lumma | hxxps://youtube[.]com

Resubmissions

16/02/2025, 13:24

250216-qnfbfsyqev 8

16/02/2025, 13:15

250216-qhesqsylaq 8

29/01/2025, 18:19

250129-wygj6avqhy 10

Analysis

max time kernel
285s
max time network
287s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250128-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
29/01/2025, 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 2 IoCs

pid	Process
4688	FusionLoader v2.1.exe
1668	FusionLoader v2.1.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4688 set thread context of 1668	4688	FusionLoader v2.1.exe	122

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3808	4688	WerFault.exe	119

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FusionLoader v2.1.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133826483902203982"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "5"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000003598f96a6971db01de02fd447771db0118930ba57a72db0114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "6"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-946476529-1335986830-1090511001-1000\{9ED17427-5710-48FB-9EFA-0C0BE45260AC}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-946476529-1335986830-1090511001-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2884	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
984	chrome.exe
984	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2892	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: 33	5508	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5508	AUDIODG.EXE
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe
Token: SeShutdownPrivilege	984	chrome.exe
Token: SeCreatePagefilePrivilege	984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
984	chrome.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe
2892	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 3864	984	chrome.exe	83
PID 984 wrote to memory of 3864	984	chrome.exe	83
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 3244	984	chrome.exe	84
PID 984 wrote to memory of 5704	984	chrome.exe	85
PID 984 wrote to memory of 5704	984	chrome.exe	85
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86
PID 984 wrote to memory of 5692	984	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x1fc,0x200,0x224,0x1f8,0x228,0x7ffa401acc40,0x7ffa401acc4c,0x7ffa401acc58
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2092,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1956,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=1656,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3692,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4388 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3800,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5220,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5392,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5352,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5212,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4652,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6284,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6316,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5588,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5076,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=836,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4548,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6748,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5892,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3308,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6152,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6708,i,5461259899026558095,12496550069399367674,262144 --variations-seed-version=20250127-050148.939000 --mojo-platform-channel-handle=6692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x170 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5664

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\FusionHacks\" -spe -an -ai#7zMap14695:84:7zEvent14691
1⤵
PID:5384

C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
"C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4688
- C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe
  "C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 828
  2⤵
  - Program crash
  PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4688 -ip 4688
1⤵
PID:3188

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\FusionHacks\ReadMe.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2884

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b31720ee759b9c7bd2487877bc7d11f5

SHA1
7c243d4ee277430b8a5a0eb4c1d8db26a510d462

SHA256
568046b4bb23c94a0d3ba78d764bd4f98f4c1f413112a933040b8d092e84d4c3

SHA512
b4155e004e1d045922276251b9a9c2774becc2294617a8daeee423589430cc48621ff5abb3859cc142ec104fd7c0039bc17221a4380749e26405cb1774eac1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
22KB

MD5
778ca3ed38e51e5d4967cd21efbdd007

SHA1
06e62821512a5b73931e237e35501f7722f0dbf4

SHA256
b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0

SHA512
5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
243KB

MD5
dbcd34e798398a91a74c5d6e67ce5a30

SHA1
1578bc75ad70390ebc7344efc9ff54dc97f0cc75

SHA256
df3b5dda05a8936873f910939f1a5e6313a020432e7c0926aba1ae9dfacbb428

SHA512
e25fdef4a94537accf063e60d4230e2b8b8ec208ed05cc3b4934587036f88ac17d9250bb5973f3eaf6f1fac9a65cf74a404d7cf05577f3b6ab7817f676ed5973

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
1.5MB

MD5
98ffd1983dd606fd2ba992fe22c5eead

SHA1
56f2d3e96c43e12addae542f8b7c0b2a4ee65596

SHA256
45a413d34577344ec135712fa206e3e0f8d64bc3666b343b615b789ffe797c20

SHA512
ccda640570bc0bd280449e5d6cf2de55e5daffa6bff66a9379afeb4fae3323c61327a455fb292847aea6b466e1fa0897b7f314bc33e44e0d9885ce6cc3fdba9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
c31055f96337a33047e768ad7151f8e6

