Analysis
-
max time kernel
143s -
max time network
144s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
27/01/2025, 20:34
Static task
static1
Behavioral task
behavioral1
Sample
novitec_ldr.exe
Resource
win10ltsc2021-20250113-en
General
-
Target
novitec_ldr.exe
-
Size
7.1MB
-
MD5
026a4dcb48fc7b933df2d0b0e0e8af7f
-
SHA1
7228438aaff696b4c2ac45111878eb07a73a352c
-
SHA256
c61e0b4135a35de8d17a9762cc6de64035a23184e8a52d044c1e3cea9c9ab3c2
-
SHA512
63ae1635ce0ee5a9eef74bb8a11f9af549c88c73f165f59cb7ad472c661477c48de9bd60ba4148553441de6dfb96d6c8600060911c5fa8241a354f3c09492ed3
-
SSDEEP
196608:xzWSvZ3F5of+dj1ryuYbzFn9HHoUVjm1idYG0jq:x6SvZV5bhYPp9nooh
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings taskmgr.exe Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4280 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 4280 taskmgr.exe Token: SeSystemProfilePrivilege 4280 taskmgr.exe Token: SeCreateGlobalPrivilege 4280 taskmgr.exe Token: SeDebugPrivilege 5104 firefox.exe Token: SeDebugPrivilege 5104 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 4280 taskmgr.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 4280 taskmgr.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 5104 firefox.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe 4280 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5104 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 3816 wrote to memory of 5104 3816 firefox.exe 97 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 4216 5104 firefox.exe 98 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 PID 5104 wrote to memory of 3604 5104 firefox.exe 99 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe"C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe"1⤵PID:4580
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4280
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:220
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3816 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73cf970f-fe6f-4e69-9363-f8107540690b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" gpu3⤵PID:4216
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {609f8f27-b36d-420c-a4d9-5a489045cfc9} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" socket3⤵PID:3604
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2944 -childID 1 -isForBrowser -prefsHandle 2564 -prefMapHandle 2784 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0ca18c-429a-492c-ba43-515e2784717c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:4144
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -childID 2 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daecf0ae-9af5-430e-894f-68ebdb4cfc04} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:4348
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af937c5-95b3-476c-b16d-4ed190187b0b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" utility3⤵
- Checks processor information in registry
PID:5404
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5244 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8914c31-ec5a-44c6-bd5a-b83dc3259d05} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:5892
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5496 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8de4fde1-8c64-426a-9413-a5e2b6aa4fde} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:5904
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5656 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee2b1958-baed-4dd8-97b2-3440ac3753c5} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:5916
