hxxps://cdn[.]discordapp[.]com/attachments/1042370929608626218/1208786130707816543/Your[.]Only[.]Move[.]is[.]HUSTLE[.]v1[.]8[.]23[.]zip?ex=65e48ccf&is=65d217cf&hm=509cf7e7882f4c58c1366ff93dd0e2e930b385ab692456527dda08a78a34bf0f&

Resubmissions

18/02/2024, 15:56

240218-tdmvbscd45 1

18/02/2024, 15:56

18/02/2024, 15:53

18/02/2024, 15:53

18/02/2024, 15:51

18/02/2024, 15:48

Analysis

max time kernel
298s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1042370929608626218/1208786130707816543/Your.Only.Move.is.HUSTLE.v1.8.23.zip?ex=65e48ccf&is=65d217cf&hm=509cf7e7882f4c58c1366ff93dd0e2e930b385ab692456527dda08a78a34bf0f&

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 0d1285d26635da01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D2255098-CE76-11EE-AA35-5E75A0F0D9D7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{31429F08-6008-43B6-831D-F5D2E5D9772A}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31089283"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2794834145"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2794834145"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31089283"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EA2A28CD-CE76-11EE-AA35-5E75A0F0D9D7} = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527454124859995"	chrome.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\.pck\ = "pck_auto_file"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\.pck	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\pck_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\pck_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\pck_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\pck_auto_file\shell\open\command\DelegateExecute = "{17FE9752-0B5A-4665-84CD-569794602F5C}"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\pck_auto_file\shell\open\CommandId = "IE.File"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\pck_auto_file\shell\open\command\ = "\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\pck_auto_file\shell\open	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2304	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
4056	chrome.exe
4056	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
716	OpenWith.exe
2948	OpenWith.exe
5748	OpenWith.exe
6112	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
2060	chrome.exe
2060	chrome.exe

Suspicious use of SendNotifyMessage 35 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
716	OpenWith.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
2948	OpenWith.exe
1760	firefox.exe
1760	firefox.exe
1760	firefox.exe
5748	OpenWith.exe
5748	OpenWith.exe
5748	OpenWith.exe
5748	OpenWith.exe
5748	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 4948	2060	chrome.exe	37
PID 2060 wrote to memory of 4948	2060	chrome.exe	37
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4240	2060	chrome.exe	88
PID 2060 wrote to memory of 4664	2060	chrome.exe	89
PID 2060 wrote to memory of 4664	2060	chrome.exe	89
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90
PID 2060 wrote to memory of 4980	2060	chrome.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1042370929608626218/1208786130707816543/Your.Only.Move.is.HUSTLE.v1.8.23.zip?ex=65e48ccf&is=65d217cf&hm=509cf7e7882f4c58c1366ff93dd0e2e930b385ab692456527dda08a78a34bf0f&
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac28b9758,0x7ffac28b9768,0x7ffac28b9778
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3328 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4664 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5668 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5692 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1084 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2608 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1148 --field-trial-handle=1844,i,12204314505793557116,13800932194754108626,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2256
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    PID:5588
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck
    3⤵
    - Modifies Internet Explorer settings
    PID:4644
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:82948 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    PID:4860
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck
    3⤵
    - Modifies Internet Explorer settings
    PID:4728
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:82952 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    PID:5536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3532

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Your.Only.Move.is.HUSTLE.v1.8.23.zip\Your.Only.Move.is.HUSTLE.v1.8.23\Your.Only.Move.is.HUSTLE.v1.8.23\LICENSE.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Your.Only.Move.is.HUSTLE.v1.8.23.zip\Your.Only.Move.is.HUSTLE.v1.8.23\Your.Only.Move.is.HUSTLE.v1.8.23\YourOnlyMoveIsHUSTLE.cmd" "
1⤵
PID:2836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Your.Only.Move.is.HUSTLE.v1.8.23.zip\Your.Only.Move.is.HUSTLE.v1.8.23\Your.Only.Move.is.HUSTLE.v1.8.23\YourOnlyMoveIsHUSTLE.cmd" "
1⤵
PID:3432

