Overview

overview

10

Static

static

1

Fluxion Launcher.rar

windows11-21h2-x64

10

Analysis

  • max time kernel
    241s
  • max time network
    244s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-01-2025 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fluxion Launcher.rar

  • Size

    3.3MB

  • MD5

    eee78ef06b0bee50ebeb26dd87c810ce

  • SHA1

    a098985153e9b9c68f42e891045845cbb4d3b915

  • SHA256

    ac9881ba3da632e68be376d6ac307962bd9116fa2240a3eb53f564f8f8d2673e

  • SHA512

    135c0c65cd9cfc4f146aba090899ebaffbdbc71816365a568473e8837e0b43e0cb9e031f78dfa4469334a519d09d516db5204a344bbeedc65cf2840d40a776f3

  • SSDEEP

    98304:3sMGdImCv5E3aYmlKvA43Y0Ozi/uIArpyKg:395mqE37A6XNOu/uNrpyL

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 54 IoCs
  • Suspicious use of SetThreadContext 30 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 15 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 45 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Fluxion Launcher.rar"
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3492
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3248
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1d523cb8,0x7fff1d523cc8,0x7fff1d523cd8
        2⤵
          PID:2408
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
          2⤵
            PID:1108
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:748
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
            2⤵
              PID:1620
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:4616
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                2⤵
                  PID:3964
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
                  2⤵
                    PID:412
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                    2⤵
                      PID:1532
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4044
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                      2⤵
                        PID:2772
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                        2⤵
                          PID:5088
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5092
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                          2⤵
                            PID:3620
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
                            2⤵
                              PID:3420
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                              2⤵
                                PID:2260
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,17358298304273643454,15350122790935037741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
                                2⤵
                                  PID:3020
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2768
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3716
                                  • C:\Windows\system32\NOTEPAD.EXE
                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\LUMMASTEALER\Config.txt
                                    1⤵
                                    • Opens file in notepad (likely ransom note)
                                    PID:2536
                                  • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                    "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    PID:2796
                                    • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                      "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:4100
                                    • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                      "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      • System Location Discovery: System Language Discovery
                                      PID:3800
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 784
                                      2⤵
                                      • Program crash
                                      PID:3020
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2796 -ip 2796
                                    1⤵
                                      PID:3964
                                    • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                      "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:2244
                                      • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                        "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:2300
                                      • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                        "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:4972
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 776
                                        2⤵
                                        • Program crash
                                        PID:4756
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2244 -ip 2244
                                      1⤵
                                        PID:2316
                                      • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                        "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetThreadContext
                                        • System Location Discovery: System Language Discovery
                                        PID:1932
                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          PID:1980
                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          PID:3624
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 784
                                          2⤵
                                          • Program crash
                                          PID:784
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1932 -ip 1932
                                        1⤵
                                          PID:2504
                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                          1⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetThreadContext
                                          • System Location Discovery: System Language Discovery
                                          PID:4600
                                          • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                            "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                            2⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:3216
                                          • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                            "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                            2⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:3760
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 812
                                            2⤵
                                            • Program crash
                                            PID:3244
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4600 -ip 4600
                                          1⤵
                                            PID:4912
                                          • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                            "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                            1⤵
                                            • Executes dropped EXE
                                            • Suspicious use of SetThreadContext
                                            • System Location Discovery: System Language Discovery
                                            PID:1556
                                            • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                              "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:5100
                                            • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                              "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:2928
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 772
                                              2⤵
                                              • Program crash
                                              PID:1056
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1556 -ip 1556
                                            1⤵
                                              PID:1544
                                            • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                              "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • Suspicious use of SetThreadContext
                                              • System Location Discovery: System Language Discovery
                                              PID:2032
                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                PID:2740
                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:1664
                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                PID:5040
                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                PID:2368
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 792
                                                2⤵
                                                • Program crash
                                                PID:1144
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2032 -ip 2032
                                              1⤵
                                                PID:728
                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                1⤵
                                                • Executes dropped EXE
                                                • Suspicious use of SetThreadContext
                                                • System Location Discovery: System Language Discovery
                                                PID:4052
                                                • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                  "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  PID:3248
                                                • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                  "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2360
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 148
                                                  2⤵
                                                  • Program crash
                                                  PID:1020
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4052 -ip 4052
                                                1⤵
                                                  PID:3220
                                                • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                  "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                  1⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetThreadContext
                                                  • System Location Discovery: System Language Discovery
                                                  PID:3356
