Malware Analysis Report

2025-08-05 16:58

Sample ID 250127-zcm2lavjhx
Target novitec_ldr.exe
SHA256 c61e0b4135a35de8d17a9762cc6de64035a23184e8a52d044c1e3cea9c9ab3c2
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

c61e0b4135a35de8d17a9762cc6de64035a23184e8a52d044c1e3cea9c9ab3c2

Threat Level: Likely benign

The file novitec_ldr.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 20:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 20:34

Reported

2025-01-27 20:37

Platform

win10ltsc2021-20250113-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe"

Signatures

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3816 wrote to memory of 5104 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 4216 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5104 wrote to memory of 3604 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe

"C:\Users\Admin\AppData\Local\Temp\novitec_ldr.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73cf970f-fe6f-4e69-9363-f8107540690b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {609f8f27-b36d-420c-a4d9-5a489045cfc9} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2944 -childID 1 -isForBrowser -prefsHandle 2564 -prefMapHandle 2784 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0ca18c-429a-492c-ba43-515e2784717c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -childID 2 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {daecf0ae-9af5-430e-894f-68ebdb4cfc04} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4764 -prefMapHandle 4760 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af937c5-95b3-476c-b16d-4ed190187b0b} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5244 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8914c31-ec5a-44c6-bd5a-b83dc3259d05} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5428 -prefMapHandle 5496 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8de4fde1-8c64-426a-9413-a5e2b6aa4fde} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5656 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee2b1958-baed-4dd8-97b2-3440ac3753c5} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 6 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 32617 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff22813c-fc4f-418a-8298-0180f32dc9d8} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6440 -childID 7 -isForBrowser -prefsHandle 6432 -prefMapHandle 2776 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6583f33-55b6-4775-8431-4a54f64daf1c} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 8 -isForBrowser -prefsHandle 5420 -prefMapHandle 6416 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2daf64ac-490b-4037-b70d-05ab133afe2a} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6464 -childID 9 -isForBrowser -prefsHandle 6556 -prefMapHandle 5304 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ab1656b-db7b-46b8-8d23-9a3b500991f6} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6800 -childID 10 -isForBrowser -prefsHandle 6784 -prefMapHandle 6780 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8428e83-dff9-4141-84c7-2b867c7ca52d} 5104 "\\.\pipe\gecko-crash-server-pipe.5104" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
US 8.8.8.8:53 182.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 13.87.96.169:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
N/A 127.0.0.1:49801 tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 151.101.131.19:443 www.mozilla.org tcp
US 151.101.131.19:443 www.mozilla.org tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www-mozilla.fastly-edge.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 19.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 64.251.11.52.in-addr.arpa udp
N/A 127.0.0.1:49808 tcp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.164:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 164.20.217.172.in-addr.arpa udp
FR 172.217.20.164:443 www.google.com udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 23.200.86.251:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
BE 66.102.1.113:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
BE 66.102.1.113:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-5hnednss.gvt1.com udp
NL 172.217.132.199:443 r2---sn-5hnednss.gvt1.com tcp
US 8.8.8.8:53 r2.sn-5hnednss.gvt1.com udp
US 8.8.8.8:53 r2.sn-5hnednss.gvt1.com udp
NL 172.217.132.199:443 r2.sn-5hnednss.gvt1.com udp
US 8.8.8.8:53 251.86.200.23.in-addr.arpa udp
US 8.8.8.8:53 113.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 199.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 133.130.81.91.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 csp.withgoogle.com udp
FR 216.58.215.49:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
FR 142.250.178.138:443 ogads-pa.googleapis.com tcp
FR 216.58.215.49:443 csp.withgoogle.com udp
FR 142.250.178.138:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
FR 142.250.178.138:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.75.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.75.238:443 consent.google.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 34.54.88.138:443 www.virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 34.54.88.138:443 www.virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.88.54.34.in-addr.arpa udp
US 34.54.88.138:443 www.virustotal.com udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.67:443 www.recaptcha.net tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.67:443 www.recaptcha.net udp
US 8.8.8.8:53 136.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 recaptcha.net udp
BE 74.125.133.94:443 recaptcha.net tcp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
BE 74.125.133.94:443 recaptcha.net udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 94.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.213.58.216.in-addr.arpa udp

Files

memory/4280-0-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-2-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-1-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-7-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-6-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-12-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-11-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-10-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-9-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

memory/4280-8-0x000001A9AC260000-0x000001A9AC261000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\c020ab8b-d51c-40be-9bad-bdd5321a488f

