Edit tour

Windows Analysis Report
Discord Nitro Gift Generator.exe

Overview

General Information

Sample name:	Discord Nitro Gift Generator.exe
Analysis ID:	1639508
MD5:	484ce744443c399363deef4067fdc154
SHA1:	b0ebed2d735c5458b11d54b2acdd4d2836a866c3
SHA256:	72b745b24f14ab2ad95fc623cc7848be1048ee2a8d1a03f1a47d8b0b1032907b
Tags:	diskwriterexekillmbruser-2huMarisa
Infos:

Detection

Score:	42
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Classification

Process Tree

System is w10x64

Discord Nitro Gift Generator.exe (PID: 6564 cmdline: "C:\Users\user\Desktop\Discord Nitro Gift Generator.exe" MD5: 484CE744443C399363DEEF4067FDC154)

chrome.exe (PID: 6892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://youtu.be/dQw4w9WgXcQ MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 4940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2045306851710728707,13359951368696531064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2088 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Discord Nitro Gift Generator.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: Discord Nitro Gift Generator.exe	ReversingLabs: Detection: 25%
Source: Discord Nitro Gift Generator.exe	Virustotal: Detection: 23%			Perma Link

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.7:49683 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.132:443 -> 192.168.2.7:49690 version: TLS 1.2

Source: Discord Nitro Gift Generator.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.1.dr
Source:	Binary string: C:\Users\kyo79\source\repos\Discord Nitro Gift Generator\Discord Nitro Gift Generator\obj\Debug\Discord Nitro Gift Generator.pdb source: Discord Nitro Gift Generator.exe

Source: global traffic

TCP traffic: 192.168.2.7:61072 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 23.199.215.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.98.62
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.15
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.18.99
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.18.99
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: youtu.be
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Google.Widevine.CDM.dll.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: Discord Nitro Gift Generator.exe	String found in binary or memory: https://youtu.be/dQw4w9WgXcQ
Source: Discord Nitro Gift Generator.exe, 00000000.00000002.913731155.0000000000904000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtu.be/dQw4w9WgXcQ0
Source: Discord Nitro Gift Generator.exe, 00000000.00000002.913110472.0000000000705000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtu.be/dQw4w9WgXcQC:
Source: Discord Nitro Gift Generator.exe, 00000000.00000002.916128606.0000000007970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtu.be/dQw4w9WgXcQJ
Source: Discord Nitro Gift Generator.exe, 00000000.00000002.913731155.0000000000904000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtu.be/dQw4w9WgXcQP
Source: Discord Nitro Gift Generator.exe, 00000000.00000002.916128606.0000000007970000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtu.be/dQw4w9WgXcQes
Source: Discord Nitro Gift Generator.exe, 00000000.00000002.913731155.0000000000904000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtu.be/dQw4w9WgXcQu

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61075
Source: unknown	Network traffic detected: HTTP traffic on port 61075 -> 443

Source: unknown	HTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.7:49683 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.186.132:443 -> 192.168.2.7:49690 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir6892_10040005	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\manifest.fingerprint	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\scoped_dir6892_631393253	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\keys.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\manifest.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\LICENSE	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\_metadata\	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\_metadata\verified_contents.json	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\manifest.fingerprint	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6892_10040005

Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Code function: 0_2_00B9DBE4

0_2_00B9DBE4

Source: Google.Widevine.CDM.dll.1.dr

Static PE information: Number of sections : 12 > 10

Source: Discord Nitro Gift Generator.exe, 00000000.00000002.913471768.000000000082E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameclr.dllT vs Discord Nitro Gift Generator.exe

Source: classification engine

Classification label: mal42.winEXE@22/10@4/3

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Discord Nitro Gift Generator.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Mutant created: NULL

