hxxps://mediafire[.]com/file/3nfa6p4pxkve92c/Ui-Dropped[.]jar/file

Resubmissions

04/10/2024, 20:19

241004-y3zmmstgrr 8

04/10/2024, 20:16

241004-y145catgkl 6

04/10/2024, 19:53

241004-yl145sshpq 8

Analysis

max time kernel
148s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
5	mediafire.com
6	mediafire.com
7	mediafire.com
8	mediafire.com
12	mediafire.com

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Ui-Dropped.jar:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2972	firefox.exe
Token: SeDebugPrivilege	2972	firefox.exe
Token: SeDebugPrivilege	2972	firefox.exe
Token: SeDebugPrivilege	4960	firefox.exe
Token: SeDebugPrivilege	4960	firefox.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
2972	firefox.exe
5248	StartMenuExperienceHost.exe
4960	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 508 wrote to memory of 2972	508	firefox.exe	82
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 4196	2972	firefox.exe	83
PID 2972 wrote to memory of 1312	2972	firefox.exe	84
PID 2972 wrote to memory of 1312	2972	firefox.exe	84
PID 2972 wrote to memory of 1312	2972	firefox.exe	84
PID 2972 wrote to memory of 1312	2972	firefox.exe	84
PID 2972 wrote to memory of 1312	2972	firefox.exe	84
PID 2972 wrote to memory of 1312	2972	firefox.exe	84
PID 2972 wrote to memory of 1312	2972	firefox.exe	84
PID 2972 wrote to memory of 1312	2972	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file"
1⤵
- Suspicious use of WriteProcessMemory
PID:508
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mediafire.com/file/3nfa6p4pxkve92c/Ui-Dropped.jar/file
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d2ceda7-0939-46d9-b13e-ce237c5f4061} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" gpu
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2532 -prefMapHandle 2528 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67bc8e93-7300-426b-8a76-5f554f9b421e} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" socket
    3⤵
    - Checks processor information in registry
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2896 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2876 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d143dc87-79db-4592-9928-a760d745ed86} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3940 -childID 2 -isForBrowser -prefsHandle 3932 -prefMapHandle 3928 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9daf84e8-4bda-4de6-9010-fc4870062815} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2820 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4568 -prefMapHandle 4632 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e344a79-d506-419c-8860-94cbbf0eb755} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" utility
    3⤵
    - Checks processor information in registry
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5212 -childID 3 -isForBrowser -prefsHandle 5252 -prefMapHandle 5248 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {586d2532-62d0-4991-9623-f8038fbf367a} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:1280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5464 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f489efdf-8c41-427c-9925-94e9745dcb40} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:3952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ca6ade1-6d90-4962-b8ab-bf7f17afd561} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:3588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6600 -parentBuildID 20240401114208 -prefsHandle 6592 -prefMapHandle 6604 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9744c82f-b88f-4ca7-a971-83e3b3c22e60} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" rdd
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7012 -childID 6 -isForBrowser -prefsHandle 6960 -prefMapHandle 7008 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b83cdd73-2778-4f70-a98f-cfd7426d0034} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6988 -childID 7 -isForBrowser -prefsHandle 6996 -prefMapHandle 6956 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {545c5878-c684-4afe-ac8f-be0128364fe7} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:3652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7332 -childID 8 -isForBrowser -prefsHandle 7412 -prefMapHandle 7408 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91372756-74bb-4647-83b9-ffc89d0b6386} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7360 -childID 9 -isForBrowser -prefsHandle 7172 -prefMapHandle 7176 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b51de23e-0031-41d6-ad14-df57ccfb4fdd} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:3664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 10 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d63f5f-68d2-4d29-9a56-dbf6960eb45c} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:3964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3748 -childID 11 -isForBrowser -prefsHandle 4520 -prefMapHandle 4516 -prefsLen 28163 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ab84898-8ae5-45ec-b8ac-da0d80ea500b} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6744 -childID 12 -isForBrowser -prefsHandle 7152 -prefMapHandle 7352 -prefsLen 28163 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c87ce161-ca53-44cd-8f8b-9ff4fc91779f} 2972 "\\.\pipe\gecko-crash-server-pipe.2972" tab
    3⤵
    PID:5424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3412

