Analysis

  • max time kernel
    143s
  • max time network
    144s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    27/01/2025, 20:34

General

  • Target

    novitec_ldr.exe

  • Size

    7.1MB

  • MD5

    026a4dcb48fc7b933df2d0b0e0e8af7f

  • SHA1

    7228438aaff696b4c2ac45111878eb07a73a352c

  • SHA256

    c61e0b4135a35de8d17a9762cc6de64035a23184e8a52d044c1e3cea9c9ab3c2

  • SHA512

    63ae1635ce0ee5a9eef74bb8a11f9af549c88c73f165f59cb7ad472c661477c48de9bd60ba4148553441de6dfb96d6c8600060911c5fa8241a354f3c09492ed3

  • SSDEEP

    196608:xzWSvZ3F5of+dj1ryuYbzFn9HHoUVjm1idYG0jq:x6SvZV5bhYPp9nooh

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe
    "C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe"
    1⤵
      PID:4580
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4280
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:220
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:3816
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:5104
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73cf970f-fe6f-4e69-9363-f8107540690b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" gpu
            3⤵
              PID:4216
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {609f8f27-b36d-420c-a4d9-5a489045cfc9} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" socket
              3⤵
                PID:3604
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2944 -childID 1 -isForBrowser -prefsHandle 2564 -prefMapHandle 2784 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0ca18c-429a-492c-ba43-515e2784717c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                3⤵
                  PID:4144
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -childID 2 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daecf0ae-9af5-430e-894f-68ebdb4cfc04} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                  3⤵
                    PID:4348
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af937c5-95b3-476c-b16d-4ed190187b0b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" utility
                    3⤵
                    • Checks processor information in registry
                    PID:5404
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5244 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8914c31-ec5a-44c6-bd5a-b83dc3259d05} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                    3⤵
                      PID:5892
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5496 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8de4fde1-8c64-426a-9413-a5e2b6aa4fde} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                      3⤵
                        PID:5904
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5656 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee2b1958-baed-4dd8-97b2-3440ac3753c5} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                        3⤵
                          PID:5916
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 6 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 32617 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff22813c-fc4f-418a-8298-0180f32dc9d8} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                          3⤵
                            PID:3428
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6440 -childID 7 -isForBrowser -prefsHandle 6432 -prefMapHandle 2776 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6583f33-55b6-4775-8431-4a54f64daf1c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                            3⤵
                              PID:5416
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 6416 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2daf64ac-490b-4037-b70d-05ab133afe2a} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                              3⤵
                                PID:5176
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 9 -isForBrowser -prefsHandle 6556 -prefMapHandle 5304 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ab1656b-db7b-46b8-8d23-9a3b500991f6} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                                3⤵
                                  PID:5536
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6800 -childID 10 -isForBrowser -prefsHandle 6784 -prefMapHandle 6780 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8428e83-dff9-4141-84c7-2b867c7ca52d} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
                                  3⤵
                                    PID:4504

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json

                                      Filesize

                                      22KB

                                      MD5

                                      fbc3ea15510274ced1deb9773a9b7b26

                                      SHA1

                                      e63838d563bb03b9e09ec89d715eed48f3178bdd

                                      SHA256

                                      2681ac6c3999187a86481019f9e1fdad25a007ce4193b141b8b399eda281174f

                                      SHA512

                                      1074a13836e0df5e16e4596aaa93e1bbe10489c3f8e3d5f358dee9a7279b6e142918109d47d93f87ecea23621497a95054dcc380d620bd3c9e42e16486ad121c

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\16057

                                      Filesize

                                      34KB

                                      MD5

                                      7d4ce612bcab9f5f350998e96c668209

                                      SHA1

                                      9c4ac1ac30c285062b33e2533c8413c2b6cb102e

                                      SHA256

                                      e85d1fc298d2bea0e22a47c7ee103dbec3a4a1de55fc9b85f723b56c3217b42d

                                      SHA512

                                      d651ecfc0228da6ba327f85cf8f9886a13c9121b2c8bed72af3dc7ef832d0f10c7bc451cf673eb554c6b519ef1dfcd05f2285bbd4d61daf4dc7a74e21e2aec8a