SHA1
3500ae28c9e511e130ab3dc2909d1af459d3ebb4

SHA256
98056412cb3431add028e00d70165f818f2df623408ccb0d67d7703294dab865

SHA512
e16984f9e1206cd9327fd179f6f59b8fb215ea9e8d78ba782de46ed142fec569bec5b97f8cda8f53ec397c96cadfd081f85bb85a5675659ad29686f5c3800c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
31KB

MD5
2d0cbcd956062756b83ea9217d94f686

SHA1
aedc241a33897a78f90830ee9293a7c0fd274e0e

SHA256
4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2

SHA512
92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
50KB

MD5
94c3ea98765b412bf4585cbc355d5997

SHA1
00380137bd61e483736cbd65a572416eae27fdd0

SHA256
ce0e240e9d9f299402957d4d1b151f88e0f3198b70e1af0e6ac37a5468283a6a

SHA512
89f8d581a00b1222763595c93d4434730dc5c2f373761d41790da4b5e560c2ef9ee269c776aac31681efadf1255cb97ef1457436879d56c2efc4cfb0cbab494f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
642KB

MD5
6a0242fad8beb19a8f7f401526c2c2c9

SHA1
728f2d94db56f5d1d0b3f6d73e8575063e0458ec

SHA256
9412856a8a91eaf15ec2f2c39414648d5f4cc802b13951ab3263aa32a6e9b167

SHA512
4c22a1cb942930624f7186efda56fa1283ceb0c71d6b363f763d1db2fcd076de55f3d545ad324706e552c4c1262a0f3a96735e7b8cac69a6f229afbee7b3c87f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
34KB

MD5
8223ae0c770c27b5159ffc75b0c9df86

SHA1
bc92f204ffff2324c2957182972fa52e1cc5ed61

SHA256
161e3d149cfa0feb2e4a06d225e60cb9392b4a0ec36c32483726bd5a2b9e6218

SHA512
e55e207d16fe3fe5ded504fdb21a6be93a92bbff682ae077fdd8163f6980084485b2cd6ea19000665fcf7d96fab0f29c66d014fca7da51fe61faba8f08ccb437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
34KB

MD5
e8832cfa464db3890c20cf33cd386185

SHA1
b2bb98c0b5a7914d638c39aa78fbe40ffa28e9a9

SHA256
6dddcd79a257c087acc58a12cb689cd1274f08900d7d91d7a27e5efe8bb02097

SHA512
73a63d2c74bc5ccbd5efe848bd0e3b77aad15ffa05dc52aec94fb3860a14b612c2e348c9145d814ec90bacea5ca013efe9e10fab15fd680f9b4bb353ea7feddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
504B

MD5
b1a618ef6833f4d2b19f8cd299b8bd8f

SHA1
4db4dc5ffc803abd8c2c28423e1404b0c0f12e0c

SHA256
845c5d3b70e8440e073172559d96b13801eb2c4f6ad9fdc9eea207e22500ad37

SHA512
8423f9e895d3927cd1a6bc49c2284f7f0616419e514407cbf7f113b234bfef99345a01d80b10d94491fa66795c0a17f6e9554dd6ac1407b3dd35ba223ea0c7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
50145717876221ffce084e6d2b0e79c9

SHA1
ce2d29f2e27f4501da8e94f016fd0896a8b569ef

SHA256
0383b7f2713702b5f6ba48e1771bf929843815b8d8da25facd109a15c8b38463

SHA512
d8189fb32e9ebae0906c5e840061ec5dfd2161c0a00e7340728a7bb72e0fbc1418c5ccd0b0641d9bcacb19d01cc3772dad5ade9fa962815200b27fc8afb565d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7cbe5f1f0f63fd64848077d71271512b

SHA1
9a0251931031e2af0f55d9ea67cfc1fc8b48f2a1

SHA256
df801b7a778da3c767334aa8f3d9af27f3423625f6afa5abffa86a5146a9bb7a

SHA512
cab695b06b95ed4fe950e7506b24ed8a8a99106378d1cff43f52039ac056cf22a8d074f8b792512ec5df32755031da0aa9fddab83163c0fadc4f13b03a585215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
03bf070ac182147c6f5168a2f09a948b