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 24856 -prefMapSize 245030 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a036a1b6-1b33-4aaa-ae41-df5f11c2b34a} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" gpu
    3⤵
    PID:2564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20240401114208 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 24856 -prefMapSize 245030 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {add8290b-4fc3-474c-9269-8b3e46257aab} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" socket
    3⤵
    PID:2636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3124 -prefsLen 25355 -prefMapSize 245030 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6012600-c975-47ea-bc47-a52b5eee4570} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:4500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3528 -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3612 -prefsLen 30588 -prefMapSize 245030 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1ec85e1-236c-4924-a881-a2ad28a62aa5} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4560 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4444 -prefMapHandle 4428 -prefsLen 30588 -prefMapSize 245030 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1694c6b4-4cd4-409e-9616-20e6e53112b0} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" utility
    3⤵
    - Checks processor information in registry
    PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 5192 -prefsLen 27974 -prefMapSize 245030 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82926c4e-64e7-4a2b-9537-8b19d662232e} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 4 -isForBrowser -prefsHandle 5384 -prefMapHandle 5332 -prefsLen 27974 -prefMapSize 245030 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d0a97a0-6689-4506-a5cc-6c7e1d7e0c07} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:1688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5556 -prefsLen 27974 -prefMapSize 245030 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1ed2fba-3159-475c-aa2b-bfda83ea9a13} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
aac8d04404ac0fdd2bbc3e8cadabc1f9

SHA1
7f4b75d5737f2c89a5c465afea721f437a3b2c90

SHA256
8a9f80a34bbbc881ed26579fdf48c5be54f653c95c0f14d36abd751c88d45ca1

SHA512
8d5a1e7cf01aac823d98e2136de97fbc4a059b622b24aa26b3f537e7633bec21aadf4d5cf62ae400668acad8dc426d45700b38b2634c84158701c736f233c1a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
6559d66d8cb9fc407a61b2b1717dc30f

SHA1
4d107ca87a00867cf24fb4689b6e73e09521b33e

SHA256
c4fd5419d5b09f2f193aa298858b7f693bfc36481c286cb1c2c914a9e9595f42

SHA512
4f2b14e3e1bfe380b65f4b09155112b6bf71428a7ce1dddc3af9f9f3381dc20099ea60d94dbf6afb4e57d655a445e2db1e8e8544ca7c09c2aa480926a02b7b1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
298e8d310eb23d253bc34b1595727c2f

SHA1
0f1ced46962e4dc05b513451f3ede6edcad74d85

SHA256
12b0e164a976388b5ae6bc9f82f4d378c4dde1f7a9f7fbd50ba185dc9eb4304a

SHA512
f5478a4e7ba61ff95a5f81994a43a8572824b2e5919658b3eb36b01a29836afd3c020efbee324efd3ff6ecf4e007465fae03909177edaa29ef6a16bc4f0ffffc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\BE6B4E3283F251CBAC7C0D5E8AF8DAC6880134D3

Filesize
38KB

MD5
633fe3ef3d2dd4ab0495dc0d05bcd96a

SHA1
a7d7804df4c3023196712b888b495691bbc2b41c

SHA256
48194cee922abe2274951f6f35cb19c7248178b258b8da87cfc940d603b467f5

SHA512
08eb5e5c12cd22eaf523da1ca7bc891ab6b2ae3b3531e264df937d6bbf04e4be3e70274ebfa97db31167c5a67b257a503f0302c77ca7b15f0a2465967061e3aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\index

Filesize
7KB

MD5
be4d6fb4e77905cde70546e220a00bff

SHA1
622b59f697f33484a62cc4fc1ab73c1ab47c4f51

SHA256
f927737cabd72ab44437799bda439511773cf29a459a3b5a579d13cf06e6be4d

SHA512
37e85b2bde2cdcd7de9c9965503003075903230d613edef42c3872efc4681c21536541b7c1c8d76bf60f5960799864e362287e60b5eede5c79a708f5442edddf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\index.log

