Analysis Overview
SHA256
c61e0b4135a35de8d17a9762cc6de64035a23184e8a52d044c1e3cea9c9ab3c2
Threat Level: Likely benign
The file novitec_ldr.exe was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 20:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 20:34
Reported
2025-01-27 20:37
Platform
win10ltsc2021-20250113-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe
"C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73cf970f-fe6f-4e69-9363-f8107540690b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {609f8f27-b36d-420c-a4d9-5a489045cfc9} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2944 -childID 1 -isForBrowser -prefsHandle 2564 -prefMapHandle 2784 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0ca18c-429a-492c-ba43-515e2784717c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -childID 2 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daecf0ae-9af5-430e-894f-68ebdb4cfc04} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af937c5-95b3-476c-b16d-4ed190187b0b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5244 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8914c31-ec5a-44c6-bd5a-b83dc3259d05} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5496 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8de4fde1-8c64-426a-9413-a5e2b6aa4fde} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5656 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee2b1958-baed-4dd8-97b2-3440ac3753c5} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 6 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 32617 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff22813c-fc4f-418a-8298-0180f32dc9d8} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6440 -childID 7 -isForBrowser -prefsHandle 6432 -prefMapHandle 2776 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6583f33-55b6-4775-8431-4a54f64daf1c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 6416 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2daf64ac-490b-4037-b70d-05ab133afe2a} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 9 -isForBrowser -prefsHandle 6556 -prefMapHandle 5304 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ab1656b-db7b-46b8-8d23-9a3b500991f6} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6800 -childID 10 -isForBrowser -prefsHandle 6784 -prefMapHandle 6780 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8428e83-dff9-4141-84c7-2b867c7ca52d} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.114.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 13.87.96.169:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49801 | tcp | |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 151.101.131.19:443 | www.mozilla.org | tcp |
| US | 151.101.131.19:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www-mozilla.fastly-edge.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 19.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.251.11.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49808 | tcp | |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 23.200.86.251:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| BE | 66.102.1.113:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| BE | 66.102.1.113:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.199:443 | r2---sn-5hnednss.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.199:443 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | 251.86.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| FR | 142.250.178.138:443 | ogads-pa.googleapis.com | tcp |
| FR | 216.58.215.49:443 | csp.withgoogle.com | udp |
| FR | 142.250.178.138:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| FR | 142.250.178.138:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.75.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.75.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 34.54.88.138:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 34.54.88.138:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.88.54.34.in-addr.arpa | udp |