SHA1
d8936bce2d3c525211a06eaadaf2f877fbde3898

SHA256
c06875a4e8335a8544cb0ea265734358286265d44b4a456b063f9b0505bea82b

SHA512
45e726e15333eca5f14a70e3937ab6a9d2719553a56102b037f36cdf7119e7902a26b4543706603c3194e59521dbcaa696c02f66ead62ab758f77f335aa974fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
41ce93c239dcdfae8792a8723f3d302f

SHA1
b5c7371f0f0a9f667fae94f308f918c2aedda906

SHA256
1e61134bd065b690860fe03f4d2e0979d24ea704d2a52ac90123d0d8fce35b18

SHA512
4818d291fbd3401bf189722f03208c3c07db0c9a10f909f915da531bf6b7dd21bbc2aaaa276fe1c32c3c1ca67d50dbdc364888dd88ee943ea897ebb7502e7265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
47be971852bbb155e14e61cbb0328341

SHA1
65db2e9630b1bc40ced9930c06095a7406e9dec8

SHA256
7941565395a7b882a44d031624e39df9086a791be03f3a70217e7ba626069ba9

SHA512
46023a5e122fab3a7270cce0b5463a12519c52784f97c0a6fc854cdccea265406dfe2aa3d5e171605680d5fe21bea87e226b964646486fe0f52cbdd2be0db154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
921bae7e507490bb64e32f0bd3150d2a

SHA1
cfb0e781a584e8ac794f5121eb54ce4011ef280b

SHA256
5d005f913d7ed6eecb230fe22f1fd1fc3edbaf1f355effeb5bb57b92569b4cff

SHA512
d513e3a7249c4e69d7a817df309509109a6067a3070d43a5a669284bbcfa1f34ac7b11eaff3cfad7b12f9cd186f7604c9b9d7b283a6f98f539d8910b388f0d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9d37c5ddeda8618aecf14d156bf695d

SHA1
3746e26a0a568a1e99efc9e2f41855f3dd41b807

SHA256
e17635c8c6c95388156e95afea503144e22b88daa98a1efd9af27cc7f6b87771

SHA512
693e8a7799f9b6a14bc43059db647b10eb32bc11587f830b677682b831b5c30af7a6ead937ba8c46edb46d3e25979d4d8d68d5de3b07964284f8da2a17d44d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
192d868efe94ae737ab0fd2f8fbf6a16

SHA1
c1b9e579d5cd6375a04b6df25a363c60724446c4

SHA256
12631a1809b88ca7a087e3351483b1638f40d048c89733bd60424470dcb41e99

SHA512
651c6f3f354ebc0115f890775b21afd4aa0bdd9ba67d0cc7d6c09d47efbb669a8c55f73abeb5713ab4147e4d425f8b0d7aefed3ad7f92e198cc7d7aa4eb47a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6ca57e046f4ef8d27a9ed2a9deb1e20e

SHA1
7fdb1458d8c2d0bbde2966d2b1f4e05b4f5b026d

SHA256
c91d2b25ebce37ab3d319bbbca656c5c82df53262190fe68baa5a1c6ec8411d7

SHA512
66f0947914eb7c705713c05698a634549235df4087a0fc9064671c835ba0c792e18031fc272adcd169faccee6634b755d35f6e6ff9eb270c2dcf2522fc4ae7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
84453fd9cb3691c71dc0c01a78074ae6

SHA1
fc2a560602b3588f16b707293a0b42f4466d9d25

SHA256
89ce29df25d0a8bd4ecd201f181d68b69ef0aa6e33805e99f8d937c437762913

SHA512
6eff073786280614792180608c5818d19fb23013cf81e37faad40f8de82829a420e3c09beb98d566c2194a1657c26ce8d5ccca783a01d9b0ebe62d5cb9669c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b089eed6ed3beabc2543e393906287d7