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:716
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_Your.Only.Move.is.HUSTLE.v1.8.23.zip\Your.Only.Move.is.HUSTLE.v1.8.23\Your.Only.Move.is.HUSTLE.v1.8.23\YourOnlyMoveIsHUSTLE.pck"
  2⤵
  PID:3768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_Your.Only.Move.is.HUSTLE.v1.8.23.zip\Your.Only.Move.is.HUSTLE.v1.8.23\Your.Only.Move.is.HUSTLE.v1.8.23\YourOnlyMoveIsHUSTLE.pck
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.0.1241175974\1639898052" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97ca7303-edf5-412d-b1d0-d18d683640af} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 1976 23702fd6158 gpu
      4⤵
      PID:3244
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.1.560190507\944705814" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2320b7c1-3771-44f4-8063-115fdb197487} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 2404 23702ef0558 socket
      4⤵
      Checks processor information in registry
      PID:2160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.2.437937145\1015195060" -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3288 -prefsLen 21590 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58b49648-ac44-4681-98d8-1de227e66714} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 3304 23702f60658 tab
      4⤵
      PID:4348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.3.723290264\209412100" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4c4c0e-04ca-4fda-85ae-5a5899b2eed6} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 2948 237072c3358 tab
      4⤵
      PID:3040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.4.958613798\1021271426" -childID 3 -isForBrowser -prefsHandle 5192 -prefMapHandle 5176 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {215906df-6e16-48ec-89ac-00cc83851f4e} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5204 237095e3758 tab
      4⤵
      PID:4572
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.6.1023593580\480560638" -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15557e99-c777-4f10-93c6-53a9262bf9cf} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5532 237095e4958 tab
      4⤵
      PID:3868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1760.5.750698842\1373884602" -childID 4 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b03f591-a4b5-4bde-a170-98a7ece165d9} 1760 "\\.\pipe\gecko-crash-server-pipe.1760" 5340 237095e4058 tab
      4⤵
      PID:2992

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2948
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck"
  2⤵
  PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck
    3⤵
    - Checks processor information in registry
    PID:2272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5748
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:5904
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5904 CREDAT:17410 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    PID:5960
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5904 CREDAT:82948 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    PID:5320
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck
    3⤵
    - Modifies Internet Explorer settings
    PID:1824
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5904 CREDAT:17422 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    PID:4804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:6112
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck
  2⤵
  - Modifies Internet Explorer settings
  PID:5144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
2d775507ab3fd4c8614e93468c8c4c90

SHA1
bd692e41d5b83da9e52ae7609b355b82da19a6e5

SHA256
e2936d2beba1cbc0028ef3c07a3d68f46190cd45f836bc22a4fab2f223cfe93e

SHA512
d215abec4a7598753f6b5d1d7ab17fdcf9d8a6a2f52202374e1e6ae4bfb7917319a4109eead4c7835098f75d5512d87efc98c95a05f82f76a9d97dc012615582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c1e91e31d758c060384295f58caf5db0

SHA1
8067ef64a3f44de677fb4085a001b08893625c56

SHA256
344e2b987e8b31bde980472a39787f0bbe439436ed004ba43151297202d6c9bd

SHA512
39d5b0a7e5a0edebb9a28e56880992bffc45bbd6bf0258ab7717a32c30d8ddc418c1d8646bdaef42339ae5e0e4cde8cad7b770911fa44a3744300cebf82088ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
abedbfd33effe582ff7aed94fb3953a3

SHA1
53d53727d89929c880163a79d710c5ed77a86155

SHA256
39eede3e7ffa1f0717221ec007a866aa440b1c28dd9fb7b4e20212e745533a37

SHA512
723054b5547d7102b1ba69bd42f9ea00b8680bcfda7b31be583142227e64bfc89fe5584bc425016123cf15193087d627091d60bbd7cd974ebf06b72d591a3cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f535c6ba15146d02309675991ac43014

SHA1
5ca775d1b03d5ed827b9d0cd4e16d5f46a495c4c

SHA256
eeeab734bd28cdb906b2b4a0b79e665db3edf5f4b709820ee1f9bc2679737678

SHA512
b3e3289da50e0f5e02b9cc56d44abe90997a2b83d6b90054b46dd28998159562888fc34f7e275b59e3dd9e9a6ce50e5b5136e68b08f8a488c62aabc06759ba76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22dfa469795081129ebe750dae5f681e

