source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdbSHA2567 source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdb source: LuxaforCLI.exe.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdb source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\teams\PluginTeams\obj\Release\PluginTeams.pdb source: LuxaforApp.exe, 00000005.00000002.585820284.0000000005ED2000.00000002.00000001.01000000.00000026.sdmp, PluginTeams.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdbh source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb4 source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdb source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb<hVh Hh_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdb source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdb source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: D:\src\MimeKit\MimeKit\obj\Release\net452\MimeKit.pdb source: LuxaforApp.exe, 00000005.00000002.619716982.0000000010632000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb+ source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdbl: source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: p:\Target\x86\ship\lync\x-none\desktop\Microsoft.Lync.Model.pdb source: LuxaforApp.exe, 00000005.00000002.591705551.0000000006C62000.00000002.00000001.01000000.0000001D.sdmp, Microsoft.Lync.Model.dll.4.dr
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdbxm source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\code\ManyConsole\ManyConsole\obj\Debug\ManyConsole.pdb source: ManyConsole.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdbSHA256O source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdbX source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdbT source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdb source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\mute\PluginMute\obj\Release\PluginMute.pdb source: LuxaforApp.exe, 00000005.00000002.585451775.0000000005EA2000.00000002.00000001.01000000.00000024.sdmp, PluginMute.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb< source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdb source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\comingsoon\PluginComingSoon\obj\Release\PluginComingSoon.pdb source: LuxaforApp.exe, 00000005.00000002.585290969.0000000005E82000.00000002.00000001.01000000.00000022.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL	Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01353D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_01353D4E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01393C72 FindFirstFileW,FindClose,	0_2_01393C72
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9A1D FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_011A9A1D
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_01193D4E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011D3C72 FindFirstFileW,FindClose,	1_2_011D3C72

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 5.2.LuxaforApp.exe.6570000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll, type: DROPPED

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /version HTTP/1.1Content-Type: application/json; charset=utf-8Host: www.luxafor.comContent-Length: 30Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Content-Type: application/json; charset=utf-8Host: luxafor.comConnection: Keep-Alive

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49700 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49701 version: TLS 1.0

Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://127.0.0.1:
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://169.254.169.254
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/tokenHhttps://oauth2.goo
Source: LuxaforApp.Setup.exe	String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: wixstdba.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wixstdba.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wixstdba.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: LuxaforApp.exe, 00000005.00000002.606925117.000000000E3E2000.00000004.00000020.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.376723218.000000000E3E2000.00000004.00000020.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.391553608.000000000E3E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: LuxaforApp.exe, 00000005.00000003.376064196.0000000007C9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: LuxaforApp.Setup.exe, 00000000.00000002.568708689.00000000004FB000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSA
Source: LuxaforApp.Setup.exe, 00000000.00000002.568708689.00000000004FB000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSA0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://cursive.net/protocol/received
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://cursive.net/xml/FileMap
Source: CrashReporter.NET.dll0.4.dr	String found in binary or memory: http://drdump.com/Service/CrashReporterReportUploader.svc
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://etherx.jabber.org/streams
Source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr	String found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/features/compress
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/caps
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/capsBhttp://jabber.org/protocol/pubsubNhttp://jabber.org/protocol/pubsub#
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/compress
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/disco#info
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/disco#items
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/geoloc#jabber:iq:private
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/geolocLhttp://jabber.org/protocol/disco#itemsJhttp://jabber.org/protocol/
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/httpbind
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/httpbind.jabber:component:accept0jabber:component:connect
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc#adminIhttp://jabber.org/protocol/muc#owner
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc#unique1Command
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc#user
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/mucFhttp://jabber.org/protocol/muc#userHhttp://jabber.org/protocol/muc#ad
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#errors-configuration-required
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#event
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#node_config
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#owner
Source: Newtonsoft.Json.dll.4.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: 3ccd41.rbs.4.dr	String found in binary or memory: http://luxafor.com
Source: LuxaforApp.Setup.exe, 00000001.00000002.569458759.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://luxafor.comD
Source: LuxaforApp.Setup.exe, 00000000.00000002.570400884.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.Setup.exe, 00000002.00000002.571156363.0000000003180000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.Setup.exe, 00000007.00000002.571003235.00000000037C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://luxafor.comd=
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://schemas.xceed.com/wpf/xaml/toolkit
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xceed.com/wpf/xaml/toolkit0WE
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr	String found in binary or memory: http://vimeo.com/api/v2/video/
Source: wixstdba.dll.1.dr	String found in binary or memory: http://wixtoolset.org
Source: LuxaforApp.Setup.exe, 00000001.00000002.572002773.00000000033E0000.00000004.00000020.00020000.00000000.sdmp, LuxaforApp.Setup.exe, 00000008.00000002.571626991.00000000041C0000.00000004.00000020.00020000.00000000.sdmp, thm.xml.1.dr	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: LuxaforApp.Setup.exe, 00000008.00000002.571314618.0000000003250000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010contrd=
Source: LuxaforApp.Setup.exe, 00000008.00000002.571314618.0000000003250000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010crosole
Source: LuxaforApp.Setup.exe, 00000001.00000002.572097239.00000000035C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010formad=
Source: LuxaforApp.Setup.exe, 00000001.00000002.572097239.00000000035C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010le
Source: LuxaforApp.Setup.exe, 00000008.00000002.571314618.0000000003250000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010usd=
Source: LuxaforApp.Setup.exe, 00000001.00000002.572097239.00000000035C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010wxld=
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://www.apache.org/).
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: LuxaforApp.exe, 00000005.00000002.590124064.0000000006B46000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: http://www.aspemporium.com/);
Source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr	String found in binary or memory: http://www.codeplex.com/DotNetZip
Source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr	String found in binary or memory: http://www.codeplex.com/DotNetZip8
Source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://www.hardcodet.net/taskbar
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.jabber.org/)
Source: Newtonsoft.Json.dll.4.dr	String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://Webhook.com/luxafor
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://accounts.google.com
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/v2/authIhttps://oauth2.googleapis.com/revoke
Source: LuxaforApp.exe, 00000005.00000002.590667010.0000000006B82000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://api.luxafor.com/generate_id
Source: LuxaforApp.exe, 00000005.00000002.590667010.0000000006B82000.00000002.00000001.01000000.00000027.sdmp, LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://api.luxafor.com/get_status/
Source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://api.luxafor.com/webhook/v1/register_user
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.luxafor.com/wp-content/uploads/2022/07/luxafor.jpg);
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentials
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentialsRhttps://accounts.google.
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, LuxaforApp.exe, 00000005.00000002.608978394.000000000EAAC000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://developers.google.com/api-client-library/dotnet/apis/gmail/v1
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAE2000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specif
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://drdump.com/Service/CrashReporterReportUploader.svcQCrashReporterDotNET.Properties.Resources
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Josefin%20Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://geotargetingwp.com/docs/geotargetingwp/how-to-share-location
Source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: LuxaforApp.exe, 00000005.00000002.609195743.000000000EAD6000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, LuxaforApp.exe, 00000005.00000002.608978394.000000000EAAC000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://github.com/google/google-api-dotnet-client/tree/master/Src/Generated
Source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp	String found in binary or memory: https://github.com/jstedfast/MailKit/blob/master/FAQ.md#ProtocolLog
Source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp	String found in binary or memory: https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gmpg.org/xfn/11
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/4FacI-XXdHE/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.00000000035FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/ID/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/JiNL2PRpi2M/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/jSuUg8f-gWA/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/vnfoSgz0Ujk/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.00000000035A3000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#/schema/logo/image/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#breadcrumb
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#organization
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#primaryimage
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#website
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/15-activities-in-office-break-for-productivity/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/21-office-accessories-increase-your-productivity-2023/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/9-digital-skills-to-work-smarter-not-harder/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/?s=
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/battle-employee-burnout-effectively/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/boost-productivity-n-business-goals-with-luxafor/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/do-this-advance-your-personality-2023/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/luxafor-
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://luxafor.com/luxafor-cisco-jabber-presence/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/luxafor-cisco-jabber-presence/8
Source: LuxaforApp.exe, 00000005.00000002.585451775.0000000005EA2000.00000002.00000001.01000000.00000024.sdmp, PluginMute.dll.4.dr	String found in binary or memory: https://luxafor.com/luxafor-microphone-mute-button/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/page/2/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/bluetooth/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/co2-monitor/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/cube/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/flag/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/luxafor-colorblind-flag/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/luxafor-mute-button/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/orb/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/pomodoro-timer/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/switch/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/products/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/webhook-
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://luxafor.com/webhook-api/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/webhook-api/8
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-admin/admin-ajax.php
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/astra-local-fonts/open-sans/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOS
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/astra-local-fonts/astra-local-fonts.css?ver=16
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/beacon-for-helpscout/assets/js/beacon.
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/elemen
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/geotargetingwp/public/js/geotarget-pub
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/pixelyoursite/dist/scripts/public.js?v
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/css/auto
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/css/fron
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/js/front
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/js/price
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/themes/ice/css/main.css?ver=1671194397
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.10.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/css/woocommerce-notices.min.css?ver=3.10
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.10.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ve
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.10.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.10
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/addons/geo-redirects/public/img/loading.svg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/public/css/geotarget-public.min.css?ver=6.0.3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/public/images/give_consent.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/public/js/min/selectize.min.js?ver=3.4.1.8
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/pixelyoursite/dist/scripts/jquery.bind-first-0.2.3.min.js?ver
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_re
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-modal-popup.min.js?ver=
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.3.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.3.
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.3.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ve
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/jquery-ui-touch-punch/jquery-ui-touch-p
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/wp-rocket/assets/img/youtube.png)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.00000000035FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.0.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.0.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-180x180.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-192x192.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-270x270.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-32x32.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/05/Luxafor-logo.jpg-100x100.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/05/Luxafor-logo.jpg.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Abbie-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Bank-of-America-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Buisness-Insider-Logo-1-131x60.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Buisness-Insider-Logo-1.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Chris-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/EA-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Elizabeth-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Enterpreneur-logo-1-160x60.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Enterpreneur-logo-1.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Etsy-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Facebook-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Google-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Ingram-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Jane-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Jeff-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Kayln-Denniston-Luxafor-Review-1.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Bluetooth-Wireless-Availability-Indicator-Pur
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Flag-Availability-Indicator-Green.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Flag1-Opt-300x200-2.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Michele-opt.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Nathan-opt.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Switch-Wireless-Meeting-Room-Availability-Ind
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor_CO2-1-of-8-600x400.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor_Mute-6-of-27-EDITED-V2-NOTEXT-600x401.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Microsoft-logo-2-.Optimized-1-190x60.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Microsoft-logo-2-.Optimized-1.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Pomodoro-Timer-Blue-600x600.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Steve-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Thales-logo-100x13.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Thales-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Youtube-logo-100x24.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Youtube-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/hulu-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/logitech-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/07/DSC_0151-1-scaled.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/07/Luxafor-Cube-600x400.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/07/Luxafor-orb-2.jpg
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/11/15-activities-to-do-in-your-office-break-time-to-keep
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/11/21-Office-Accessories-That-Can-Increase-Your-Producti
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/11/Everything-You-Need-to-Know-about-Employee-Burnout-to
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-120x6
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-180x9
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-300x1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-600x3
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-768x3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-117x60.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-176x90.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-300x154.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-600x307.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-768x393.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-12
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-18
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-30
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-60
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-76
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min.pn
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-1825.css?ver=1671194388
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-9097.css?ver=1671194392
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-9104.css?ver=1674143933
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-9551.css?ver=1671616201
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.1
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://luxafor.com/zapier/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/zapier/8
Source: LuxaforApp.exe, 00000005.00000002.573488960.00000000035A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com0WE
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.helpscoutdocs.com/
Source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://luxafor.helpscoutdocs.com/article/25-webhook-api-basics-and-guidelines
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxaformanual.com/
Source: Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://mail.google.com/
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://oauth2.googleapis.com/token
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://oauth2.googleapis.com/token_Request
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://schema.org
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://schema.org/CreativeWork
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://schema.org/WebPage
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: log4net.dll.4.dr	String found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/Luxafor
Source: LuxaforApp.exe, 00000005.00000002.573488960.00000000035FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wp-rocket.me
Source: wixstdba.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/services
Source: CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/services/IdolSoftware.DoctorDump.CrashReporterGate.CrashReporterReportUploade
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/services0
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/servicesT
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/servicesTU
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/servicesX
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.action.compose
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.action
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.metadata
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.readonly
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.readonlyZhttps://www.googleapis.com/aut
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.composeYhttps://www.googleapis.com/auth/gmail.insertYhttps://w
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.metadataXhttps://www.googleapis.com/auth/gmail.modify
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.metadataYhttps://www.googleapis.com/auth/gmail.modify
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.readonlyThttps://www.googleapis.com/auth/gmail.sendhhttps://ww
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.readonlyUhttps://www.googleapis.com/auth/gmail.sendihttps://ww
Source: Google.Apis.dll.4.dr	String found in binary or memory: https://www.googleapis.com/batch
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/batch/gmail/v1
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/gmail/v1/users/
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://www.googleapis.com/oauth2/v1/certs
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v3/certsOReceived
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-43962980-11
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/luxafor_official/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/company/luxafor-technologies/
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.luxafor.com/download/
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.luxafor.com/download/?
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp, LuxaforApp.exe, 00000005.00000002.585290969.0000000005E82000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://www.luxafor.com/subscriber
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.luxafor.com/version
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.luxafor.com4
Source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.pinterest.com/luxafor_official/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/4FacI-XXdHE?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/JiNL2PRpi2M?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/jSuUg8f-gWA?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/vnfoSgz0Ujk?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.590667010.0000000006B82000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://zapier.com/apps/luxafor
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://zapier.com/apps/luxafor/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://zapier.com/apps/luxafor/8