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\19536

                                      Filesize

                                      14KB

                                      MD5

                                      bd2f7d09cc6dfe1bf97c20de82d0ce4f

                                      SHA1

                                      26a9d504646ede47edd117a2664a1dcdd3044c34

                                      SHA256

                                      618d936ff869059579b474dfeeb341afbbabe84cc219140b2b993027b6bd1327

                                      SHA512

                                      9dc493fbf2dcaf312b6212482b05ec29bd306c21ed8c79fc968db4a7e38a9a20c40c9274ef4c9179383dcb8d10998fcfd087d358139ca612889fffc37e914538

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\19896

                                      Filesize

                                      26KB

                                      MD5

                                      ee2542a934e4e8a44321382bebfda999

                                      SHA1

                                      94b4702f4014cb07ba51a3fc7b2de6c682a77e3e

                                      SHA256

                                      47177c75a3eb19c5348a44eb4ada41acb883e948443bbf0d764a437542e33d2d

                                      SHA512

                                      32c392d348770ff023096cacabd92bf823a36713d31dae9355b9a2e480ac7177227318b5bfb968d24b1d85e258496b694f5c77f359a65ecb1a51ab840d895e9d

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\26519

                                      Filesize

                                      14KB

                                      MD5

                                      471dbda5c8a1bb0f36c94ba3fbcbf063

                                      SHA1

                                      8eb8438fec42714947c666ba5b86dbd61c01f9ce

                                      SHA256

                                      149ddf88c3fd0919c745a6cc6e592b4138248229f11e2eadc3b3bfa64d3fd38b

                                      SHA512

                                      c2358c596eb68ffe8b7471c729785cce8275859e12a552382e365cc5cc6c04c847369e4afed07492ef82e9c92b2dace0d779254129ae3c7a8e34b960532abb58

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\31174

                                      Filesize

                                      22KB

                                      MD5

                                      cc845fffe2ad020ebd8bab2c220ef3d5

                                      SHA1

                                      7187b9dde6718a65452db3352b1bfec2a001316d

                                      SHA256

                                      c590bfc3bbcccc2343d89baa9dd17a3aecf6681a9744a3a22b30c8b95be7e298

                                      SHA512

                                      255922662c0b6d03ccb24317bf9b69b24fd54ec08e29ae1e9b421a74fbf5e02c1ec43f4fddda1b730a48f8aad6c0aa97e30d982b5c8aed1acbf9f37da956157e

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\31836

                                      Filesize

                                      32KB

                                      MD5

                                      bccd0ac35d6e02abdc84109b485190e9

                                      SHA1

                                      d697d466c442c285be3432351533bacf7857befc

                                      SHA256

                                      8478a5484411fce75135cb582a3612dca01948e68577bbfbd73b689e6ab2e7e0

                                      SHA512

                                      c207294f5f776b3c44a8288ff2de4da9c685a09b6ba9af2f4054adbfd828d47e114bbe27718979f7b107ef191b6035dfaba7da13593c41df3b881d0c1461aac1

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\3220

                                      Filesize

                                      14KB

                                      MD5

                                      9fdd8896ca7c5aa2f123a9422b880f16

                                      SHA1

                                      91a0e61a2f72fc4f6eb54a41f72d32419213b1bc

                                      SHA256

                                      ac31204cdd0512721db213c7e693eda8ee801d6de880ab251ecc7cea5125eb73

                                      SHA512

                                      edfa26d0dcf5b6e882619629e02abe2c0f436e05094749df72604806cc9204e8728c36cab3c7dee80399876ff3637e0d20da9ea0f86872161ca89dad60d6cf24

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\3703

                                      Filesize

                                      13KB

                                      MD5

                                      ca9883347828be5ffde418465d25e1c2

                                      SHA1

                                      b68b85fe3b37f68d31e2e2bbd00a0e2146a444d6

                                      SHA256

                                      da61bdc7d77c5bbef798a58313cc76483a1805286164f23bdeb09755b8f33f28

                                      SHA512

                                      9c7178d67ab56ce249aad63f11c6e2cbc43c2353b34e5f7fe5ca2406a0f1d6865c3d27de69086e0f363fd81ae7ff8ff1390cf6c85ff6cb55e5d820c277d642b6