SHA1
19815376c2311d625eb0e49d336c0c4ecb82b41c

SHA256
12109187454dd86cabb9ab5d50597cb7ffae1eb7f331e4d92ee596815feeac68

SHA512
5adf596f1394c872a9aee277cae2ea8adf1064b298d6334d3ba655a231ccfb48d99287b92f9945cfb2e80d5f6e3087184ad7b758fde5d2b42596149f4e7e823d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ce668164-c4c2-4911-8ea6-0f815eef3f7d.tmp

Filesize
6KB

MD5
4b9758648c3668ce3be55f9a7d446441

SHA1
717cadfe367807b5a0ba5966da230393b121dc15

SHA256
76eb4655530990bd261eb0e504f9afc23f07a7b5b4144dbe5d6babb44d9f3b32

SHA512
5d752098346026fd8a61412ffad4e4a200d1b2d25f19b97b123bc6fb6ffba61a8d426b1abed6b7d31a069bcb66785e982e45943c42dab497fdc5f8eb11a53fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
52aade8d680159fc2576f40ee9d4b2bb

SHA1
12aedb5d7dcc68b60d05934b406655a2272af91d

SHA256
23ca071e310d4c0abd5511eddae18be4aa1535099ba4d22582563ac76ccf89ac

SHA512
6e7141dc06b177ddd0f66792b4ad4ae0e3e3c7c18252c5b4fccecde52ad12c19525fccf5f9ed4108c6fc1fc4bf8faee2369ee7e51b610acc31c0c55663d73fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
0ce3eaa086ce0f775321950009e8eab6

SHA1
e74a80f6731f486f20cf09f295715ff8b967a68a

SHA256
b211ac5cc15b0515efec480f5a33862bd6c16d929a9db95115832284e17a06d2

SHA512
a0fbf34877e64cab232f825cd0d166b21667c88f37b58d6fd9c78f84befb7d850ea813edb4c8f7e9cb774136605fa3f2bd1f2032487db858f53a2dcaf2b3bef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
302949a304344711c94c6db914603aa2

SHA1
984328f65718ddce5a49992313e711cb35695834

SHA256
6e573e9c96a475879df52268b0aaee2cf52baa0fe1bd5c92143763102fdcaff3

SHA512
d815a43670f01c6d405bc9ca1ff022071d288a71c382fe64069ba4be372f4dfcf5db20515ceff56a5ed82724123043324d840e1c083892e0d2068ee1abbda2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
48a8d9afd7481478f4540aad9badf684

SHA1
b3eb0ce01dd568b978b4eb2580dfaaec72ab3df6

SHA256
28f038b16b83e6cb6decca657fb5c0788fc05c96a7a96999ab63a7948525b6a7

SHA512
d7670347dcfaacedecec1961077bc74daf64a96aa2cd0825efa7caad46f856631a2abdc604b61469f8d29624cfaba4efe0eb3b5db8745dde231494f7493283ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
36bccc31cf558a078fbd727a58af0d55

SHA1
5e105ebcba9482984017d610ffc126470c214027

SHA256
1a1fc1fe895327708dcbc90b345301722d737e5496446c6b12c83718c45e65c3

SHA512
412226c459bd40ab5741526ca61c7ee3879466623362f3bc987ccd9e764b5f96499a20d10dcb7e78331a90ae32b2e45a0c6415a53b5383b9ea741ff5664c1f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
654a13060f8bf095ce5dae31e278202b

SHA1
c372714e3fb2b7456149cf0058ac3e2e2b1a3f8a

SHA256
bb1b9bda9254d55e321d989217325c108b0edd935dc49ca41f902b0161eb6960

SHA512
3858eb03f4ac9a8f1a1bd4af77cabdaf6655ced388f94f7a0e442ad4509daed95149eb9459ca9083934aec7e0f73bfb9e8c7f7c68920a4ce9eca29c49f8c2b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57efde.TMP

Filesize
107KB

MD5
ef274080c485de8eace4c36a39319634

SHA1
e2bdcba80c0b3c808c38c3ba1d02be6a9331e5c8

SHA256
864561bb3d577de3506949f2b20cca7bc3d7f014ada4d7ae5ee09dddc4eb864f

SHA512
dd4d4de4600a9194fc80e2e85919380c1f7929cdde533921b96a1fa3d6c9a24e7849b5bbb34ff8d422f1ed0903cda894349a78f8caeb932e73fb9df06fde7981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7c47c11b0d5efacf324d89d4a94e281d

