redline | hxxps://www[.]mediafire[.]com/file/hukrsf6kc7als0h/DiscordNitroGenerator[.]zip/file

Analysis

max time kernel
301s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/hukrsf6kc7als0h/DiscordNitroGenerator.zip/file

Score

10^/10

redline discovery infostealer

Malware Config

Extracted

Family

redline

185.215.113.83:60722

Attributes

auth_value
134380858404c8c1907109561838d951

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/1196-621-0x0000000000400000-0x0000000000420000-memory.dmp	family_redline

Redline family
redline

Executes dropped EXE 1 IoCs

pid	Process
4176	DiscordNitroGenerator.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4176 set thread context of 1196	4176	DiscordNitroGenerator.exe	151

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1324	4176	WerFault.exe	148

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DiscordNitroGenerator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AppLaunch.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "5"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000fa6392e59718db0140ee547a9f18db01f7e87c9e006ddb0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2720	msedge.exe
2720	msedge.exe
4400	msedge.exe
4400	msedge.exe
3816	identity_helper.exe
3816	identity_helper.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
1548	msedge.exe
1548	msedge.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3424	7zG.exe
Token: 35	3424	7zG.exe
Token: SeSecurityPrivilege	3424	7zG.exe
Token: SeSecurityPrivilege	3424	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 4464	4400	msedge.exe	83
PID 4400 wrote to memory of 4464	4400	msedge.exe	83
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 1044	4400	msedge.exe	84
PID 4400 wrote to memory of 2720	4400	msedge.exe	85
PID 4400 wrote to memory of 2720	4400	msedge.exe	85
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86
PID 4400 wrote to memory of 4564	4400	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/hukrsf6kc7als0h/DiscordNitroGenerator.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeca3f46f8,0x7ffeca3f4708,0x7ffeca3f4718
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6520 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,8064617525158884996,7803055273199085024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3932

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\DiscordNitroGenerator\" -spe -an -ai#7zMap28481:104:7zEvent2151
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3424

C:\Users\Admin\Downloads\DiscordNitroGenerator\DiscordNitroGenerator.exe
"C:\Users\Admin\Downloads\DiscordNitroGenerator\DiscordNitroGenerator.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4176
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 476
  2⤵
  - Program crash
  PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4176 -ip 4176
1⤵
PID:4224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
77KB

MD5
02d86eb3b9c166424cff6b0cd3f376aa

SHA1
1e8c4da2e2febba578710b6f947962d17afafab8

SHA256
6caae3e909148e85da043dd6a516a7eaad390896621eb4f4e2678b482ac5319c

SHA512
810376fae0964c8182b644b213917c8b974f7cde0dcfaa97386c42babb28467c4a263810a7e330baa9e9a75ec3280c4fdffdd714378fcbbd54d729dad1ed9786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
94KB

MD5
17139b338724dc91989113563db23a38

SHA1
f563df2ba0efae259aae9ee83fbf1f857fc5db96

SHA256
ee214ebe5d56954d2b6404e6d75712362d20ec778bf38a31ff423bb3f546ad0e

SHA512
0bb079758c8b00229a8d78ea846320b6ded32cf0b0f5c56cf928472d0a701e91b8d946ea1575927eb04792ec402a83f32bfa5215a6bde7493939aa41042a0f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
138KB

MD5
97d45e704e3bf55371ff445f4a5d95c9

SHA1
fdcaf2b6031a08051c31a4a25561418f67710a58

SHA256
70eb094108a0a210623926b366ffcf069854a0d38764363177efeb319f8b1081

SHA512
ae233097fec7a8c2276408e991bf6bf1046b5c0823d8a26bc496507a339f8f12c106ff52c29c24c63746c2a153f71a7fc1a6aec224cd4b1207fd2842ad5d78e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
54KB

MD5
e8c78c41c2a654e851f669f065b5189a

SHA1
e0a8fad798bf6487b166a469955e4f598018fa5f

SHA256
9b7f194aa858a830ee760af942f1a4f4db7e7c4f463fb11001e897e19082c3ac

SHA512
003c8f3daa064e7b77137314ec35921bddb7dea357bee8af3ab8d5121211c025a833d71a1e77ec37635693bf9bedab4284cddf62cb6699f9b38b2873a6e10739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
37KB