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 6 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 32617 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff22813c-fc4f-418a-8298-0180f32dc9d8} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:3428
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6440 -childID 7 -isForBrowser -prefsHandle 6432 -prefMapHandle 2776 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6583f33-55b6-4775-8431-4a54f64daf1c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:5416
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 6416 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2daf64ac-490b-4037-b70d-05ab133afe2a} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:5176
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 9 -isForBrowser -prefsHandle 6556 -prefMapHandle 5304 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ab1656b-db7b-46b8-8d23-9a3b500991f6} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:5536
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6800 -childID 10 -isForBrowser -prefsHandle 6784 -prefMapHandle 6780 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8428e83-dff9-4141-84c7-2b867c7ca52d} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab3⤵PID:4504
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json
Filesize22KB
MD5fbc3ea15510274ced1deb9773a9b7b26
SHA1e63838d563bb03b9e09ec89d715eed48f3178bdd
SHA2562681ac6c3999187a86481019f9e1fdad25a007ce4193b141b8b399eda281174f
SHA5121074a13836e0df5e16e4596aaa93e1bbe10489c3f8e3d5f358dee9a7279b6e142918109d47d93f87ecea23621497a95054dcc380d620bd3c9e42e16486ad121c
-
Filesize
34KB
MD57d4ce612bcab9f5f350998e96c668209
SHA19c4ac1ac30c285062b33e2533c8413c2b6cb102e
SHA256e85d1fc298d2bea0e22a47c7ee103dbec3a4a1de55fc9b85f723b56c3217b42d
SHA512d651ecfc0228da6ba327f85cf8f9886a13c9121b2c8bed72af3dc7ef832d0f10c7bc451cf673eb554c6b519ef1dfcd05f2285bbd4d61daf4dc7a74e21e2aec8a
-
Filesize
14KB
MD5bd2f7d09cc6dfe1bf97c20de82d0ce4f
SHA126a9d504646ede47edd117a2664a1dcdd3044c34
SHA256618d936ff869059579b474dfeeb341afbbabe84cc219140b2b993027b6bd1327
SHA5129dc493fbf2dcaf312b6212482b05ec29bd306c21ed8c79fc968db4a7e38a9a20c40c9274ef4c9179383dcb8d10998fcfd087d358139ca612889fffc37e914538
-
Filesize
26KB
MD5ee2542a934e4e8a44321382bebfda999
SHA194b4702f4014cb07ba51a3fc7b2de6c682a77e3e
SHA25647177c75a3eb19c5348a44eb4ada41acb883e948443bbf0d764a437542e33d2d
SHA51232c392d348770ff023096cacabd92bf823a36713d31dae9355b9a2e480ac7177227318b5bfb968d24b1d85e258496b694f5c77f359a65ecb1a51ab840d895e9d
-
Filesize
14KB
MD5471dbda5c8a1bb0f36c94ba3fbcbf063
SHA18eb8438fec42714947c666ba5b86dbd61c01f9ce
SHA256149ddf88c3fd0919c745a6cc6e592b4138248229f11e2eadc3b3bfa64d3fd38b
SHA512c2358c596eb68ffe8b7471c729785cce8275859e12a552382e365cc5cc6c04c847369e4afed07492ef82e9c92b2dace0d779254129ae3c7a8e34b960532abb58
-
Filesize
22KB
MD5cc845fffe2ad020ebd8bab2c220ef3d5
SHA17187b9dde6718a65452db3352b1bfec2a001316d
SHA256c590bfc3bbcccc2343d89baa9dd17a3aecf6681a9744a3a22b30c8b95be7e298
SHA512255922662c0b6d03ccb24317bf9b69b24fd54ec08e29ae1e9b421a74fbf5e02c1ec43f4fddda1b730a48f8aad6c0aa97e30d982b5c8aed1acbf9f37da956157e
-
Filesize
32KB
MD5bccd0ac35d6e02abdc84109b485190e9
SHA1d697d466c442c285be3432351533bacf7857befc
SHA2568478a5484411fce75135cb582a3612dca01948e68577bbfbd73b689e6ab2e7e0
SHA512c207294f5f776b3c44a8288ff2de4da9c685a09b6ba9af2f4054adbfd828d47e114bbe27718979f7b107ef191b6035dfaba7da13593c41df3b881d0c1461aac1