Source: unknown

DNS traffic detected: queries for: www.luxafor.com

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Content-Type: application/json; charset=utf-8Host: luxafor.comConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <a class="elementor-icon elementor-social-icon elementor-social-icon-facebook-f elementor-animation-sink elementor-repeater-item-0267196" href="https://www.facebook.com/luxafor" target="_blank"> equals www.facebook.com (Facebook)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <a class="elementor-icon elementor-social-icon elementor-social-icon-linkedin-in elementor-animation-sink elementor-repeater-item-92c0998" href="https://www.linkedin.com/company/luxafor-technologies/" target="_blank"> equals www.linkedin.com (Linkedin)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="4FacI-XXdHE" data-thumb="https://i.ytimg.com/vi/4FacI-XXdHE/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/4FacI-XXdHE?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="JiNL2PRpi2M" data-thumb="https://i.ytimg.com/vi/JiNL2PRpi2M/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/JiNL2PRpi2M?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="jSuUg8f-gWA" data-thumb="https://i.ytimg.com/vi/jSuUg8f-gWA/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/jSuUg8f-gWA?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="vnfoSgz0Ujk" data-thumb="https://i.ytimg.com/vi/vnfoSgz0Ujk/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/vnfoSgz0Ujk?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <noscript><img height="1" width="1" style="display: none;" src="https://www.facebook.com/tr?id=966202933451813&ev=PageView&noscript=1&cd%5Bpage_title%5D=New-Age+Workplace+Performance+Tools&cd%5Bpost_type%5D=page&cd%5Bpost_id%5D=9551&cd%5Bplugin%5D=PixelYourSite&cd%5Buser_role%5D=guest&cd%5Bevent_url%5D=luxafor.com%2F" alt=""></noscript> equals www.facebook.com (Facebook)

Source: unknown

HTTP traffic detected: POST /version HTTP/1.1Content-Type: application/json; charset=utf-8Host: www.luxafor.comContent-Length: 30Expect: 100-continueConnection: Keep-Alive

Key, Mouse, Clipboard, Microphone and Screen Capturing

Creates a DirectInput object (often for capturing keystrokes)

Source: LuxaforApp.exe, 00000005.00000002.571283727.0000000001440000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Detected potential crypto function

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137C01F	0_2_0137C01F
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137F8C3	0_2_0137F8C3
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138A28E	0_2_0138A28E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01389DE0	0_2_01389DE0
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01382413	0_2_01382413
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138E73C	0_2_0138E73C
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01373F71	0_2_01373F71
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01382642	0_2_01382642
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BC01F	1_2_011BC01F
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BF8C3	1_2_011BF8C3
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CA28E	1_2_011CA28E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011962CC	1_2_011962CC
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C9DE0	1_2_011C9DE0
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C2413	1_2_011C2413
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CE73C	1_2_011CE73C
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011B3F71	1_2_011B3F71
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C2642	1_2_011C2642

Tries to load missing DLLs

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior

Uses 32bit PE files

Source: LuxaforApp.Setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\3ccd42.msi

Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\3ccd3f.msi

Jump to behavior

Found potential string decryption / allocating functions

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 01192022 appears 53 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011D2B5D appears 79 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011CFFF0 appears 34 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011CFB09 appears 649 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011938BA appears 484 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 01392B5D appears 79 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 013538BA appears 405 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 0138FB09 appears 505 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 01352022 appears 49 times

Sample file is different than original file name gathered from version info

Source: LuxaforApp.Setup.exe, 00000001.00000002.572358591.000000006CAFD000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs LuxaforApp.Setup.exe
Source: LuxaforApp.Setup.exe, 00000008.00000002.571964891.0000000068DFD000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs LuxaforApp.Setup.exe

Source: LuxaforApp.Setup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: sus24.troj.evad.winEXE@13/93@3/1