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\8853

                                      Filesize

                                      13KB

                                      MD5

                                      35aae2fe96c653b7a41fc33130f7c74b

                                      SHA1

                                      e5afef1f89f54142e4468a9c0f7b8e3e48d23c54

                                      SHA256

                                      9f695a7eec9ec774ae6f9bcdede57a20227d9c59cc7c8c5040c20014719d0bb1

                                      SHA512

                                      be9642082f3138d0bd1b1026a5f04be40f5cc708590449c7c22026a3e51484cdee300a1fe9160428bac40964a9ddb9262c554351d5c079d123c7476b67505172

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\9313

                                      Filesize

                                      15KB

                                      MD5

                                      dc1c1a29d95233987f212a3e9b06218b

                                      SHA1

                                      9d07e025d8e76a741c0d639afbb6cc172c210b39

                                      SHA256

                                      5480c37a9ed49e2b1547428b644f980bc14a27863da56c86d87dee027229c03e

                                      SHA512

                                      029d1be243d62eaa34657d0586b00d3c603f41fc659fd3908647b9bf58ff29dba2d41451c7046e83ef2da03d7c71e3dbd96f1216eee6a0c185929638876038fa

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\9A980A79F510FE3E6702F7680871BEB1628CA51D

                                      Filesize

                                      224KB

                                      MD5

                                      b209c793b064f391c9ea3b057f70f79d

                                      SHA1

                                      fa533fe3135b894e688ec3f12e226b558a95a07a

                                      SHA256

                                      9ab0ca2f926fdf554c723a7fec1cd558072eb30bc785779c6e9fda5e58cccd17

                                      SHA512

                                      697960d7bb5b46d9a1f0bf09678ee269f946af726cdcf371ef32a73e22280e4667aea9cd2557a7998d763a071c5a8e2916470261287370556c6f2030ffdcc9d0

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                      Filesize

                                      479KB

                                      MD5

                                      09372174e83dbbf696ee732fd2e875bb

                                      SHA1

                                      ba360186ba650a769f9303f48b7200fb5eaccee1

                                      SHA256

                                      c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                      SHA512

                                      b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                      Filesize

                                      13.8MB

                                      MD5

                                      0a8747a2ac9ac08ae9508f36c6d75692

                                      SHA1

                                      b287a96fd6cc12433adb42193dfe06111c38eaf0

                                      SHA256

                                      32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                      SHA512

                                      59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

                                      Filesize

                                      8KB

                                      MD5

                                      710079efb3ca78acdae214998de010a5

                                      SHA1

                                      d10da3098d630ff96d042c828b1c3f6260b597f7

                                      SHA256

                                      589d93199b64694dd6922144a3988ad0a20eac0cf07b48abb63c66e31c68c845

                                      SHA512

                                      3f99e5dc5edc82ef0bbacab48c0729848aa28c4eaaa268fa4e83063baea1f394dda51812af36ec8a9a96f04d38d2b6e5e18176877ebf6180d48fcdadc81074e3

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

                                      Filesize

                                      12KB

                                      MD5

                                      97eaf251e8f96bf2dc11e15d4e7b6ea8

                                      SHA1

                                      24cb4122460b141fc4241ef0e8de1f8249f0eec9

                                      SHA256

                                      7221e2057549fa963353d63e3db3903aa1905cbb0725a640d3912f421464041b

                                      SHA512

                                      bdc4491c212d8e0a998bfcf94ad0a79759e76288f3b35d236324ce7bf2d36fa64fce97782f32b940ca0211165ccc3b62d4146c8ee8b888c6034c3461e5cdd2cb

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

                                      Filesize

                                      5KB

                                      MD5

                                      01f8bfd2d984103480f10c4d992245f4

                                      SHA1

                                      ec6195f7ee83ee2fad5fbcc2730b9d9d21acc562

                                      SHA256

                                      244acfe0bb5d329f30c71ca92860c01e0544d8964f5962343323846257c4ffe9

                                      SHA512

                                      8e5274fc43ea17b9633b412aafd059d0729a2a4c02e6325f604b1f63a07365a59e0836689f1e7f87cdb8bc37566524c6424f8d2bbf0caa29652167ee4d81e7d2