SHA1
7b7bf880a7f7ab3889219295af0ad2b8e3adf2a3

SHA256
35547adaa4e599f5867f57658f6c79a7fc705ff990675ef26073309de86a5288

SHA512
0b54f2fb897bf63ad64f969822cbac4709be2603552a94b1735655014a056cf76bd2512065f988abc1854569555652aa4a273628f5cba790a766075678dfc953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa72156f306a0b98f284464f3b20d22c

SHA1
d4b59189ba56f3ec95989143f490c81c53009c83

SHA256
c115ef0dbec823a44bb1af32ce21e51f9fb352c66ff290645a82c9f06b600420

SHA512
a0f9bd0ad63c189b30d71e24735bdcdf68253be203b78dc05856700f340b8a2a953f31ba7e831926accc61572d96859d95b67a548413b139df865e1fa9f26223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41987042d9fdc0a8aaa3d6bb6bad180e

SHA1
76f40e27c79597ca9127b4bddcdf72e0f79c1c61

SHA256
fd7eb3c099b18eae96db00e44a19dc5216062d222e5eeb35cd66ac9ecc3ce032

SHA512
1de91ac64bd107e8349a1a733009589acd76d40f253d725b122482e61c1f4ce1495d8c7f197658f82cd3fd2473ada6614c9da438b980dcbf1f37805cf4d82408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
433f5529ef96bf4427a1a163a6438525

SHA1
da315408a703919a5a462e345f37887dc94e9f9a

SHA256
6471bd41bca45e945c88593b4dc833a6c2ba7505072710a4b282ab72e929c7e4

SHA512
ad8b43f61915ee16378f585d73c6f023485742591abe03549b8df340e81d9c4e960a207c630b5d88029bf9c091c0a3317b7579e1543894cc4de19b3c10414aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7b4ac67ed63f922548ee4dd7e30f87bb

SHA1
fc42f6bd4f1276fc3a55ed2c15508877a5511441

SHA256
6cdc815dc3ab66d0fa04f905801563113d6b5956031a2d5332005216fc719cfd

SHA512
50e771d749dbf3d98bcdd2bf303c47f8ae657ec76b11176584030db2ed5e5beeeaef98035400c82ffc269346be8fc503fb8928404ece74388174bf5dffe80b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bcca486be98c9e0934bb937c2179d42d

SHA1
be06142324362514385bd477374556c3ebb2d6bd

SHA256
71aa98ca487e592d3cff427cd36d82ac1f6045632999c4fce408e97d1f7b9110

SHA512
8d90b7157a49f0e0dfe74100f9472a9edf417bda40fb69e2d71d38172850a4ef3670db206193bcbe1192282c935a0d844caae703ceca46b6547434f64aa9eb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
020ca46cf2095a73a684460febca910c

SHA1
ce2c1d18f3383e6b7d9f6701dbf03c691c5b47fe

SHA256
3b543d02fccc9497b6f1dd8ada684b81387e6133f84e727dbf8bc5df2ad2577c

SHA512
fc31b5928b7a4eb221a26aea17a116fa360b8e8e4693f6da9555612d81554542918d59f9f41d1848848a98ee9c9bee9ef908c3f2348774a9133d09f369c22963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
31e37a1bc2ca3b52af31a759cd96b11a

SHA1
696c50d6bb9db0adb4e0614df389191e1ec07bdf

SHA256
a73aa25216d5bd0611363a6682f1bacbf4dd5ecb61387c01bedbd182f32f5d03

SHA512
78e32f3472c66982e4e849ba9b74949672e1d8fc6d3b4af134eae5baa58ee83911fa1a812b6732538dabb32bb95ed8e835c3896b5da8aa201640d6678ad38f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6169746c491807d59f1d874ef964f3a4

SHA1
929d24787f64060cb07cf054fc064c7a1926494e

SHA256
2bab3861f8f63d9bbcbf3e8a42192b980e69dd56afd624a9cd5a5eab0de601e3

SHA512
6a427fe1774ac8d5c7569fa0a080df676970afdaec1e24fc0e6e5761690b0c64a988e0dbecea5ce6d05b3c6a8913e11f4085dd5461cfddf2676f17c7e60bd5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1914362a1ef96dfbc30560c9d079dce1