Source: Discord Nitro Gift Generator.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Discord Nitro Gift Generator.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Discord Nitro Gift Generator.exe	ReversingLabs: Detection: 25%
Source: Discord Nitro Gift Generator.exe	Virustotal: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe "C:\Users\user\Desktop\Discord Nitro Gift Generator.exe"
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://youtu.be/dQw4w9WgXcQ
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2045306851710728707,13359951368696531064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2088 /prefetch:3
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://youtu.be/dQw4w9WgXcQ	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2045306851710728707,13359951368696531064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2088 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Automated click: Next
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Discord Nitro Gift Generator.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Discord Nitro Gift Generator.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: Discord Nitro Gift Generator.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Google.Widevine.CDM.dll.pdb source: Google.Widevine.CDM.dll.1.dr
Source:	Binary string: C:\Users\kyo79\source\repos\Discord Nitro Gift Generator\Discord Nitro Gift Generator\obj\Debug\Discord Nitro Gift Generator.pdb source: Discord Nitro Gift Generator.exe

Source: Discord Nitro Gift Generator.exe

Static PE information: 0x8FE87701 [Thu Jul 5 04:11:45 2046 UTC]

Source: Google.Widevine.CDM.dll.1.dr	Static PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.1.dr	Static PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.1.dr	Static PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.1.dr	Static PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.1.dr	Static PE information: section name: _RDATA

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll

Jump to dropped file

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Memory allocated: B90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Memory allocated: 25A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Memory allocated: 23C0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe TID: 6640

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: Discord Nitro Gift Generator.exe, 00000000.00000002.913731155.0000000000904000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\:

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://youtu.be/dQw4w9WgXcQ

Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Queries volume information: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Discord Nitro Gift Generator.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	21 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	12 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	12 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Discord Nitro Gift Generator.exe	25%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
Discord Nitro Gift Generator.exe	24%	Virustotal		Browse
Discord Nitro Gift Generator.exe	100%	Avira	TR/AVI.Agent.btkcp

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll	0%	Virustotal		Browse
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll	0%	ReversingLabs

Name	IP	Active	Malicious	Antivirus Detection	Reputation
youtu.be	142.250.185.174	true	false		high
www.google.com	142.250.186.132	true	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://youtu.be/dQw4w9WgXcQJ	Discord Nitro Gift Generator.exe, 00000000.00000002.916128606.0000000007970000.00000004.00000020.00020000.00000000.sdmp	false	high
https://youtu.be/dQw4w9WgXcQes	Discord Nitro Gift Generator.exe, 00000000.00000002.916128606.0000000007970000.00000004.00000020.00020000.00000000.sdmp	false	high
https://youtu.be/dQw4w9WgXcQ	Discord Nitro Gift Generator.exe	false	high
https://youtu.be/dQw4w9WgXcQu	Discord Nitro Gift Generator.exe, 00000000.00000002.913731155.0000000000904000.00000004.00000020.00020000.00000000.sdmp	false	high
https://youtu.be/dQw4w9WgXcQ0	Discord Nitro Gift Generator.exe, 00000000.00000002.913731155.0000000000904000.00000004.00000020.00020000.00000000.sdmp	false	high
https://youtu.be/dQw4w9WgXcQP	Discord Nitro Gift Generator.exe, 00000000.00000002.913731155.0000000000904000.00000004.00000020.00020000.00000000.sdmp	false	high
https://youtu.be/dQw4w9WgXcQC:	Discord Nitro Gift Generator.exe, 00000000.00000002.913110472.0000000000705000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.185.174	youtu.be	United States		15169	GOOGLEUS	false
142.250.186.132	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1639508
Start date and time:	2025-03-15 18:06:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Discord Nitro Gift Generator.exe
Detection:	MAL
Classification:	mal42.winEXE@22/10@4/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 14 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.206.46, 216.58.206.67, 142.250.181.238, 66.102.1.84, 142.250.185.206, 142.250.185.110, 142.250.186.78, 172.217.16.206, 84.201.210.39, 172.217.18.14, 142.250.185.78, 142.250.186.35, 142.250.185.238, 34.104.35.123, 142.250.185.99, 142.250.185.142, 20.12.23.50, 23.199.214.10
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll	https://digimobil-recrgar.com	Get hash	malicious	Unknown	Browse
	.html	Get hash	malicious	Gabagool	Browse
	https://centrepatronal.blob.core.windows.net/heberhard/centrepatronal.html	Get hash	malicious	HTMLPhisher	Browse
	cndx.com.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse
	Fd-Employee-Handbook(1).pdf	Get hash	malicious	Unknown	Browse
	ATT001_2674865722.htm	Get hash	malicious	Unknown	Browse
	https://drive.usercontent.google.com/u/0/uc?id=1oVYWzJi9Tw6x0zGRa8di76JxbjhDHWgd&export=download	Get hash	malicious	Unknown	Browse
	call_playback_Senecacollege.html	Get hash	malicious	HTMLPhisher	Browse
	HwusQ091ed.html	Get hash	malicious	Unknown	Browse
	Listen Now!!.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Discord Nitro Gift Generator.exe.log