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

                                      Filesize

                                      6KB

                                      MD5

                                      d5accd32c145899cf22dc19c7e6f9979

                                      SHA1

                                      40245bbaf78fb6ff2440ad2018d694cbe09f35cb

                                      SHA256

                                      083b108c3a807b6fc9b83e98c812de84cf85c502e877b9f0f1ab1dee4ecfabc6

                                      SHA512

                                      5aca40f325561e81d792d140b317f91bfea01dbe907375c0055fa534220e3f0c428d24686e1dd6c1a9f3b068a46664c7b83b6071f19b79a430c7d0e2e8c51a99

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\c020ab8b-d51c-40be-9bad-bdd5321a488f

                                      Filesize

                                      671B

                                      MD5

                                      9e8b305cce6320bfb1b0029824bbc3aa

                                      SHA1

                                      24672ea0b6320e812b5d1818cef9d3e4f7a1e504

                                      SHA256

                                      9bf912c5a79d5c555b9874e884f81d6938c51fa2ab2041306f3238fd39de2d71

                                      SHA512

                                      7a427d77179c2ec409f54f5ef5dcb5d06c75ea75804f042a696d6be7133783600aea052d9e69cd91be03a0d8f108579a935916bdfb030352eb2b24504f215545

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\d6eb9d38-80f9-41e4-ba6b-4db8fccbd7b2

                                      Filesize

                                      28KB

                                      MD5

                                      4e7897348b5078eba5fe0ed50fd5389d

                                      SHA1

                                      2d274188dd5d92092983459e60dbbd943132a2f1

                                      SHA256

                                      2099ddb918a8a2786ad34ca5b2af79a76795af49c8642e2bf7d7764e3fdcdc05

                                      SHA512

                                      8f384baa7bcbe22e1a3f3a8df93e3e84b9a37c228c0fa62cd37cb8464ff44201e97b32f653b862e0cd701b3011e0a2e5a3d8598fb9187bee7d4bd726ca5c267d

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e0922174-aa90-4473-a278-eb5bfebb58a8

                                      Filesize

                                      982B

                                      MD5

                                      61e9903e8698d259208d3a416b4909ff

                                      SHA1

                                      114029811023b9b546bb064581d80558e2c6ba00

                                      SHA256

                                      669cdbcd86f9bdaa8424aa18927b1605de9013ad01538e5eb86733cc345db75d

                                      SHA512

                                      11d011c603179f46d3619e7d286c6d4f8976812d6106e0870eb069625ba79473798fe434049dd4f75e5513be6dc259091aca540ad5c36daf778d9727be3909a1

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                      Filesize

                                      1.1MB

                                      MD5

                                      842039753bf41fa5e11b3a1383061a87

                                      SHA1

                                      3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                      SHA256

                                      d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                      SHA512

                                      d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                      Filesize

                                      116B

                                      MD5

                                      2a461e9eb87fd1955cea740a3444ee7a

                                      SHA1

                                      b10755914c713f5a4677494dbe8a686ed458c3c5

                                      SHA256

                                      4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                      SHA512

                                      34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                      Filesize

                                      372B

                                      MD5

                                      bf957ad58b55f64219ab3f793e374316

                                      SHA1

                                      a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                      SHA256

                                      bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                      SHA512

                                      79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                      Filesize

                                      17.8MB

                                      MD5

                                      daf7ef3acccab478aaa7d6dc1c60f865

                                      SHA1

                                      f8246162b97ce4a945feced27b6ea114366ff2ad

                                      SHA256

                                      bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                      SHA512

                                      5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

                                      Filesize

                                      9KB

                                      MD5

                                      3edba17eda0cc54d6e00cf3f43a6f9de

                                      SHA1

                                      fda15216eb8dbc019bf5e5c367296e1c2bc32721

                                      SHA256

                                      4f02822a115a8ee94aa3c07948919ca12be215871d6c22e6e50630bddb23a014

                                      SHA512

                                      41c00fbe81559bf36aaebe07fd0e2d6e10efb7b1418987b1a795655fc16b396cc8b81558d99fb7d2707e7e46335a1326dc522a612e8cb2492b44b81722dbaf24