MD5
5513e6cf5983745aa9762bc42f95feff

SHA1
be8a8c4ddfb2cc6615cae968198ce80cc879cb5d

SHA256
c69dcfe7dd3379eb316e96f35ab580499832d0e0625fcb28ab2ef7555d4c6b04

SHA512
815ab27fc533d7132f72d0b8547754f321c00eb3661b4dcaedf5bf0452f72dca379b6874f71e8de6560417d9321b8e1d591ea2904de6c3f6ade61dc837630f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
80KB

MD5
697763b15cd025004b9fc91ff4696522

SHA1
1f795ed51250d0feb76890cfe24f0453224f56aa

SHA256
d352f5f48c5b544e55ab2003bcf8e6956e83097c0dbd23d8c7bbd3f91fbd1795

SHA512
9b99cf7b1469add39a76b1aa3ee177deb7f3af22bebc13996694e9672fb65fc7ac060f5f5bbe27051ccd90839b72632371640fc89620a4cdde00d56f5097a796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7c4191694db62067226dc68487ffad4c

SHA1
601d6f5a7342f9b15ed76bc9d919e08cdfa20806

SHA256
1858b87825a6dcdedd2178bfb0e0f41e8deec31162d215d2f6ba2d4bffd29a71

SHA512
9d8faf3229e672a88a274fcf71254ddf139a9c201842c7da90a6435380ef74e9666ee12a95fa89ad462538f532a9311ba9e6963eae9b69ee34b4f7a2a3ae935a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
ce72feef3d2b9f025d8fd94d62ce4f5e

SHA1
584153556453133bdef13b20a8ad691a9526bc1d

SHA256
5f3b796e962024fa0dd9c19d6b400b146f40d014d22ba85abca20e6210e4d8f1

SHA512
864c8692ea7645e2ae6d7bb111c643fbc1ed9df0e4a760cbd6ffbbf45f7eb2bf4abe85778307d1b8d7c5892c1a0b46b9c50a5626acec15d554c47147458498c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
9310b99e48a881e29c5295b7baf76fae

SHA1
0f8c01604b51f7cd3daabaed33a6cf39bc4ddba4

SHA256
48357d1953265a815f06f95af1cb877bc68658ec978362633aeb795ad69b34b2

SHA512
d6c8d338bbf58a92aee3f90dbde5d134e1e298ebc392262614d992b634304b7a4b531e0860d54aa0317560201fa5a42572794b054fad2d5b3ff9a3df2e8b09af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
c56ca51dff52e7e98d78af4559d01423

SHA1
eaf09d4c00df9a36c04f6367bab23ed383618c6e

SHA256
571dfe2062efc40a49e41088be262e188b8527f9056c72d82cfd85c80eb3c76a

SHA512
8f867b6e7a5f1d88a9b0bfd15ed689c0806be3aaebb005574d5d4e85b40834044b6edb28ef2e0bf5cdb88fc30336f3c5c8c13160c3d5688e2986b4152079cfb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2ead41f53491ff392f3682bd70faba03

SHA1
bea4e8d7f2a1506c2ee39037f3e22eadb7c2c180

SHA256
a856583075f5f82bdc185cb32b5ac19cb7e10a79a228d4c21b5163b37a688f45

SHA512
e44660b397df8c5c0cc6fdc28c3eedd37b0597c2c0bf4ff9a091f8dcf2161b7618c5f6cc9938d56d5021c9a1986d455321a0c66f1445b6ec6f0618dbe02c1a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7def4df5a216d10b3c396baae674b926

SHA1
ceb8bdb6eba3618ddddb1ae5825e27f79d790daf

SHA256
1ef85bc62c9f055727610f28d803af2fd599bd8f50df01b7e3f85bf4866cb751

SHA512
3bda85355753a1fa36c0f4bf4506fdc564c812796b99ade06aec5bc055142eaca0cbb2aebba7e242dcea150d0ae1adbbcc2c53855a2e9db41a5e84dfca2fac4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
44b8f4d26e9cdba99aadcc7e0eba4f0c