Download File

Process:	C:\Users\user\Desktop\Discord Nitro Gift Generator.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\LICENSE

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.11458514637545
Encrypted:	false
SSDEEP:	48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
MD5:	EE002CB9E51BB8DFA89640A406A1090A
SHA1:	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
SHA-256:	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
SHA-512:	D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
Malicious:	false
Reputation:	high, very likely benign file
Preview:	// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1864
Entropy (8bit):	6.00682540004288
Encrypted:	false
SSDEEP:	48:p/hUjSoCWAdte7akapu8IA1MSrhykmwDkV:RfpWQte7aSunyRb
MD5:	28706AD42E4C615A683C2494BC0BD2AF
SHA1:	6B0465B3D5E85A3EA76C646BA8652C4DC0248DC0
SHA-256:	709BBB3E3A17E2B7BBF9F4AFDCF465312695342CE4EB203DF284233EACEE086F
SHA-512:	E95DA92F1AD5F56EF61A5992A1B465D46F36EFF1FC85643CC5AB3F357B6F14D81A5B5590D0E18D4DA5FCC3AC537A469FD0C15B116A3471536707A9716119FA5F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6ImtleXMuanNvbiIsInJvb3RfaGFzaCI6IlJ1R2ZTVTVlZVdiRHczOVpOMmQ5NHhIRkJuY2JNMWxtZXgybk5ZVmhMU00ifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiVXdpQzFfVTFybGVra0d5bk5iRVp5ZU5rZ011M2dNZm9yVGZKeVAzejJiRSJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImtpYWJoYWJqZGJramRwamJwaWdmb2RiZGptYmdsY29vIiwiaXRlbV92ZXJzaW9uIjoiMjAyNS4xLjE3LjEiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"DjJ0cJJFQPGNShH6cqF0KMXYB9LDN7hZ0z-M2b0RfT3cl9Mxp62MiQM0bqevSkL0tNe9rHL_VWqPqY7PDdCoumMJ-TVwboLlLJq3c1H9NYQgQ-nQS4F3mFBvP0YJ-Kunf6byMQnF4FLGqtuRouNWZBUqyahkm__1_0-5qoAVqSms3wmBnmVhb1z4p-I6jEjko0pLBq4dad2vH7G6THiOPP15L1ozQ42gvfw5aLvn_Itjpwq7GaU9lNv