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01352078 FormatMessageW,GetLastError,LocalFree,

0_2_01352078

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_011B68EE ChangeServiceConfigW,GetLastError,

1_2_011B68EE

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Greynut

Jump to behavior

Source: LuxaforApp.Setup.exe

Binary or memory string: .slNv

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

File read: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\LuxaforApp.Setup.exe C:\Users\user\Desktop\LuxaforApp.Setup.exe
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe "C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe" -burn.clean.room="C:\Users\user\Desktop\LuxaforApp.Setup.exe" -burn.filehandle.attached=552 -burn.filehandle.self=588
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe "C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe" -q -burn.elevated BurnPipe.{7E5A4B97-C4ED-4089-98A5-051A88384BD7} {4F4BCDF8-A571-4A88-B83F-38D9A5E6D4F9} 2620
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe
Source: unknown	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe"
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe "C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe" -burn.clean.room="C:\Users\user\Desktop\LuxaforApp.Setup.exe" -burn.filehandle.attached=552 -burn.filehandle.self=588	Jump to behavior
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe "C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe" -q -burn.elevated BurnPipe.{7E5A4B97-C4ED-4089-98A5-051A88384BD7} {4F4BCDF8-A571-4A88-B83F-38D9A5E6D4F9} 2620	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe"
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01354639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,		0_2_01354639
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_01194639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,		1_2_01194639

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

File created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_013928BD GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,

0_2_013928BD

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Mutant created: \Sessions\1\BaseNamedObjects\{F74F1EB8-7CDA-4789-A7B1-74E0FF93E3D4}

Source: LuxaforApp.Setup.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: LuxaforApp.Setup.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Automated click: I agree to the license terms and conditions
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Automated click: Install
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Window detected: Number of UI elements: 23

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: LuxaforApp.Setup.exe

Static file information: File size 5575856 > 1048576

Source: LuxaforApp.Setup.exe

Static PE information: certificate valid

Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: LuxaforApp.Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: LuxaforApp.Setup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer\obj\Release\HtmlRenderer.pdb source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdbpw source: LuxaforCLI.exe.4.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdbn source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdb source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdbSHA256t source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb(MBM 4M_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb0# source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdb source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\libs\LuxaforSharp\obj\Release\LuxaforSharp.pdb source: LuxaforApp.exe, 00000005.00000002.586340360.0000000006172000.00000002.00000001.01000000.00000010.sdmp, LuxaforSharp.dll1.4.dr, LuxaforSharp.dll.4.dr, LuxaforSharp.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdb source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet\obj\Debug\JabberNet.pdb source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdbDk source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdb source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdb source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdb source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\webhook\PluginWebhook\obj\Release\PluginWebhook.pdb source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: E:\GitHub\Zlib.Portable\src\Zlib.Portable\obj\Release-Signed\Zlib.Portable.pdb source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdb source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: LuxaforApp.Setup.exe, 00000001.00000002.572305653.000000006CAEF000.00000002.00000001.01000000.00000007.sdmp, LuxaforApp.Setup.exe, 00000008.00000002.571896935.0000000068DEF000.00000002.00000001.01000000.0000002E.sdmp, wixstdba.dll.1.dr
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.594400377.0000000006E72000.00000002.00000001.01000000.00000021.sdmp, Newtonsoft.Json.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdb source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdbSHA2567 source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdb source: LuxaforCLI.exe.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdb source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\teams\PluginTeams\obj\Release\PluginTeams.pdb source: LuxaforApp.exe, 00000005.00000002.585820284.0000000005ED2000.00000002.00000001.01000000.00000026.sdmp, PluginTeams.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdbh source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb4 source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdb source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb<hVh Hh_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdb source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdb source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: D:\src\MimeKit\MimeKit\obj\Release\net452\MimeKit.pdb source: LuxaforApp.exe, 00000005.00000002.619716982.0000000010632000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb+ source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdbl: source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: p:\Target\x86\ship\lync\x-none\desktop\Microsoft.Lync.Model.pdb source: LuxaforApp.exe, 00000005.00000002.591705551.0000000006C62000.00000002.00000001.01000000.0000001D.sdmp, Microsoft.Lync.Model.dll.4.dr
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdbxm source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\code\ManyConsole\ManyConsole\obj\Debug\ManyConsole.pdb source: ManyConsole.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdbSHA256O source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdbX source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdbT source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdb source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\mute\PluginMute\obj\Release\PluginMute.pdb source: LuxaforApp.exe, 00000005.00000002.585451775.0000000005EA2000.00000002.00000001.01000000.00000024.sdmp, PluginMute.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb< source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdb source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\comingsoon\PluginComingSoon\obj\Release\PluginComingSoon.pdb source: LuxaforApp.exe, 00000005.00000002.585290969.0000000005E82000.00000002.00000001.01000000.00000022.sdmp

Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137E806 push ecx; ret		0_2_0137E819
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BE806 push ecx; ret		1_2_011BE819

Binary contains a suspicious time stamp

Source: NAudio.dll.4.dr

Static PE information: 0x9B1951B2 [Sun Jun 16 05:16:34 2052 UTC]

PE file contains sections with non-standard names

Source: LuxaforApp.Setup.exe	Static PE information: section name: .wixburn
Source: LuxaforApp.Setup.exe.0.dr	Static PE information: section name: .wixburn
Source: LuxaforApp.Setup.exe.1.dr	Static PE information: section name: .wixburn
Source: LuxaforApp.Setup.exe.2.dr	Static PE information: section name: .wixburn

Persistence and Installation Behavior

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

File created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe

Jump to dropped file

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll	Jump to dropped file
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.WPF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\jabber_accessories\JabberLuxaforPlugin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll	Jump to dropped file
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Hardcodet.Wpf.TaskbarNotification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\UsbHid.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\UsbHid.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforCLI.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\Mono.Options.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\ManyConsole.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	File created: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\HidLibrary.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Jump to dropped file

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\license.rtf			Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	File created: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\license.rtf

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Luxafor_20230120034719_000_LuxaforApp_Setup.msi.log

Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greynut	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greynut\LuxaforApp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greynut\LuxaforApp\Luxafor.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99873s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99750s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99639s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99515s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99406s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99296s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99172s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99060s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98950s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98742s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98629s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98459s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98259s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98109s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97971s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97809s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97609s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97459s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97237s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97059s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -96459s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -96159s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -95759s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -95409s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -95209s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94959s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94809s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94681s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94559s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94440s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94109s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93967s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93866s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93759s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93609s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Found evasive API chain (date check)

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Evasive API call chain: GetLocalTime,DecisionNodes

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0138F839h	0_2_0138F79E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0138F832h	0_2_0138F79E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 011CF839h	1_2_011CF79E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 011CF832h	1_2_011CF79E

Contains long sleeps (>= 3 min)

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Window / User API: threadDelayed 6965

Jump to behavior

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\jabber_accessories\JabberLuxaforPlugin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Hardcodet.Wpf.TaskbarNotification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforCLI.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\Mono.Options.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.WPF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\ManyConsole.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll	Jump to dropped file

Is looking for software installed on the system

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Registry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Registry key enumerated: More than 154 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99873	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99750	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99639	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99515	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99406	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99296	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99172	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99060	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98950	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98742	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98629	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98459	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98259	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98109	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97971	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97809	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97609	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97459	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97237	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97059	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 96459	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 96159	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 95759	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 95409	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 95209	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94959	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94809	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94681	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94559	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94440	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94109	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93967	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93866	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93759	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93609	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL	Jump to behavior

Source: LuxaforApp.exe, 00000005.00000003.376064196.0000000007C9C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_011D8EF4 VirtualQuery,GetSystemInfo,

1_2_011D8EF4

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01353D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_01353D4E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01393C72 FindFirstFileW,FindClose,	0_2_01393C72
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9A1D FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_011A9A1D
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_01193D4E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011D3C72 FindFirstFileW,FindClose,	1_2_011D3C72

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Anti Debugging

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01384104 mov eax, dword ptr fs:[00000030h]		0_2_01384104
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C4104 mov eax, dword ptr fs:[00000030h]		1_2_011C4104

Launches processes in debugging mode, may be used to hinder debugging

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_013834A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_013834A2

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_013539DF GetProcessHeap,RtlAllocateHeap,

0_2_013539DF

Enables debug privileges

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Process token adjusted: Debug

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137E0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0137E0A8
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_013834A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_013834A2
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BE0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_011BE0A8
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_011C34A2

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: NAudio.dll.4.dr, NAudio/Utils/NativeMethods.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: CrashReporter.NET.dll.4.dr, HelperMethods.cs	Reference to suspicious API methods: ('LoadLibrary', 'LoadLibrary@kernel32'), ('GetProcAddress', 'GetProcAddress@kernel32')