SHA1
2003f5cc2c6405005430560ea71ba2eb55b39917

SHA256
212e75d56da38bb892959ac664116a07695c1613b8bc73aebb93ee51076adb8c

SHA512
ea21c578277a93eebafcb1bce0a312399877499cf2f17fc8b2c7e3b43bbd1eb6e7f3408a698c6ec33221a9a43f23716bf2ec9002f5f9cb32f8c1e4873961bd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a4413de4415e72f0b2ca4f4746db316

SHA1
e7d92cee00d570ef986251703fae9f8551e47aa0

SHA256
65a687be1f2145f32668d723e8b521eebdb9a10830eb135f511fb0b76ff29aaa

SHA512
7d868b7139772a285fc6b712784b0886b816b1b1422c42469715c6951254d7ba9654cf678dcc0b40bf26fe8ccf4002404b010f005a02ecfc299b1297d656d988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
db25122b4b434f7ae1a15b86f9c4b035

SHA1
529f3d24a5c9be3734307803390bf7b06f9010be

SHA256
5bbd00410d2b224a51add78e35678adbbd966821b5996ba4895fe6912c86a811

SHA512
fa5c7b2a8826c8656cab5290b69d35d86a5916d6f16b4cfdf151475d236bf815fc4375c3c68302d948ea755e5c3087a615937ea8d4f93ec451cbb5750c8803b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
19edd96c41f6d22ae9e23a4e05e36565

SHA1
4d0ef9392dedfd1fa0b353eb575d11162d60df8d

SHA256
dcdf976510fdb346eccbe72e0295ecf915bce2a48d11a73fa1df6b63bd35adb5

SHA512
26058f3af4eadfeea2125bfcf5c251099d01542269c6625a4e0e94729b399c4601bdd463d0c39a16da673bbe4f933ad4f68ca07142e875aa65a60d64c38f5f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4bb938523a9e958c234815d90eb76275

SHA1
35f89c52b31980e37ef225c850094ea24ca80949

SHA256
d6bf0d8e5a32064f07a4936be5e10703fab3caf37e6347ad986f838ab795ed4b

SHA512
f8f4c40e9f5a5826372a3a9b28ebc21e19e38ea81556a87324983ec309da3178ffc6e9da8e4df42e767c23f0bf7a1f725eb9618c6e76cdc24d5a9455d996485c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
298185bfbfee95513d5885e9b6f33beb

SHA1
50483e604a251e5e0dfe5553c4bddddc2adc5354

SHA256
18eb3ed159e57233219ed76d30394906adf2f0d9c27c6a877508d0cf694cb363

SHA512
0f45d7f09d90e1b1ef44ab1ec3c6f066b4dbe9885dfaa6f8fc9cb1ae5a3ec8dfe5b110e9fd584e2222260b9d3fc0ffd0ed075233a762a6883d099a225d1c6e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1060227be75d62a4ec79473238e3362e

SHA1
d893f95bcb5da121574559d51eefffb8559b481a

SHA256
658e170292307163dcb7a8f3e297f59ced4e4c6476f8b89dae9312c62e3ee21b

SHA512
f08a58b370066bc5af20d83fa2e44c8910ebbc3e68315b537b64d77603d205335422fdd144ad03d57061223091935add00617baf1b66d7f7cddfc6558abf8241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a5679960f58783fd2433109fa6c4909

SHA1
68e1549063aabe920d389b144ef24f71c42daa90

SHA256
879d531daaa11f730c95e0582ae21049be0c650b9ff3380a588ee0459c23ead1

SHA512
d28c03656a4ca955a9866031df3aef522396c4c60258ae21334d8a3a2396c1c2915a901f464af8886f0cb1eaacf1cee84b8647aa4e997a6228c4d11d45e0b5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b61bfc754a95226490749711fb7c5409

SHA1
6325cf208ca4a8f8958fe7c88bec8addd8807a65

SHA256
6c48bee8e9d712f765edcb38821332ac23b421689ad9e02c955a4475ecb20a55

SHA512
3466ee9942c1709262d5b32c22b3b15a0fca2a2a8d6cd3ee0b1bae763474e07ab6eff372279b7d39722a548dea0e1b68e812125722f9584c61e116b0c457cdbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b8999d184581141376dc5c45286b728