Filesize
1KB

MD5
031d056cb9a0b14ac941170a503494bc

SHA1
bc4c77652ef715412959a75f0ea77b2dfe818602

SHA256
9d27649cac355362175757a502a334fe11cea3e6a0ab9a95b904b85c9669f73a

SHA512
25c84fca8529a2d93873715a75d7ec390596268dd889269bbbda6afeccd5f2049c33b5652a69339f9ff89a835cda3e7656a39653b31bd3e39eb8b6bbd3064dc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
15405b40b11396456243a08ab4c1f30d

SHA1
eda1aaf4281a3f6ac05af57ae91e37f6faf3048f

SHA256
2aa3c813af62320d33d79d971fe48ef775ff66a716658e428b043e2425e721b1

SHA512
e7aadce7de8ac6ca2243cfba8ab242ee6b7e7590445c4d8bee16d39cbfc2b74f0095230ba2bf70db70eede4a3cf1be98372bf79c3bb0db2826608a5da4520618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\scriptCache.bin

Filesize
9.2MB

MD5
185fc2adab9e07839648c36a5e54332f

SHA1
50b48906ce39f0928dc5bc70b1c6653761ab946c

SHA256
0c0054c7d67b49e7a44d922029a2984147c9e92dbf4b92abbdf4f8692b07d3b0

SHA512
cb97e583df6b08034d2cf0a07ecf8b3a05616f4a2467c00d645bf992157a3bb5615091ad6661b14d03e6d15aa57456bf6cca82ffd244f6e91fb6707778fae415

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
f992c8ff4bc58e2199b1f265280c85b1

SHA1
c50190abbc8879a5e346823dbe05a38b59adeb3e

SHA256
c82d1cd15b561f4533238973529a30256e14e96ad2001aa16f950e11734e0445

SHA512
c5dcb0b32c8c35a791e4f0493dc1ec0a776b7701ba2ee4bf0582b1597ac6a398a3aa56287dfdcbcc04afc92f3508c5d6c2a44464deaa0cc08f33de64424a5439

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
b9bc02ce84aa85e3651c9092f4c264a5

SHA1
1437d42cdd7c3a38231dfc87718ca53d64954280

SHA256
73f44c8d845e89e6f4e43ec6281f5b131866f3af8d3940a20fc9a91b6a96836f

SHA512
ea352df32e80859ac474906fbe5e690842eb11fb3f71d3e30f4f8b9acb94fd7fbd1370792edd472db89e2a9b18a46a82aad220680e5d252d247828c410678d5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

Filesize
21KB

MD5
bb7e5c552ebc5056f9f4d0db2cb837c8

SHA1
66497852f45e8c116c2753c7459a200343733bfa

SHA256
5feb279f21eadedbca9b27b09503299d9fe4df0aba621dac45e966f47bebaaf4

SHA512
8f4d3f3e15937f3be55ff4f48c08437d1cc1e56e1f6fa903dc74bb72b4f97df08ca6d58f70f3603487d69c3262dd7d8ab31b92877ef4ce812b56867d0bf7eb00

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
45KB

MD5
c6d656617e4b74201d0f01e175a4490e

SHA1
a2b38d78dae99d9085171736e7aa2a257bd53537

SHA256
872a2928a4322fa3b9d81cf5b92c3b0c052a3848b590e0c654ddc1bc841562e4

SHA512
359cad5382a851018e1f01b870b591252bbb586456e39e918ff54c6d7ae073863bc927d2deda025e6f23c7722484a89d14ca50748411af1c9475680e9679efdc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
10KB

MD5
8e39c004aaa5aae9bd10f4b73716c2b2

SHA1
56db33ddc50bbd8454a8b8f9cc1261f1be96a67d

SHA256
9572b564051a1ad2b203719753c12aa41b0416bc00532a28e701dbb6aaf79294

SHA512
8d5730066dee3d9402765454f86995c8be7763fc8a490a8f43e708fd2836cc573de8a2e2debd13d9160aa0f8ea4649217b248451ea059de04207a6dcea9d5ff5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
12KB

MD5
fcd015d208d182ee7577720bc2028097

SHA1
0a5a3c21daec07d9d004cdf9fe44d0dafb1265c6

SHA256
743cce6b5254f6600323e7fb7d6710c3fd8d0a04e6080362219fb3ec2e65b699

SHA512
bf8b2ad51ba8675a33993f5491a26d5c3894a4203ad9c6542b23d8e1f1d4c372ba3c9799f2a17e272ef943a95d019c2575cf02423091361f433a1f6f0da73021

