Overview

overview

10

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    160s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    09-01-2025 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://mega.nz/file/yr5zVQDL#T3W9puKOyBP3g87rqXJ7YQHNf8WsM7EjkMGBVCtXJGg

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mega.nz/file/yr5zVQDL#T3W9puKOyBP3g87rqXJ7YQHNf8WsM7EjkMGBVCtXJGg"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2920
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mega.nz/file/yr5zVQDL#T3W9puKOyBP3g87rqXJ7YQHNf8WsM7EjkMGBVCtXJGg
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3252
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a581441-5dbb-4399-a0f6-55f58f4ee142} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" gpu
        3⤵
          PID:4552
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f20c4e95-25cf-4ffd-84d9-72b6fba52660} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" socket
          3⤵
          • Checks processor information in registry
          PID:5108
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3400 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3060 -prefsLen 22700 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f3a450e-cdfd-4bef-ab17-f8d1914dfb3a} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab
          3⤵
            PID:4916
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3912 -childID 2 -isForBrowser -prefsHandle 3816 -prefMapHandle 3460 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cebd4bde-3609-4ecb-abd1-c67610a77154} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab
            3⤵
              PID:884
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4496 -prefMapHandle 4488 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ba9e92a-067c-434b-bec1-2414843c7e20} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" utility
              3⤵
              • Checks processor information in registry
              PID:464
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 3 -isForBrowser -prefsHandle 5436 -prefMapHandle 5424 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60f7e853-953e-47c3-8339-daf9a52025b3} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab
              3⤵
                PID:3016
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5564 -prefMapHandle 5448 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdafdfdc-1ab8-4d1e-a24b-087d084963d1} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab
                3⤵
                  PID:3944
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5804 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d7a218b-41ff-46f2-9828-479a022d3920} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab
                  3⤵
                    PID:2408
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 5596 -prefMapHandle 6116 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d341099-e6bb-4d5b-974f-4d38c5431141} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab
                    3⤵
                      PID:4408
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6384 -childID 7 -isForBrowser -prefsHandle 6340 -prefMapHandle 6248 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c6de9d1-53c7-457d-b378-61f74da53fbb} 3252 "\\.\pipe\gecko-crash-server-pipe.3252" tab
                      3⤵
                        PID:3000
                  • C:\Windows\system32\AUDIODG.EXE
                    C:\Windows\system32\AUDIODG.EXE 0x414 0x2cc
                    1⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:404
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:5868
                    • C:\Windows\system32\NOTEPAD.EXE
                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7ad769f6-4d97-4e91-baa3-28452c9b171c_[1.1.0]-Aрр-UNC-x64.zip.71c\PA$$.txt
                      1⤵
                        PID:5376
                      • C:\Program Files\7-Zip\7zG.exe
                        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11571:100:7zEvent32318
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        PID:4344
                      • C:\Users\Admin\Downloads\Release\Release\NewUpd[v1.1.0].exe
                        "C:\Users\Admin\Downloads\Release\Release\NewUpd[v1.1.0].exe"
                        1⤵
                        • Suspicious use of SetThreadContext
                        • System Location Discovery: System Language Discovery
                        PID:5248
                        • C:\Users\Admin\Downloads\Release\Release\NewUpd[v1.1.0].exe
                          "C:\Users\Admin\Downloads\Release\Release\NewUpd[v1.1.0].exe"
                          2⤵
                            PID:5396
                          • C:\Users\Admin\Downloads\Release\Release\NewUpd[v1.1.0].exe
                            "C:\Users\Admin\Downloads\Release\Release\NewUpd[v1.1.0].exe"
                            2⤵
                            • System Location Discovery: System Language Discovery
                            PID:4348
                          • C:\Windows\SysWOW64\WerFault.exe
                            C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 848
                            2⤵
                            • Program crash
                            PID:5544
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5248 -ip 5248
                          1⤵
                            PID:5512

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                            Filesize

                            479KB

                            MD5

                            09372174e83dbbf696ee732fd2e875bb

                            SHA1

                            ba360186ba650a769f9303f48b7200fb5eaccee1

                            SHA256

                            c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                            SHA512

                            b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                            Filesize

                            13.8MB

                            MD5

                            0a8747a2ac9ac08ae9508f36c6d75692

                            SHA1

                            b287a96fd6cc12433adb42193dfe06111c38eaf0

                            SHA256

                            32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                            SHA512

                            59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\AlternateServices.bin
                            Filesize

                            8KB

                            MD5

                            afe265ce9873703617ff40fb42203687

                            SHA1

                            42228c68b0a514f6091c3f953358f135f1dec7ed

                            SHA256

                            c85bf5b0a2e355e466d5d93fd74b838eed0e7b800985ba313b7c21c0d4ea7370

                            SHA512

                            4e78452903e0dab37aeac1523f29093f2afc159a4626502146803a22a39ee339745aca77f2b47e87515559ae7647be45ea4eb377fcea39a6b3d4514d9541b881