SHA1
49cc00e80b26c73ba116cd26b946d18289bfd1d1

SHA256
028629c24149404ef34ce2f45b2d700eb2b13ded8e543ba3e9848d2fd460c214

SHA512
cdb1db64b09cedf9ee8a3af329b90828d19d09406b4e654bb76aef078c73554be9452f29252a324b1a7a15c841c38a82fcad0abad2516935a74fa9abe54b0fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8007f26bbf297b7a04b1e4663a3e65b2

SHA1
eac3e0412bdb9b1d019aee404fbec56782d86555

SHA256
79147689ac3d4f5b3a50165e50e78f06727253b0dc3270e3e8780a5f85bf22ab

SHA512
70c0175e30c6f3b14e8ef272d80574a93b1fcc030cf744869b1dc6cae007cf37ed2b3a2ea21d54687975d583d2501429e3b0d73401c532d109d072150b0e84dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1222114b4be54edad25a23d160a2f8c9

SHA1
9ed472a6324d3c5e0b5db2b888ad8c059c537b48

SHA256
fefa806921bc2a7f9a8b5603913c534cec32d2bd2a82ad7ed5a7e34e38e9c018

SHA512
23d14a4204ab4fbea894efc4bf2fe2d31c54b458a4cf09f238ead01a0fb21f923c3a211d0736a7b7f439840b155440d5bdc79fcd594e355f5feaa2a797ff198c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
36b1ac511fd110a778ae9658831b89f7

SHA1
9b642956e95bc4b341821578cddb192c41197f7f

SHA256
20148f1bcdac84d84b12f26551e2bf059ad7e03617702138442b185daac447c8

SHA512
c2ba70539d7824c94eebd8eb16b0835026870595ff4d94cd0575fa8095cff0e4e79407a8229fd878ad8e16930d6baff827642e2c6d004763b9532ffcff5f106f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
8beaeb67cc366c66ec3f972eb0f730bf

SHA1
883892dc7a62c58a180b216141da15da6c29525c

SHA256
42119b00f9224a4cb60dc46b68ccf6a8b29af2d22f406d2e35fc73e9f627eb0d

SHA512
b236280e9c28492bd7cff52c144ba2de88a67bd2bc1d14dcca2d49585361701cbe305c901dd24db61a28f3a3c7cba022e86b5ae395e3f4e0e7daf41eabe3ca97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
234e2bf361d424ebf9b607e2aeea3cbf

SHA1
2480ba5a10498a92c10367767d967aa8257bf840

SHA256
b34b7851962d977b63334b3ea14a8380a802e3ec2203bed16a05055b2e64b47e

SHA512
662d6e3cf03d89197ac64933b0b9608d629109d71d4fbda72b3a679e028c795b5f57a383f375a1a51bd4a669bb3393e8316a2ebc2b50447e85becee0053409d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
700253c99e1d3d5e17e82a2532968730

SHA1
b496c3b66626ce1f16581207c8d7ce3be1131aa1

SHA256
abefce42a9c319a1fd054d6d932aa8b146706c9df792867b0ee0cb1694f1a45a

SHA512
76f61f31e07eb7b9d932050643882473b6f4c30f06812c6f8ad1fc9a944f87001014bc936df542dae67bc06780262c648cb3c8788a982bad2244ea226399097f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582045.TMP

Filesize
368B

MD5
b229b920084e87edd05b4bb9e82383f3

SHA1
19d647c5dcb529b790091b2dcaacfc4c91a340df

SHA256
d58ed6ff185aab3fb40eae5201ed421b3c656861da57c0227aa1342b83062295

SHA512
aa9d2ca5348423e441cba6238852cfeda5aa0d4c6effd1df9fa59157749b937c08c6e103d11a0141fe83d996ae23ba8b4c5a6452860dd88e83986a1961c0f439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b03b32ae2da1ef42a24e8b6eb85af91

SHA1
2dd9f2cc64b98e7e330a4a3c1d1c4a97177b0a25

SHA256
558a2a525feba43f8dbe588489c7c341a9158d4ecd3b2ed203470741349ed45a

SHA512
4f593669ac18792627a4c11a58622340836163cd6af25b8416bac33d53d12248b80bb302a1443d2d7dc622865754cfc75ee81a38238e39e70246682fd3562b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
311ab2a8f23451747b58bafe18a8fdf1