SHA1
7d47b380108dc47f4c1e3d015c50a9381194a94a

SHA256
1400a55530d1dadcc6b37b0d76f53188ecd0a83d7b4be30b7ed2f02512f8000c

SHA512
49a367936cad792c5bebb1e44a1b2beb2c2705c830f2a67cf97ed6f2dd4ebf08b293543ff73d12925a4c8c082ab53f345d2f75fc653c478cb6e9ab8c18a57018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
326b7d86af2df8948957dd94d1c44b3d

SHA1
f611988ac8c846ead7f9b7cb9aed77dc23ad6d95

SHA256
8db3009b99db316dc7a5bbbc2fc01367245f5988c7e0882837554cf546d2bd20

SHA512
72632e7ddf52d97ac17e5be38ed01ca10df0e08dc10ee2c8c0075234d3574b8051c7c778568cac483991f1e5c91014d89dc2b540cae115ebc95ba58c92115c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7f7893fc0f575b4bcf869966c375e08f

SHA1
c7a1c9bea3aa82e1414f224cc0454a5c4ffdcbf2

SHA256
7b455938cf43630368f50ddb100ba1150e71b4102af1f87f059bc9de21604d14

SHA512
f4e96f7542576a688298f2a2385e9c261b1e956decdce8dfd8741fdb3b1cbd0cd662c151c53868ebb08051c229085bdf3d0b0956baedb1d9f010887a14975463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9660ad6b25db54c0d680152728edb249

SHA1
ce6acb96a01b1db362f0cd5f193190dd6d39056a

SHA256
149e77f40a315c2f654d4cd65caebc4aaeb4a768b1f6ebc29b84776447ae08e2

SHA512
3866d0d5a4a5391024bec9895c377297f5c317e913f77995d2b968627d7c5986979103f0d86338a3e4d16c2745905f00fe0d77aba18f26aeff92c6c47443eda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5334a474b1adcd695a610b5d04acf1dd

SHA1
472b0e530537ccb0b3a167dd29bd738ce22405d9

SHA256
b84e304e5c7d3583db3ccd245f992ccaa206879a391f9b4bd22944597a795cf3

SHA512
395d4bd7f6f83042d6bb55a226c93d9be110d8b0c734baf0cee3c98e3914b406d153ded117b661ec086699280558edfd55d094276d02542fb2e00fbb2ba4de12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
54e505d1098c075c7618a38929c3657e

SHA1
9b7b8f2b46de09ed0ab974df1687ad227f2e964c

SHA256
67fb088e8654f43501ef9b89adcd6e5325e8bef1ded1bd96634db5756133acb0

SHA512
d05f38a2a47ca9dc29b03a230deb674d37ab5ab19f0a7d09d822e973489d195ee924e8e130bd8de274ea6f29881a9592a48ffae8a558c5e92edf893a2b3cf0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fbff2d882e4585e076c2511692ceb355

SHA1
517c47918a554f9c6dc8ccb69687ea7c6e1732d0

SHA256
2b347ce1442b3f8af8d9ca1ea1d9ad33d0a00542896d28a6a24ae078522a4678

SHA512
bce3de1d92507fd47d843708f6564a9d3770a5e4bebfecca25ebecc523f604526bb97c500001cb4549b8610f90d74d7ffe38c7e6bdb063c7ab6462175d12e178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
286deea3abe963457b5473e82c7b01f3

SHA1
9099369e3b9af885aa96e6bfd2c268ad0984d45a

SHA256
fccda7c1b927adc1975042c6f9aee610394a794e76e182c66c024b26a67d88fc

SHA512
0656735fee9d33c7a833fc8dcb18a76931db86252cae088c3cff715398f328be4c54be016123700ffb7f4fe09777917126976b450a453eb2b38c119d7d139525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
88441679ed11d88b40386e09f65b0a18