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp
                            Filesize

                            6KB

                            MD5

                            8ca48ae9389a5dfd0808018dd3f87fbc

                            SHA1

                            f618fe3d02c2a8b7591057224e8e24597a109826

                            SHA256

                            e4e3cd9e38258cec4af09a3079ac53a3276e78c7571673fb2c1ac1577bd6550d

                            SHA512

                            f93d4213a04b89c962fbc5a050d531154e112b24bdbac1eb0d1d4aa859ced315b8ed207bea5ca3a3efb461daf0b0ad24c8967631c609480656a74101c91c77f3

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp
                            Filesize

                            36KB

                            MD5

                            74860822c10b238b88f1d2941b5b6111

                            SHA1

                            9803c9e3d03b0b1b2c164474c9bd6b43bb92f99b

                            SHA256

                            c6b2fd5655c32f895ccb15ec40818fa203f6979b71a408b99693e3523da7ddf5

                            SHA512

                            e28278ed13ebce2cb4241cf4865e776db7265531cc6b22834382f24299bf261bfc80a854c4ab3fbad863eba37143dc1ea74e8e3bfbee37ff814569ce66e41acf

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp
                            Filesize

                            7KB

                            MD5

                            d7a6f0e33c2045150b3df5d14aa4077b

                            SHA1

                            cdd48c66ecb7de4a0e3321f231ac37fe0e59c9f9

                            SHA256

                            8aed05436c08019bb1e5c0e54bfea9e5981000b042f58f59ac979eacb6e29e6f

                            SHA512

                            6e305f215def467cd63cb554fcc41790945c2bacb52a6f83f71a7c59a9bce9d607e61c67ef614e40100a21c096257cf1cb185c6849db12ac70f1179106276f74

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp
                            Filesize

                            5KB

                            MD5

                            f56bd8ba966c237615dfea794c033da7

                            SHA1

                            f316f3dd8c722ec6534ddc9e695684f227296f13

                            SHA256

                            4c057b60db0f3033dc185d1b19c8cd9a0ba341ac933ad50431e25976ab40377b

                            SHA512

                            f0b7fa18e8b1ca260832584ff5067950d224bb6daa1900a0edab91a9e556d9ac8151433690b72ee8051d1b423562cd31d08b4b8a286c5a6623fc86ba3613ba94

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\0a3348ab-5ec8-4751-be1d-8e2c31288bbe
                            Filesize

                            671B

                            MD5

                            5dc4d9fd3cdf64121f25c892bd622e6b

                            SHA1

                            3780d3ba8e6a8df59ab2fa6565269334ff485a15

                            SHA256

                            e65f61031c40a85f56c4a1a22eae3bb6e54a49ac8366337d6d31143ff19587bb

                            SHA512

                            512a35b772a705661d987609f112ab595afa679af42f28ed3aa3f952bab2d530dbc5745170c76121c21d8b6d8a3b47de797a9656d5fc7ea34730b12ff35191cc

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\1254b3dd-23b5-4c00-a2f7-f859eaad67ec
                            Filesize

                            25KB

                            MD5

                            6d3a13c2509212e594ce8e9148adc473

                            SHA1

                            abd57ac173249d6509b895f16556c8aec5efe547

                            SHA256

                            c6093fed8bc3b8bf1e5d1470c49ee24e1e709065cedf3c4f352f00e40ba190ae

                            SHA512

                            ff78c3a6df5adb3c5621ed5d2d8695624ca1f81aa390b55dcd61fe376a4ed0957bddaf1ba48a946139cd4662dfda7307c66c55e1d3cbcb6c63cef6ba2b80f32e

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\40a1aa26-55b9-4b10-9cb9-7bab8623a666
                            Filesize

                            982B

                            MD5

                            08453554b5699542ff2c02fbc3c58ca7

                            SHA1

                            a910c2c56ea2e621e3ef155dd10bb5948a2bf798

                            SHA256

                            e48ef9c9d28fd7cd1f33b52a62f248f2b1fcdda4976a951aa70c846834d2b15a

                            SHA512

                            498e82fb63c0e60adc55697e844b7880006d4dc2c6e4f9cf8fdf79fa42c9f8da40b80d48b6b9335d6dce9d08669fae5c2f7ba9a9956e9456b9b1f43fb2d67daa

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\e8bdc88c-0853-4c0c-82ba-8361437510bf
                            Filesize

                            1KB

                            MD5

                            1acd181b5e4ee21625d599d2f9b4b391

                            SHA1

                            363b41f6f3ef2f2fc84c5464c9a60da90494e649

                            SHA256

                            005ad31410008af12b914a1c70c4fd6f4a2f76d4b4f5a3595428cbbd0201090b

                            SHA512

                            8f71fd725706a1e60bc1578d5039d2414167cb4e4872e9371c08c642b6cc5c094a4de81db5eb138e5f11eddb5c506b3519180b48647c877b3ea52802ba63ebbc

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                            Filesize

