Analysis
-
max time kernel
269s -
max time network
272s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
22-01-2025 18:54
General
-
Target
https://www.mediafire.com/file/xzlfyqatmmifvix/DiscordNitroGenerator.zip/file
Malware Config
Extracted
redline
@sc4lly1337
185.215.113.83:60722
-
auth_value
cb96f2ad461ba2dc951cb5a868225e22
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
Redline family
-
Executes dropped EXE 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 42 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/xzlfyqatmmifvix/DiscordNitroGenerator.zip/file1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc53746f8,0x7ffbc5374708,0x7ffbc53747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6200 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7120 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2152,5359174465753589413,15201283773045766602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DiscordNitroGenerator\" -spe -an -ai#7zMap5624:104:7zEvent239431⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\DiscordNitroGenerator\DiscordNitroGenerator.exe"C:\Users\Admin\Downloads\DiscordNitroGenerator\DiscordNitroGenerator.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
28KB
MD51752326ce45c039f4c5e81ea24c27c35
SHA14a22a9151c3c94d170cd3d23659e8e1a5a6f0070
SHA25613dac981c708b9d1c6d7be7666ab5ff34718fe7d1362428217e88c75530774ad
SHA5127ca5eb8b11184b97b7ecfed373420f7b9926839edcd36ea6bcc37a09190478175c49d7cfdb6dcbf1ecc8f2570feec9a0ac8aae08442fddef7986330043ff2d08
-
Filesize
1KB
MD5cbc6ac47a35327e24178d43efe4e6aed
SHA15ddfc316300b85c257b136b651414a47b09bcc1d
SHA256a19b785ab8679163c935225a2db6a89bf3a3c45ac6f36dd9a6ba2c9195af469f
SHA5128d5e026609ca31becfbd9ec34d93effbc73cddb3ec9e5c9175683c4e4eebaade3b64d5399d20f6436c78ef99cd43e147b58023367d28da5e2cb6d3d1fd0425b4
-
Filesize
1KB
MD5d8f7d0e4bf10f0201df1528db5831fa0
SHA1ff8a25ffa548e4f557355717ee1afeae2113e661
SHA256c13a84701e31166022a5b82005b813e654ea82718e2fdcccd43ce5243811f4b5
SHA512dfe3adefaa3ae5975ca5f202e5c0913899d3a0352689fe2d534cd0298320aae50de3763834f08529ba931baaeef58db355e793332c4bfd8256ef893fbcd52c8d
-
Filesize
1KB
MD5b00128635a9e6a99177cc0f01394d10b
SHA19e61c7fb33e78e3f19eea1a3d394bec026bb1c7c
SHA256fb414985aff664d56c86315d433eab7db267ffde65d6a1a8fff3510f4fd09899
SHA512cbb98ee29d3e79fc296f559666a728fd32a487d66b3da161a2fb06b83c1e26ddbacb06cdcd5a9cf891a451cad0a986b18c3a0085d9c286c6c0d6f60bd4a0ff7a
-
Filesize
360B
MD56b60ffc6d3ae70220661efcf572798fa
SHA1b9e6204435f8315464664f8fc8089d91e62353f2
SHA256e6fd5e3cfb767a019ab1594eb3e7ae8234fb3c441924506684c28e4e7e8d0168
SHA512e1775e174a4b2c87ccff8de1226a0ca5537c09d46d9b84cbab90884cc352627a0e233fba04e827fd281df58a69713c21a2cd2637b9b8f748b8b8a770f920fa8b
-
Filesize
3KB
MD5b3e75ad80167791807c0e87d5747b93c
SHA1a3488080e9c2f7182c468a4e30a7227e89363a3a
SHA2565c2fd0545df864bba3212217656e407c889222fc6c222cb27471b260ef279786
SHA512feab7f21ed108edfdd3e64fed6ae1b398c70a65472ae8f1cc504896b64d8d5e0738e2c853a0399e7cda131a45985d5964b1141bb3be9fc1af30da1d67e9d7fa2