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\keys.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6690
Entropy (8bit):	5.981211959058716
Encrypted:	false
SSDEEP:	96:UXq6pG2GE+Vy2+m0plhYvPuW+wkpTm+ozdswsDm4+uTagSfC3AQj+y:uNtGbVKm4lOvMwkoR9PuGs3gy
MD5:	BEF4F9F856321C6DCCB47A61F605E823
SHA1:	8E60AF5B17ED70DB0505D7E1647A8BC9F7612939
SHA-256:	FD1847DF25032C4EEF34E045BA0333F9BD3CB38C14344F1C01B48F61F0CFD5C5
SHA-512:	BDEC3E243A6F39BFEA4130C85B162EA00A4974C6057CD06A05348AC54517201BBF595FCC7C22A4AB2C16212C6009F58DF7445C40C82722AB4FA1C8D49D39755C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"https://issuer.captchafox.com":{"PrivateStateTokenV1VOPRF":{"batchsize":1,"id":1,"keys":{"0":{"Y":"AAAAAQQiyE+SESbq7GU5rTx6tZO4tBOxljp+Oya2mU28O+YoALIyXlLLqnl/h5h95ExYSsOlmMIb8EdsJBTrCaDl/KIZSskrfMbZpjhShG0jwnbXojEHI9WaAxKLkX/A/DkyMEg=","expiry":"1734807628115000"},"1":{"Y":"AAAAAQRNtld+5LLBquS4bEJKJwlLw61tzIyqTNkvMVnUTu+YiphbdGrRCjeDTN9D3p1Tgpfmq0N/OKMBYWzDMEN8Km9p9s49c6N2ph4B1MV1m7Ogdj969MOsTw54Kc849oqDl8s=","expiry":"1734807628115000"},"2":{"Y":"AAAAAQSBWW003A3ORFURCZrWNnbEIH15yzk184DaLSebbGzRdyCYtAM1qhhVmXZyBtWTzh6Bfkk5rLPyE1xdQilofPBizF/QJsdaMU0GYhPW1sOU4xoKbmgd/XrnOoFqA2ETOuc=","expiry":"1734807628115000"},"3":{"Y":"AAAAAQSG/ftGdm5B6iwAmVsHt6s43xx3nRf/Vpx9GdeEt3jSTM8hHvyLE9FAEkinGjt4Fp5EjnkCdE96Cxz10nZJRrMApIrGhG5kAoDu4T8PjJPiFQFyHAOdTG7OJWi2NS/rl1A=","expiry":"1734807628115000"},"4":{"Y":"AAAAAQT36tqe550UP5A+4Eokt8iuPZEuWQc9cGJXd7zUCZzrsqtGu3PMcVbOj5DjC4W+yoyF3HqKOqdtiBWgcMsZOcyln/6jUKqf5tS9AoIHa9CC3kQB8ISQd3lhR5j+qWVY8ms=","expiry":"1734807628115000"},"5":{"Y":"AAAAAQQMjaLNCR

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	4.005340674128682
Encrypted:	false
SSDEEP:	3:SUsO4D2HGQ42IAVFxx9WQnRJn:SUsO4qmQHVDx0QDn
MD5:	030D9E3F4502E24594ABCA380C073974
SHA1:	AE068D4F8C668477DD8F4BC2892F09D0802130E0
SHA-256:	FD86A9E808BCC78B926C111633615D9A807D60A20CE2BAC7360915336ABB738F
SHA-512:	F28A0311A80FE81965874AE5A46161A7658E149AA48E26B81C500339461B84F2EB53193AEF4E4C78AADB7191AC4518E81BBFB1672CE6077200CC6DF5FAC4054B
Malicious:	false
Preview:	1.1987650928271ad440c2b8a50f309139de82c742fb6f1f3ea055b35718ac46e7

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	79
Entropy (8bit):	4.442932812379182
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFIPgS1oSLsY:F6VlMyPgS1oxY
MD5:	7F4B594A35D631AF0E37FEA02DF71E72
SHA1:	F7BC71621EA0C176CA1AB0A3C9FE52DBCA116F57
SHA-256:	530882D7F535AE57A4906CA735B119C9E36480CBB780C7E8AD37C9C8FDF3D9B1
SHA-512:	BF3F92F5023F0FBAD88526D919252A98DB6D167E9CA3E15B94F7D71DED38A2CFB0409F57EF24708284DDD965BDA2D3207CD99C008B1C9C8C93705FD66AC86360
Malicious:	false
Preview:	{. "manifest_version": 2,. "name": "trustToken",. "version": "2025.1.17.1".}