-
Filesize
14KB
MD59fdd8896ca7c5aa2f123a9422b880f16
SHA191a0e61a2f72fc4f6eb54a41f72d32419213b1bc
SHA256ac31204cdd0512721db213c7e693eda8ee801d6de880ab251ecc7cea5125eb73
SHA512edfa26d0dcf5b6e882619629e02abe2c0f436e05094749df72604806cc9204e8728c36cab3c7dee80399876ff3637e0d20da9ea0f86872161ca89dad60d6cf24
-
Filesize
13KB
MD5ca9883347828be5ffde418465d25e1c2
SHA1b68b85fe3b37f68d31e2e2bbd00a0e2146a444d6
SHA256da61bdc7d77c5bbef798a58313cc76483a1805286164f23bdeb09755b8f33f28
SHA5129c7178d67ab56ce249aad63f11c6e2cbc43c2353b34e5f7fe5ca2406a0f1d6865c3d27de69086e0f363fd81ae7ff8ff1390cf6c85ff6cb55e5d820c277d642b6
-
Filesize
13KB
MD535aae2fe96c653b7a41fc33130f7c74b
SHA1e5afef1f89f54142e4468a9c0f7b8e3e48d23c54
SHA2569f695a7eec9ec774ae6f9bcdede57a20227d9c59cc7c8c5040c20014719d0bb1
SHA512be9642082f3138d0bd1b1026a5f04be40f5cc708590449c7c22026a3e51484cdee300a1fe9160428bac40964a9ddb9262c554351d5c079d123c7476b67505172
-
Filesize
15KB
MD5dc1c1a29d95233987f212a3e9b06218b
SHA19d07e025d8e76a741c0d639afbb6cc172c210b39
SHA2565480c37a9ed49e2b1547428b644f980bc14a27863da56c86d87dee027229c03e
SHA512029d1be243d62eaa34657d0586b00d3c603f41fc659fd3908647b9bf58ff29dba2d41451c7046e83ef2da03d7c71e3dbd96f1216eee6a0c185929638876038fa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\9A980A79F510FE3E6702F7680871BEB1628CA51D
Filesize224KB
MD5b209c793b064f391c9ea3b057f70f79d
SHA1fa533fe3135b894e688ec3f12e226b558a95a07a
SHA2569ab0ca2f926fdf554c723a7fec1cd558072eb30bc785779c6e9fda5e58cccd17
SHA512697960d7bb5b46d9a1f0bf09678ee269f946af726cdcf371ef32a73e22280e4667aea9cd2557a7998d763a071c5a8e2916470261287370556c6f2030ffdcc9d0
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
Filesize8KB
MD5710079efb3ca78acdae214998de010a5
SHA1d10da3098d630ff96d042c828b1c3f6260b597f7
SHA256589d93199b64694dd6922144a3988ad0a20eac0cf07b48abb63c66e31c68c845
SHA5123f99e5dc5edc82ef0bbacab48c0729848aa28c4eaaa268fa4e83063baea1f394dda51812af36ec8a9a96f04d38d2b6e5e18176877ebf6180d48fcdadc81074e3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
Filesize12KB
MD597eaf251e8f96bf2dc11e15d4e7b6ea8
SHA124cb4122460b141fc4241ef0e8de1f8249f0eec9
SHA2567221e2057549fa963353d63e3db3903aa1905cbb0725a640d3912f421464041b
SHA512bdc4491c212d8e0a998bfcf94ad0a79759e76288f3b35d236324ce7bf2d36fa64fce97782f32b940ca0211165ccc3b62d4146c8ee8b888c6034c3461e5cdd2cb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD501f8bfd2d984103480f10c4d992245f4
SHA1ec6195f7ee83ee2fad5fbcc2730b9d9d21acc562
SHA256244acfe0bb5d329f30c71ca92860c01e0544d8964f5962343323846257c4ffe9
SHA5128e5274fc43ea17b9633b412aafd059d0729a2a4c02e6325f604b1f63a07365a59e0836689f1e7f87cdb8bc37566524c6424f8d2bbf0caa29652167ee4d81e7d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5d5accd32c145899cf22dc19c7e6f9979
SHA140245bbaf78fb6ff2440ad2018d694cbe09f35cb
SHA256083b108c3a807b6fc9b83e98c812de84cf85c502e877b9f0f1ab1dee4ecfabc6
SHA5125aca40f325561e81d792d140b317f91bfea01dbe907375c0055fa534220e3f0c428d24686e1dd6c1a9f3b068a46664c7b83b6071f19b79a430c7d0e2e8c51a99
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\c020ab8b-d51c-40be-9bad-bdd5321a488f
Filesize671B
MD59e8b305cce6320bfb1b0029824bbc3aa
SHA124672ea0b6320e812b5d1818cef9d3e4f7a1e504
SHA2569bf912c5a79d5c555b9874e884f81d6938c51fa2ab2041306f3238fd39de2d71
SHA5127a427d77179c2ec409f54f5ef5dcb5d06c75ea75804f042a696d6be7133783600aea052d9e69cd91be03a0d8f108579a935916bdfb030352eb2b24504f215545
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\d6eb9d38-80f9-41e4-ba6b-4db8fccbd7b2