| US | 34.54.88.138:443 | www.virustotal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 142.250.179.67:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 142.250.179.67:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 136.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| BE | 74.125.133.94:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| BE | 74.125.133.94:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.213.58.216.in-addr.arpa | udp |
Files
memory/4280-0-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-2-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-1-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-7-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-6-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-12-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-11-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-10-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-9-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
memory/4280-8-0x000001A9AC260000-0x000001A9AC261000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\c020ab8b-d51c-40be-9bad-bdd5321a488f
| MD5 | 9e8b305cce6320bfb1b0029824bbc3aa |
| SHA1 | 24672ea0b6320e812b5d1818cef9d3e4f7a1e504 |
| SHA256 | 9bf912c5a79d5c555b9874e884f81d6938c51fa2ab2041306f3238fd39de2d71 |
| SHA512 | 7a427d77179c2ec409f54f5ef5dcb5d06c75ea75804f042a696d6be7133783600aea052d9e69cd91be03a0d8f108579a935916bdfb030352eb2b24504f215545 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e0922174-aa90-4473-a278-eb5bfebb58a8
| MD5 | 61e9903e8698d259208d3a416b4909ff |
| SHA1 | 114029811023b9b546bb064581d80558e2c6ba00 |
| SHA256 | 669cdbcd86f9bdaa8424aa18927b1605de9013ad01538e5eb86733cc345db75d |
| SHA512 | 11d011c603179f46d3619e7d286c6d4f8976812d6106e0870eb069625ba79473798fe434049dd4f75e5513be6dc259091aca540ad5c36daf778d9727be3909a1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\d6eb9d38-80f9-41e4-ba6b-4db8fccbd7b2
| MD5 | 4e7897348b5078eba5fe0ed50fd5389d |
| SHA1 | 2d274188dd5d92092983459e60dbbd943132a2f1 |
| SHA256 | 2099ddb918a8a2786ad34ca5b2af79a76795af49c8642e2bf7d7764e3fdcdc05 |
| SHA512 | 8f384baa7bcbe22e1a3f3a8df93e3e84b9a37c228c0fa62cd37cb8464ff44201e97b32f653b862e0cd701b3011e0a2e5a3d8598fb9187bee7d4bd726ca5c267d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 01f8bfd2d984103480f10c4d992245f4 |
| SHA1 | ec6195f7ee83ee2fad5fbcc2730b9d9d21acc562 |
| SHA256 | 244acfe0bb5d329f30c71ca92860c01e0544d8964f5962343323846257c4ffe9 |
| SHA512 | 8e5274fc43ea17b9633b412aafd059d0729a2a4c02e6325f604b1f63a07365a59e0836689f1e7f87cdb8bc37566524c6424f8d2bbf0caa29652167ee4d81e7d2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json
| MD5 | fbc3ea15510274ced1deb9773a9b7b26 |
| SHA1 | e63838d563bb03b9e09ec89d715eed48f3178bdd |
| SHA256 | 2681ac6c3999187a86481019f9e1fdad25a007ce4193b141b8b399eda281174f |
| SHA512 | 1074a13836e0df5e16e4596aaa93e1bbe10489c3f8e3d5f358dee9a7279b6e142918109d47d93f87ecea23621497a95054dcc380d620bd3c9e42e16486ad121c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs.js
| MD5 | 253671bc4ea509e62c9c4b77167ceafe |
| SHA1 | 7b0cbb528612f69d0b8f025fce72b6eb546b6236 |
| SHA256 | 4760d7cdf58be0fc7ca4bac1e7608df7001bebc3d4d0b770fef58a2e8fd97253 |
| SHA512 | e78d7d8ab97f0813ad48c6b2e6c3b08b70ad2574c756729f6e47e6f750809f06abd042940006dbf83cee9a72fa197b7622bdcdb6a71826bdff92b7ddb221dee4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js
| MD5 | 3edba17eda0cc54d6e00cf3f43a6f9de |
| SHA1 | fda15216eb8dbc019bf5e5c367296e1c2bc32721 |
| SHA256 | 4f02822a115a8ee94aa3c07948919ca12be215871d6c22e6e50630bddb23a014 |