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.clean.room="c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.clean.room="c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe "C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe" -burn.clean.room="C:\Users\user\Desktop\LuxaforApp.Setup.exe" -burn.filehandle.attached=552 -burn.filehandle.self=588	Jump to behavior
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe "C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe" -q -burn.elevated BurnPipe.{7E5A4B97-C4ED-4089-98A5-051A88384BD7} {4F4BCDF8-A571-4A88-B83F-38D9A5E6D4F9} 2620	Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_011D32B9 AllocateAndInitializeSid,CheckTokenMembership,

1_2_011D32B9

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_011D0FA6 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,

1_2_011D0FA6

Source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp

Binary or memory string: Shell_TrayWnd

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Queries volume information: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\logo.png VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforSharp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HidLibrary.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Hardcodet.Wpf.TaskbarNotification.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\UsbHid.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\PluginContracts.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\CrashReporter.NET.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\CrashReporter.NET.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\HidLibrary.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\LuxaforSharp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\PluginContracts.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\logo.png VolumeInformation

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_0137E463 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0137E463

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01398039 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,

0_2_01398039

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_01196203 GetUserNameW,GetLastError,

1_2_01196203

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01364E6A ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,

0_2_01364E6A

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01393349 GetVersionExW,

0_2_01393349

Lowering of HIPS / PFW / Operating System Security Settings

Adds / modifies Windows certificates

Source: C:\Windows\System32\msiexec.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
46.101.139.12	luxafor.com	Netherlands		14061	DIGITALOCEAN-ASNUS	false

Contacted Domains

Name	IP	Active
luxafor.com	46.101.139.12	true
www.luxafor.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.luxafor.com/version	false	Avira URL Cloud: safe	unknown
https://luxafor.com/	false	Avira URL Cloud: safe	unknown

Cryptography

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01369F8F DecryptFileW,	0_2_01369F8F
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138F340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	0_2_0138F340
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01369D74 DecryptFileW,DecryptFileW,	0_2_01369D74
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9F8F DecryptFileW,	1_2_011A9F8F
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CF340 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	1_2_011CF340
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9D74 DecryptFileW,DecryptFileW,	1_2_011A9D74

Source: LuxaforApp.exe, 00000005.00000002.619716982.0000000010632000.00000002.00000001.01000000.0000003A.sdmp

Binary or memory string: ed25519=Unknown public key algorithm: 9-----BEGIN PUBLIC KEY-----

Compliance

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49700 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49701 version: TLS 1.0

Uses 32bit PE files

Source: LuxaforApp.Setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone

Jump to behavior

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\license.rtf			Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	File created: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\license.rtf

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Luxafor_20230120034719_000_LuxaforApp_Setup.msi.log

Jump to behavior

Source: LuxaforApp.Setup.exe

Static PE information: certificate valid

Source: LuxaforApp.Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer\obj\Release\HtmlRenderer.pdb source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdbpw source: LuxaforCLI.exe.4.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdbn source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdb source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdbSHA256t source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb(MBM 4M_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb0# source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdb source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\libs\LuxaforSharp\obj\Release\LuxaforSharp.pdb source: LuxaforApp.exe, 00000005.00000002.586340360.0000000006172000.00000002.00000001.01000000.00000010.sdmp, LuxaforSharp.dll1.4.dr, LuxaforSharp.dll.4.dr, LuxaforSharp.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdb source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet\obj\Debug\JabberNet.pdb source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdbDk source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdb source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdb source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdb source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\webhook\PluginWebhook\obj\Release\PluginWebhook.pdb source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: E:\GitHub\Zlib.Portable\src\Zlib.Portable\obj\Release-Signed\Zlib.Portable.pdb source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdb source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: LuxaforApp.Setup.exe, 00000001.00000002.572305653.000000006CAEF000.00000002.00000001.01000000.00000007.sdmp, LuxaforApp.Setup.exe, 00000008.00000002.571896935.0000000068DEF000.00000002.00000001.01000000.0000002E.sdmp, wixstdba.dll.1.dr
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.594400377.0000000006E72000.00000002.00000001.01000000.00000021.sdmp, Newtonsoft.Json.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdb source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdbSHA2567 source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdb source: LuxaforCLI.exe.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdb source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\teams\PluginTeams\obj\Release\PluginTeams.pdb source: LuxaforApp.exe, 00000005.00000002.585820284.0000000005ED2000.00000002.00000001.01000000.00000026.sdmp, PluginTeams.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdbh source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb4 source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdb source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb<hVh Hh_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdb source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdb source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: D:\src\MimeKit\MimeKit\obj\Release\net452\MimeKit.pdb source: LuxaforApp.exe, 00000005.00000002.619716982.0000000010632000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb+ source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdbl: source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: p:\Target\x86\ship\lync\x-none\desktop\Microsoft.Lync.Model.pdb source: LuxaforApp.exe, 00000005.00000002.591705551.0000000006C62000.00000002.00000001.01000000.0000001D.sdmp, Microsoft.Lync.Model.dll.4.dr
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdbxm source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\code\ManyConsole\ManyConsole\obj\Debug\ManyConsole.pdb source: ManyConsole.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdbSHA256O source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdbX source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdbT source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdb source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\mute\PluginMute\obj\Release\PluginMute.pdb source: LuxaforApp.exe, 00000005.00000002.585451775.0000000005EA2000.00000002.00000001.01000000.00000024.sdmp, PluginMute.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb< source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdb source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\comingsoon\PluginComingSoon\obj\Release\PluginComingSoon.pdb source: LuxaforApp.exe, 00000005.00000002.585290969.0000000005E82000.00000002.00000001.01000000.00000022.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL	Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01353D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_01353D4E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01393C72 FindFirstFileW,FindClose,	0_2_01393C72
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9A1D FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_011A9A1D
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_01193D4E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011D3C72 FindFirstFileW,FindClose,	1_2_011D3C72

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 5.2.LuxaforApp.exe.6570000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll, type: DROPPED

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: POST /version HTTP/1.1Content-Type: application/json; charset=utf-8Host: www.luxafor.comContent-Length: 30Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Content-Type: application/json; charset=utf-8Host: luxafor.comConnection: Keep-Alive

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49700 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 46.101.139.12:443 -> 192.168.2.4:49701 version: TLS 1.0

Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://127.0.0.1:
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://169.254.169.254
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/tokenHhttps://oauth2.goo
Source: LuxaforApp.Setup.exe	String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationc:
Source: wixstdba.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: wixstdba.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: wixstdba.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: LuxaforApp.exe, 00000005.00000002.606925117.000000000E3E2000.00000004.00000020.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.376723218.000000000E3E2000.00000004.00000020.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.391553608.000000000E3E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: LuxaforApp.exe, 00000005.00000003.376064196.0000000007C9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: LuxaforApp.Setup.exe, 00000000.00000002.568708689.00000000004FB000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSA
Source: LuxaforApp.Setup.exe, 00000000.00000002.568708689.00000000004FB000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSA0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: wixstdba.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://cursive.net/protocol/received
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://cursive.net/xml/FileMap
Source: CrashReporter.NET.dll0.4.dr	String found in binary or memory: http://drdump.com/Service/CrashReporterReportUploader.svc
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://etherx.jabber.org/streams
Source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr	String found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/features/compress
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/caps
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/capsBhttp://jabber.org/protocol/pubsubNhttp://jabber.org/protocol/pubsub#
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/compress
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/disco#info
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/disco#items
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/geoloc#jabber:iq:private
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/geolocLhttp://jabber.org/protocol/disco#itemsJhttp://jabber.org/protocol/
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/httpbind
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/httpbind.jabber:component:accept0jabber:component:connect
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc#adminIhttp://jabber.org/protocol/muc#owner
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc#unique1Command
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/muc#user
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/mucFhttp://jabber.org/protocol/muc#userHhttp://jabber.org/protocol/muc#ad
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#errors-configuration-required
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#event
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#node_config
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://jabber.org/protocol/pubsub#owner
Source: Newtonsoft.Json.dll.4.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: 3ccd41.rbs.4.dr	String found in binary or memory: http://luxafor.com
Source: LuxaforApp.Setup.exe, 00000001.00000002.569458759.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://luxafor.comD
Source: LuxaforApp.Setup.exe, 00000000.00000002.570400884.0000000002C60000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.Setup.exe, 00000002.00000002.571156363.0000000003180000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.Setup.exe, 00000007.00000002.571003235.00000000037C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://luxafor.comd=
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://ocsp.comodoca.com0
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: wixstdba.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: LuxaforApp.Setup.exe.1.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://schemas.xceed.com/wpf/xaml/toolkit
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xceed.com/wpf/xaml/toolkit0WE
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr	String found in binary or memory: http://vimeo.com/api/v2/video/
Source: wixstdba.dll.1.dr	String found in binary or memory: http://wixtoolset.org
Source: LuxaforApp.Setup.exe, 00000001.00000002.572002773.00000000033E0000.00000004.00000020.00020000.00000000.sdmp, LuxaforApp.Setup.exe, 00000008.00000002.571626991.00000000041C0000.00000004.00000020.00020000.00000000.sdmp, thm.xml.1.dr	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: LuxaforApp.Setup.exe, 00000008.00000002.571314618.0000000003250000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010contrd=
Source: LuxaforApp.Setup.exe, 00000008.00000002.571314618.0000000003250000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010crosole
Source: LuxaforApp.Setup.exe, 00000001.00000002.572097239.00000000035C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010formad=
Source: LuxaforApp.Setup.exe, 00000001.00000002.572097239.00000000035C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010le
Source: LuxaforApp.Setup.exe, 00000008.00000002.571314618.0000000003250000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010usd=
Source: LuxaforApp.Setup.exe, 00000001.00000002.572097239.00000000035C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010wxld=
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://www.apache.org/).
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://www.apache.org/licenses/
Source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: LuxaforApp.exe, 00000005.00000002.590124064.0000000006B46000.00000002.00000001.01000000.0000001C.sdmp	String found in binary or memory: http://www.aspemporium.com/);
Source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr	String found in binary or memory: http://www.codeplex.com/DotNetZip
Source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr	String found in binary or memory: http://www.codeplex.com/DotNetZip8
Source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://www.hardcodet.net/taskbar
Source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.jabber.org/)
Source: Newtonsoft.Json.dll.4.dr	String found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://Webhook.com/luxafor
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://accounts.google.com
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/v2/authIhttps://oauth2.googleapis.com/revoke
Source: LuxaforApp.exe, 00000005.00000002.590667010.0000000006B82000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://api.luxafor.com/generate_id
Source: LuxaforApp.exe, 00000005.00000002.590667010.0000000006B82000.00000002.00000001.01000000.00000027.sdmp, LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://api.luxafor.com/get_status/
Source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://api.luxafor.com/webhook/v1/register_user
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.luxafor.com/wp-content/uploads/2022/07/luxafor.jpg);
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentials
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentialsRhttps://accounts.google.
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, LuxaforApp.exe, 00000005.00000002.608978394.000000000EAAC000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://developers.google.com/api-client-library/dotnet/apis/gmail/v1
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAE2000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specif
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://drdump.com/Service/CrashReporterReportUploader.svcQCrashReporterDotNET.Properties.Resources
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Josefin%20Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://geotargetingwp.com/docs/geotargetingwp/how-to-share-location
Source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: LuxaforApp.exe, 00000005.00000002.609195743.000000000EAD6000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, LuxaforApp.exe, 00000005.00000002.608978394.000000000EAAC000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://github.com/google/google-api-dotnet-client/tree/master/Src/Generated
Source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp	String found in binary or memory: https://github.com/jstedfast/MailKit/blob/master/FAQ.md#ProtocolLog
Source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp	String found in binary or memory: https://github.com/jstedfast/MailKit/blob/master/FAQ.md#SslHandshakeException
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gmpg.org/xfn/11
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/4FacI-XXdHE/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.00000000035FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/ID/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/JiNL2PRpi2M/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/jSuUg8f-gWA/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://i.ytimg.com/vi/vnfoSgz0Ujk/hqdefault.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.00000000035A3000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#/schema/logo/image/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#breadcrumb
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#organization
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#primaryimage
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/#website
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/15-activities-in-office-break-for-productivity/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/21-office-accessories-increase-your-productivity-2023/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/9-digital-skills-to-work-smarter-not-harder/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/?s=
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/battle-employee-burnout-effectively/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/boost-productivity-n-business-goals-with-luxafor/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/do-this-advance-your-personality-2023/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/luxafor-
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://luxafor.com/luxafor-cisco-jabber-presence/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/luxafor-cisco-jabber-presence/8
Source: LuxaforApp.exe, 00000005.00000002.585451775.0000000005EA2000.00000002.00000001.01000000.00000024.sdmp, PluginMute.dll.4.dr	String found in binary or memory: https://luxafor.com/luxafor-microphone-mute-button/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/page/2/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/bluetooth/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/co2-monitor/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/cube/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/flag/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/luxafor-colorblind-flag/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/luxafor-mute-button/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/orb/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/pomodoro-timer/
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/product/switch/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/products/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/webhook-
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://luxafor.com/webhook-api/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/webhook-api/8
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-admin/admin-ajax.php
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/astra-local-fonts/open-sans/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOS
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/astra-local-fonts/astra-local-fonts.css?ver=16
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/beacon-for-helpscout/assets/js/beacon.
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/elemen
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/geotargetingwp/public/js/geotarget-pub
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/pixelyoursite/dist/scripts/public.js?v
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/css/auto
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/css/fron
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/js/front
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/plugins/woocommerce-currency-switcher/js/price
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/cache/min/1/wp-content/themes/ice/css/main.css?ver=1671194397
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.10.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/css/woocommerce-notices.min.css?ver=3.10
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.10.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/js/preloaded-elements-handlers.min.js?ve
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.10.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.10
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/preloaded-modules.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.10.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/addons/geo-redirects/public/img/loading.svg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/public/css/geotarget-public.min.css?ver=6.0.3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/public/images/give_consent.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/geotargetingwp/public/js/min/selectize.min.js?ver=3.4.1.8
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/pixelyoursite/dist/scripts/jquery.bind-first-0.2.3.min.js?ver
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_re
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-modal-popup.min.js?ver=
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.3.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.3.
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.3.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ve
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/jquery-ui-touch-punch/jquery-ui-touch-p
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/wp-rocket/assets/img/youtube.png)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.000000000359B000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.573488960.00000000035FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.0.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.0.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-180x180.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-192x192.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-270x270.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/02/cropped-Luxafor-Logo-32x32.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/05/Luxafor-logo.jpg-100x100.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2020/05/Luxafor-logo.jpg.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Abbie-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Bank-of-America-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Buisness-Insider-Logo-1-131x60.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Buisness-Insider-Logo-1.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Chris-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/EA-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Elizabeth-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Enterpreneur-logo-1-160x60.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Enterpreneur-logo-1.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Etsy-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Facebook-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Google-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Ingram-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Jane-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Jeff-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Kayln-Denniston-Luxafor-Review-1.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Bluetooth-Wireless-Availability-Indicator-Pur
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Flag-Availability-Indicator-Green.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Flag1-Opt-300x200-2.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Michele-opt.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Nathan-opt.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor-Switch-Wireless-Meeting-Room-Availability-Ind
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor_CO2-1-of-8-600x400.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Luxafor_Mute-6-of-27-EDITED-V2-NOTEXT-600x401.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Microsoft-logo-2-.Optimized-1-190x60.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Microsoft-logo-2-.Optimized-1.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Pomodoro-Timer-Blue-600x600.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Steve-uses-Luxafor.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Thales-logo-100x13.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Thales-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Youtube-logo-100x24.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/Youtube-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/hulu-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/06/logitech-logo.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/07/DSC_0151-1-scaled.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/07/Luxafor-Cube-600x400.jpg
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/07/Luxafor-orb-2.jpg
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/11/15-activities-to-do-in-your-office-break-time-to-keep
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/11/21-Office-Accessories-That-Can-Increase-Your-Producti
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/11/Everything-You-Need-to-Know-about-Employee-Burnout-to
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-120x6
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-180x9
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-300x1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-600x3
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min-768x3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/9-Digital-Skills-to-Work-Smarter-Not-Harder-min.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-117x60.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-176x90.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-300x154.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-600x307.png
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133-768x393.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2022/12/IMG_9133.png
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-12
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-18
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-30
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-60
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min-76
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/2023/01/Do-this-and-advance-your-personality-in-2023-4-min.pn
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-1825.css?ver=1671194388
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-9097.css?ver=1671194392
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-9104.css?ver=1674143933
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-content/uploads/elementor/css/post-9551.css?ver=1671616201
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/hooks.min.js?ver=c6d64f2cb8f5c6bb49caca37f8828ce3
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.13.1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.13.1
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://luxafor.com/zapier/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com/zapier/8
Source: LuxaforApp.exe, 00000005.00000002.573488960.00000000035A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.com0WE
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxafor.helpscoutdocs.com/
Source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr	String found in binary or memory: https://luxafor.helpscoutdocs.com/article/25-webhook-api-basics-and-guidelines
Source: LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://luxaformanual.com/
Source: Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://mail.google.com/
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://oauth2.googleapis.com/token
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://oauth2.googleapis.com/token_Request
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://schema.org
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://schema.org/CreativeWork
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://schema.org/WebPage
Source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: log4net.dll.4.dr	String found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000002.582070959.0000000004326000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/Luxafor
Source: LuxaforApp.exe, 00000005.00000002.573488960.00000000035FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wp-rocket.me
Source: wixstdba.dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/services
Source: CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/services/IdolSoftware.DoctorDump.CrashReporterGate.CrashReporterReportUploade
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/services0
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/servicesT
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/servicesTU
Source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr	String found in binary or memory: https://www.drdump.com/servicesX
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.action.compose
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.action
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.metadata
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.readonly
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.addons.current.message.readonlyZhttps://www.googleapis.com/aut
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.composeYhttps://www.googleapis.com/auth/gmail.insertYhttps://w
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.metadataXhttps://www.googleapis.com/auth/gmail.modify
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.metadataYhttps://www.googleapis.com/auth/gmail.modify
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.readonlyThttps://www.googleapis.com/auth/gmail.sendhhttps://ww
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/auth/gmail.readonlyUhttps://www.googleapis.com/auth/gmail.sendihttps://ww
Source: Google.Apis.dll.4.dr	String found in binary or memory: https://www.googleapis.com/batch
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/batch/gmail/v1
Source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr	String found in binary or memory: https://www.googleapis.com/gmail/v1/users/
Source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr	String found in binary or memory: https://www.googleapis.com/oauth2/v1/certs
Source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v3/certsOReceived
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-43962980-11
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com/luxafor_official/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.linkedin.com/company/luxafor-technologies/
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.luxafor.com/download/
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.luxafor.com/download/?
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp, LuxaforApp.exe, 00000005.00000002.585290969.0000000005E82000.00000002.00000001.01000000.00000022.sdmp	String found in binary or memory: https://www.luxafor.com/subscriber
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://www.luxafor.com/version
Source: LuxaforApp.exe, 00000005.00000002.573488960.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.luxafor.com4
Source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.pinterest.com/luxafor_official/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tiktok.com/
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/4FacI-XXdHE?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/JiNL2PRpi2M?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/jSuUg8f-gWA?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/embed/vnfoSgz0Ujk?version=3&enablejsapi=1&autoplay=1&rel=0&
Source: LuxaforApp.exe, 00000005.00000002.590667010.0000000006B82000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: https://zapier.com/apps/luxafor
Source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000C62000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://zapier.com/apps/luxafor/
Source: LuxaforApp.exe, 00000005.00000002.573488960.000000000352A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://zapier.com/apps/luxafor/8

