Analysis Overview
SHA256
85e23a429634048a2e9addc808914c1c43083083f5e21f2bf3c39c49e5af38b5
Threat Level: Likely malicious
The file appleskin-fabric-mc1.20.1-2.5.1.jar was found to be: Likely malicious.
Malicious Activity Summary
Modifies boot configuration data using bcdedit
Modifies file permissions
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 16:03
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 16:03
Reported
2024-10-20 16:38
Platform
win10v2004-20241007-en
Max time kernel
1151s
Max time network
1148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\appleskin-fabric-mc1.20.1-2.5.1.jar
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
Files
memory/4920-2-0x000001BD36330000-0x000001BD365A0000-memory.dmp
memory/4920-12-0x000001BD36330000-0x000001BD365A0000-memory.dmp
memory/4920-11-0x000001BD34A50000-0x000001BD34A51000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 16:03
Reported
2024-10-20 16:21
Platform
win10-20240404-en
Max time kernel
130s
Max time network
131s
Command Line
Signatures
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\appleskin-fabric-mc1.20.1-2.5.1.jar
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.0.1984423922\65492471" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39d2ade3-db5b-472b-9562-cb76c22d2ee3} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 1784 17e158d8b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.1.163720386\91508167" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b7d3bf6-1e87-4a5c-9a3e-5cf3723b2d66} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 2136 17e0a672e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.2.1623063092\1492818726" -childID 1 -isForBrowser -prefsHandle 2768 -prefMapHandle 3000 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11de0954-62e3-4b50-bc9d-4f876d2d451a} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 2888 17e1989cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.3.635810991\1343293442" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a76628d6-d630-439b-9b00-7b0deeb0f5c1} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 3480 17e0a65c158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.4.780089514\84479855" -childID 3 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd0b7fa3-cfc0-4ade-9658-2e0b5efd128b} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 3908 17e1ab9fc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.5.1993574554\228790565" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 4780 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c33e6665-282b-4ad3-a774-579d263e1b8d} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 4800 17e158da658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.6.2045015535\1574268671" -childID 5 -isForBrowser -prefsHandle 4836 -prefMapHandle 4780 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d27fa821-9cb6-42d1-954c-a32f8cb20930} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 4940 17e1c31a358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.7.392811167\1206208986" -childID 6 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {273c4ee3-cff1-403f-94c0-f6edf34ed610} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 4896 17e1c318258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.8.1708524869\314384823" -childID 7 -isForBrowser -prefsHandle 3300 -prefMapHandle 2572 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d07b06a4-a368-499a-a49c-585b7357ba4c} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 2772 17e15b22f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.9.445188094\773592133" -childID 8 -isForBrowser -prefsHandle 2740 -prefMapHandle 4764 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aaae700-f438-4dc7-b69b-1dbef03fa362} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 3888 17e19ead858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4660.10.57536069\1177016754" -parentBuildID 20221007134813 -prefsHandle 4248 -prefMapHandle 4020 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65fcf6d6-d18d-4c12-b338-e2df10b4888e} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" 4056 17e17fb7558 rdd
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\bcdedit.exe
bcdedit /set {current}
C:\Windows\system32\bcdedit.exe
bcdedit /set {current} safeboot minimal
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3af4855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49778 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 43.49.25.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49785 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.180.17:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.180.17:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| GB | 142.250.200.42:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.200.46:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| GB | 142.250.200.46:443 | encrypted-vtbn0.gstatic.com | udp |
Files
memory/3692-2-0x0000028F80000000-0x0000028F80270000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 68898f139019ee020c6392776fc979e8 |
| SHA1 | d92df97d2ff3e0b4b483dbbe2b1e476d180c3aeb |
| SHA256 | d52a7b13d41f009a8c2c545557b00094f92187eb688725eba494746526d03dfe |