| SHA512 | 41c00fbe81559bf36aaebe07fd0e2d6e10efb7b1418987b1a795655fc16b396cc8b81558d99fb7d2707e7e46335a1326dc522a612e8cb2492b44b81722dbaf24 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
| MD5 | 710079efb3ca78acdae214998de010a5 |
| SHA1 | d10da3098d630ff96d042c828b1c3f6260b597f7 |
| SHA256 | 589d93199b64694dd6922144a3988ad0a20eac0cf07b48abb63c66e31c68c845 |
| SHA512 | 3f99e5dc5edc82ef0bbacab48c0729848aa28c4eaaa268fa4e83063baea1f394dda51812af36ec8a9a96f04d38d2b6e5e18176877ebf6180d48fcdadc81074e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c5b9b189798dd0a1768b47cf8f2a769e |
| SHA1 | bcdde50266024b2c34f2e414a739938888379934 |
| SHA256 | af68c3d5ea85fa5ee11308da0c6dbdacd2085a610bd7c055bdb7537542d106e1 |
| SHA512 | 446cd4419696b1688e96aeb8d35308901af6ca1f905cf22bb963e604a6263d7149a6e0861580ee033795a6f33b342d9e86524cfa2a33faf7cc43e5163a17a78c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d5accd32c145899cf22dc19c7e6f9979 |
| SHA1 | 40245bbaf78fb6ff2440ad2018d694cbe09f35cb |
| SHA256 | 083b108c3a807b6fc9b83e98c812de84cf85c502e877b9f0f1ab1dee4ecfabc6 |
| SHA512 | 5aca40f325561e81d792d140b317f91bfea01dbe907375c0055fa534220e3f0c428d24686e1dd6c1a9f3b068a46664c7b83b6071f19b79a430c7d0e2e8c51a99 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js
| MD5 | 01b4caa60c2fd273fb1a7318457effa1 |
| SHA1 | 4adfccb6a578eee065cfb9acd98114bcdf432ded |
| SHA256 | fab00fbdcef699b360f0398d1f91f695cef008a4818a49ca2dd45f852ff454ea |
| SHA512 | 2c4b5a519642c626c3f9f6c64e0376b8ca5307c20dbfe0d45f14f35f674d44b0c8bef3a78e84445b1ffab4273c9abe860a177afd83487dfd5e618af99549dcca |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin
| MD5 | 97eaf251e8f96bf2dc11e15d4e7b6ea8 |
| SHA1 | 24cb4122460b141fc4241ef0e8de1f8249f0eec9 |
| SHA256 | 7221e2057549fa963353d63e3db3903aa1905cbb0725a640d3912f421464041b |
| SHA512 | bdc4491c212d8e0a998bfcf94ad0a79759e76288f3b35d236324ce7bf2d36fa64fce97782f32b940ca0211165ccc3b62d4146c8ee8b888c6034c3461e5cdd2cb |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | fdc8b652125fbd0bf5ea50d5c30f85f7 |
| SHA1 | b934604bf56c62a36b9e1dd177eb3e63c7fa8ffc |
| SHA256 | 34a60a90eb32adf794f26da49d94d7c4f450667bffb823eb9160da3bc2b5a191 |
| SHA512 | bfcedc8ff2e861215997dbd58dbbfd9b48a80ab75078831d3a2fce33134cdc0e5b2b2969562fe8069e5a8c52375671c436ec0e5aeeb6b9cd99b0d7926a4f3034 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b89a1412fd5acf41a8d4f0d185e53f40 |
| SHA1 | 27ee7be927429d4a977d63cd3722031d3c8a74e3 |
| SHA256 | 869ccb772226292d684aed1a3986382b0274d8fb5a7c7c60739884c280245119 |
| SHA512 | 5514d80c102174771bf0b7a8f6813befd06db497d16bd57ebea32eee30b435a15d79f26ada7107b7a34b349446b35bfad568480d83d17d255bd2c5d73ed3156b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\9A980A79F510FE3E6702F7680871BEB1628CA51D
| MD5 | b209c793b064f391c9ea3b057f70f79d |
| SHA1 | fa533fe3135b894e688ec3f12e226b558a95a07a |
| SHA256 | 9ab0ca2f926fdf554c723a7fec1cd558072eb30bc785779c6e9fda5e58cccd17 |
| SHA512 | 697960d7bb5b46d9a1f0bf09678ee269f946af726cdcf371ef32a73e22280e4667aea9cd2557a7998d763a071c5a8e2916470261287370556c6f2030ffdcc9d0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++www.virustotal.com\cache\morgue\191\{99c66122-b7de-478a-b994-c9a4665189bf}.final
| MD5 | e2b3374d5b30f1bb3f9ae850cf7ef097 |
| SHA1 | d05dae166bc3ead7a003737fae494d2f3c027389 |
| SHA256 | 18a99d558e850e144ae094a7681b09cfdace3be9cd4e14ed70744656c47fbd4b |
| SHA512 | a465dd45ac7c3f3080025cc3fe88421a984cb850c8ef11a3ae10f25ceec31f1bb741304987e7d268adce5ee4accef1107736a0ff88fff0d627328e03c59be484 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\26519
| MD5 | 471dbda5c8a1bb0f36c94ba3fbcbf063 |
| SHA1 | 8eb8438fec42714947c666ba5b86dbd61c01f9ce |
| SHA256 | 149ddf88c3fd0919c745a6cc6e592b4138248229f11e2eadc3b3bfa64d3fd38b |