Source: unknown

DNS traffic detected: queries for: www.luxafor.com

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Content-Type: application/json; charset=utf-8Host: luxafor.comConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <a class="elementor-icon elementor-social-icon elementor-social-icon-facebook-f elementor-animation-sink elementor-repeater-item-0267196" href="https://www.facebook.com/luxafor" target="_blank"> equals www.facebook.com (Facebook)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <a class="elementor-icon elementor-social-icon elementor-social-icon-linkedin-in elementor-animation-sink elementor-repeater-item-92c0998" href="https://www.linkedin.com/company/luxafor-technologies/" target="_blank"> equals www.linkedin.com (Linkedin)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="4FacI-XXdHE" data-thumb="https://i.ytimg.com/vi/4FacI-XXdHE/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/4FacI-XXdHE?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="JiNL2PRpi2M" data-thumb="https://i.ytimg.com/vi/JiNL2PRpi2M/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/JiNL2PRpi2M?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="jSuUg8f-gWA" data-thumb="https://i.ytimg.com/vi/jSuUg8f-gWA/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/jSuUg8f-gWA?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <div class="uael-video-wrap"><div class="uael-modal-iframe uael-video-player" data-src="youtube" data-id="vnfoSgz0Ujk" data-thumb="https://i.ytimg.com/vi/vnfoSgz0Ujk/hqdefault.jpg" data-sourcelink="https://www.youtube.com/embed/vnfoSgz0Ujk?version=3&enablejsapi=1&autoplay=1&rel=0&" data-play-icon=""></div></div></div> equals www.youtube.com (Youtube)
Source: LuxaforApp.exe, 00000005.00000002.582070959.0000000004207000.00000004.00000800.00020000.00000000.sdmp, LuxaforApp.exe, 00000005.00000003.403684123.0000000004347000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <noscript><img height="1" width="1" style="display: none;" src="https://www.facebook.com/tr?id=966202933451813&ev=PageView&noscript=1&cd%5Bpage_title%5D=New-Age+Workplace+Performance+Tools&cd%5Bpost_type%5D=page&cd%5Bpost_id%5D=9551&cd%5Bplugin%5D=PixelYourSite&cd%5Buser_role%5D=guest&cd%5Bevent_url%5D=luxafor.com%2F" alt=""></noscript> equals www.facebook.com (Facebook)

Source: unknown

HTTP traffic detected: POST /version HTTP/1.1Content-Type: application/json; charset=utf-8Host: www.luxafor.comContent-Length: 30Expect: 100-continueConnection: Keep-Alive

Key, Mouse, Clipboard, Microphone and Screen Capturing

Creates a DirectInput object (often for capturing keystrokes)

Source: LuxaforApp.exe, 00000005.00000002.571283727.0000000001440000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Detected potential crypto function

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137C01F	0_2_0137C01F
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137F8C3	0_2_0137F8C3
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138A28E	0_2_0138A28E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01389DE0	0_2_01389DE0
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01382413	0_2_01382413
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138E73C	0_2_0138E73C
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01373F71	0_2_01373F71
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01382642	0_2_01382642
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BC01F	1_2_011BC01F
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BF8C3	1_2_011BF8C3
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CA28E	1_2_011CA28E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011962CC	1_2_011962CC
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C9DE0	1_2_011C9DE0
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C2413	1_2_011C2413
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CE73C	1_2_011CE73C
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011B3F71	1_2_011B3F71
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C2642	1_2_011C2642

Tries to load missing DLLs

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior

Uses 32bit PE files

Source: LuxaforApp.Setup.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\3ccd42.msi

Jump to behavior

Creates files inside the system directory

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\3ccd3f.msi

Jump to behavior

Found potential string decryption / allocating functions

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 01192022 appears 53 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011D2B5D appears 79 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011CFFF0 appears 34 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011CFB09 appears 649 times
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: String function: 011938BA appears 484 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 01392B5D appears 79 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 013538BA appears 405 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 0138FB09 appears 505 times
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: String function: 01352022 appears 49 times

Sample file is different than original file name gathered from version info

Source: LuxaforApp.Setup.exe, 00000001.00000002.572358591.000000006CAFD000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs LuxaforApp.Setup.exe
Source: LuxaforApp.Setup.exe, 00000008.00000002.571964891.0000000068DFD000.00000002.00000001.01000000.0000002E.sdmp	Binary or memory string: OriginalFilenamewixstdba.dll\ vs LuxaforApp.Setup.exe

Source: LuxaforApp.Setup.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: sus24.troj.evad.winEXE@13/93@3/1

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

File read: C:\Windows\win.ini

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01352078 FormatMessageW,GetLastError,LocalFree,

0_2_01352078

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_011B68EE ChangeServiceConfigW,GetLastError,

1_2_011B68EE

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\Greynut

Jump to behavior

Source: LuxaforApp.Setup.exe

Binary or memory string: .slNv

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

File read: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\LuxaforApp.Setup.exe C:\Users\user\Desktop\LuxaforApp.Setup.exe
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe "C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe" -burn.clean.room="C:\Users\user\Desktop\LuxaforApp.Setup.exe" -burn.filehandle.attached=552 -burn.filehandle.self=588
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe "C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe" -q -burn.elevated BurnPipe.{7E5A4B97-C4ED-4089-98A5-051A88384BD7} {4F4BCDF8-A571-4A88-B83F-38D9A5E6D4F9} 2620
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe
Source: unknown	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe"
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe "C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe" -burn.clean.room="C:\Users\user\Desktop\LuxaforApp.Setup.exe" -burn.filehandle.attached=552 -burn.filehandle.self=588	Jump to behavior
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe "C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe" -q -burn.elevated BurnPipe.{7E5A4B97-C4ED-4089-98A5-051A88384BD7} {4F4BCDF8-A571-4A88-B83F-38D9A5E6D4F9} 2620	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe"
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01354639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,		0_2_01354639
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_01194639 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,		1_2_01194639

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

File created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_013928BD GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,

0_2_013928BD

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Mutant created: \Sessions\1\BaseNamedObjects\{F74F1EB8-7CDA-4789-A7B1-74E0FF93E3D4}

Source: LuxaforApp.Setup.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: LuxaforApp.Setup.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Automated click: I agree to the license terms and conditions
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Automated click: Install
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Window detected: Number of UI elements: 23