                                                  • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                    "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:1400
                                                  • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                    "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    PID:4740
                                                  • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                    "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:2888
                                                  • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                    "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:3652
                                                  • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                    "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5068
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 804
                                                    2⤵
                                                    • Program crash
                                                    PID:1124
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3356 -ip 3356
                                                  1⤵
                                                    PID:2160
                                                  • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                    "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3672
                                                    • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                      "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:3192
                                                    • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                      "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      PID:596
                                                    • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                      "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • System Location Discovery: System Language Discovery
                                                      PID:3284
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 788
                                                      2⤵
                                                      • Program crash
                                                      PID:3596
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3672 -ip 3672
                                                    1⤵
                                                      PID:2956
                                                    • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                      "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                      1⤵
                                                      • Executes dropped EXE
                                                      • Suspicious use of SetThreadContext
                                                      • System Location Discovery: System Language Discovery
                                                      PID:2316
                                                      • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                        "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:1288
                                                      • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                        "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:3888
                                                      • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                        "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:1236
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 784
                                                        2⤵
                                                        • Program crash
                                                        PID:4992
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2316 -ip 2316
                                                      1⤵
                                                        PID:2944
                                                      • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                        "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                        1⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of SetThreadContext
                                                        • System Location Discovery: System Language Discovery
                                                        PID:1756
                                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          PID:4124
                                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          PID:1480
                                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:1564
                                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:2028
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 716
                                                          2⤵
                                                          • Program crash
                                                          PID:956
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1756 -ip 1756
                                                        1⤵
                                                          PID:3240
                                                        • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                          "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetThreadContext
                                                          • System Location Discovery: System Language Discovery
                                                          PID:4820
                                                          • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                            "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:1892
                                                          • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                            "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • System Location Discovery: System Language Discovery
                                                            PID:4956
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 800
                                                            2⤵
                                                            • Program crash
                                                            PID:3720
                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4820 -ip 4820
                                                          1⤵
                                                            PID:4300
                                                          • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                            "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of SetThreadContext
                                                            • System Location Discovery: System Language Discovery
                                                            PID:1736
                                                            • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                              "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • System Location Discovery: System Language Discovery
                                                              PID:2600
                                                            • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                              "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              • System Location Discovery: System Language Discovery
                                                              PID:4728
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 776
                                                              2⤵
                                                              • Program crash
                                                              PID:1192
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1736 -ip 1736
                                                            1⤵
                                                              PID:1928
                                                            • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                              "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                              1⤵
                                                              • Executes dropped EXE
                                                              • Suspicious use of SetThreadContext
                                                              • System Location Discovery: System Language Discovery
                                                              PID:752
                                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:796
                                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:3380
                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 780
                                                                2⤵
                                                                • Program crash
                                                                PID:3064
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 752 -ip 752
                                                              1⤵
                                                                PID:2896
                                                              • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                                "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Suspicious use of SetThreadContext
                                                                • System Location Discovery: System Language Discovery
                                                                PID:4760
                                                                • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                                  "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:3644
                                                                • C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe
                                                                  "C:\Users\Admin\Documents\LUMMASTEALER\FREELUMMASTEALER.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:2308
                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 772
                                                                  2⤵
                                                                  • Program crash
                                                                  PID:1596
                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4760 -ip 4760
                                                                1⤵
                                                                  PID:2472