| SHA512 | c33f95bbec4c6839702e4c716183c6879a90abdd8fb5a9ff2066ea005643ef82be43a3d119c7b20b7598c0d8f343bb06352f73cc9cb66361010e3a1a9c0d00dd |
memory/3692-12-0x0000028FFB370000-0x0000028FFB371000-memory.dmp
memory/3692-13-0x0000028F80000000-0x0000028F80270000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f430eaec633a0ca454bbb17554f9baba |
| SHA1 | b61784c28164c8399517176f42ff0d8fba23dac0 |
| SHA256 | 67a95768fb8aa18b53d605b727ab5315ec27f0edef23599e28e7765e86b469d0 |
| SHA512 | 670525b8ed0d93a9cbae2c8ddd58027d975133d84e043ed91bc0c34781e70447853fa9fd0e5c71c9baccf628a65b1cb0026a0c35c1f52e1163ea058f36ac1065 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\3ddabf63-8c49-4c4d-ba2e-27d1d7bfc1d8
| MD5 | c0ee4c51e2266d6d6fe939fd333b8806 |
| SHA1 | 5f3e087f0debd5d4799d02488d79a88b4d83b511 |
| SHA256 | c4d42e8444dd7b3e788c99a37846953b5a97fae76095486d3d8012c49c55f359 |
| SHA512 | bb714950124aa95a6928118cf522dc130901ece423024ed62b7550d965471914bd1075592da40dd56a58f34da735eadeb0d4edb09f944e26fe0312347370ffcf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\63b83fb4-0a90-42f0-b9d2-ecf3c3598566
| MD5 | c2e25f32b19a1794a576562a39b24a8c |
| SHA1 | d596b95dfef161e1c40ac3f429d646e16232e402 |
| SHA256 | 3c6c43dc160bd22f39f11d87fcf676f66b006c19c069a3d8c79e7cd6d8f27b01 |
| SHA512 | cf0b9473d6d83a804a1ba0948ee5df595a849af6b199401fa5b37c5e91e35b7fe3df6ad3dca833036d9a81c00df8076be48054a434fc7d84f0ae0858c578afba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js
| MD5 | 0191d73e1b273d99cf500f216eecc558 |
| SHA1 | 5fe835c707306f4ee2768cd683b56379c33709cc |
| SHA256 | e83e030233b4e2fe30a972d190edc972c02063456aa05afc0625eea0cae19b93 |
| SHA512 | f51d3233d9d7f4ce4a8ed0bd43d3a5e6d3db4cc5b6d576b87c426ea39fdc5086109ba95f30c3408cf91e1f8a8872096a659443b02db1ce6e2adf8e2a66dfeaae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 0ed2663971e8051b2bcb574926400fa8 |
| SHA1 | 467756bf41c377bdb07c8be10d5391f1df1d80a7 |
| SHA256 | 0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c |
| SHA512 | e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | 4bddc6aa6d6c8a73f55bb4665761f997 |
| SHA1 | 9a5fa496978ccc4fff57c62b67419a1f333212a6 |
| SHA256 | aa5818299da10af7aded5ee4933a1b6e738cf7aeea46b7ab4750d59273df9044 |
| SHA512 | b66ebaa1dd539271ef67b70f32f2ee300c1580250c9279eea6c68153123fb67c0be906755872d7af37d16d7f4ec8702d9eefb373ff2f11950e1c374a86ac52e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 68f736a4a5d4466bf90d52cbb13a4e84 |
| SHA1 | 86ee4e51edf479e59c86813a473afef7d4660692 |
| SHA256 | 55b1b964fecb212866cc209ca9fdd9bd2877ec6ba503149a93226c5825e138bb |
| SHA512 | 1904bd92e7553c3eb13a6afe93d940cab7ab78da4f199f921a2be9796658a05069d82e19c7b3fa5235d994ff6f9dbbdb52d6d3e3536b028fed1cde34244dcfe7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8d9891a146dac397ef301d63967c4afa |
| SHA1 | 4e9e03035ca96f483f32711a6c6d3e98def74731 |
| SHA256 | fc153c03579103558f02e6dc50ac29ad568b2077dc24459840379c6a624d9358 |
| SHA512 | 51316c6122ba239e2ac409af0386968964263dc1e6f3690781408f5c047a79b00b2fb8033b97f26a5b8bd9c323d52004320c2f94453625c874f82d5ba43e46cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | 82beb412900f2cd3afa3f8c4952d1be9 |
| SHA1 | 44ac217677755b1afb087f07fe640b35c77ee85c |
| SHA256 | 4e1275fb3a11561212a6fa8fbb3800fe5a43e10f3f0889e4a4d46ce85b4819f1 |
| SHA512 | e967b5337eaac055481d4f75e117b77cecb8e5b643e1d98cd66822e34d12b0d16932e4dbab4d3fec1a59ed5638e7b669c71fbadcde7a9961554263d207352a90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2c9e67b5e21d791d02c194aabdfde0dd |
| SHA1 | 075c2054770c981381a5fa5b92543c648f163f53 |
| SHA256 | 80bb2cc4ed32fb9d0860e85a6abb48661f2ddfd28a78d2f957b40bc04a2768c7 |
| SHA512 | 6329fc3b9ce0982f37df9f97b41a15754cf9777e277a0ef7579806dc86371b2dfe5df934e71b4bba6011a71b0d7619f6a1f47b788d677cc95c4585ff9af08df5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bd0a6477125f0db9cae6eae150bff9ae |
| SHA1 | 5f3c01a57263470a84d6325dc97f2185d4ca23d4 |
| SHA256 | 7db3715ff09a256d83d11c9d423e46bffccf9ec8f587d9aa24c0c60917b0bfa5 |
| SHA512 | 823504b2c05dbff9a39a1e8b11f4b115fe7cdc05bc39fc1ac7a84969b47af901609d044182000e39f7f363adeab888000f4b039ba6c06a28199f95ec34116277 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6a33ea490df3b8b7964c08b8bb23260c |
| SHA1 | 9a7a9984e3705cd1743159bd024e615bc9ee8928 |
| SHA256 | 01db07d8803793eb417d3546c2b2021a941cb59009074b0c3eb57ead3005a133 |
| SHA512 | 1edf60874685988520f99754c0885af1e8184b910c16db025b258f3133a5feb4352bc95197d9c72d4d661a784c2f372c604a9f4000cc14c3ae5e09cb1141f80f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 08f3ebdf5e585124393e316752c792cf |
| SHA1 | 09dc1c0871e938aa594a4a557e016384da181161 |
| SHA256 | 4273e243271b64bd30bca12bd9ca586ffef74a0015817220f70ab6ae46187dda |
| SHA512 | 31eafbb99168c8df69bc41acaf1669d34b8b89f78c507dd5a66908677e4ccfcc46c0d55534b1fcdd40e2f227fdd47dda77f245276c4481b4b44191ee3225b793 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4
| MD5 | 8ce91384441beed43e9e450c88d56968 |
| SHA1 | 151f22ea67717d1f953ffa699291413e2f1db4d3 |
| SHA256 | f681eb76e7c91c5b1c9df4457f62489c42e1097955bb330a1091597c8f8747ca |
| SHA512 | 9fbd703cc8e5361814d3fe69c38bcf80ad4fa490ccde13793fd5acb3b378c88e5ca39538f651780408f7341019f06eb04ea2201688e47c69dd780644beed3d4e |