lumma | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbkpqOE1SOTBzOFBMZmgwaEdpRXZYR0stcWQxZ3xBQ3Jtc0ttUENzUWM0M3FUYUJaSzZia3RKU3l5YkJBVjk0ZGNhbnRXZ1NGRk44UktQaEduYl9wcW44aVZMckVwdTZEV2hJR09feFR3Z0FkamtVeU5SUFRsWjJQT08taFkzcmhsaEZGejhUMEY5M2VScmVFQ2F5WQ&q=https%3A%2F%2Ffusionhacks[.]pro%2Fcheat%2Froblox-executor[.]html&v=alO5NBBX3_0

Analysis

max time kernel
171s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 06:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbkpqOE1SOTBzOFBMZmgwaEdpRXZYR0stcWQxZ3xBQ3Jtc0ttUENzUWM0M3FUYUJaSzZia3RKU3l5YkJBVjk0ZGNhbnRXZ1NGRk44UktQaEduYl9wcW44aVZMckVwdTZEV2hJR09feFR3Z0FkamtVeU5SUFRsWjJQT08taFkzcmhsaEZGejhUMEY5M2VScmVFQ2F5WQ&q=https%3A%2F%2Ffusionhacks.pro%2Fcheat%2Froblox-executor.html&v=alO5NBBX3_0

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://deadpannsjzvn.shop/api

https://chippyfroggsyhz.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Loads dropped DLL 2 IoCs

pid	Process
3472	FusionLoader v2.1.exe
2732	FusionLoader v2.1.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3472 set thread context of 228	3472	FusionLoader v2.1.exe	119
PID 2732 set thread context of 4992	2732	FusionLoader v2.1.exe	123

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674012322681166"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1292	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe
Token: SeShutdownPrivilege	3760	chrome.exe
Token: SeCreatePagefilePrivilege	3760	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3760	chrome.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe
3804	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 1420	3760	chrome.exe	83
PID 3760 wrote to memory of 1420	3760	chrome.exe	83
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 4068	3760	chrome.exe	84
PID 3760 wrote to memory of 676	3760	chrome.exe	85
PID 3760 wrote to memory of 676	3760	chrome.exe	85
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86
PID 3760 wrote to memory of 5048	3760	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbkpqOE1SOTBzOFBMZmgwaEdpRXZYR0stcWQxZ3xBQ3Jtc0ttUENzUWM0M3FUYUJaSzZia3RKU3l5YkJBVjk0ZGNhbnRXZ1NGRk44UktQaEduYl9wcW44aVZMckVwdTZEV2hJR09feFR3Z0FkamtVeU5SUFRsWjJQT08taFkzcmhsaEZGejhUMEY5M2VScmVFQ2F5WQ&q=https%3A%2F%2Ffusionhacks.pro%2Fcheat%2Froblox-executor.html&v=alO5NBBX3_0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff86503cc40,0x7ff86503cc4c,0x7ff86503cc58
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1680,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1672 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=276,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4648,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3816,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3316,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5208,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5184,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5588,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5596,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5792,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6204,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6364,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=208,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=940,i,15572526128687431598,12425691628276693215,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5056

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4080

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\FusionHacks\ReadMe.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1292

C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3472
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:228

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:3804

C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2732
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2c76afc5a2c5731743f37706c1fc87cf

SHA1
7e9b3c33b0e65d011882eae9d8224a3f2e30f7f6

SHA256
77fc781aa22f91c1beb606634a96088bfbbda95c1c2f08b679c281f2ffbb2dd6

SHA512
6cc81e2569857200dcd7f7c161536e9dd1fff4c9fb993fdc58c7f86b79b064713001de5d6af01136b4666439ce16532626559734549150408c8c101601ed8683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
54KB

MD5
01ad880ee50b786f74a5e4fae9ba3d71

SHA1
111387dbe885b7f3af44cdbbeea17eeb04bbf803

SHA256
9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e

SHA512
d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
28KB

MD5
13d4f13cd34f37afc507ac239d82ddbd

SHA1
6d500935a441d438ed052e90de0443bccc8c6d17

SHA256
76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01

SHA512
152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
40KB

MD5
230ab95d87a717be265134072eb17c25

SHA1
71a3d3dd6f952057ba0c6025d39c9792ff606828

SHA256
3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068

SHA512
9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0b1907424c9168f4_0

Filesize
54KB

MD5
dbf9228c13ff8c7c6bbfc79ee3acf976

SHA1
fb1a221ff7cebc85a86fd1d44c78ba2800297fce

SHA256
24bad193d4df4a57ffe349763cf2d2b8d94e6428404e69fc091a78e5d373cf62

SHA512
5942c207c3366bd3458e298432b5f818c340d50d39eec673419eebd9c387ed677f42690a778237ba5dda534b0fcf74e312cc6a881aef59513947d4be7b71f544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1d36563bff1e326c_0

