T1MM5H

I'm going to stop for today, but this is highly concerning. Bumblebee Loader is apparently very sophisticated in terms of Obfuscation and Anti-Sandboxing. I'm sorry to say, but i've high...

> Processes injected > %SAMPLEPATH%\96f2a1e346e26b099571a86cc8200b3b1a9630ad5c4282b1f0b922f71c3805b9.exe > C:\Program Files\Google4024_648137603\bin\updater.exe OH BOY 🫠

> i think the only way is deleting the rootfs guys 😭😭 the virus is hacking my phone and the hackers changed my pasaword on my roblox acount 😔😭😭😭😭😭😱💔💦💦 A:...

> A major red flag was a combination of details about opcservices.dll - it's listed on the Relations page as being detected, but when you click its name or hash,...

@kneekoo Tagging you for latest update on my last post, RE: Wine_Registry inclusion.

In Summary we've got: One Semi-Confirmed Loader using compromised .dlls (Likely Bumblebee) At least three probable payloads, two masquerading as Chrome Updater Crashpad with dll sideloading, and one "/desktop/readme.dll" installer+cmdlet....

Confirmed a delivery or extraction mechanism. Cards.dll, quite ingeniously, appears to change where Windows Errors are written to (both for HKEY_LOCAL_MACHINE and HKEY_USER), then sets a Registry Key inside the...