SHA1
f1a7bdaf6d1bfabe3cd3bb2c1253575392fa07eb

SHA256
1bed0fcd0d39fda9928afcd9a7f7ede2f77aecc56cac91c0346523688e83168a

SHA512
38b114c95d1b17a3eb0a7875639fcd65544d4ca72a5e78e9bc58cb3d85d9cddfaa1737291ce9987cf50cd2fed84fc5dfbc9070b6c25d0d921facac70ab133e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8c02d5ba4d89a68deba65552b6b5b9a5

SHA1
18f4375c11d18e556d3138511391ce6aad1bd20b

SHA256
4abc1e5762a5db7f95cce4aa2a81b1425bfc35ca75cabfcb69d5368a85331266

SHA512
6235078c19844ce53be266ecc1d133db1d180ed6c0bf64d4a1414fd5b17ac989e67618893fce46e07515f5ae5d0fcdac3a8c009b877ccb7e4817e3bef71a8e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\28dd9ce4-967f-42df-a67a-2d12c6f8b683\index-dir\the-real-index

Filesize
48B

MD5
010a87dc5b0a15a88f6c4f8aa310acfe

SHA1
f5731d0d31e43ed2f7a593cdb82e7eb77b6c8343

SHA256
31e83f2f13074b77898a4595093804c49c818ffa4fb0d1ca25719e4dd613ffd9

SHA512
b4d7ce2ba0849049961599809852335833d4f406f7a97c3d6115a25e7e270b3f45765e66430d07301f3414e421dabebaf33083b871a8bcc5d35e3ab696bff28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\28dd9ce4-967f-42df-a67a-2d12c6f8b683\index-dir\the-real-index

Filesize
2KB

MD5
ee238289edf259ba893c45aa8e05ebc7

SHA1
4822610ea689a410a5da57cfbf388db0f68dbc56

SHA256
9709f54c0ece965a4165c7b30b585dad7bd2517cb4fa0507ef1164581d7b75bb

SHA512
68a5eeda529f57035e0db2023f68f15aca8022f35d729812a651ceb50eea3fa8fc92f122489935eeeb373a0caed5c3947e291f43bf2e775d1614695b8f4c1dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
d19747f1d9dd5c0b100c8482e139ebdf

SHA1
9652fe7961c2e3fd3ca470bcc11c0f81703d1b23

SHA256
9689d08db47323e2ec8e6b9a9fdcbff8b2f3f92cac6ebd9984223ce9f9aa48f2

SHA512
fd7545fcd77333b151096e4f9dedb89944cf44dd114e21f921edc1a2c62856f2b2c66bc474ae2d5a5d4aa2731d279f22c7bf47181a223c4865cfde92b9399b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
8d29eaa26772f0a214f2d9438ec8b3de

SHA1
18958fc594c5311c50817407b704076bbc42d665

SHA256
deb12497f0a2b83587d21ddc5cd17a440d56988341a8f66b8a5f938ca95dd530

SHA512
169766353981fbaf58d6edcddb9093ee0da93ff6886e35553b83e7876a59b3d2d07b185782a92ab8bce299124a7215e3b97fd71154d098cd3657fbde5b337a9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
308f54a5f4c9bde3d597b7c72878a246

SHA1
e881bd413628ccf6bd4ac52267aced6e81ba0170

SHA256
3973a1e735e5c85877eff60c0c7510d5b3f16e23f279fd1ba98cec74c9b707b2

SHA512
3a7af5b46e8ae83201dd3f1425657a903b6002d837abd53fd1e0124588e430128670e0f88526257b8b333f4819434630900fd80ffd4683ca9d52ae1f8e34a09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
e873ab6efa48ed9e575781b160d50c49

SHA1
56c312417bb3ccb0eeea4650b60bc231bedef340

SHA256
9e7292a8ce25ed37cda97ca926ae8eeda19a9c866bf18d17a4173258fbfb8759

SHA512
56abfc0942c95d05ade86ed932fd17dcee7b19a087342abffd0a7dd5a982fff1a25bed5488922988452622de189d78f8b05b51aad7285184ea76a0a51e3052a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
d75df96f27b8ed591fcffc48f1357751