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  e11c77d0fa99af6b1b282a22dcb1cf4a

                                                                  SHA1

                                                                  2593a41a6a63143d837700d01aa27b1817d17a4d

                                                                  SHA256

                                                                  d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

                                                                  SHA512

                                                                  c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  c0a1774f8079fe496e694f35dfdcf8bc

                                                                  SHA1

                                                                  da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

                                                                  SHA256

                                                                  c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

                                                                  SHA512

                                                                  60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  336B

                                                                  MD5

                                                                  721012e29e8ab2fd2a2c39925620ba52

                                                                  SHA1

                                                                  aeb89b6cc780eeb0752914ac0f5776499b2f4e68

                                                                  SHA256

                                                                  d0f0c1a54532589fa24b415c5ee7fc89118543cc86f319227d67a90987eea643

                                                                  SHA512

                                                                  1786d4e8b086fa287bfb661a3820c589e1bfbaa46e11ffc72450069640d3a15f2b52ba2f7e8de60fd0813f3d141aa6add093e3f1298210f3a7e3ff3ff8a6ee6d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
                                                                  Filesize

                                                                  120B

                                                                  MD5

                                                                  036855fa4b86b13fdfe85517625744ac

                                                                  SHA1

                                                                  b27c048ac21e6ab82baba34b8834613e256d0207

                                                                  SHA256

                                                                  472a99c33f3513c0457771af28d63997308eaea563ec5eeef644483ab8778d28

                                                                  SHA512

                                                                  94cea706e223b3ffdfa709a18cd5a48e7473a1c489123c52e25852b6faf1cf3e5ab1c028dd200d6f5de38181765b8a96ff0f7c6083b7890106c4a97a1b695e3c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  ed1d8834b7b2791efed64889d0762068

                                                                  SHA1

                                                                  a959571b44fc41e3004168ec5f25df594bb2d300

                                                                  SHA256

                                                                  80017595bffb6fd95a4682e7a5d88f909c5b5b273f80ec8a4fc3531afc11afa0

                                                                  SHA512

                                                                  8133d42c7b0917f7cf0a3c5b43964fd79e329085302cd02fe3cd58e7ff3b1111ab4ba275230b5b5d185d9da641dd59abb85f90742ddc2a9862df57219b8bd1fb

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  b50a641738063a8d602c6eca64cebcd8

                                                                  SHA1

                                                                  751f541ecb2853bdc4362fbbe4eb02a8d29e3b4e

                                                                  SHA256

                                                                  b0bb87e78def3070eae26eaa3f8db6836e478d71e3e20557a1eec64c117c0482

                                                                  SHA512

                                                                  736946e8151142aa8fd62ac3195abc150190135a4ab8f05745533e3ca51d3c9d7a7a3dd90553752dfb55e1b6fe9abe6425812d3835efbf593cdeba58f91b46a6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  9eea5c7f77958a50ee97704679dc841f

                                                                  SHA1

                                                                  0cbcb80102b5bba493fe89d49a7b709866383552

                                                                  SHA256

                                                                  e513ea65cef31fe87999a12a368a26a40da0b958463c9fd9314b4f98709125b0

                                                                  SHA512

                                                                  1a20926ccbdf2a4318c8447f9b8a306e439128723374c07a64234807eddb48b0e551f8654840f9c6d498ac36aebc99a92bc98e40aa9d1c75faf37a0b9cb6ce4e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  5736dea54643b118ccddfc506442b520

                                                                  SHA1

                                                                  3c520aa482d1e3074a087bdaaefd17a06fc3ec4e

                                                                  SHA256

                                                                  f0b75274453b8ae4500b1a4d2ce631bd7c93bca408682429e737b76ae6aedf88

                                                                  SHA512

                                                                  7c77b815af87cc76f9c7a4ad57f6eb2c49bff8fbedea06118e46c7d328a2ecfd84243f253da584a1812af381b89f2de0682d4d50c77a8e3501603bce763380ad

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  5c26033b3221d6bf54b9e5ee68a1520e

                                                                  SHA1

                                                                  e3dc584a70d3a18e7816e363a937bfa4a7247f20

                                                                  SHA256

                                                                  8708171a9b8b321e890a72e6c37f76f7699d1d94d5db2ec8ee896cf254fb1ae5

                                                                  SHA512

                                                                  2204846867cbdae968727b0d3ddcb6935789fb4d630ed47985ac4f78fcd440473f647808355468b1817794aa364dca78672748339b83251431808c96b7a2fa68

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  206702161f94c5cd39fadd03f4014d98

                                                                  SHA1

                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                  SHA256

                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                  SHA512

                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  23278a01c5db586461119d34d85cf6db

                                                                  SHA1

                                                                  d6a7b31be6b03489c4c3781fd8e6c3a5ae859d83

                                                                  SHA256

                                                                  32452abf755e89684082b80cb894b1502799d713383ca0fd212eb30793ddf7f9

                                                                  SHA512

                                                                  f33523ac453bde8c65bc462fde63b3c6d4c7cb38d7c1cd79ecf330aef2a054c66a033438880f26b6649bef6248a62f8b59a90187029ed1d2ec7b07091e5c2727

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  4238dca7f4db90ed30609a6d24a09aee

                                                                  SHA1

                                                                  732818d96335b0df2bbf057edb3ed942a5c55020

                                                                  SHA256

                                                                  4c043da4e94851fcca5e7ec8447d8e675e2bca74e7dc2fc3f42632c7aff42af7

                                                                  SHA512

                                                                  491b96fde8d174631422978b187f6969987169d2921b61306438489cc225df15ffce0a959b74c0a4eb74afb8418d1a5efb87360a312c6e733d301ac47800ceed

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  c45c9ca85a058e37bf9f086079c24224