                            1.1MB

                            MD5

                            842039753bf41fa5e11b3a1383061a87

                            SHA1

                            3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                            SHA256

                            d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                            SHA512

                            d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                            Filesize

                            116B

                            MD5

                            2a461e9eb87fd1955cea740a3444ee7a

                            SHA1

                            b10755914c713f5a4677494dbe8a686ed458c3c5

                            SHA256

                            4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                            SHA512

                            34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                            Filesize

                            372B

                            MD5

                            bf957ad58b55f64219ab3f793e374316

                            SHA1

                            a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                            SHA256

                            bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                            SHA512

                            79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                            Filesize

                            17.8MB

                            MD5

                            daf7ef3acccab478aaa7d6dc1c60f865

                            SHA1

                            f8246162b97ce4a945feced27b6ea114366ff2ad

                            SHA256

                            bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                            SHA512

                            5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs-1.js
                            Filesize

                            10KB

                            MD5

                            16772bebca7ec8734888ab7709e490de

                            SHA1

                            f14f02a93962b627d034684b466fe78ee9d4f5f7

                            SHA256

                            109fa8ac6bc4483a4b9690a7b6d239fb39d0d45b1a9acd062fc5514cf64a4c72

                            SHA512

                            9cf41973a4119316d1973da9a4e6b5e98923c05d091bdf5a2071ca3655b5360d72d11105618a2e172bc9d31ab02b5030368faa276ee31d2231711611236973d2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs.js
                            Filesize

                            10KB

                            MD5

                            415b2f3654d8430719ea48e5bbc3b690

                            SHA1

                            49bd5ff98a11792e090fd91cbd100e1cd2a0ed3d

                            SHA256

                            87a722b9822ca9db7a03fbdac7eede5afe9d4051e0b1e0ab960a3856f33015b0

                            SHA512

                            c4c1b39ec5a66626d5632eb59e7500262de230e7086852548ec04f0300f013100c472367d51eb0681942dae0e63a95b64f3bd7a761df6147e3057def63b54132

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore-backups\recovery.baklz4
                            Filesize

                            4KB

                            MD5

                            fbf166d8ab6be4cc592c2ed4163aad44

                            SHA1

                            df1029364da42a76b4192ed599cb377937d9a53c

                            SHA256

                            16e5d2f289e6e518cd2ffaab7130ce4e54a4466c1fdbd983e125126e8b1f4c27

                            SHA512

                            ceb2d417c679ad4dd44d18040b2ac0f1fed8f2b029d405e1eccbe2059526ad26475b472559d68653d88cefb111b7f5244c8ebeec75f32d6bd19e664493a15738

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\storage\default\https+++mega.nz\cache\morgue\186\{ee082b43-4db0-4cab-ac73-4314a0e294ba}.final
                            Filesize

                            1KB

                            MD5

                            3efa9abd92666265dd81c4f4311a96f9

                            SHA1

                            41b6b716d67b93555e444cd453f3c6e3f8c9522c

                            SHA256

                            5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

                            SHA512

                            5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\storage\default\https+++mega.nz\idb\3713173747_s_edmban.sqlite
                            Filesize

                            48KB

                            MD5

                            3ef8d5ea74f79cc5c42ac4e8402ed363

                            SHA1

                            c9eaf439535ce84243dab008e9262a67531d85c4

                            SHA256

                            f1d9c2933ac86d4715195f57f3c93b39c400dfdf26a66e6a2176d8cc00f12aa6

                            SHA512

                            17d4866fd5c22979d7a06e6e35976264fe67247dc123895a971815c569941efc55c2ecee15f2f5eabdc81e4ed1cd4259085b15b23bd5df33f298eedbb4c70cfa

                            Download Submit

                          • C:\Users\Admin\Downloads\[1.N3t0fMIQ.1.0]-Aрр-UNC-x64.zip.part
                            Filesize

                            24.7MB

                            MD5

                            ae59fd8c3bff166645c72eb9653e4662

                            SHA1

                            6f82063393347dbf9949f107e2d5e4769aa02f37

                            SHA256

                            ed27f2579caa1d80c5cd7154a25da832df22a0c9d0c98afe08e8c4f9e469e4ec

                            SHA512

                            c113b3e94b9236fded8979581b589a4bdcfa15df0d98d8ac842d5e32d5b8b82f9ee94004eb9a0a8225b73e714c3a0ca9b014720efc1d5f2d942d904ed377a693

                            Download Submit

                          • memory/4348-579-0x0000000000400000-0x0000000000458000-memory.dmp

                            Filesize

                            352KB

                            Download

                          • memory/4348-580-0x0000000000400000-0x0000000000458000-memory.dmp

                            Filesize

                            352KB

                            Download

                          • memory/5248-576-0x00000000007B0000-0x000000000080A000-memory.dmp

                            Filesize

                            360KB

                            Download

                          • memory/5248-577-0x0000000005740000-0x0000000005CE6000-memory.dmp

                            Filesize

                            5.6MB

                            Download