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2877728
Entropy (8bit):	6.868480682648069
Encrypted:	false
SSDEEP:	49152:GB6BoH5sOI2CHusbKOdskuoHHVjcY94RNETO2WYA4oPToqnQ3dK5zuqvGKGxofFo:M67hlnVjcYGRNETO2WYA4oLoqnJuZI5
MD5:	477C17B6448695110B4D227664AA3C48
SHA1:	949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
SHA-256:	CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
SHA-512:	1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: , Detection: malicious, Browse Filename: .html, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: cndx.com.eml, Detection: malicious, Browse Filename: Fd-Employee-Handbook(1).pdf, Detection: malicious, Browse Filename: ATT001_2674865722.htm, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: call_playback_Senecacollege.html, Detection: malicious, Browse Filename: HwusQ091ed.html, Detection: malicious, Browse Filename: Listen Now!!.html, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V......V......`,......`+..p....+. )...p,......D.8....................C.(.....(.8...........p\..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l......&.................@....pdata...p...`+..r.................@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1778
Entropy (8bit):	6.02086725086136
Encrypted:	false
SSDEEP:	48:p/hCdQAdJjRkakCi0LXjX9mqjW6JmfQkNWQzXXf2gTs:RtQ1aaxXrjW6JuQEWQKas
MD5:	3E839BA4DA1FFCE29A543C5756A19BDF
SHA1:	D8D84AC06C3BA27CCEF221C6F188042B741D2B91
SHA-256:	43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
SHA-512:	19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.974403644129192
Encrypted:	false
SSDEEP:	3:SLVV8T+WSq2ykFDJp9qBn:SLVqZS5p0B
MD5:	D30A5BBC00F7334EEDE0795D147B2E80
SHA1:	78F3A6995856854CAD0C524884F74E182F9C3C57
SHA-256:	A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
SHA-512:	DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
Malicious:	false
Preview:	1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	145
Entropy (8bit):	4.595307058143632
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFooG+HhFFKS18CWjhXLXGPQ3TRpvF/FHddTcplFHddTcVYA:F6VlM5PpKS18hRIA
MD5:	BBC03E9C7C5944E62EFC9C660B7BD2B6
SHA1:	83F161E3F49B64553709994B048D9F597CDE3DC6
SHA-256:	6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
SHA-512:	FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
Malicious:	false
Preview:	{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.476647237746752
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Discord Nitro Gift Generator.exe
File size:	423'424 bytes
MD5:	484ce744443c399363deef4067fdc154
SHA1:	b0ebed2d735c5458b11d54b2acdd4d2836a866c3
SHA256:	72b745b24f14ab2ad95fc623cc7848be1048ee2a8d1a03f1a47d8b0b1032907b
SHA512:	47ebf9306bc5943de5951d12c8cfd7591826cae0b826e7faf5e331cf8c3512096e734da2c4c25f713c91e0d8ffaa6e5b74b209f8eefdff8d18a9fdaf3a014384
SSDEEP:	3072:vBHr212lWLwCH9xGVWQvBmLq2eAtPm6AWbsDChoXsDC8MC:JHr212lWLwCdc3kpRtPJAGsEwst
TLSH:	FB94C8D0EDDD7EC1C86604F22C36B7405BACEC7E56192E277C82322A04774A6B5B225F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w............"...0.............*.... ........@.. ....................................`................................