-
Filesize
3KB
MD5be5ddb9af89b62de18bbcf77341f918e
SHA13fa36aa60d419670df7d33a3340e7993c6602cf4
SHA256ee3d0a624424e8e1b8f607cbfcf2b0bcf0f0b1db7d48a99d4dcd15e0c1685dbd
SHA5127a543f6b064a42fd9697039cde268c38b7b0ba56e22bcaf516d39d98dd81653a82aac44bb9415d871f1e53eb1a40fb9a77559c84f9574b0d4a9999b6d35e1634
-
Filesize
3KB
MD525ff5b833118fb36241d75e06c2b36c7
SHA14f7371d872b54430dfc3eaf57473e530d892679b
SHA256cf90b021e215cf1cc1c73afec8208fe484fd81a34d12df786114c5dd07d4a7ed
SHA512cc8202bdab154e408a3c80a840c161b6e149dccc9f7e2c22e15846728e856a46990145d12e41805ce194533026545c3f6499b196c57bf4abe9a655239f439040
-
Filesize
9KB
MD53f13d39f0183df71daad5bb30aeaaffe
SHA13551ffce4ee32346038e4e7d7f4acbc3f8d05208
SHA256421816f32d943d93baeaa4e519b9d2b3a375a83d553ed4b5d868639734e0a380
SHA512a8ae28f6f6b2b5cd2327f86cedcd0514e1341a9bb98115c9514395ce5e3f36bc23fcd4f7dad3955b95f1073e1e89cd7982191e2f492b8592952cd79f8ec7b859
-
Filesize
8KB
MD5d408ad845e5ba103593819ffc457507b
SHA11f180a57fc492f7578397aa1c1e7317656b0c4ae
SHA25643623d20d7aac70fbe7c2a162bb32b79155e1088bf883d9bc449c59d8352a5da
SHA512ec9f0471bdd34c0c176089f68ece38755c1ca9bc6339465a87b98c96f9986537cdf9fbacbac8f1853b9796f44c86b790aececf06e400c55728547b94bcfbde9f
-
Filesize
9KB
MD5198a753a78e2a48ecfd0aee1751051bd
SHA194b039dd0e29e862c4ef4f8ae79c5cb4b34347c3
SHA25640eba3493cec2429c266ad0ca086d3698176531bb10cfa8ec8fcbff33413ee69
SHA512ea89f3014765be5a743f05a653f9424966cd2f082f6a53bb0cde571cf8432f3921159b8fed37fbc99f71eb6c45ac4aa9f43405a9a1fc4d8ea30da56933f1e824
-
Filesize
9KB
MD524805f295317d058e28c3244e87cd384
SHA15fe66fd80e83c2de2bd1adde19753e92a41a63f7
SHA2567d9c3333a9b039d90cee2cbd9de6259b37be662312463c24739dacc69591992d
SHA512fc89bc021598e26b5a6aebcdb0da0208d2799e27accabae70a43c4e387d2a6b2be5cb4f5fc48ffa75e5ebbbb49775518ff3780f43571665bf1fef13a2ba5fb7c
-
Filesize
5KB
MD5853f9f2582aa5d647e498afbf9e3392a
SHA15086b121df7152fc5fe5f78d762a6402ad66322f
SHA256c1968bda865ef356a5637ef53ca9d8729bb087b3d4641ab34ea37efe42b34526
SHA5129d8d42c4b29a9ba97838aef2c345c8d417b217e4d2b7a6d5058e86f152d045afdf1cd594114db4d11db02fa4ad57291ba88c2b10695faa5e2906e63fffdbd75f
-
Filesize
7KB
MD5b725b29e335fd6c0f3cf4d628d97e084
SHA1e3c8b9329acf77c83d373a4bee6b47fa93352b57
SHA256b3cdb79512c5da0a92bfaa640e0ff8431b03b6ab108781c19ab16c09d5b83ee9
SHA512c5cb0a1dc6e6cd75c29c8363d9688ab62a102fad937d77b19242627b2aecf0fe12c0bde3c1251ef0258e0a5e258da3983a6483cf6316d25f1a4a26a88cc0e830
-
Filesize
8KB
MD5420d21cff58acb6ba7ccc635f0b384de
SHA11c12fa3af5ffa9f8b17281641696af5bc1c23d78
SHA256b43b87179f54ec66ddac0c5ced803c8a152f77c44c6559a2d6c65fa60b7b78a5
SHA512357d4cdbfb6db7fc1af1dbd226f0226bfd979e1d8bdd5133e9b8dbaead7ff32ef5e794afceef91f828572d552b5956d5924870e5640885b5d65f67c9f7cdaac9
-
Filesize
8KB
MD5391d4d92397fb1ddfaabf3e5b03ad012
SHA1301e72f321a0287c531a81454ed16d60dc060f2e
SHA2565fad47dd2fbc0eea2b05bb7e7f981e605d024cb891c6dad6411ae9c64b6acc7f