| SHA512 | c2358c596eb68ffe8b7471c729785cce8275859e12a552382e365cc5cc6c04c847369e4afed07492ef82e9c92b2dace0d779254129ae3c7a8e34b960532abb58 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\19536
| MD5 | bd2f7d09cc6dfe1bf97c20de82d0ce4f |
| SHA1 | 26a9d504646ede47edd117a2664a1dcdd3044c34 |
| SHA256 | 618d936ff869059579b474dfeeb341afbbabe84cc219140b2b993027b6bd1327 |
| SHA512 | 9dc493fbf2dcaf312b6212482b05ec29bd306c21ed8c79fc968db4a7e38a9a20c40c9274ef4c9179383dcb8d10998fcfd087d358139ca612889fffc37e914538 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\3220
| MD5 | 9fdd8896ca7c5aa2f123a9422b880f16 |
| SHA1 | 91a0e61a2f72fc4f6eb54a41f72d32419213b1bc |
| SHA256 | ac31204cdd0512721db213c7e693eda8ee801d6de880ab251ecc7cea5125eb73 |
| SHA512 | edfa26d0dcf5b6e882619629e02abe2c0f436e05094749df72604806cc9204e8728c36cab3c7dee80399876ff3637e0d20da9ea0f86872161ca89dad60d6cf24 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\16057
| MD5 | 7d4ce612bcab9f5f350998e96c668209 |
| SHA1 | 9c4ac1ac30c285062b33e2533c8413c2b6cb102e |
| SHA256 | e85d1fc298d2bea0e22a47c7ee103dbec3a4a1de55fc9b85f723b56c3217b42d |
| SHA512 | d651ecfc0228da6ba327f85cf8f9886a13c9121b2c8bed72af3dc7ef832d0f10c7bc451cf673eb554c6b519ef1dfcd05f2285bbd4d61daf4dc7a74e21e2aec8a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\8853
| MD5 | 35aae2fe96c653b7a41fc33130f7c74b |
| SHA1 | e5afef1f89f54142e4468a9c0f7b8e3e48d23c54 |
| SHA256 | 9f695a7eec9ec774ae6f9bcdede57a20227d9c59cc7c8c5040c20014719d0bb1 |
| SHA512 | be9642082f3138d0bd1b1026a5f04be40f5cc708590449c7c22026a3e51484cdee300a1fe9160428bac40964a9ddb9262c554351d5c079d123c7476b67505172 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\19896
| MD5 | ee2542a934e4e8a44321382bebfda999 |
| SHA1 | 94b4702f4014cb07ba51a3fc7b2de6c682a77e3e |
| SHA256 | 47177c75a3eb19c5348a44eb4ada41acb883e948443bbf0d764a437542e33d2d |
| SHA512 | 32c392d348770ff023096cacabd92bf823a36713d31dae9355b9a2e480ac7177227318b5bfb968d24b1d85e258496b694f5c77f359a65ecb1a51ab840d895e9d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\9313
| MD5 | dc1c1a29d95233987f212a3e9b06218b |
| SHA1 | 9d07e025d8e76a741c0d639afbb6cc172c210b39 |
| SHA256 | 5480c37a9ed49e2b1547428b644f980bc14a27863da56c86d87dee027229c03e |
| SHA512 | 029d1be243d62eaa34657d0586b00d3c603f41fc659fd3908647b9bf58ff29dba2d41451c7046e83ef2da03d7c71e3dbd96f1216eee6a0c185929638876038fa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\31836
| MD5 | bccd0ac35d6e02abdc84109b485190e9 |
| SHA1 | d697d466c442c285be3432351533bacf7857befc |
| SHA256 | 8478a5484411fce75135cb582a3612dca01948e68577bbfbd73b689e6ab2e7e0 |
| SHA512 | c207294f5f776b3c44a8288ff2de4da9c685a09b6ba9af2f4054adbfd828d47e114bbe27718979f7b107ef191b6035dfaba7da13593c41df3b881d0c1461aac1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\31174
| MD5 | cc845fffe2ad020ebd8bab2c220ef3d5 |
| SHA1 | 7187b9dde6718a65452db3352b1bfec2a001316d |
| SHA256 | c590bfc3bbcccc2343d89baa9dd17a3aecf6681a9744a3a22b30c8b95be7e298 |
| SHA512 | 255922662c0b6d03ccb24317bf9b69b24fd54ec08e29ae1e9b421a74fbf5e02c1ec43f4fddda1b730a48f8aad6c0aa97e30d982b5c8aed1acbf9f37da956157e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\3703
| MD5 | ca9883347828be5ffde418465d25e1c2 |
| SHA1 | b68b85fe3b37f68d31e2e2bbd00a0e2146a444d6 |
| SHA256 | da61bdc7d77c5bbef798a58313cc76483a1805286164f23bdeb09755b8f33f28 |
| SHA512 | 9c7178d67ab56ce249aad63f11c6e2cbc43c2353b34e5f7fe5ca2406a0f1d6865c3d27de69086e0f363fd81ae7ff8ff1390cf6c85ff6cb55e5d820c277d642b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 877b1373c708e06a35eca9d45a2f1e3d |
| SHA1 | 4bf321677cfcb9507db8e2ec9a94cf6370a2b748 |
| SHA256 | 44b0427f535cacf82a021f3ea9ac1849fc350e822c143fc41931d42590b14f1f |
| SHA512 | a63596035bb9eec90b771e1eccaa73af747a8fa622b1449a7595e19fce7c8c421faf5e541f5652271f80775857bd899a36cb0f467873f5c9e38ae53e09d69951 |