File Icon


Icon Hash:	3fe8e4d6d6c4c7c0

Static PE Info

General

Entrypoint:	0x45e22a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x8FE87701 [Thu Jul 5 04:11:45 2046 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x5e1d5	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x60000	0xad58	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6c000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x5e104	0x38	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x5c230	0x5c400	fbb33b9fda250815dd9b53b9b343a98a	False	0.15705189278455284	data	4.486765278859207	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x60000	0xad58	0xae00	c19baa3517393e3d97abeb1d40616bfd	False	0.31101831896551724	data	4.322343637172991	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6c000	0xc	0x200	fe82d268fdb8cc9ca052c14bb58fcf08	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x601a0	0x2028	Device independent bitmap graphic, 256 x 512 x 32, image size 262144	0.0184645286686103
RT_ICON	0x621d8	0x828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	0.04454022988505747
RT_ICON	0x62a10	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384	0.3469532357109117
RT_ICON	0x66c48	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	0.4438796680497925
RT_ICON	0x69200	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	0.5628517823639775
RT_ICON	0x6a2b8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	0.7296099290780141
RT_GROUP_ICON	0x6a730	0x5a	data	0.7555555555555555
RT_VERSION	0x6a79c	0x3bc	data	0.37552301255230125
RT_MANIFEST	0x6ab68	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
Comments
CompanyName
FileDescription	Discord Nitro Gift Generator
FileVersion	1.0.0.0
InternalName	Discord Nitro Gift Generator.exe
LegalCopyright	Copyright 2021
LegalTrademarks
OriginalFilename	Discord Nitro Gift Generator.exe
ProductName	Discord Nitro Gift Generator
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2025 18:06:52.656048059 CET	49676	80	192.168.2.7	23.199.215.203
Mar 15, 2025 18:06:52.656075001 CET	49677	443	192.168.2.7	2.18.98.62
Mar 15, 2025 18:06:52.890377998 CET	49675	443	192.168.2.7	2.23.227.208
Mar 15, 2025 18:06:52.890379906 CET	49673	443	192.168.2.7	2.23.227.208
Mar 15, 2025 18:06:52.890556097 CET	49674	443	192.168.2.7	2.23.227.208
Mar 15, 2025 18:07:02.265353918 CET	49676	80	192.168.2.7	23.199.215.203
Mar 15, 2025 18:07:02.265364885 CET	49677	443	192.168.2.7	2.18.98.62
Mar 15, 2025 18:07:02.499739885 CET	49675	443	192.168.2.7	2.23.227.208
Mar 15, 2025 18:07:02.499761105 CET	49674	443	192.168.2.7	2.23.227.208
Mar 15, 2025 18:07:02.499763012 CET	49673	443	192.168.2.7	2.23.227.208
Mar 15, 2025 18:07:05.096235037 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:05.096261978 CET	443	49683	142.250.185.174	192.168.2.7
Mar 15, 2025 18:07:05.096376896 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:05.098381996 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:05.098393917 CET	443	49683	142.250.185.174	192.168.2.7
Mar 15, 2025 18:07:05.732223988 CET	443	49683	142.250.185.174	192.168.2.7
Mar 15, 2025 18:07:05.732296944 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:05.733331919 CET	443	49683	142.250.185.174	192.168.2.7
Mar 15, 2025 18:07:05.733403921 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:05.734626055 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:05.734637022 CET	443	49683	142.250.185.174	192.168.2.7
Mar 15, 2025 18:07:05.734894991 CET	443	49683	142.250.185.174	192.168.2.7
Mar 15, 2025 18:07:05.749068975 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:05.749186993 CET	443	49683	142.250.185.174	192.168.2.7
Mar 15, 2025 18:07:05.749237061 CET	49683	443	192.168.2.7	142.250.185.174