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
43KB

MD5
ae581921a7754e16901a5b512502885f

SHA1
49a08449302b4446e411e3251cdabc0693baf18b

SHA256
f06b41d20064fecc861f0f669c90bc8d529e70b52343b18f4b54bd3c73cd93c7

SHA512
b1c7fdaa9b5748f74ccb6765a72985cb78395efaf789af0b797141f94123d0d9cb6e194f6dcc8c3266c2b086d4d90f5e4a47ea5256f7f47704053b409b4d33e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
366b86b07185f499d538c6a26d195753

SHA1
a8bf6e2b3cc1cea96cdc576ae3a3ac2c51b7e599

SHA256
fbfa125ab508c1addeea2f0fd4e7cca20a68610ee350c7f26f12f1acfd57a88a

SHA512
d034a316532481cc661e81de06355b754ddacdad6650d55c690bafe251d9722a331fdfde63f2c50429d6ae4cfd4fcac1660d0b97aaf444a09f85ff2f7d06a5a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
e0573c5353827e3636ad1ecc967688fe

SHA1
516468aac41d97bed72ed2113b4314c8749a389c

SHA256
480b99af5bc1c56109d54dcdbfff1bcda29852a454150b6cf09af4fd8adcb331

SHA512
d2469436afcdb4f295d5a461f1a34162f795c81b9bb75cbfa33e5eb55c384bcb36914518ced53d8c2c97735bff61191e649c5ce212562273f028998531ae1b9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\broadcast-listeners.json

Filesize
209B

MD5
97c3738563a9448365a735f5f29ed3d5

SHA1
15a81433236ca6e6ecc4e1c8d0fdb8523b265c57

SHA256
63221253f5c30efa214c2cd2adcf51a9c9f9a2c05f119b00a51c9579825c2c24

SHA512
ed98f42d5d02ab53a9e50f80b312bed4b5d05d053bec582cf9d619ef91251e86cf4f4d1123c645500fc1dc4673b49a8b7badd3f3a39f565ac643ca4fd0157ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cert9.db

Filesize
224KB

MD5
02f2a7a7e937b008362cb69ab6c9a911

SHA1
f1030b45786ebe1c85c745ab4cde2cb795b7bf32

SHA256
7e4ea4d65c08e0ff843758f051cbf32f74d72a3627610fd2103e30d36c8144a5

SHA512
7885b4da3a3ad5c86911c91eeaabe8a43d3208aeca5be65ccd2cbf97395a408314f6b7be813cbe1e63cd5b56b2d5be1be6306f013bf22ab29e499189b3390fa7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cookies.sqlite

Filesize
512KB

MD5
261b79939573cbabe996e0d50ea89a45

SHA1
97967fe2f02c3de5d51a9a3bda5c117e5d976234

SHA256
2f40102a5f87742ae8fdc7dcae83e2bf41c940ccf33299b60e1ccbde3720cfaa

SHA512
8200012f2478d6fff8a478f5f512d6de0a1bb58759f7b0823494204367ec658b5e2b8d3f0791ba2e8b23c0c509d8efa8cddb6d9e7a4b0e3517d4baa3127a6337

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.bin

Filesize
65KB

MD5
02746c180f0afab3f0c3b569cd69e132

SHA1
3ece964b2c36fde72644876da6dc4b34a93ea89c

SHA256
ff1b3c9869b3a15b5c59e851f77d482ce4bc4eb046419fbb538d7c8be0607401

SHA512
e32b1a67167e7f6d15e12566ebe4f79618fe31d9bc3f03553e6f5cfc2fcb4be6111f0969f69acf69ffd295f01f88aaec17eaca8d12362194b0b84561bd92a8b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e1580ea4bb22a6b06264546f1a55b301

SHA1
87622c353cdaefe32af7b808bb81bd40ae594747

SHA256
84205e5e74848a2d4e0a84b1f2c8314d7f63e3da3c2ce84affe1f2624182d41b

SHA512
e1608133428635c66e6c640ba54db5ad412be8025db2c9520a03a8408fed8142e7f0830c9a22142465fafa790b5c276f38992e5a984e5f8b2812b99cd4c81c9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
b5e549cc522e99d59c331ac1eb6140ec