SHA1
adcdcf2c6605117f676de2cc4a4ca5f7bc93fc4f

SHA256
93d22fb2658bd944fa8fd74394ebc981c0ccf1a788cc0fa1512dc9ec54018fa8

SHA512
b444de61843bec56f37714012d4191375b318a6592357e37c7c65e9728000dc4057ae63aee6ef077e30dc7da6c4b3cc29e3a013b3a4556025ab154657798246b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF65FF66B0FD797E03.TMP

Filesize
16KB

MD5
89eddf5a20c68efd0508203a129f0367

SHA1
2743b87d422dde7fc22c4ebf24db3da4c4e7f1f0

SHA256
14e07ac599894b2ddba7616e050559caf7e0b34bae221a08f5e2af6f2b83188f

SHA512
82543130ff0c3e56a590af95db3f0142002c2efd2e1d0af036da59e093c966d29273b1b0d75ea97248b030a554c2f7b8199f49532fb4cc8f2f6212b8f2eb5ac2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d4748fa84712d2adcf58a3671d3df08f

SHA1
2434cfad7f2f9559dbb38b68df8119bf7cef529b

SHA256
7f2331292accc4ef6f06e07e05fc9daf767dda9f0deccc2d93abf23d6e399436

SHA512
a05b86f61b7215e70373012e8732812d087ff3da140b4c6fbc30ee911fd62fd13cc5c9a4f5a611ca7f167b0603f06b0cea6681ded07f75400ec12e3e00026331

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\93d34d75-0cd0-4f63-a6a5-dcda7efc5b4c

Filesize
9KB

MD5
1bb7cf52e7b091557d4c2785616dafc1

SHA1
7b7b4feb4839302d9b1877be452b3c9e4cf97372

SHA256
9966619e1c0069cc1b19b9ae35af8c9b429cf8ede19d12f7dbe43335205ed02e

SHA512
8246ad31177c7621e58e3cf77cc5549ab336eba263116bb87b90c0499d738b5e9a05f5433618b0798e3326b24ec7843a0f530d258021996ae31ab582718858f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\datareporting\glean\pending_pings\ef845712-927e-406f-bbcd-5e75046a25bd

Filesize
746B

MD5
1e75eb54cc1197d57097d93142bb9f64

SHA1
899db5d895f85b396bd6725d3f781a90012f3934

SHA256
6a5ef435f6fcc2ad576fe79bc9465a927fd6fbf67dad7390f937ef8b1ba1d2c1

SHA512
b552fbeb1f42640a16eae9e870fcbffbddfb1a90a267e4e13c4a2f9202c57e47cf7484192f9bdb37fe826d2c5e98ba5e1faaa227284afe63fcd00e5b06d24b8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs-1.js

Filesize
6KB

MD5
1cc0029d93a2c1eccefa0247eb99cb14

SHA1
89447972b69e43e9df41ad4a4db79033dc3e66af

SHA256
2c8bc3be53e36ef4fd21d97aa853e84b089664023f3d4019144fe21f3193d0fa

SHA512
a2bf539c6deffdab8a84ead71bc35f2b9b9fd8e8fa44d74c5806d1e7ffe5f866fac950776fa037bbf381e14e51c53ae639c47ccdccaa5ec83e1f1774969ec13e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\prefs.js

Filesize
5KB

MD5
39a769d8dde1c11c64075d01a28e37c7

SHA1
cd3752274714d4fb69b980c682ec07c88c156fbd

SHA256
33817df93e58cb1043041dd202d62a287c5161b98c0afca8026be034e1233ad4

SHA512
e754e9ea94e918c44a1ac9ce3a4af3ce0ce01214869da60e2ead67eed26fbf320a27d936200b0aab813d13a8e3840421490fb8e5bfdb95ffb1a86adeb6fec093

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d8b3d1f6a6c2a6081d6a1f01b26a5c31

SHA1
061786e192eabb89af96680bb5c484d57d8fafce

SHA256
6176e92f854201f74b5edc1e033ec06a5b8193f59fc250e8dc230cc104292366

SHA512
a261afbb73ecb00c905b0dcd745cf586a3bb3dded76fb0f4532f6961f00f8d6a37a34d9487874793aaaa792be112845870178d3dd8377ba0205a7e0136de1ade