MD5 9e8b305cce6320bfb1b0029824bbc3aa
SHA1 24672ea0b6320e812b5d1818cef9d3e4f7a1e504
SHA256 9bf912c5a79d5c555b9874e884f81d6938c51fa2ab2041306f3238fd39de2d71
SHA512 7a427d77179c2ec409f54f5ef5dcb5d06c75ea75804f042a696d6be7133783600aea052d9e69cd91be03a0d8f108579a935916bdfb030352eb2b24504f215545

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e0922174-aa90-4473-a278-eb5bfebb58a8

MD5 61e9903e8698d259208d3a416b4909ff
SHA1 114029811023b9b546bb064581d80558e2c6ba00
SHA256 669cdbcd86f9bdaa8424aa18927b1605de9013ad01538e5eb86733cc345db75d
SHA512 11d011c603179f46d3619e7d286c6d4f8976812d6106e0870eb069625ba79473798fe434049dd4f75e5513be6dc259091aca540ad5c36daf778d9727be3909a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\d6eb9d38-80f9-41e4-ba6b-4db8fccbd7b2

MD5 4e7897348b5078eba5fe0ed50fd5389d
SHA1 2d274188dd5d92092983459e60dbbd943132a2f1
SHA256 2099ddb918a8a2786ad34ca5b2af79a76795af49c8642e2bf7d7764e3fdcdc05
SHA512 8f384baa7bcbe22e1a3f3a8df93e3e84b9a37c228c0fa62cd37cb8464ff44201e97b32f653b862e0cd701b3011e0a2e5a3d8598fb9187bee7d4bd726ca5c267d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 01f8bfd2d984103480f10c4d992245f4
SHA1 ec6195f7ee83ee2fad5fbcc2730b9d9d21acc562
SHA256 244acfe0bb5d329f30c71ca92860c01e0544d8964f5962343323846257c4ffe9
SHA512 8e5274fc43ea17b9633b412aafd059d0729a2a4c02e6325f604b1f63a07365a59e0836689f1e7f87cdb8bc37566524c6424f8d2bbf0caa29652167ee4d81e7d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json

MD5 fbc3ea15510274ced1deb9773a9b7b26
SHA1 e63838d563bb03b9e09ec89d715eed48f3178bdd
SHA256 2681ac6c3999187a86481019f9e1fdad25a007ce4193b141b8b399eda281174f
SHA512 1074a13836e0df5e16e4596aaa93e1bbe10489c3f8e3d5f358dee9a7279b6e142918109d47d93f87ecea23621497a95054dcc380d620bd3c9e42e16486ad121c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs.js

MD5 253671bc4ea509e62c9c4b77167ceafe
SHA1 7b0cbb528612f69d0b8f025fce72b6eb546b6236
SHA256 4760d7cdf58be0fc7ca4bac1e7608df7001bebc3d4d0b770fef58a2e8fd97253
SHA512 e78d7d8ab97f0813ad48c6b2e6c3b08b70ad2574c756729f6e47e6f750809f06abd042940006dbf83cee9a72fa197b7622bdcdb6a71826bdff92b7ddb221dee4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

MD5 3edba17eda0cc54d6e00cf3f43a6f9de
SHA1 fda15216eb8dbc019bf5e5c367296e1c2bc32721
SHA256 4f02822a115a8ee94aa3c07948919ca12be215871d6c22e6e50630bddb23a014
SHA512 41c00fbe81559bf36aaebe07fd0e2d6e10efb7b1418987b1a795655fc16b396cc8b81558d99fb7d2707e7e46335a1326dc522a612e8cb2492b44b81722dbaf24

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

MD5 710079efb3ca78acdae214998de010a5
SHA1 d10da3098d630ff96d042c828b1c3f6260b597f7
SHA256 589d93199b64694dd6922144a3988ad0a20eac0cf07b48abb63c66e31c68c845
SHA512 3f99e5dc5edc82ef0bbacab48c0729848aa28c4eaaa268fa4e83063baea1f394dda51812af36ec8a9a96f04d38d2b6e5e18176877ebf6180d48fcdadc81074e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 c5b9b189798dd0a1768b47cf8f2a769e
SHA1 bcdde50266024b2c34f2e414a739938888379934
SHA256 af68c3d5ea85fa5ee11308da0c6dbdacd2085a610bd7c055bdb7537542d106e1
SHA512 446cd4419696b1688e96aeb8d35308901af6ca1f905cf22bb963e604a6263d7149a6e0861580ee033795a6f33b342d9e86524cfa2a33faf7cc43e5163a17a78c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