Filesize
287B

MD5
826d145841ffaf7c095874f191922749

SHA1
e7bfc483e4bd2c3fe2cd54d9bf01dfa268d49aaf

SHA256
5cdf4c26b2339d9da32221d0d01b6cb6252628641f3756986ef3796305168043

SHA512
916628f9b0042a51fffdff4eb6404a64d7688c6a775c96ddc1ca3d1092f2cfa3f0315f8bc4382ad10020adc344f6388b4ce4ef41b1e3e8aca027867c65852ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
303B

MD5
a52d9c745fe7bd7e0a5d1cce63d34983

SHA1
14568ad3271faccc668533fc1cfee339f49dc22e

SHA256
26c744f0c2dda0a665c2b716b77e5fb06e7b65ed212a98f00f02597ba219c747

SHA512
907a0fda6e037753a5efcdf0d36dceab22738cc4e4d9b43b078580868efe2452ccd898cd51bc641cd8d5cb336ff2aadeef8a8701d0dcaf5a162eb7c7e60a74c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aec4fafa35fae554_0

Filesize
187KB

MD5
1f8243dbd5aba123a520713aae6a0ec4

SHA1
88cab96e3ad15560ccfbd9a4ff9db2173ef397bc

SHA256
458279aeea9480f9b1476885ded4ffc3db80d333ba65e006476a7b17722c1978

SHA512
78be03830ad49ddeb25642fd2352d96dc0fe6a3cfd5b4caf412de30254aafef624dcc96676ae0548913e240983d61346a142d9ab2931719d5fb9032843db7dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
ba48b703d10d8a20a9f84893cbe9a90e

SHA1
e9abcb6f4b9b66240d4d1c2b6abf61a7fde15f26

SHA256
c6ede60946ab6eddd8e7f54f29fa8fd887692820347da2ff73d92328e54b8663

SHA512
78fabac144e07f0ce1a3ad2645d7da178356a24f9d11460a5b47d689b1a192403de9c942f851e73113c214a1115554fb9e66d588e5b5f831e32bdc225f5994af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8d0b5adaef42efdeb2510dd6b372a72e

SHA1
b788b56ce0d78acbc6db9fb34504babfabe37373

SHA256
676207cdbed6223f28e58962f95d5506255266d6f3152d146a2531430c45a6e2

SHA512
992874a765c7c5d3ddf0a3b566d2101b3cd6e4244f9c6378510fe9b36ece57193eb00ae0fe9c895d0b9837d63cf40caf6e8efd4ce39addd934896a289ff50f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
01f4dc27c401f246ab4e35bd364ef928

SHA1
13cda25bc8a167696f38408b92e56161d6cec7b8

SHA256
8102b801981c8bf777e30ee6b02fbf5e168c8e189c5d0298665b1a1613d5f1b9

SHA512
fbc1f102ddde4ee5c83fc0af43f7f7c72ecc58b1adc5fa2aff3c49a8f1cfe6770e780d2c2ae6b66cc4c968aa34c1643a06494816b1cce2c3a47e5f1088574427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6a84951cc16ebb4e7ab0f8038795ac87

SHA1
61510777fdd93dab32f7aa2adc55c45cfa0da932

SHA256
cdef2245846760fa5c16e18403af66cc9bf7ca052c9f4cd106c01c801d241bcf

SHA512
a7c18d5a8ec0b83ababb080d75bb4b308f67f94d6d0afb0f7875f9bb53f31a7c163699c24ce707773f65f77af4839a754950e236746ccd723cfa3cd98a0bb71f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e50e1d3901b5a36e48cc851171c9a1bb

SHA1
f070554fe7f4e407882998c8c59b4da66f95c4e0

SHA256
42b51dfd0cb0d5e064b7cfb961e1b0bcb5e6ad16255b6ee37bfd7ef007de943d

SHA512
4a7ed74538888e3f722678011f6673278fd7c8037acd06a88439a82478837171367fbb081a1ee37155919e95198934e70ce91b11a41eb2fca1f96345e24a76c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
656058509c4cfff10c6349f5b5f012b6

SHA1
61b26d8bb84da595a715a67ad01b076b2a9a030a

SHA256
5f12c9705b05255089b5db785d7ed8bbbf8b78846e6b1b9d1a834ac5550ed862

SHA512
9b91c4b89293d3c2595f650bd369cc68646db90ffee2f2531368b03393906bc226df874177b9e98124fbb2ba27df8e1c82d56c1a15083f3cbeb944e4f0ee594d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e02e5e3f28c10b5e8e6ac89fcacc5d60