SHA1
678b44a6259d4dd8d96854ae470975bb44ad04ef

SHA256
6b2689d3f284c6077001160967fef472511b0f1c1ee15d2ef566261bff4d34c6

SHA512
2982520527936a0cdf85476a6c6ba08d43e596638f09357de268d06db82f95f0bacf6d8ef4da154457f0d283acb6599d9f33acab947c0e2dc32c38374644177e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
cd1e0cae4b8fcadf3495450ad336a984

SHA1
1a637a5a723ee612c8ad753174df8130a60f7e38

SHA256
f5e51943ede0b0c205e016a65ec274e522df4ebf728d0f7a94dc695dfae095d1

SHA512
fc404ab33791dca7815b78e4d7d84d3f4794f9c600d3a9b966d61cc71e3392c1a8a422ab34751a6742540776e670691ce56d1edac760f2c68601739903c5fb73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
e2a733307c323019c8e9809acf40ffa8

SHA1
5828b85d811914e676b28e9290b8c5ae543cb0f0

SHA256
fa8c4ced866cbb0d63bbc310b9b7de76209172afd1e056d5fb8f1099e412b5f8

SHA512
3c2787b96ae0e7a5eb9e900b9f31bdba62850445fc5db34ebbb841f8c93763db230111133a68044b7fd1a5c0e3e25afb35a9ffbf1795db77aaccf4567e54210d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
64KB

MD5
ebb17250c33814eabedbb536f23555ae

SHA1
037cb203470f6dd8848057b166fff25f52e487e6

SHA256
d0aae246a7a85d7dffe2c5928d6e02f5bc568ba42d37ed598aba0cd3abdb448c

SHA512
aeb310d6dae2645eeaec454579cb1dc23cfaabf9639e63a1188c767468365e89d42f642ef6214e34d8f92282c74f468e5cec22168df9061699c3efaf7810b169

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
65KB

MD5
85c6b6365da1121e0810f6176945c09a

SHA1
597d312b9ed770ce7ab49f314897645fb7883173

SHA256
c1730f4f65129758109f808539ed7e3c5769292268aa77df6246b1cf4d82cb3e

SHA512
8249453ad17e585fcf7492b17f0e1f557d264afdc86698f739bcfb37a3107b2c47dd8e24c13fdae900c7276cfd2d146f80e6bc88122d4ea1ca9c850c1c545930

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
65KB

MD5
763ab744cce236ea66ba5b17ee188a4a

SHA1
f5052685872c71f7263721a098f27b66e90fb67d

SHA256
388fbc7c5b86f1652b3e1455f6e7de03654104ad971508c2f2e7279562e4caa3

SHA512
4c0f3517da75edcdf8fc5fef3e28f7b3685e7194cb3b74cec15db0330267887c9e5433d5e8288b432416a19b7d9ab3782e06562ecc2e68869475ba79ca0e1e56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\events

Filesize
438B

MD5
4c1a845397a26b38f8aa47673f55a03a

SHA1
772d543ddc7862b6839ff11fa5864c43403fbd77

SHA256
b226b0a8d7a7332bbee7bb0f32f80e27123a75180d4e97cd42484289a8fc87d2

SHA512
bff990e878ffd04551bd1489b0f0999085d76516260eb41892f64bc0afb0f63323a4dc113e93705d056f45c50541b65475c6fe4dc492fa697128ae5750d5ff38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\events\pageload

Filesize
378B

MD5
9a4c0c4b2b68611542f73a267834408e

SHA1
a2b7cb2472959e24fb2799035c2bf73063d4276e

SHA256
2f2a8b43ee4e11abbd9668af627e69ee454b81260b6f8629f54a9e7320ea96db

SHA512
c99c19927b5314ae70c191e3db7bcbd18a3de80591f7fc228dd696a421ef3fd71588439c70d734604a4057e6c24da94cf11e513bfa8a0920afbe84b3a5a3e3eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\45c04043-5c51-442f-a3c1-047d0d0cec2c