Filesize28KB
MD54e7897348b5078eba5fe0ed50fd5389d
SHA12d274188dd5d92092983459e60dbbd943132a2f1
SHA2562099ddb918a8a2786ad34ca5b2af79a76795af49c8642e2bf7d7764e3fdcdc05
SHA5128f384baa7bcbe22e1a3f3a8df93e3e84b9a37c228c0fa62cd37cb8464ff44201e97b32f653b862e0cd701b3011e0a2e5a3d8598fb9187bee7d4bd726ca5c267d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e0922174-aa90-4473-a278-eb5bfebb58a8
Filesize982B
MD561e9903e8698d259208d3a416b4909ff
SHA1114029811023b9b546bb064581d80558e2c6ba00
SHA256669cdbcd86f9bdaa8424aa18927b1605de9013ad01538e5eb86733cc345db75d
SHA51211d011c603179f46d3619e7d286c6d4f8976812d6106e0870eb069625ba79473798fe434049dd4f75e5513be6dc259091aca540ad5c36daf778d9727be3909a1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
9KB
MD53edba17eda0cc54d6e00cf3f43a6f9de
SHA1fda15216eb8dbc019bf5e5c367296e1c2bc32721
SHA2564f02822a115a8ee94aa3c07948919ca12be215871d6c22e6e50630bddb23a014
SHA51241c00fbe81559bf36aaebe07fd0e2d6e10efb7b1418987b1a795655fc16b396cc8b81558d99fb7d2707e7e46335a1326dc522a612e8cb2492b44b81722dbaf24
-
Filesize
10KB
MD501b4caa60c2fd273fb1a7318457effa1
SHA14adfccb6a578eee065cfb9acd98114bcdf432ded
SHA256fab00fbdcef699b360f0398d1f91f695cef008a4818a49ca2dd45f852ff454ea
SHA5122c4b5a519642c626c3f9f6c64e0376b8ca5307c20dbfe0d45f14f35f674d44b0c8bef3a78e84445b1ffab4273c9abe860a177afd83487dfd5e618af99549dcca
-
Filesize
9KB
MD5253671bc4ea509e62c9c4b77167ceafe
SHA17b0cbb528612f69d0b8f025fce72b6eb546b6236
SHA2564760d7cdf58be0fc7ca4bac1e7608df7001bebc3d4d0b770fef58a2e8fd97253
SHA512e78d7d8ab97f0813ad48c6b2e6c3b08b70ad2574c756729f6e47e6f750809f06abd042940006dbf83cee9a72fa197b7622bdcdb6a71826bdff92b7ddb221dee4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5c5b9b189798dd0a1768b47cf8f2a769e
SHA1bcdde50266024b2c34f2e414a739938888379934
SHA256af68c3d5ea85fa5ee11308da0c6dbdacd2085a610bd7c055bdb7537542d106e1
SHA512446cd4419696b1688e96aeb8d35308901af6ca1f905cf22bb963e604a6263d7149a6e0861580ee033795a6f33b342d9e86524cfa2a33faf7cc43e5163a17a78c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize14KB
MD5877b1373c708e06a35eca9d45a2f1e3d
SHA14bf321677cfcb9507db8e2ec9a94cf6370a2b748
SHA25644b0427f535cacf82a021f3ea9ac1849fc350e822c143fc41931d42590b14f1f
SHA512a63596035bb9eec90b771e1eccaa73af747a8fa622b1449a7595e19fce7c8c421faf5e541f5652271f80775857bd899a36cb0f467873f5c9e38ae53e09d69951
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize15KB
MD5b89a1412fd5acf41a8d4f0d185e53f40
SHA127ee7be927429d4a977d63cd3722031d3c8a74e3
SHA256869ccb772226292d684aed1a3986382b0274d8fb5a7c7c60739884c280245119
SHA5125514d80c102174771bf0b7a8f6813befd06db497d16bd57ebea32eee30b435a15d79f26ada7107b7a34b349446b35bfad568480d83d17d255bd2c5d73ed3156b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
Filesize14KB
MD5fdc8b652125fbd0bf5ea50d5c30f85f7
SHA1b934604bf56c62a36b9e1dd177eb3e63c7fa8ffc
SHA25634a60a90eb32adf794f26da49d94d7c4f450667bffb823eb9160da3bc2b5a191
SHA512bfcedc8ff2e861215997dbd58dbbfd9b48a80ab75078831d3a2fce33134cdc0e5b2b2969562fe8069e5a8c52375671c436ec0e5aeeb6b9cd99b0d7926a4f3034
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++www.virustotal.com\cache\morgue\191\{99c66122-b7de-478a-b994-c9a4665189bf}.final
Filesize49KB
MD5e2b3374d5b30f1bb3f9ae850cf7ef097
SHA1d05dae166bc3ead7a003737fae494d2f3c027389
SHA25618a99d558e850e144ae094a7681b09cfdace3be9cd4e14ed70744656c47fbd4b
SHA512a465dd45ac7c3f3080025cc3fe88421a984cb850c8ef11a3ae10f25ceec31f1bb741304987e7d268adce5ee4accef1107736a0ff88fff0d627328e03c59be484