SHA1
33744d9af095242a591090fdc80c7b6f948ef811

SHA256
2bbd4e035384375f24c0d2a5dae93c5fe42acea8114b655116a4c4af8c37aaef

SHA512
f96acc6d291435476c7dc1aa95e8b04a14d35c3867a47129664eb6b8a038fd752b08bd530146a323e65c14d8aebf6f0d5133fe89d83080b594056dd2756430e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
e2e0495c9cda326ca91e0e708d159597

SHA1
42ca43d2dff8628b3d881940335c962555cab4be

SHA256
6b316f83377bab3f36da2dbc3546d8d5907e993447bea83fab6b35ab4bc376a9

SHA512
6fbab983bbfc543db2394ce80624ae96fc9ae11ee943c985fe403292f996ceed3a555332aff2bb95cad05a7cd42fef2cfd09c07c63be8703fef01393e108e16c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577e29.TMP

Filesize
119B

MD5
6f798d21f9fb6075e5c133556eb484b0

SHA1
8347b6ff03009c0e22fcc9680bbc6ffbea5cb512

SHA256
947506c403afdd63a9eb12c211e2271b2ea4e1c7ef7ee37806a3207ff6c00672

SHA512
e5fe9fe72cd6931777e9bd913262e45554c052683994f1ea7f73095952101a23fe1e70a0e7899349a8c193a922347e8650bca4d734d67ace429580ce02bf3894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3154941c873d8f8dd9f4cc27ca7a43b4

SHA1
3d53e5976e432dd89b24a65055708689b38e9b8a

SHA256
b09bdfa5883ccbf09d2ff622c1da0eb604f295692cfa0b741a9015805253f053

SHA512
0ca06b6ba21328c35218930a5d0a1ea3e5bb65a9589ed1fd7a3dde27f50141994b300c13a8bb255a05639fc14f616c6dec15dcd829b9acdcb0207cde973a8fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
a26451c1a955bf3e514d6a1dfd7d4c2a

SHA1
e3fe64adfbff354f69b9ba39e2db65284fff9ff4

SHA256
1072be882e5a8effcb0d00d1de4895a5f7ee7c99e2d78ca0c26e127634b353fe

SHA512
a04db5b9d10c6a0601f171d9f6a18960fa369b12ba4cac4ad688509bd60206ba9175fc9b14de80243783afbea2c4fe3733696f323df2a91f5c2ab08aff5e25a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
3703b13b586b5d905301fdac67fed48e

SHA1
1c11f12a7fa9da550cdeab75f59778066ae96c90

SHA256
484dd2a49038920b4ef4df926eda111ba37d9109f3d3efa6da08b494f61cffe6

SHA512
599a2daa1b72dde284635b929ca57f35308d6beb37c9c33ed1915e24d6886fc538833b2a59f06ac43936f02ea1dade9734fd0348a0e62a46a276c24525134828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
bfd28a84fb6cbfbf243b352e040a2efd

SHA1
09be806fe666463f0fdbedcb9418c032d17ba87b

SHA256
9b7cf983061a2ba3fbbe06f88791cbfc73eaee5dc4b2cb6aeb34a4d4fb1d9aeb

SHA512
90ec90467bd11eb0a1d90324ab4307c4049abfe4c919ebbbcdbdd241ec8044cc6ca9765036bc0be7de131fd7daf522ced6914573ec21e16c144c9c48ac595c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
e3b534b29960025eafb54926bd1d2d21

SHA1
b27697cd949f27ee8fe06197579281a31bfebc0c

SHA256
e76d656193ae42f400d20ba3c295b47a13ce20e8d6981323fe1cad10e4be97bd

SHA512
f9f6bad53b3e989d56a0e3ddbb19ae8d6f3aa10b874c711939834a8128d933b3cf30d43bb28876a576c441b38476237cf535beb8d8f9456befcd1aed71d94a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
a7b710f78ee7407d758559e32fc21a72