Filesize
25KB

MD5
2263c8ab7e762eb28617496d5783f345

SHA1
887a071fd9f890b4d56c58b926d92dcb97b74445

SHA256
d3adf5a4ce771b72d613b0538abfd019a1c929d35174577f2f0d028ffe4d4c73

SHA512
9056c5c4dfe1bb3dbf3d5307f426bccec0963e0e8b9061ebfd5d31e6b0feaec06f02954d2ef06e3c7a2f0d459a2f3873e3e6925a2a1b992af5fec0d315427ad0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\5226fabc-4ecf-419c-8e74-a0bce809764c

Filesize
982B

MD5
5d08507ecee0ae38136567188ea6d1c1

SHA1
d25747996ced6f299da76d39084afb2c42ca5b21

SHA256
2cbdb619f0a77456e478b2b5db0ad7f179b8fcf4b0c261b617154d91cf623837

SHA512
d2fd6e7d60e69295c0834be9b30081923353b05580adb69d4901c7b0f98e4e5c86a734ae865d13d15126cae5ffe4fd33bc9793afb56702fa679f12c0a72c4dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\635177a5-d41a-4fa8-8c69-c5210f8132ed

Filesize
671B

MD5
9ad07f1b72d097e6ec114ecfea25e779

SHA1
4f96ad777cb2a34f946f1ecb96f1bfb19464a4e1

SHA256
a4f3667c54a6fb16517fb82805f77f395c90b6278519e0d07bd6b4d0cf465977

SHA512
03bc88f009e82515263815f8e687978bf4c3100ba4f88deec8b27156652102bd142466136d46df0f4180e504b75f9a2d17202d5e65c053e2e78258d83fecb393

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\8eff1f12-0533-4985-ba5b-98d72e1739f7

Filesize
1KB

MD5
9614c8208fcbb4e97deeb2be26e2b50e

SHA1
a218215bf48d0bf1ff1ea828a51f13c496fb0d0e

SHA256
2af12158a4f9da51464e940bba3751b24a5d69e88f3d368f826ea3d875e950f4

SHA512
141eac40087e1acaec585a94f38c78aaacbbb680a89557c098b0213fd686800db45fe7083506b9e748294863c00e47186decf10a7271444ab1d5bb95e514daa7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\95ab580a-cf4e-4528-9ec7-3382e7299b26

Filesize
734B

MD5
935eaec38649b8efae97a24f1d1b385e

SHA1
a481959f21bb71999e396a3c0affb3be55b28b31

SHA256
76d387541b69a9c735a5e4cfa5f2ad94061015c74f667284b1f679a8f56fa77d

SHA512
c027a4b96ed85208456b9724315e1289e630747c77de20aa05582bfc449502ebdf4848b5fe7ae393e0b5c57b343507d3b19ff81142048d5271e8c0160eb8605d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\c113ae2f-bbf1-4bdf-a9ff-5309a9f771d8

Filesize
1KB

MD5
d34ffddc82c55da6bb0d64c12b8f68d5

SHA1
33014bd36e929e32fc1277ca4a21de4115aa1ca3

SHA256
060a68869dddb3bd9e72e5609c2e6fe0239d4ef9729cab1584a8e4274bab4bb3

SHA512
303ad58052c24417426ced8156b1c4e78e3410fd3c937760de43bd52fc642546458f9b5fc3d9c7bbff4b0019ac99bf3ed31c43201865103fdba80817fa25b0dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\e056bf0b-f12b-4729-810d-61e0de986bc3

Filesize
768B

MD5
cc6479a45fcaf53ae6d7bbfea6387e89

SHA1
56ea170fdb05cf01654a21dcce986adf459f5521

SHA256
2cc12f26d43e89d11534b821eb74766b8c3f4c73cd05cf213a1a5b6267088d5a

SHA512
2951def65aaa74aa599631d7fe718da6a844d84d2ba6499de5ae787e37a664e7352b50ec970822a14ebfefd9874b12756b74f5bb279a08e579a29861f65dd7a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\extensions.json

Filesize
37KB

MD5
6336c3b6727e141bbc0e7dc5899e3d6c

SHA1
86eaabb72dd496c0d8e264161a174b280ecd7510

SHA256
fae1fdfed5a1488cfe5f80545807eba3ec1b41b95e619dfa9c057b556c8813e0

SHA512
a9a192dfe709e5854a7305aad59e5214e9073883e6a8a157895ffce632b7885f3f4f973a3bc650b00174839ca43c16901af1382ce3eed4c4c7f589f80b56520a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\favicons.sqlite