SHA1
dc80d3c84700918f142c75fc32c96c832e0860a1

SHA256
a013d597b5c4f532c24c7ae12315cc0c7275a11136d9b4c3eff8414fd4f794af

SHA512
1be8993a2c41a77507f74d66087cd6018b1b8545158fd580c26693da039970d7846e9218b647a3d158687600c1f1f717b55e685ce9a9f04714ad923d55c9e8b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5bfed1b1aeb64cd243f1e1c64b7921be

SHA1
ccadce0b7170a67b36983db7197c49beb6d42166

SHA256
730a2cb661cc15cfd1ba468a92b3d61e94681daaf4762c3fa7115ead13183198

SHA512
b2b5ee67b2c562d3a7325c249aa7f78988dfb3f8a6ef32ab5ba85683b201871596cd0072eb838113982d7de27e1fc72fefc79b86784481dc6d39512f5267bb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3eecc7512cc2f0d0928234aeba026522

SHA1
4c5f52cf2c8d7ee67175ed6730203c44bb38e0d6

SHA256
4b81b97dace1ffb64f90724a91971b2469ea45df1734fd677f38faf0d722a6aa

SHA512
875850f1d7fd2bbbd6210067bdefeaab1b8f481a5c6cf0192176b485159321f86f69473ff74c3464038d83e2ebe08d8ec581c2ad16f79bd229f55def72111306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31a50ef46d7a90fe2decad8058761aeb

SHA1
990359567988ae3b392b00439b66b6c94e470fea

SHA256
5b0ca5aabd3231ba557542d67868f0415e939e6ebd3feb4179fa8f1a49444b85

SHA512
0ed9b18276af11bc5863aac35f03b4305f7c47f1ebac4955f992c59955dcff52a779bedf0bb39f2a7984dad80306ff8d36f26b5f3f22f42a21917f80fe95d9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a81688c8aa7f7fafb95dcd8a7925a7df

SHA1
3dc21c7baf05528d5a654179ea855c78c41f5214

SHA256
a262540edf20d8bc5f9cd656d9d0c7cc3113bd7d0cfb7f7c3ef05af4817147a2

SHA512
4cd6fb07e9d108b0e888e49daaff0eb9440e10954ff1e779f742a63fbe1d9d7f1f3daa47dfaf06fb3d98fc0b33ed03ae3319a73218b07e0167e3cf5a829a3b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
34b29cd9ec0b99858b91e2894b10a3ca

SHA1
8ff8bc7a1c238890623aff0ce232a0e74bfd9392

SHA256
fa34f956eebb4468e7fc65ca3b6a63a6c41a4ea18ea6a51126340409867b0f17

SHA512
8086e4329975d6200bb8587704658200f44c731a2380b5b0c110c12363b7de2ff81bf1e8a6ccd77d83566eee975ea360908652226906feaff0b6422520c9785c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c23758b6c2c7a31e26ba63b0eea6380e

SHA1
e7bd7f65005123c989294a68ecc3df4021ec99d4

SHA256
2bc71974aa96cf5a11abcfba062f3834f74259cab37b853e8bec6fe10b2b1800

SHA512
7aba6398acf75cef08d6e700a12fbe100865e5fb1543401daa7955d29ad48e62daa2c9e7f56ffa7673524fe42478074371e7f761392b9442859b02f2ec556d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abeb0990d68964c7b22b02658fc6caaf

SHA1
8c83434f47c8be2bbfba0e4c72c8fdaf9768972f

SHA256
caf85731be122819613131d0b3592a395cbc67a4e5d0df60eb86d7e8676a7c8b

SHA512
99ee6f1d05e525c32ee1b66d32de7bdb98d70fdb5c08ad9eb0876c639b4e1bb38e47e6cc72dbe2deae47689e6f890c2f86d38f96ff9871896aa04d0ec624419f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53e5424ac1850998f055dd6574c21190

SHA1
0e5e5f8d067a2fbdd8c2e8429d7609de2d58dd7a

SHA256
ad01160bccf7272170b94ff8fc20a9777ae9c0c315c92cd9cb900c2c19e35478

SHA512
f13da7812b227e347f966f082a682d0a64d596a9089b71588056b79e833431cc3148c8cd2c1d8d56a99252ad1dfc9854a0feead3ccab241189c87cf8201a6be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dc96e62857622f420cac26720b0baedf