SHA5126bcb9c47bfe4862ba141eed7b639d2a95574e8994ab6ca101933d8cbedac89fd19592f16fc077d98003dec990e5972ca8d44671f6f5fb15b37efeb0f2c7daa85
-
Filesize
9KB
MD5ffdcf01ef14f3c48be363594ccc5fc90
SHA1c3c1dd82bbbbe6fa0227fb44ec136b1b3eac47ef
SHA2568b74c187f0294755fe54f6e0e4b131ed7a15bfe8cabd28d03fdae2c176f805c8
SHA512cd64c5fce72600379d06717c14d4455d9b533cf4371e4c551313dc2acae1f03278f08ce916fcfe5f1d5e9327a6d9b827344714cffa702c8062599034e81e0575
-
Filesize
1KB
MD5187b3ec7de540d4d2a8e29f45a98d7df
SHA18fb680d3e5c4a3d6b3252605ef86dabd4d197e29
SHA256b85e689b2227993184ef551b32aefc62919e266fb586761953ee1aa08d9b4ec2
SHA512c735e41eff9f6acffe9e769fae0a4d232f6826e56299c0199d466664aba95132b8d13b48640dcd8e92c6a1caf46bc98a990bfb71b9bf79b228d4c13b9974dd3c
-
Filesize
1KB
MD5d3260bf59e295bcc29c90bde223d586b
SHA12f2fa5b19c25aaec235a33d206bb2ebf47f6ea1f
SHA256ea2c23b694678c9010c46263f2bc8c3bf82edacac8b9582982cf41b22179ac1e
SHA5124c70e7e0b111b61369afddc72001894c7129ab27dcde72cccd4e04bf3940a298b38a5f1e14160976f9b3e89768ef60089c2213d6a8e8054589ab6b59a6d4ce84
-
Filesize
538B
MD59e47ec4b8e9254a3c16767b08a41ee87
SHA1dd681d599fdbc5e15a2f19e8312ba78668400981
SHA25678e9dc8952c54e224d47b505e48c198ba71c203a844b7cb98b27e6f10e28759e
SHA512b475a52bdd2f1a2bdfcd2fd9dc7468d3f8e3c334de7826b1d045b4adbb2697618b986d030c59c9165430c4664d5bbf46c149526c1103ddb719111e98a195494e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51291032c81b8f7fbaf07e10db8dc15aa
SHA18d6dbf84364ff71fedb6e8d440f2e9a75e7134de
SHA256a83d88543f72118ecb39e6f730a5026a20a901cd959cfca49e65b3bd0b87dcf5
SHA512b2c3db5c2abaaead65971cb16d7858da8a3ee501c609ee22d4307628125cb327acca663b794e09263e207d213f44f2a6c5596a2183b260f44440538bb4ba2f99
-
Filesize
10KB
MD548b6bf07321494b866b1040ae475a4db
SHA151d212d3193263b254183a4ef90317f9a6c5b675
SHA2568b30e28f6787d1ae7bf2868b1f77bccb30a7e22364212ad2da0361a845789365
SHA5127ccd933ad808d901c54d0b594b26a0ee47b89163fbca61e028d63ad45c9cb471baee35bfaf6f1ebc2a3e3c73baade2499255b8edd1296744f11985d10d939542
-
Filesize
10KB
MD59bdea5a47a6b8127418bd860204a35e7
SHA13ea33d1ed0e342bd428fc2f7d58cd98b4a8b8807
SHA256b0f0862cd0fda1f0846731e9e4b0e75ae7f8d4364bab7a2b9ef50f104b523860
SHA5120c0f92f058d5f186d8edd5894b05833dbd9f4080265dfd50b166af456a750f6cfdfe6bf46c225d4892097e0f041399f9f3228549b98c2ba7c3216d2c4197bde8
-
Filesize
4.2MB
MD5e3d65312dba33bd2c76e08a2c75aa463
SHA141993d7d32c2d1d96470de82e722f9bc53e9529a
SHA256b36ee898a42c8a93339e3959614037b133173c7fbcaabdce5c0d8583237b517f
SHA51216a35a67166fb76f2654134f5621f7e389f8107e939654df04b77e15629afef4f01ff82cea5632b490774fd7d44c041802d5f94e621a7cc9a9ffff91cad678d7
-
Filesize
4.2MB
MD53231f0e83119717768da776533f2dd57
SHA1297f2f6d89fd39cae6324ee3e09e9c31c21e8dcf
SHA256562fee69bde34d8d744ad5c40ae2695e976d9571b16a94eeca036e7ae8979fa9
SHA51264e1ac9692e58ab195cc519431a907e8d4f5c59d5e68a2f3f200d3916bcc21897c5d622a987d23a08407f2ecbee073baee51612eb16ab762bb41a2efc4a712d7
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
1.0MB
-
Filesize
240KB
-
Filesize
304KB
-
Filesize
72KB
-
Filesize
6.1MB
-
Filesize
128KB