Filesize
5.0MB

MD5
5c2b2e93e9543b5503e4b3dd87b77ed8

SHA1
06e2a8d167787ffca0e200b9cf5f7b64260d220f

SHA256
676f11a01053b87247dfe08a31035b90435e2024aebcb71683fe099b68aa4524

SHA512
943cd7c521badbdd6d76049910977dd9fa5cb0300109d460ba01269775fe52b676e6fc83273917229e37c1b8fc9086b48841d020cc133d4446f18963b726aadd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\permissions.sqlite

Filesize
96KB

MD5
c06e0dc5a1f9964ca62de48b2aca8f06

SHA1
c598db1fff4842eccfc56e10de6f5d6335568fc3

SHA256
a34bb60c2ec0323a015449c77b8f1f716bbb1b783ef5a9877e9e72ffb9642234

SHA512
3e4dc227ef9fbbb1246f5b98770e40897d47857fcb794a84bff4d4aad08f0749c32f2199f9e3b92a9f0dc488440466ec69e581a68634a7c56e295d780d156a12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\places.sqlite

Filesize
5.0MB

MD5
24af00b63ddc9d27253d37aabe14d58d

SHA1
630282e0ac9180b58700fddc3da19f16384f0a5e

SHA256
ec02674ed7b57392c879e211868474265f9666b2d7d37388d6f8e5885ebbebc0

SHA512
63db4e8a035202fee0a9e361becd80bbe205956ca5c3a336d0ffba4725a4643d7ed10936f7c94e8871425a11bbff561788eea386ac3b8c371cc447e98bce55cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
11KB

MD5
a8478dd9fe5b37862a1dfd430ea9d663

SHA1
64b98a8ddab2d218dbd90d41966569c1fab6b03a

SHA256
561c20718720ac5b162bdd2f78f2f9edd644c0ed94c26745f6a82700aaceca43

SHA512
ca6fb037858ed77b6336ca4ddbaaf8982389dbf93f0bc8851bc1257e3aeae8168cb5ff41a134fa29b9b1d75e5099342f7c961b68c8a6ebcfcb447fa520359ea2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
12KB

MD5
1d787a0471e3b3d53677139f297fdb99

SHA1
19a916d110d15f3e5b778ac9e411c35147d83fec

SHA256
cc69469566e28cd678c64d92c1cb72ae19e46aeae1085aab10e0416139fc7628

SHA512
44dd792f4a66d1589cff165c7a3982fb72bca09bb945eefb29094265cbc07a2b33607ff01dfa998edd8bbaf82fc423ce340a189c738c1b89b45fb192ee748d1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
12KB

MD5
fce0b1a9b08095f2742e3eef89bb48b3

SHA1
37138efd76b9d67ec1e5f021cd1921b5c4d85570

SHA256
82b836e76f1049beaeab9ef4224d4a73c2873a437574ea63520b7e85dc0ac2f5

SHA512
a01d408fffc7118c98ca9fedec93c422f39db815cf3fe06e32d2953eb6b0c8f6606cab6f01e886c7b0ed8de477d4c44209f2f6909a204f875d875ce849dfab7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
0cd782a5f88fe756dc3f68103cd02dc1

SHA1
925961895f56721ae78fa5eb2d87feab77ef0b2a

SHA256
2d7bada34b3bacaae92ca529870324a5d22febeee111cfeb8f0b8816efc2c9ff

SHA512
e2fbf57e4ed8581ce35d7a07ffedaed6ac25715820491a0f555bc8d4890275e9773a4273142ab8fec1450b81182a6839f69c6461d524017561d507e63f721925

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
1b27141af9db75f1a014c85181dc01fd

SHA1
67e60f1ff9cc36be7dcf7a6f7cb3ef6e2fef2401

SHA256
091d3f561acd7edfe3bfda93b4cca9e44eda15795f9d65280fc8b18d4fc5de7c

SHA512
10ac1234ef17a77a9096bcd23b9fc50ead1c88e966d996602c83901cc965083ef8d857a870ba5144b013ae53b30f662bddabe6d6e35d0bb3ce1ac79a3ffb9998