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
994B

MD5
d082564a529d646bb95e7d42a7a55164

SHA1
085541b7076fbc0d352809cc31ce92190aea79b2

SHA256
e8764529d92395d1c47ea419644ce8f2d0f8ce4af041d0f83cff6e8c28abad5a

SHA512
5f0c14e38d754c6d1d1dba9d3ca96dbce372d64989cf3aa66dea34336e81fe962a356a22f48926406311a762d4686da708ab60cb533cb471cc6fda4c94408a6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
047fdd6781d6aa6b4de56e3f986d9dc3

SHA1
96ee4e6ad6b5e721a95abbd7ce1d388c079f5977

SHA256
1321f1d337b22402fdb4118f1d51ca9191154d0016c42c9fe52b348745356e05

SHA512
edf1a22d14d73a2c2902250d08192a39fb1d5de2def1a4ee92ad8b3581d3971a6f9fff5013832637d442b0cbf895082d8eeca25057215c115956f209d9feab50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\sessionstore.jsonlz4

Filesize
741B

MD5
782373742187bd68c571b71bb0d57f44

SHA1
5d61240f732d4125a74f96c229e472822ce09ff4

SHA256
a245f49b72310a9e3ec9ec5f2600537a978b005095d75c2edcaf9e53c9f70966

SHA512
7233b70d0c2a78ea7d485dc634eaf335f883eff6f9e8646238053da857fabbec7d5d8289154694e80eab4f403a2c4d1639d93fb91994c69004f630a515379d67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\59q4zd6z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
d45112043b8107bbf1f8dc6da1a51a67

SHA1
08a23d281107ec94713d3b40b4266e98685a0086

SHA256
58064f9b3273d5de6bd15163dac6a09fc10d6818f40f875eb33da4d4a39f1375

SHA512
b254f39751cd31730b241cf2372a90538043cd0724723a2ae0d32aa70f211e56ac42cc5c1d81341bbeb1ee0329f6010774dcb3c8dd1351e05693a29a124e322c

Download Submit
C:\Users\Admin\Downloads\NOtOFBd4.pck.part

Filesize
15.8MB

MD5
f0aaf8e9c74f4e140db061fa898253ea

SHA1
fef566e37e5473cf2553bd2a325737b563c7d965

SHA256
10bd9141fb9bf6b3a1ee2beb90d95e16c06086cbe10882f1d6963f8d4131c64d

SHA512
37f5cd5f268002eb27bceb2ffbef9fef1e613ade3c4ef40a5a65db4ae376feec3d28395a1e2464a4c2eaccba764c0e2a86ed67afb2de43d8642841452db8eb3c

Download Submit
C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck

Filesize
16.8MB

MD5
067b9b39314e90095514f7981e25b7ff

SHA1
3f0ad9f4065c10e66c9d38a17bb357534b7eaa4f

SHA256
d9f01abd1f4eb9a0a64514b970708613ba5423f7e5365d08d4ce7d7bbf2b9109

SHA512
07f65c080481f2ff986712bfc5961eaa1c80f9431aa6de45d88cbde54f89cad265b7675d425690e6452343369c9e1ddd37c5a00457107d3df4b557c66af73da7

Download Submit
C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck

Filesize
14.1MB

MD5
5b92595c245d6a7e8befeb4678e949de

SHA1
8b59ab1f10d1f6f9072d9c73b45a48799480a883

SHA256
1e4f9a464d7271cc3dbb98f890b248f812fe64473008af749a605c31e9a2ce51

SHA512
c51a9134c2e4df2820df40f65ddced6859248c02023570e7b116534a4bbc78eeee7eaf527d2878096f2e79fe0b3312151c6316c3ccd8ea19062b3daee443dacd

Download Submit
C:\Users\Admin\Downloads\YourOnlyMoveIsHUSTLE.pck

Filesize
6.9MB

MD5
aebd8ae48094a2fa5157c31b65f6b4e9

SHA1
6f49844fd5bfef9091800971b7f056c889edec53

SHA256
7b751285c7184133a5d9b5b0a46b5cceb901a3d629b2da7dfa83e1fdff0cda74

SHA512
f842e7e28ce813dca885958d6148daa479a848d9317c62da95cb3d982c140ffa47ee15206e72260394452fea10666b9c6a4a305fa6dd976e1cdea6c4fa2dac55

Download Submit