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: LuxaforApp.Setup.exe

Static file information: File size 5575856 > 1048576

Source: LuxaforApp.Setup.exe

Static PE information: certificate valid

Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: LuxaforApp.Setup.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: LuxaforApp.Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: LuxaforApp.Setup.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer\obj\Release\HtmlRenderer.pdb source: LuxaforApp.exe, 00000005.00000002.588032548.0000000006572000.00000002.00000001.01000000.00000013.sdmp, HtmlRenderer.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdbpw source: LuxaforCLI.exe.4.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdbn source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdb source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\git\OSS\notifyicon-wpf\Hardcodet.NotifyIcon.Wpf\Source\NotifyIconWpf\obj\Release\Hardcodet.Wpf.TaskbarNotification.pdb source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdbSHA256t source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb(MBM 4M_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb0# source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdb source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\libs\LuxaforSharp\obj\Release\LuxaforSharp.pdb source: LuxaforApp.exe, 00000005.00000002.586340360.0000000006172000.00000002.00000001.01000000.00000010.sdmp, LuxaforSharp.dll1.4.dr, LuxaforSharp.dll.4.dr, LuxaforSharp.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdb source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforApp\obj\Release\LuxaforApp.pdb source: LuxaforApp.exe, 00000005.00000000.343605346.0000000000D29000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet\obj\Debug\JabberNet.pdb source: LuxaforApp.exe, 00000005.00000002.591002609.0000000006BD2000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdbDk source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdb source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdb source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdb source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\webhook\PluginWebhook\obj\Release\PluginWebhook.pdb source: LuxaforApp.exe, 00000005.00000002.590555027.0000000006B72000.00000002.00000001.01000000.00000029.sdmp, PluginWebhook.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: D:\X-Files\Projects\Jabber-Net\src\JabberNet.Netlib.Dns\obj\Release\JabberNet.Netlib.Dns.pdb source: LuxaforApp.exe, 00000005.00000002.590038370.0000000006B42000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: E:\GitHub\Zlib.Portable\src\Zlib.Portable\obj\Release-Signed\Zlib.Portable.pdb source: LuxaforApp.exe, 00000005.00000002.610191966.000000000ECB2000.00000002.00000001.01000000.0000003F.sdmp, Zlib.Portable.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdb source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\WixStdBA.pdb source: LuxaforApp.Setup.exe, 00000001.00000002.572305653.000000006CAEF000.00000002.00000001.01000000.00000007.sdmp, LuxaforApp.Setup.exe, 00000008.00000002.571896935.0000000068DEF000.00000002.00000001.01000000.0000002E.sdmp, wixstdba.dll.1.dr
Source:	Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.594400377.0000000006E72000.00000002.00000001.01000000.00000021.sdmp, Newtonsoft.Json.dll.4.dr
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdb source: LuxaforApp.exe, 00000005.00000002.609167514.000000000EAD2000.00000002.00000001.01000000.0000003E.sdmp, System.Buffers.dll.4.dr
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Core\obj\Release\net45\Google.Apis.Core.pdbSHA2567 source: LuxaforApp.exe, 00000005.00000002.606251670.000000000E352000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\LuxaforCLI\obj\Release\LuxaforCLI.pdb source: LuxaforCLI.exe.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\gmail\NotificationPluginGMail\obj\Release\NotificationPluginGmail.pdb source: LuxaforApp.exe, 00000005.00000002.609234622.000000000EAF7000.00000002.00000001.01000000.0000003B.sdmp, NotificationPluginGMail.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.PlatformServices\obj\Release\net45\Google.Apis.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599900036.000000000D9A2000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\teams\PluginTeams\obj\Release\PluginTeams.pdb source: LuxaforApp.exe, 00000005.00000002.585820284.0000000005ED2000.00000002.00000001.01000000.00000026.sdmp, PluginTeams.dll.4.dr
Source:	Binary string: d:\TeamCity\BuildAgent\work\a0af0e5ded848229\src\HidLibrary\obj\Release\HidLibrary.pdbh source: LuxaforApp.exe, 00000005.00000002.586483623.0000000006192000.00000002.00000001.01000000.00000011.sdmp, HidLibrary.dll0.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth\obj\Release\net45\Google.Apis.Auth.pdbSHA256 source: LuxaforApp.exe, 00000005.00000002.599953516.000000000D9B2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Dropbox\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net45\Newtonsoft.Json.pdb4 source: LuxaforApp.exe, 00000005.00000002.613286896.000000000FFD2000.00000002.00000001.01000000.00000039.sdmp
Source:	Binary string: C:\Code\github\NAudio\NAudio\obj\Release\net35\NAudio.pdb source: LuxaforApp.exe, 00000005.00000002.593840265.0000000006DE2000.00000002.00000001.01000000.0000001F.sdmp, NAudio.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\notificationplugins\mail\NotificationPluginMailkit\obj\Release\NotificationPluginMailkit.pdb<hVh Hh_CorDllMainmscoree.dll source: LuxaforApp.exe, 00000005.00000002.609089617.000000000EAC2000.00000002.00000001.01000000.0000003C.sdmp, NotificationPluginMailkit.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdb source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\burn.pdb source: LuxaforApp.Setup.exe, LuxaforApp.Setup.exe.2.dr, LuxaforApp.Setup.exe.1.dr
Source:	Binary string: D:\src\MailKit\MailKit\obj\Release\net452\MailKit.pdb source: LuxaforApp.exe, 00000005.00000002.614573264.00000000100B2000.00000002.00000001.01000000.00000038.sdmp
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis\obj\Release\net45\Google.Apis.pdb source: LuxaforApp.exe, 00000005.00000002.608745871.000000000EA72000.00000002.00000001.01000000.00000034.sdmp, Google.Apis.dll.4.dr
Source:	Binary string: D:\src\MimeKit\MimeKit\obj\Release\net452\MimeKit.pdb source: LuxaforApp.exe, 00000005.00000002.619716982.0000000010632000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: C:\Users\ravi1\Documents\Visual Studio 2015\Projects\CrashReporter.NET\CrashReporter.NET\obj\Release\CrashReporter.NET.pdb+ source: LuxaforApp.exe, 00000005.00000002.589661064.0000000006B22000.00000002.00000001.01000000.0000001A.sdmp, CrashReporter.NET.dll0.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\PluginContracts\PluginContracts\obj\Release\PluginContracts.pdbl: source: LuxaforApp.exe, 00000005.00000002.589343427.0000000006AF2000.00000002.00000001.01000000.00000018.sdmp, PluginContracts.dll.4.dr, PluginContracts.dll0.4.dr
Source:	Binary string: p:\Target\x86\ship\lync\x-none\desktop\Microsoft.Lync.Model.pdb source: LuxaforApp.exe, 00000005.00000002.591705551.0000000006C62000.00000002.00000001.01000000.0000001D.sdmp, Microsoft.Lync.Model.dll.4.dr
Source:	Binary string: C:\Users\Ari\Documents\Programming\Git\luxafor-win\libs\UsbHid\obj\Release\UsbHid.pdbxm source: LuxaforApp.exe, 00000005.00000002.589272364.0000000006AD2000.00000002.00000001.01000000.00000017.sdmp, UsbHid.dll.4.dr, UsbHid.dll0.4.dr
Source:	Binary string: c:\code\ManyConsole\ManyConsole\obj\Debug\ManyConsole.pdb source: ManyConsole.dll.4.dr
Source:	Binary string: C:\Apiary\2020-01-06.12-58-27\Src\Support\Google.Apis.Auth.PlatformServices\obj\Release\net45\Google.Apis.Auth.PlatformServices.pdbSHA256O source: LuxaforApp.exe, 00000005.00000002.599841866.000000000D992000.00000002.00000001.01000000.00000032.sdmp, Google.Apis.Auth.PlatformServices.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\jabber\PluginJabber\obj\Release\PluginJabber.pdbX source: LuxaforApp.exe, 00000005.00000002.585353339.0000000005E92000.00000002.00000001.01000000.00000023.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\pomodoro\PluginPomodoro\obj\Release\PluginPomodoro.pdbT source: LuxaforApp.exe, 00000005.00000002.585549002.0000000005EB2000.00000002.00000001.01000000.00000025.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdb source: LuxaforApp.exe, 00000005.00000002.615938113.0000000010302000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: C:\Aivars\luxafor-git\plugins\mute\PluginMute\obj\Release\PluginMute.pdb source: LuxaforApp.exe, 00000005.00000002.585451775.0000000005EA2000.00000002.00000001.01000000.00000024.sdmp, PluginMute.dll.4.dr
Source:	Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: LuxaforApp.exe, 00000005.00000002.610437673.000000000EFD2000.00000002.00000001.01000000.00000037.sdmp, log4net.dll.4.dr
Source:	Binary string: c:\Users\Sentinel\Desktop\HTMLRenderer\HTML-Renderer\Source\HtmlRenderer.WPF\obj\Release\HtmlRenderer.WPF.pdb< source: LuxaforApp.exe, 00000005.00000002.587797528.0000000006512000.00000002.00000001.01000000.00000012.sdmp, HtmlRenderer.WPF.dll.4.dr
Source:	Binary string: C:\Apiary\2020-02-17.08-00-03\Src\Generated\Google.Apis.Gmail.v1\obj\Release\net45\Google.Apis.Gmail.v1.pdb source: LuxaforApp.exe, 00000005.00000002.608865587.000000000EA92000.00000002.00000001.01000000.00000035.sdmp, Google.Apis.Gmail.v1.dll.4.dr
Source:	Binary string: C:\Aivars\luxafor-git\plugins\comingsoon\PluginComingSoon\obj\Release\PluginComingSoon.pdb source: LuxaforApp.exe, 00000005.00000002.585290969.0000000005E82000.00000002.00000001.01000000.00000022.sdmp

Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: LuxaforApp.Setup.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137E806 push ecx; ret		0_2_0137E819
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BE806 push ecx; ret		1_2_011BE819

Binary contains a suspicious time stamp

Source: NAudio.dll.4.dr

Static PE information: 0x9B1951B2 [Sun Jun 16 05:16:34 2052 UTC]

PE file contains sections with non-standard names

Source: LuxaforApp.Setup.exe	Static PE information: section name: .wixburn
Source: LuxaforApp.Setup.exe.0.dr	Static PE information: section name: .wixburn
Source: LuxaforApp.Setup.exe.1.dr	Static PE information: section name: .wixburn
Source: LuxaforApp.Setup.exe.2.dr	Static PE information: section name: .wixburn

Persistence and Installation Behavior

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

File created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe

Jump to dropped file

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll	Jump to dropped file
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.WPF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\jabber_accessories\JabberLuxaforPlugin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll	Jump to dropped file
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Hardcodet.Wpf.TaskbarNotification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\UsbHid.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\UsbHid.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforCLI.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\Mono.Options.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\cli\ManyConsole.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll	Jump to dropped file
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	File created: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\HidLibrary.dll	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Jump to dropped file
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Jump to dropped file

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	File created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\license.rtf			Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	File created: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\license.rtf

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

File created: C:\Users\user\AppData\Local\Temp\Luxafor_20230120034719_000_LuxaforApp_Setup.msi.log

Jump to behavior

Boot Survival

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greynut	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greynut\LuxaforApp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greynut\LuxaforApp\Luxafor.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99873s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99750s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99639s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99515s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99406s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99296s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99172s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -99060s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98950s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98742s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98629s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98459s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98259s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -98109s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97971s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97809s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97609s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97459s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97237s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -97059s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -96459s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -96159s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -95759s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -95409s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -95209s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94959s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94809s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94681s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94559s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94440s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -94109s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93967s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93866s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93759s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -93609s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe TID: 5340	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Found evasive API chain (date check)

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Evasive API call chain: GetLocalTime,DecisionNodes

Uses the system / local time for branch decision (may execute only at specific dates)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0138F839h	0_2_0138F79E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0138F79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0138F832h	0_2_0138F79E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 011CF839h	1_2_011CF79E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011CF79E GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 011CF832h	1_2_011CF79E

Contains long sleeps (>= 3 min)

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Window / User API: threadDelayed 6965

Jump to behavior

Found evasive API chain checking for process token information

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\jabber_accessories\JabberLuxaforPlugin.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Hardcodet.Wpf.TaskbarNotification.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\PluginContracts.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\LuxaforCLI.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\Mono.Options.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.WPF.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Newtonsoft.Json.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\ManyConsole.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\LuxaforSharp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\CrashReporter.NET.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\cli\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\HidLibrary.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll	Jump to dropped file

Is looking for software installed on the system

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Registry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Registry key enumerated: More than 154 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99873	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99750	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99639	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99515	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99406	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99296	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99172	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 99060	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98950	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98742	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98629	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98459	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98259	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 98109	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97971	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97809	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97609	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97459	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97237	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 97059	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 96459	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 96159	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 95759	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 95409	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 95209	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94959	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94809	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94681	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94559	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94440	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 94109	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93967	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93866	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93759	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 93609	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages	Jump to behavior
Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL	Jump to behavior

Source: LuxaforApp.exe, 00000005.00000003.376064196.0000000007C9C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_011D8EF4 VirtualQuery,GetSystemInfo,

1_2_011D8EF4

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01353D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	0_2_01353D4E
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01393C72 FindFirstFileW,FindClose,	0_2_01393C72
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011A9A1D FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	1_2_011A9A1D
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_01193D4E GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	1_2_01193D4E
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011D3C72 FindFirstFileW,FindClose,	1_2_011D3C72

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Anti Debugging

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_01384104 mov eax, dword ptr fs:[00000030h]		0_2_01384104
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C4104 mov eax, dword ptr fs:[00000030h]		1_2_011C4104

Launches processes in debugging mode, may be used to hinder debugging

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_013834A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_013834A2

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_013539DF GetProcessHeap,RtlAllocateHeap,

0_2_013539DF

Enables debug privileges

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Process token adjusted: Debug

Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_0137E0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0137E0A8
Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Code function: 0_2_013834A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_013834A2
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011BE0A8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_011BE0A8
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Code function: 1_2_011C34A2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_011C34A2

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: NAudio.dll.4.dr, NAudio/Utils/NativeMethods.cs	Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
Source: CrashReporter.NET.dll.4.dr, HelperMethods.cs	Reference to suspicious API methods: ('LoadLibrary', 'LoadLibrary@kernel32'), ('GetProcAddress', 'GetProcAddress@kernel32')

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.clean.room="c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.clean.room="c:\programdata\package cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\luxaforapp.setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe "C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe" -burn.clean.room="C:\Users\user\Desktop\LuxaforApp.Setup.exe" -burn.filehandle.attached=552 -burn.filehandle.self=588	Jump to behavior
Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Process created: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe "C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe" -q -burn.elevated BurnPipe.{7E5A4B97-C4ED-4089-98A5-051A88384BD7} {4F4BCDF8-A571-4A88-B83F-38D9A5E6D4F9} 2620	Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Process created: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe "C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.clean.room="C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe" -burn.filehandle.attached=572 -burn.filehandle.self=580

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_011D32B9 AllocateAndInitializeSid,CheckTokenMembership,

1_2_011D32B9

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

1_2_011D0FA6

Source: LuxaforApp.exe, 00000005.00000002.587935410.0000000006552000.00000002.00000001.01000000.00000015.sdmp

Binary or memory string: Shell_TrayWnd

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe	Queries volume information: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.ba\logo.png VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforSharp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HidLibrary.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.WPF.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\HtmlRenderer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Hardcodet.Wpf.TaskbarNotification.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\UsbHid.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\PluginContracts.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\CrashReporter.NET.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\CrashReporter.NET.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\HidLibrary.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\JabberNet.Netlib.Dns.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\LuxaforSharp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Lync.Model.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Microsoft.Office.Uc.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\NAudio.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginComingSoon.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginJabber.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginMute.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginPomodoro.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTeams.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginTimer.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginWebhook.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\general\PluginZapier.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\BouncyCastle.Crypto.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Auth.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Core.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.Gmail.v1.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Google.Apis.PlatformServices.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MailKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\MimeKit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Newtonsoft.Json.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginGMail.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\NotificationPluginMailkit.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\PluginContracts.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\System.Buffers.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Program Files (x86)\Greynut\LuxaforApp\plugins\notifications\Zlib.Portable.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.dll VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\Greynut\LuxaforApp\bin\Release\LuxaforApp.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{79cd8bec-9d20-4245-9990-a09fd341327c}\LuxaforApp.Setup.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{1B2935C3-AF1B-44BF-B792-FB9AE0E4B9FB}\.ba\logo.png VolumeInformation

Source: C:\Windows\Temp\{FA2385C1-BBAF-4DD5-8FC4-E3D5D1646EAE}\.be\LuxaforApp.Setup.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_0137E463 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0137E463

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01398039 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,

0_2_01398039

Source: C:\Windows\Temp\{1961BF96-93C4-4B26-91A0-EBCD3741F305}\.cr\LuxaforApp.Setup.exe

Code function: 1_2_01196203 GetUserNameW,GetLastError,

1_2_01196203

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01364E6A ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,

0_2_01364E6A

Source: C:\Users\user\Desktop\LuxaforApp.Setup.exe

Code function: 0_2_01393349 GetVersionExW,

0_2_01393349

Lowering of HIPS / PFW / Operating System Security Settings

Adds / modifies Windows certificates

Source: C:\Windows\System32\msiexec.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Jump to behavior

ID:	787981
Product:	CloudBasic
Start time:	03:46:25
Start date:	20.01.2023
Sample:	LuxaforApp.Setup.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	3745aeaa0f2d8818a581a5361be85193
SHA1:	32f6174b039cfed524abb96ea4d387ff8c106810
SHA256:	ff79b37318e64e6a7aac91978c7121b079c9821185fcf4a463037c1ea8a117eb
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report LuxaforApp.Setup.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
LuxaforApp.Setup.exe