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
2808c1ee1125c644f3f3a042cb4fd1db

SHA1
897416952819cbb023a5ebe9c3a6ccee66b860f5

SHA256
5a09d522c9f8f5046de48982d4d9286146dbb734b7bee53658a81e24821e1f05

SHA512
936e5a03bffe7bbbeb8ef6c4aefcf32384cd2ddae5c0010712fde7e2d4a5538fb1c73fb98fc0dfe27d04a9bd7eae6e18078334d5694dda92a6dc3ec80516b586

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
6893c34491eb897c4f9c7fdbf6749236

SHA1
964e717aa2a05ccb6483659259f2c30e3477267e

SHA256
93ce49212a7807ee25b5d16f945ca4d0c46079dd5ff2aa69775b329cb83c2217

SHA512
c34906d1ffd700ebaa970e11d604f33287a1f7901a052ccd329c3c029699a0e00dd527e46581cc6ecc45b3594f11ed3a913d06c5e33948064fd9e0595aef4c6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\sessionstore.jsonlz4

Filesize
7KB

MD5
e9623b92548e9dca608abe2befa422ee

SHA1
e2316e1ec16ec7f8e41e1a1403108417598b1699

SHA256
c7b60f62c0f6a3feed2f781729cf29ff1d486f579854ac5dff484138420837e4

SHA512
17ea4721238cf237d18b29b23348bdd649924135b826367a2d5da3286d84f8b34413f95d5bedf2d3c32e82347709e0709f59b1e313594f14ddc7eb3a1cba84a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage.sqlite

Filesize
4KB

MD5
f09e79ebcaef7f360eae11bffd9422d6

SHA1
408ec6b2b41d462fbf2a2199354fefbd621b1c2b

SHA256
47e30745b4a0d36cb41e70288a8ce28da0c853e8a0985839d161b10b0f9ba466

SHA512
4b5f372ba9e60d9c2451ced88ca24b6fa4231ca7317b8d485cf8b6f6f428f2965f8bd18e8de4c3eda013bb927abc0a9ff3d660f37dbd8232cbb655a0183eaa6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
b17e8718428506439e5d618e9718c481

SHA1
5dd12602f6fe2a70e07cc3619b21978939843151

SHA256
dd5143ae434672e8f23959dda7cb3e644d312d2b69da2718bdfe3e3afdd7c409

SHA512
e40bed31d74039f7c34dc288046304ed6b0d60c24fea2db168ec41027bc87da18b2ea8511cfcd6cb4a0fff47543ccae9524b448690f9598e2ce4eed5f72364d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
1148cfb349036033b6cc056f6dc57914

SHA1
f745c2766958343b3b93dd87990c532d746486d7

SHA256
9f94a4330f161d974e9d12b2db0527dae53de84e6047e1aebca4754c47835524

SHA512
108aa71b93097ff164831f56d422d20424eac0fc1b1b826234af19453082136b89fc02ad6b90ab791a46947bf46fed7061f629bbf24536a4e5ced46c7e897287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
41f0da9c5cd3658bc04f65c7e2347e8d

SHA1
4cd4d62f1baf3b51df63a11b4d989a45a6b1dd12

SHA256
738d317bda543000b216ab0394a59797ab38b138d15e7add061290a80de3c835

SHA512
7250b20c573c73ecc4792c1abd57aa8651b659bbad87f077672f3c7af89c858a1c85dad59184dfb821972dc194f9cc2371684ecb6d47e8d2fc1df91952974f9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\Downloads\Ui-Dropped.EkW9qcOB.jar.part

Filesize
69KB

MD5
a8df94a5dae64eb14cd833b9c541c362

SHA1
4795789b8ca19541269fb0acbf16bd3626e375ea

SHA256
1bdf69cfadced6c07c2f7df57d5344efb1cde656f5e4a62017423faa6c961620

SHA512
822d43fa6165cfa92444c6b171b87e8460ae6be6e05f0ff19574a60eb0d9ae58e1188d2500444870b078818feaf63fcb7323496cc58dc13db6b4e907a6349209

Download Submit