MD5 d5accd32c145899cf22dc19c7e6f9979
SHA1 40245bbaf78fb6ff2440ad2018d694cbe09f35cb
SHA256 083b108c3a807b6fc9b83e98c812de84cf85c502e877b9f0f1ab1dee4ecfabc6
SHA512 5aca40f325561e81d792d140b317f91bfea01dbe907375c0055fa534220e3f0c428d24686e1dd6c1a9f3b068a46664c7b83b6071f19b79a430c7d0e2e8c51a99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

MD5 01b4caa60c2fd273fb1a7318457effa1
SHA1 4adfccb6a578eee065cfb9acd98114bcdf432ded
SHA256 fab00fbdcef699b360f0398d1f91f695cef008a4818a49ca2dd45f852ff454ea
SHA512 2c4b5a519642c626c3f9f6c64e0376b8ca5307c20dbfe0d45f14f35f674d44b0c8bef3a78e84445b1ffab4273c9abe860a177afd83487dfd5e618af99549dcca

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

MD5 97eaf251e8f96bf2dc11e15d4e7b6ea8
SHA1 24cb4122460b141fc4241ef0e8de1f8249f0eec9
SHA256 7221e2057549fa963353d63e3db3903aa1905cbb0725a640d3912f421464041b
SHA512 bdc4491c212d8e0a998bfcf94ad0a79759e76288f3b35d236324ce7bf2d36fa64fce97782f32b940ca0211165ccc3b62d4146c8ee8b888c6034c3461e5cdd2cb

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 fdc8b652125fbd0bf5ea50d5c30f85f7
SHA1 b934604bf56c62a36b9e1dd177eb3e63c7fa8ffc
SHA256 34a60a90eb32adf794f26da49d94d7c4f450667bffb823eb9160da3bc2b5a191
SHA512 bfcedc8ff2e861215997dbd58dbbfd9b48a80ab75078831d3a2fce33134cdc0e5b2b2969562fe8069e5a8c52375671c436ec0e5aeeb6b9cd99b0d7926a4f3034

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 b89a1412fd5acf41a8d4f0d185e53f40
SHA1 27ee7be927429d4a977d63cd3722031d3c8a74e3
SHA256 869ccb772226292d684aed1a3986382b0274d8fb5a7c7c60739884c280245119
SHA512 5514d80c102174771bf0b7a8f6813befd06db497d16bd57ebea32eee30b435a15d79f26ada7107b7a34b349446b35bfad568480d83d17d255bd2c5d73ed3156b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\9A980A79F510FE3E6702F7680871BEB1628CA51D

MD5 b209c793b064f391c9ea3b057f70f79d
SHA1 fa533fe3135b894e688ec3f12e226b558a95a07a
SHA256 9ab0ca2f926fdf554c723a7fec1cd558072eb30bc785779c6e9fda5e58cccd17
SHA512 697960d7bb5b46d9a1f0bf09678ee269f946af726cdcf371ef32a73e22280e4667aea9cd2557a7998d763a071c5a8e2916470261287370556c6f2030ffdcc9d0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++www.virustotal.com\cache\morgue\191\{99c66122-b7de-478a-b994-c9a4665189bf}.final

MD5 e2b3374d5b30f1bb3f9ae850cf7ef097
SHA1 d05dae166bc3ead7a003737fae494d2f3c027389
SHA256 18a99d558e850e144ae094a7681b09cfdace3be9cd4e14ed70744656c47fbd4b
SHA512 a465dd45ac7c3f3080025cc3fe88421a984cb850c8ef11a3ae10f25ceec31f1bb741304987e7d268adce5ee4accef1107736a0ff88fff0d627328e03c59be484

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\26519

MD5 471dbda5c8a1bb0f36c94ba3fbcbf063
SHA1 8eb8438fec42714947c666ba5b86dbd61c01f9ce
SHA256 149ddf88c3fd0919c745a6cc6e592b4138248229f11e2eadc3b3bfa64d3fd38b
SHA512 c2358c596eb68ffe8b7471c729785cce8275859e12a552382e365cc5cc6c04c847369e4afed07492ef82e9c92b2dace0d779254129ae3c7a8e34b960532abb58

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\19536

MD5 bd2f7d09cc6dfe1bf97c20de82d0ce4f
SHA1 26a9d504646ede47edd117a2664a1dcdd3044c34
SHA256 618d936ff869059579b474dfeeb341afbbabe84cc219140b2b993027b6bd1327
SHA512 9dc493fbf2dcaf312b6212482b05ec29bd306c21ed8c79fc968db4a7e38a9a20c40c9274ef4c9179383dcb8d10998fcfd087d358139ca612889fffc37e914538