SHA1
a08e9dc574995ff0fd5f366f8e29ab2a71f0ad26

SHA256
733b6696a8405fb4af784cf88b2d892eb1a191b15fc8b581282bafccf259c243

SHA512
fd3ee8be19d4f3b22ce2a4b19095230efb422af2578a8f108da0a986afea91435ec9ffdfd2a3369efd9a211d806ada5c54dbde5ee0dd566b46021af9548966dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a8c92799150a96c1f0e3e2ce4b588d3

SHA1
a957c7889dc21dbc589fd1dd8777d23104ad8ed6

SHA256
5dbbc36902316130f337dda7a3a21b5fc40c660cbc27695543bdd7efbd57bd8f

SHA512
84fe8452f1642ed7d51963bdfc64297d674a2763bc7942a39d51818039bf9be0569f832930689011648d349240f0339a76bf6b99b47904f37ce9370cf526ee70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a63b826ac8fa584519f00c1c31244264

SHA1
746e8d39d2cc3c4e41ae19e8ea8d89b14a205cef

SHA256
b57a3d5a325ff690a44613feb5d3365ff39ee3ef4c4484e0cbf5e19633bde95c

SHA512
4e65660e39a82656f2904210ddeb56756814f5a11bed56dc74ddd0cd0ad566381505542a87abdf50bee7538c5e46c75fc52313a555694d1727e3903122bdf858

Download Submit
C:\Users\Admin\Downloads\DiscordNitroGenerator.zip

Filesize
3.4MB

MD5
d2538cf75be6cea9ea47048f5830d7e1

SHA1
ca91013aaebbfc7dc933c6f7e011cf39ed0a6299

SHA256
7d496222bf35544efdc186d6f10c23a661da54ae1b5523b68ed93e2234560807

SHA512
2f65eadd70a1d1902c920d0cc9524aa80e7b5948d20ebdf50e6d8f8d03a78d7c0e14f4ef9f0fb7b97faa2527abd9406ae8ecb6ee281faebc953c3215af7c2188

Download Submit
C:\Users\Admin\Downloads\DiscordNitroGenerator\DiscordNitroGenerator.exe

Filesize
3.5MB

MD5
840ff65b1849cb8566720ab85bf2a4f4

SHA1
cc291a716aa88e1136ab53ac8d9d2c9bc3b8b967

SHA256
d6073d09c1d77793eb4b1e45c002fbc76b22bf055dc27506f4e155d63e693ff0

SHA512
ce07140bd0f5a692ec5d307943f7e473265bba4c30e86e4ded17281e4c34bfeef43dbedbb403fa94464b6edf9e8965762bc2ca360be4d725da0448fd9c26a548

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 809792.crdownload

Filesize
64KB

MD5
1dee19349c0fedb4d2cc441f445addc3

SHA1
a7afd7d97b1eda02845fa9b28145a5d9c0190d0b

SHA256
7c056f9065ad045d3f2b51515fbef42ddd5dd16a48c1ba3ba5fc614270a7d6ce

SHA512
80f7a9d999e033b6780824aed0b191f0dd493a42dc27241fc6a28ae088f7ec548e64cd99bc7077b7325ae0a4563137751d02ab1899f0775372e51e9a62328943

Download Submit
memory/1196-621-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1196-626-0x0000000005BC0000-0x00000000061D8000-memory.dmp

Filesize
6.1MB

Download
memory/1196-627-0x0000000005660000-0x0000000005672000-memory.dmp

Filesize
72KB

Download
memory/1196-628-0x00000000057D0000-0x00000000058DA000-memory.dmp

Filesize
1.0MB

Download
memory/1196-629-0x0000000005700000-0x000000000573C000-memory.dmp

Filesize
240KB

Download
memory/1196-630-0x0000000005740000-0x000000000578C000-memory.dmp

Filesize
304KB

Download
memory/4176-617-0x0000000000400000-0x0000000000951000-memory.dmp

Filesize
5.3MB

Download
memory/4176-618-0x0000000000400000-0x0000000000951000-memory.dmp

Filesize
5.3MB

Download
memory/4176-631-0x0000000000400000-0x0000000000951000-memory.dmp

Filesize
5.3MB

Download
memory/4176-616-0x0000000000400000-0x0000000000951000-memory.dmp

Filesize
5.3MB

Download