Mar 15, 2025 18:07:09.243737936 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:09.243782997 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:09.243879080 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:09.244015932 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:09.244029999 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:09.945099115 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:09.945167065 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:09.946237087 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:09.946249962 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:09.946480036 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:10.000740051 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:12.641580105 CET	49693	80	192.168.2.7	172.217.18.99
Mar 15, 2025 18:07:12.646272898 CET	80	49693	172.217.18.99	192.168.2.7
Mar 15, 2025 18:07:12.646358013 CET	49693	80	192.168.2.7	172.217.18.99
Mar 15, 2025 18:07:12.646470070 CET	49693	80	192.168.2.7	172.217.18.99
Mar 15, 2025 18:07:12.651245117 CET	80	49693	172.217.18.99	192.168.2.7
Mar 15, 2025 18:07:13.305129051 CET	80	49693	172.217.18.99	192.168.2.7
Mar 15, 2025 18:07:13.310631037 CET	49693	80	192.168.2.7	172.217.18.99
Mar 15, 2025 18:07:13.315773964 CET	80	49693	172.217.18.99	192.168.2.7
Mar 15, 2025 18:07:13.490936995 CET	80	49693	172.217.18.99	192.168.2.7
Mar 15, 2025 18:07:13.536370039 CET	49693	80	192.168.2.7	172.217.18.99
Mar 15, 2025 18:07:13.869714022 CET	49672	443	192.168.2.7	2.23.227.208
Mar 15, 2025 18:07:13.869761944 CET	443	49672	2.23.227.208	192.168.2.7
Mar 15, 2025 18:07:19.845747948 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:19.845801115 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:19.845969915 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:19.923618078 CET	49690	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:07:19.923635960 CET	443	49690	142.250.186.132	192.168.2.7
Mar 15, 2025 18:07:29.484657049 CET	49671	443	192.168.2.7	204.79.197.203
Mar 15, 2025 18:07:29.796839952 CET	49671	443	192.168.2.7	204.79.197.203
Mar 15, 2025 18:07:30.406088114 CET	49671	443	192.168.2.7	204.79.197.203
Mar 15, 2025 18:07:31.617372990 CET	49671	443	192.168.2.7	204.79.197.203
Mar 15, 2025 18:07:34.031367064 CET	49671	443	192.168.2.7	204.79.197.203
Mar 15, 2025 18:07:38.047341108 CET	49678	443	192.168.2.7	20.189.173.15
Mar 15, 2025 18:07:38.359184027 CET	49678	443	192.168.2.7	20.189.173.15
Mar 15, 2025 18:07:38.841809988 CET	49671	443	192.168.2.7	204.79.197.203
Mar 15, 2025 18:07:38.970237017 CET	49678	443	192.168.2.7	20.189.173.15
Mar 15, 2025 18:07:40.171804905 CET	49678	443	192.168.2.7	20.189.173.15
Mar 15, 2025 18:07:42.578591108 CET	49678	443	192.168.2.7	20.189.173.15
Mar 15, 2025 18:07:47.390631914 CET	49678	443	192.168.2.7	20.189.173.15
Mar 15, 2025 18:07:48.453134060 CET	49671	443	192.168.2.7	204.79.197.203
Mar 15, 2025 18:07:57.000865936 CET	49678	443	192.168.2.7	20.189.173.15
Mar 15, 2025 18:08:06.508141994 CET	61072	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:08:06.512808084 CET	53	61072	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:06.512881994 CET	61072	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:08:06.517695904 CET	53	61072	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:06.970443964 CET	61072	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:08:06.975374937 CET	53	61072	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:06.975765944 CET	61072	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:08:09.288054943 CET	61075	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:08:09.288108110 CET	443	61075	142.250.186.132	192.168.2.7
Mar 15, 2025 18:08:09.288187027 CET	61075	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:08:09.288368940 CET	61075	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:08:09.288383961 CET	443	61075	142.250.186.132	192.168.2.7
Mar 15, 2025 18:08:09.970220089 CET	443	61075	142.250.186.132	192.168.2.7
Mar 15, 2025 18:08:09.970475912 CET	61075	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:08:09.970511913 CET	443	61075	142.250.186.132	192.168.2.7
