discordrat | hxxps://github[.]com/LuNarr6567/Jailbreak-Duper

Analysis

max time kernel
36s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/LuNarr6567/Jailbreak-Duper

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNjc1NTM0Mjg4OTcxMzcwNQ.GgoR-h.BIoJnlUNlhb0KDcyJ9vUxlnk-8cdlAxARwkSf0
server_id
1216754832312897577

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings msedge.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2388 msedge.exe
2388 msedge.exe
3304 msedge.exe
3304 msedge.exe
3524 identity_helper.exe
3524 identity_helper.exe
4160 msedge.exe
4160 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3304 msedge.exe
3304 msedge.exe
3304 msedge.exe
3304 msedge.exe
3304 msedge.exe
3304 msedge.exe
3304 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Jailbreak Duper By LuNarr.exe

description pid process

Token: SeDebugPrivilege 1664 Jailbreak Duper By LuNarr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	msedge.exe

pid	process
2388	msedge.exe
2388	msedge.exe
3304	msedge.exe
3304	msedge.exe
3524	identity_helper.exe
3524	identity_helper.exe
4160	msedge.exe
4160	msedge.exe

description	pid	process
Token: SeDebugPrivilege	1664	Jailbreak Duper By LuNarr.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe
3304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3304 wrote to memory of 916	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 916	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 4532	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 2388	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 2388	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe
PID 3304 wrote to memory of 468	3304	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/LuNarr6567/Jailbreak-Duper
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a3346f8,0x7ffe1a334708,0x7ffe1a334718
2⤵
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
2⤵
PID:468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5620 /prefetch:8
2⤵
PID:872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
2⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
2⤵
PID:5200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
2⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,15927814791004356837,6947976284373011214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:5368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Temp1_Jailbreak Duper.zip\Jailbreak Duper\Jailbreak Duper By LuNarr.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Jailbreak Duper.zip\Jailbreak Duper\Jailbreak Duper By LuNarr.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e249b5bac82c2c84dc4724e3ae84bdb0

SHA1
5a95405c4e3b1e30579437f317f6eaba2b36adc1

SHA256
de1371c83043a96db882b7b457f84e047ec0ecb81de062310691f9ac779d75e4

SHA512
23a4a22cb1e9bacbed62db4f27f853026850ae9c561275a70643bb367cebba69e46a50d582063d3b6f9778485950a82c8e8e237713d49cf13d246187b86af2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa017629d693ffb5e1cd3deb8fe7e8ff

SHA1
5dabf567bdd1e3720af78604b223924e31d2fa16

SHA256
2bb8d7cb2ef64977bb89da5a93451a7ab494099c2ea1df67c0531fe28f644342

SHA512
52bced601a9bcfd79d6f69ad8025d5fd7f6e89a8f8bca30f10d483ba7e4dacc2daff542a539e522eb0de10933ce2742fdc3253f69e436d855504f1e177ffbb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fff2b21a2af6969878920d2747ad6579

SHA1
e3efd690172c247cca908172eebcc0797b25642e

SHA256
3d6e889cf916928bf0adafa058c3cf375b088181675e6fd04806f36c2ad72386

SHA512
6a8fc04f9bacf1e009a3c7211b414186bf46d4a022a404a65fcbcf66773d3c00728b9459e691d6142fa0bf0d4a8e20cdf941fa85af25172f34d9913857343f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b97dc3be678082f3bfe3c0c32f9cec4

SHA1
803b8d0a1de9911f7c70280776d7cb3728bd2bcb

SHA256
6bacf3adfdc73528eef64e6ee62b116300a1a6b01a253806f463742a9b775b43

SHA512
c0fbc5f887d26ce6373a5a2151069609153a6faaf0e05862148334681bf0685bd46263dd980fadb2dd01faa5f40e1518ddc1bb9629e908cbfafec0f103a66332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a53cab7cfb74fa12040879be23a5cf2a

SHA1
6eb51739cc4fbdd551c040bef4bc12c6a4c4c933

SHA256
01b40381cf15a65aaec835f88eb1596a269f4fc02aa7ee6646a66230317e4139

SHA512
d0f18a96858a64c67710a58632a07aad948c136c2958af9a441282d2ded0e2918552ed746e6b0d666ddf6c3740ba8e47209c46fe5998225ce312f4aa04d8789b

Download Submit
C:\Users\Admin\Downloads\Jailbreak-Duper-main.zip

Filesize
29KB

MD5
6e70e54b9d41fd841e8fd977c7b62aaa

SHA1
3abd6db6f527b0350eb5a479542bf44916a50063

SHA256
0863e8da810df2cd246b831cde7b2d76e4850a1a64821cec3dea89e9798421cb

SHA512
247722f2fa09408eefc3e8265255bfb15530de689b9f839174f5fb86fbf67db8ff4285074a1933e3997a9ed0c6390f29dfb133fd6fb8a3d3ca088ab928b4b761

Download Submit
\??\pipe\LOCAL\crashpad_3304_TNSHKRWXNRHYQNVA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1664-201-0x00000129C9010000-0x00000129C91D2000-memory.dmp

Filesize
1.8MB

Download
memory/1664-202-0x00000129C98F0000-0x00000129C9E18000-memory.dmp

Filesize
5.2MB

Download
memory/1664-200-0x00000129AEA40000-0x00000129AEA58000-memory.dmp

Filesize
96KB

Download