SHA1
f6305359f25767d6506336c0a755e203375d4c31

SHA256
7836553efc845f651f71066c382e89c8f01555ed536567764909ed3658905e96

SHA512
b5d260a352b930443a6dc23c21df4ee1570fe6d4ecea2f1df4b3f3964fb8993366fe93fbf1899f55e4810ac144fea7aa8d7d3f6ae055a5bc7c17070d39667065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe1d979cfdbbb733f6d8f981f0580431

SHA1
a8608ef24b7a04cd0eb759aba65a2eccad26ca5c

SHA256
716e79ccfac3b8d78ae77fd13088be10f8cb08f18fb4f19a420ca81b6f58cbab

SHA512
b7ea07860a73ca44c15a118d7a9271f6b9688b392e7c6a20f5a32a22d09e7db18a2dc060034080a80dad696c000e1f86304d668b9f1d66824055a67f8896c2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc73cb78e9b8a75056be30b84a336654

SHA1
f423732f930969333a2dc86228883366c3881dec

SHA256
72bdbe995d834ad85cd54039d7fe0e9fe13938fa42bac17bf946047d9f71a7b2

SHA512
419c605f8609315ace483dc9df356a64797c1a9335720fff647396a0b4e5041b450468b1868237bf7204a11393ce0314c32d5b9161c71f7855aa61e85669ffcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
086a9c7425aeef39c4a1098159dd2ec3

SHA1
11affe0600b3e677d9114c9d3c6f1e0f9758af41

SHA256
237f4c08761be09d6d2297bc35ca7e6f9c132518be43ca5032b46192be1a0188

SHA512
ba0074654076cc642200f45f7fa2dbd76a0408de43fd47a2ec8b09cdda131c01d3b5c284dca026baf11ed4583705d8e75c6c99a145ea597abe07c5bb8c88f285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb4341b7ec9e0499bd3331f2c0bce9ca

SHA1
4b21163bb93b002ae0b0756d7a63b7b26addbdad

SHA256
57126c346bea1b25143b2c67acdd918a0aa7594c3ce8540aae3bed655bc9369c

SHA512
4f5a4b09f54babe0fe66b5451df783211e1cf90b21941308d8e3c10abe3300717fad8c708d60b3977e668f2bb6e97e36dd8a17fddab37ae7c2b2f8ef722c396b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d1a8df639149103f8831fbc42431873e

SHA1
7aa4b13e9f671a09ff13ba5869337804033c0af1

SHA256
0e1c0d5ea40932bfd53b6db55ab70783077bf60170b39758c0630faa01e43948

SHA512
96de96e44584019e7c3dcae13cbeb1b7cdc8f8f101a56069afea9f628ca86e6186b2fa230693c616f71678ce4e64cfe9d0f88a3fa75d63507016079d66bab7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
517ded448ab5af9c117a556cc31b0a83

SHA1
030bf7dbbad73f062710320593bbf31605db2aaa

SHA256
4fa0b395eed05b55f6e27a2ae84a42e0bc1924a54f381454b91cf80f6b8b1ab7

SHA512
820d7a6a384da59e31fc30c647b746c9c783c519c73fc7411a5caa88f087c5ba76e3c6b06a211718255cf03d3d543528bb56bb8c4adea5a515ae4a0bfae1cf33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6d4366f19842f8580a0e3e0fe31981ca

SHA1
9685c3d21a93f4b17c8da2baeea6be27d7b4f193

SHA256
7e557231b29ad2d70a506bbdd340e136251f83250d8f7960ae05ce866cc43b48

SHA512
cd1f2d749c64b01addb9b20e62ca8ad54c02a33fd04982dd729915dec19a10835c5823add77cf3250db0ef6c3c9434e0dad4213e0edfa2f0daca96538e12486b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FusionLoader v2.1.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
516KB

MD5
0de647955b4e7c919f250a2835b65fa2

SHA1
43e0301e3262cdd5f27ecd5dee9e038a456366f3

SHA256
0ef26cd64dd3f59c90e55a8d6e8cb48875abd4e3e9f558919828e348761319a6

SHA512
7366e920c6a654caaacfa55ebe2c8e4d36d39243535939f2b30bd7c47032cc45524643ec8e2f6442f835ea0bbdf84551f90a3c197aca4ee1de9373c521b291c9

Download Submit
memory/228-546-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/228-544-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3472-537-0x00000000007C0000-0x000000000085C000-memory.dmp

Filesize
624KB

Download
memory/3804-567-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-572-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-573-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-574-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-575-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-576-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-577-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-571-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-566-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/3804-565-0x0000015927D50000-0x0000015927D51000-memory.dmp

Filesize
4KB

Download
memory/4992-622-0x0000000000540000-0x0000000000597000-memory.dmp

Filesize
348KB

Download
memory/4992-619-0x0000000000540000-0x0000000000597000-memory.dmp

Filesize
348KB

Download