SHA1
1835b7c54ca6ce6021edac35f2e09957b4726b52

SHA256
2e1dc18f92365fb44b7bfee26af344074eb63a8af6df3dc07997f7dff7c7c37e

SHA512
47101d45d87dbf43918fa6e3099c7e8aa6da3c4b02b2fef5f7ddb7f5ac37bad5a7a5052921bb89c43e1d00094d17cfd7161084c7e50a897ea8fb084b4d885f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
f593308bcdd97e13a135efbc54f59fd9

SHA1
0cb5a4b2b893ab5702cd4094646ddb93c72f6870

SHA256
a085efb8a9f2dc748955843ba98234f2d0802f7e9cad7310c574739df7dae3fd

SHA512
6533d4227cc462bcc1e21549e4093e5e21803639190aea74814cc1c75ffa2ff04b6478629911a35c5e46c46d0c810d67eef010c50e450a03c46fc0cc729eac5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
4dd2249bccec2748cd79199bb69859f9

SHA1
8d19a22f42cb0d32e1221fddc86636bbb2b784f5

SHA256
4653e088a69d2b2a72dc9a07faf1254260ba9143d552f2ce046faf8b74f70a23

SHA512
83c174b7dae4fb0254da4f4c082bf409f240ce51ec545e9e68274a5608a2d2ccefaba476d7e5b96fa04a056c860532aa84b7817aaf914a7ff8df41f4788b5b8a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\FusionHacks.zip

Filesize
47.7MB

MD5
7f2be119515e5d20a64d0c77bd09b1a5

SHA1
00fae816b654f1b3652e761c21d94ed25128d1a7

SHA256
ef067e7458ffecb9a6a7790b3dd9346d61aa34162b6d3441348a3db01216a44f

SHA512
d82b248ca1a735f03c5d5be758de09399a76848cf2692e7b87767851b88a16bafdb76c63614ae719ecfb0aff8845331a231477ed99b419b424050ea32bf4d45c

Download Submit
C:\Users\Admin\Downloads\FusionHacks\FusionLoader v2.1.exe

Filesize
533KB

MD5
9c15ec3e2772d72d065dacc70b39a6b7

SHA1
1958c97569eb8931dffef657a4390991110fe487

SHA256
3dfefcec200a23c00b8feb09b6d1612dff369cf355e01fca539ab4cb9d88593c

SHA512
3aa4ca4769a8b298f3b8c2eecc4172f25645cf15e0ac98da29618bd6e6d3f95ed9b3125e0de5cfc362ca5d9df5f0d36f1830e4e8d08a32610cf1d3618608342d

Download Submit
C:\Users\Admin\Downloads\FusionHacks\ReadMe.txt

Filesize
237B

MD5
b60b9d595be6b40c577213a8173b56dc

SHA1
9a736560558f1b866c4878bd1b26781d147e865d

SHA256
c4c8032a85a85b1d4fa7602f4ab39b7d13aecc55a4e5995c5752a8b3e8b23764

SHA512
638af09b9a8e5be27e1ee18f7b1c0ed6443f8bed05a8d50fffcf2f7e12457bde4b3adbcaecc00847040a6d8a9859e01acb83b33c9ea61cd880db622e4a3ed9e4

Download Submit
C:\Users\Admin\Downloads\FusionHacks\jre\Packaged\AccessibleHandler — копия.dll

Filesize
3.4MB

MD5
96b95a995d325fe15201f32db9fe6116

SHA1
cad60d85dd5810ad23199f756c89d78f71567799

SHA256
3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed

SHA512
24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e

Download Submit
C:\Users\Admin\Downloads\FusionHacks\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
memory/1668-1560-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/1668-1558-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2892-1599-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1591-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1590-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1589-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1600-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1598-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1597-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1596-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1595-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/2892-1601-0x0000026BB3230000-0x0000026BB3231000-memory.dmp

Filesize
4KB

Download
memory/4688-1556-0x0000000005490000-0x0000000005A36000-memory.dmp

Filesize
5.6MB

Download
memory/4688-1555-0x0000000000590000-0x000000000061E000-memory.dmp

Filesize
568KB

Download