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\3220

MD5 9fdd8896ca7c5aa2f123a9422b880f16
SHA1 91a0e61a2f72fc4f6eb54a41f72d32419213b1bc
SHA256 ac31204cdd0512721db213c7e693eda8ee801d6de880ab251ecc7cea5125eb73
SHA512 edfa26d0dcf5b6e882619629e02abe2c0f436e05094749df72604806cc9204e8728c36cab3c7dee80399876ff3637e0d20da9ea0f86872161ca89dad60d6cf24

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\16057

MD5 7d4ce612bcab9f5f350998e96c668209
SHA1 9c4ac1ac30c285062b33e2533c8413c2b6cb102e
SHA256 e85d1fc298d2bea0e22a47c7ee103dbec3a4a1de55fc9b85f723b56c3217b42d
SHA512 d651ecfc0228da6ba327f85cf8f9886a13c9121b2c8bed72af3dc7ef832d0f10c7bc451cf673eb554c6b519ef1dfcd05f2285bbd4d61daf4dc7a74e21e2aec8a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\8853

MD5 35aae2fe96c653b7a41fc33130f7c74b
SHA1 e5afef1f89f54142e4468a9c0f7b8e3e48d23c54
SHA256 9f695a7eec9ec774ae6f9bcdede57a20227d9c59cc7c8c5040c20014719d0bb1
SHA512 be9642082f3138d0bd1b1026a5f04be40f5cc708590449c7c22026a3e51484cdee300a1fe9160428bac40964a9ddb9262c554351d5c079d123c7476b67505172

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\19896

MD5 ee2542a934e4e8a44321382bebfda999
SHA1 94b4702f4014cb07ba51a3fc7b2de6c682a77e3e
SHA256 47177c75a3eb19c5348a44eb4ada41acb883e948443bbf0d764a437542e33d2d
SHA512 32c392d348770ff023096cacabd92bf823a36713d31dae9355b9a2e480ac7177227318b5bfb968d24b1d85e258496b694f5c77f359a65ecb1a51ab840d895e9d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\9313

MD5 dc1c1a29d95233987f212a3e9b06218b
SHA1 9d07e025d8e76a741c0d639afbb6cc172c210b39
SHA256 5480c37a9ed49e2b1547428b644f980bc14a27863da56c86d87dee027229c03e
SHA512 029d1be243d62eaa34657d0586b00d3c603f41fc659fd3908647b9bf58ff29dba2d41451c7046e83ef2da03d7c71e3dbd96f1216eee6a0c185929638876038fa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\31836

MD5 bccd0ac35d6e02abdc84109b485190e9
SHA1 d697d466c442c285be3432351533bacf7857befc
SHA256 8478a5484411fce75135cb582a3612dca01948e68577bbfbd73b689e6ab2e7e0
SHA512 c207294f5f776b3c44a8288ff2de4da9c685a09b6ba9af2f4054adbfd828d47e114bbe27718979f7b107ef191b6035dfaba7da13593c41df3b881d0c1461aac1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\31174

MD5 cc845fffe2ad020ebd8bab2c220ef3d5
SHA1 7187b9dde6718a65452db3352b1bfec2a001316d
SHA256 c590bfc3bbcccc2343d89baa9dd17a3aecf6681a9744a3a22b30c8b95be7e298
SHA512 255922662c0b6d03ccb24317bf9b69b24fd54ec08e29ae1e9b421a74fbf5e02c1ec43f4fddda1b730a48f8aad6c0aa97e30d982b5c8aed1acbf9f37da956157e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\doomed\3703

MD5 ca9883347828be5ffde418465d25e1c2
SHA1 b68b85fe3b37f68d31e2e2bbd00a0e2146a444d6
SHA256 da61bdc7d77c5bbef798a58313cc76483a1805286164f23bdeb09755b8f33f28
SHA512 9c7178d67ab56ce249aad63f11c6e2cbc43c2353b34e5f7fe5ca2406a0f1d6865c3d27de69086e0f363fd81ae7ff8ff1390cf6c85ff6cb55e5d820c277d642b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

MD5 877b1373c708e06a35eca9d45a2f1e3d
SHA1 4bf321677cfcb9507db8e2ec9a94cf6370a2b748
SHA256 44b0427f535cacf82a021f3ea9ac1849fc350e822c143fc41931d42590b14f1f
SHA512 a63596035bb9eec90b771e1eccaa73af747a8fa622b1449a7595e19fce7c8c421faf5e541f5652271f80775857bd899a36cb0f467873f5c9e38ae53e09d69951