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

                                      Filesize

                                      10KB

                                      MD5

                                      01b4caa60c2fd273fb1a7318457effa1

                                      SHA1

                                      4adfccb6a578eee065cfb9acd98114bcdf432ded

                                      SHA256

                                      fab00fbdcef699b360f0398d1f91f695cef008a4818a49ca2dd45f852ff454ea

                                      SHA512

                                      2c4b5a519642c626c3f9f6c64e0376b8ca5307c20dbfe0d45f14f35f674d44b0c8bef3a78e84445b1ffab4273c9abe860a177afd83487dfd5e618af99549dcca

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs.js

                                      Filesize

                                      9KB

                                      MD5

                                      253671bc4ea509e62c9c4b77167ceafe

                                      SHA1

                                      7b0cbb528612f69d0b8f025fce72b6eb546b6236

                                      SHA256

                                      4760d7cdf58be0fc7ca4bac1e7608df7001bebc3d4d0b770fef58a2e8fd97253

                                      SHA512

                                      e78d7d8ab97f0813ad48c6b2e6c3b08b70ad2574c756729f6e47e6f750809f06abd042940006dbf83cee9a72fa197b7622bdcdb6a71826bdff92b7ddb221dee4

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

                                      Filesize

                                      1KB

                                      MD5

                                      c5b9b189798dd0a1768b47cf8f2a769e

                                      SHA1

                                      bcdde50266024b2c34f2e414a739938888379934

                                      SHA256

                                      af68c3d5ea85fa5ee11308da0c6dbdacd2085a610bd7c055bdb7537542d106e1

                                      SHA512

                                      446cd4419696b1688e96aeb8d35308901af6ca1f905cf22bb963e604a6263d7149a6e0861580ee033795a6f33b342d9e86524cfa2a33faf7cc43e5163a17a78c

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

                                      Filesize

                                      14KB

                                      MD5

                                      877b1373c708e06a35eca9d45a2f1e3d

                                      SHA1

                                      4bf321677cfcb9507db8e2ec9a94cf6370a2b748

                                      SHA256

                                      44b0427f535cacf82a021f3ea9ac1849fc350e822c143fc41931d42590b14f1f

                                      SHA512

                                      a63596035bb9eec90b771e1eccaa73af747a8fa622b1449a7595e19fce7c8c421faf5e541f5652271f80775857bd899a36cb0f467873f5c9e38ae53e09d69951

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

                                      Filesize

                                      15KB

                                      MD5

                                      b89a1412fd5acf41a8d4f0d185e53f40

                                      SHA1

                                      27ee7be927429d4a977d63cd3722031d3c8a74e3

                                      SHA256

                                      869ccb772226292d684aed1a3986382b0274d8fb5a7c7c60739884c280245119

                                      SHA512

                                      5514d80c102174771bf0b7a8f6813befd06db497d16bd57ebea32eee30b435a15d79f26ada7107b7a34b349446b35bfad568480d83d17d255bd2c5d73ed3156b

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

                                      Filesize

                                      14KB

                                      MD5

                                      fdc8b652125fbd0bf5ea50d5c30f85f7

                                      SHA1

                                      b934604bf56c62a36b9e1dd177eb3e63c7fa8ffc

                                      SHA256

                                      34a60a90eb32adf794f26da49d94d7c4f450667bffb823eb9160da3bc2b5a191

                                      SHA512

                                      bfcedc8ff2e861215997dbd58dbbfd9b48a80ab75078831d3a2fce33134cdc0e5b2b2969562fe8069e5a8c52375671c436ec0e5aeeb6b9cd99b0d7926a4f3034

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++www.virustotal.com\cache\morgue\191\{99c66122-b7de-478a-b994-c9a4665189bf}.final

                                      Filesize

                                      49KB

                                      MD5

                                      e2b3374d5b30f1bb3f9ae850cf7ef097

                                      SHA1

                                      d05dae166bc3ead7a003737fae494d2f3c027389

                                      SHA256

                                      18a99d558e850e144ae094a7681b09cfdace3be9cd4e14ed70744656c47fbd4b

                                      SHA512

                                      a465dd45ac7c3f3080025cc3fe88421a984cb850c8ef11a3ae10f25ceec31f1bb741304987e7d268adce5ee4accef1107736a0ff88fff0d627328e03c59be484

                                    • memory/4280-8-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-9-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-10-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-11-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-12-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-6-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-7-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-1-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-2-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4280-0-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

                                      Filesize

                                      4KB