                                                                  SHA1

                                                                  b9e12533f56204c4f1711d57907f3b7468483695

                                                                  SHA256

                                                                  2b7c808b45cc2fa61441a347c21853bd1267c0896ac7ea4070107bf4931daa7c

                                                                  SHA512

                                                                  c5484f228ba53b2f7e42ca99d23e5ac87a74f48a6bf8848fa7df01ef6fc68ccf245a1d5d464dbdbf76bf39550a2c2998170bea2a9a28f86f7fd56bfc94b1b2d9

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  f0b06fae38b7df7f32cc6f7ba9d96556

                                                                  SHA1

                                                                  b0e8fce0dc0258b0c2b4071957dc0c7a44f16388

                                                                  SHA256

                                                                  7c6c10502b2a88e70a05b48d1ea3ba4d60dac8bcf9917afe8af58ec59df13feb

                                                                  SHA512

                                                                  5b619e4a2e40928965fa1717e948e5baaa73dffcdd0f45b44c605b9216724aa8cc4357aefdab57900d1460355471bcc3708c181892d7f79e228f07e19651743d

                                                                  Download Submit

                                                                • C:\Users\Admin\Documents\Fluxion Launcher\Autoupdate.dll
                                                                  Filesize

                                                                  2.5MB

                                                                  MD5

                                                                  51397005ac7db572e3af109699f4ba73

                                                                  SHA1

                                                                  c9bcb56dd1a4c4b687917aac34f703908a5d4bde

                                                                  SHA256

                                                                  07bd44748b663d9efbf35cd962408b57ad72a7ce65bdc2722db284f343b2d891

                                                                  SHA512

                                                                  512740d00adf5512cd8f6ca163a1c137a0e17091243d880271945b90306f7ddc6b47928b27985c5b60b4474e5be57273308babe50986fda638dc6b8ea2f0f2c8

                                                                  Download Submit

                                                                • C:\Users\Admin\Documents\Fluxion Launcher\fluxionlauncher.exe
                                                                  Filesize

                                                                  339KB

                                                                  MD5

                                                                  0faa74d371ad58d493b2df890c610774

                                                                  SHA1

                                                                  c7a155aca4a20258fc1105b91d5d94205415546a

                                                                  SHA256

                                                                  4d6330d6d983a30c5a0e469058075e96b6e8109daff1ac41a910aab2621f488d

                                                                  SHA512

                                                                  fa603a7a93062d72ff33e3a0562357169148470ac0defef8145d629a5efa7e87f5481a82ee1a7c4e8bcb26e242f7fa4074076f2ca0a08fa0e0b158544f9da223

                                                                  Download Submit

                                                                • C:\Users\Admin\Documents\Fluxion Launcher\x64\cfg.dll
                                                                  Filesize

                                                                  5.0MB

                                                                  MD5

                                                                  7bfe885d87026d0d41dba5fb4173201c

                                                                  SHA1

                                                                  027637e1c7fd24a7bbaba6b926cce67e47d8e7dc

                                                                  SHA256

                                                                  2b529e8afa002053744bb4e2430513e7745f91b5052446ef2d0568e91d5b1280

                                                                  SHA512

                                                                  d2ded5d1c216900e340425f652c585398f2662f3aefe552e80161af90d1656d2ed202366c2ac794564dbf6eca0c1d769f62fcb979a0d666ea06540e389a30951

                                                                  Download Submit

                                                                • C:\Users\Admin\Documents\LUMMASTEALER\Config.txt
                                                                  Filesize

                                                                  183KB

                                                                  MD5

                                                                  6d7f976b644410f6251697469e25af61

                                                                  SHA1

                                                                  faa26974833529f162cde7273405bcc6a945a9b6

                                                                  SHA256

                                                                  bb83eb8a0ae75c425f6ec72af554e5f8158eb4ffa0a898e26b564fc0217c8ae5

                                                                  SHA512

                                                                  e160464239b42bdaade8a50e762e233053627c67bccd435c8431aff5efed36945f5524b5e1e56821625ff71456eb5b640ace959aa728d0cf186c1c91a7cf39d7

                                                                  Download Submit

                                                                • memory/2796-341-0x0000000000F90000-0x0000000000FEC000-memory.dmp

                                                                  Filesize

                                                                  368KB

                                                                  Download

                                                                • memory/2796-342-0x0000000005E20000-0x00000000063C6000-memory.dmp

                                                                  Filesize

                                                                  5.6MB

                                                                  Download

                                                                • memory/4100-344-0x0000000000400000-0x000000000045B000-memory.dmp

                                                                  Filesize

                                                                  364KB

                                                                  Download

                                                                • memory/4100-348-0x0000000000400000-0x000000000045B000-memory.dmp

                                                                  Filesize

                                                                  364KB

                                                                  Download