discordrat | hxxps://github[.]com/ramer-py/aimmy/blob/5f90d64064263e3b9faace87a69d4c5fb9ab2b9b/FISCHV2[.]0[.]exe

Analysis

max time kernel
27s
max time network
20s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ramer-py/aimmy/blob/5f90d64064263e3b9faace87a69d4c5fb9ab2b9b/FISCHV2.0.exe

Score

10^/10

discordrat defense_evasion discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMzE2MTk4MjQzMzQ5NzEyOQ.GBy3OC.x5Z4TnQJ0rTqkU-KLdPB6sUbIK2omQz4wbx0KU
server_id
1322790854867292273

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2428	FISCHV2.0.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
20	raw.githubusercontent.com
28	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FISCHV2.0.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 637870.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\FISCHV2.0.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
4248	msedge.exe
4248	msedge.exe
4116	msedge.exe
4116	msedge.exe
3588	identity_helper.exe
3588	identity_helper.exe
4704	msedge.exe
4704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2428	FISCHV2.0.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4480	4248	msedge.exe	77
PID 4248 wrote to memory of 4480	4248	msedge.exe	77
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2520	4248	msedge.exe	78
PID 4248 wrote to memory of 2456	4248	msedge.exe	79
PID 4248 wrote to memory of 2456	4248	msedge.exe	79
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80
PID 4248 wrote to memory of 2540	4248	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/ramer-py/aimmy/blob/5f90d64064263e3b9faace87a69d4c5fb9ab2b9b/FISCHV2.0.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8feab3cb8,0x7ff8feab3cc8,0x7ff8feab3cd8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Users\Admin\Downloads\FISCHV2.0.exe
  "C:\Users\Admin\Downloads\FISCHV2.0.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,15672858978350643328,394090033703306753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7145ec3fa29a4f2df900d1418974538

SHA1
1368d579635ba1a53d7af0ed89bf0b001f149f9d

SHA256
efc56eb46cf3352bf706c0309d5d740bca6ac06142f9bdc5e8344b81d4d83d59

SHA512
5bb663ede88f8b7c96b09c1214aac68eda99bc09525ac383baa96914ff7d553ea1aed09e3c9d16893d791c81ddb164c682dfbb4759ac0bc751221f3e36558a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d91478312beae099b8ed57e547611ba2

SHA1
4b927559aedbde267a6193e3e480fb18e75c43d7

SHA256
df43cd7779d9fc91fd0416155d6771bc81565e98be38689cb17caece256bf043

SHA512
4086c4ebe410a37d0124fc8bd00c58775e70ab2b7b5a39b4e49b332ce5b4866c6775707436395467aff9596507c96fb4896f3bf0249c5b9c99a927f31dcc1a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
add6f09238824686aaa1bfe1cfd51ff9

SHA1
f623d17172f1a9d63cb8e656622bf8033fa73205

SHA256
2484d15c26cc625511e4d585eff2a38d239a4859924b755471e43aebc50e03b0

SHA512
7d9f4933f0067e6039d709d1d0176288bb0ab60d9b88fe9fffca289cdf0c5bd416eeb308fb1bc5d13419c4613c879742925f5d2b8ce50399345b791170eed869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0162ba47f3d588ce80e0027d93eda28e

SHA1
3ae3da5f0a5e80508b1543a739f92edbcf2f224b

SHA256
2dd3e743cbc6d764cb51d7d6ab8d1ce92eda99091c96544fc7588568850f4598

SHA512
a40c816133839099c735571af072960b44cdf1f53c9b016166dd5f584c632085b0d82bf22922204a1faaa2977817b28bd0732f6eb3b56ae26ae3a70204b7effb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bbe8c05b88956077a6d881aee428d6a

SHA1
0ee9a1c20cdeed127eb491193490dd2b85d3a592

SHA256
ddc28c2ee9e4b9c4983292762b3c6bc488412596e8e285a667b4d31f9de1819b

SHA512
ec8d99c384b977a87d1d8cf359587211155bdfa6edc3de6848cca20dd6fb55bfcdf2d30ce10c7ef6d9303a7a895b90bf9aba0e6706508f26751cd4c5970e74b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbc0fe1d69d33b40194914a673e277eb

SHA1
f54221f92ac1d250ad0666ca4597aae4b35d006f

SHA256
fb28d67d6ccaa84dff4d893cb5313b539bcbb78ca668aee702ae05f5bf36682b

SHA512
df0bc1be3c17128fd113e3e3c79e6414fd3fd98b6af5307e655e1249d51e2c952bf87c9f3c2a498ef01123b429632464fb19b5808c561f5f24b3a275e9e665ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5b5b282fe2f965a71159fe8d7fad850

SHA1
082fbdd27ae1cfb2cc64dd9f04b7082e322aa1b2

SHA256
6751f844b0a8baf516db494d7f7f0b5e8b1749a3d7c04599ad119bc21841ba8e

SHA512
6a050788949c21a7600221fd7716ace7bc4100ec4f8fcc3c269ed145cb6ba89dd62dd8826d385c7b8fe56eb02fd7ef936332b2244dffbc79fd3f2a9917cb4e0c

Download Submit
C:\Users\Admin\Downloads\FISCHV2.0.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 637870.crdownload

Filesize
78KB

MD5
49692af8a26d913fec074da8df22f1d5

SHA1
975c747fd963a68f171f70781edf542f4f74cbf8

SHA256
3662b105b4b0c1abceb610f1601e99542dc04e65d1874ce9b9ee58aea7727da0

SHA512
1b71edcc26a381715ab6bff78cd798ab85e2435c87fa50df49ae4b37bef3e058b0ac1d349ede8126e5526f89bc6556d4bd1aeabc08594160e26988ab824b2371

Download Submit
memory/2428-175-0x0000021AAB1D0000-0x0000021AAB1E8000-memory.dmp

Filesize
96KB

Download
memory/2428-176-0x0000021AC58E0000-0x0000021AC5AA2000-memory.dmp

Filesize
1.8MB

Download
memory/2428-177-0x0000021AC60E0000-0x0000021AC6608000-memory.dmp

Filesize
5.2MB

Download
memory/2428-207-0x0000021AC5BB0000-0x0000021AC5C58000-memory.dmp

Filesize
672KB

Download