Mar 15, 2025 18:08:14.234790087 CET	49693	80	192.168.2.7	172.217.18.99
Mar 15, 2025 18:08:14.239646912 CET	80	49693	172.217.18.99	192.168.2.7
Mar 15, 2025 18:08:14.239739895 CET	49693	80	192.168.2.7	172.217.18.99
Mar 15, 2025 18:08:19.963330984 CET	443	61075	142.250.186.132	192.168.2.7
Mar 15, 2025 18:08:19.963395119 CET	443	61075	142.250.186.132	192.168.2.7
Mar 15, 2025 18:08:19.963479042 CET	61075	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:08:21.924537897 CET	61075	443	192.168.2.7	142.250.186.132
Mar 15, 2025 18:08:21.924566031 CET	443	61075	142.250.186.132	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 15, 2025 18:07:04.896864891 CET	52032	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:07:04.897380114 CET	49896	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:07:04.903047085 CET	53	59496	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:04.903345108 CET	53	52032	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:04.905525923 CET	53	64211	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:04.905626059 CET	53	49896	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:06.715457916 CET	53	60665	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:06.923187971 CET	53	62281	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:09.236232996 CET	61631	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:07:09.236366034 CET	58513	53	192.168.2.7	1.1.1.1
Mar 15, 2025 18:07:09.242882967 CET	53	58513	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:09.242932081 CET	53	61631	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:23.909367085 CET	53	54669	1.1.1.1	192.168.2.7
Mar 15, 2025 18:07:42.962130070 CET	53	60069	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:04.500900030 CET	53	51858	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:05.994057894 CET	53	56783	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:06.507688046 CET	53	63462	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:08.008620977 CET	53	63154	1.1.1.1	192.168.2.7
Mar 15, 2025 18:08:34.788594007 CET	138	138	192.168.2.7	192.168.2.255
Mar 15, 2025 18:08:36.464548111 CET	53	65389	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 15, 2025 18:07:04.896864891 CET	192.168.2.7	1.1.1.1	0x295a	Standard query (0)	youtu.be	A (IP address)	IN (0x0001)	false
Mar 15, 2025 18:07:04.897380114 CET	192.168.2.7	1.1.1.1	0xb51b	Standard query (0)	youtu.be	65	IN (0x0001)	false
Mar 15, 2025 18:07:09.236232996 CET	192.168.2.7	1.1.1.1	0xa6c1	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 15, 2025 18:07:09.236366034 CET	192.168.2.7	1.1.1.1	0x3f51	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 15, 2025 18:07:04.903345108 CET	1.1.1.1	192.168.2.7	0x295a	No error (0)	youtu.be	142.250.185.174	A (IP address)	IN (0x0001)	false
Mar 15, 2025 18:07:04.905626059 CET	1.1.1.1	192.168.2.7	0xb51b	No error (0)	youtu.be		65	IN (0x0001)	false
Mar 15, 2025 18:07:09.242882967 CET	1.1.1.1	192.168.2.7	0x3f51	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 15, 2025 18:07:09.242932081 CET	1.1.1.1	192.168.2.7	0xa6c1	No error (0)	www.google.com	142.250.186.132	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.7	49693	172.217.18.99	80

Timestamp	Bytes transferred	Direction	Data
Mar 15, 2025 18:07:12.646470070 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 15, 2025 18:07:13.305129051 CET	223	IN	HTTP/1.1 304 Not Modified Date: Sat, 15 Mar 2025 16:44:19 GMT Expires: Sat, 15 Mar 2025 17:34:19 GMT Age: 1374 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 15, 2025 18:07:13.310631037 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 15, 2025 18:07:13.490936995 CET	223	IN	HTTP/1.1 304 Not Modified Date: Sat, 15 Mar 2025 16:18:11 GMT Expires: Sat, 15 Mar 2025 17:08:11 GMT Age: 2942 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Target ID:	0
Start time:	13:06:54
Start date:	15/03/2025
Path:	C:\Users\user\Desktop\Discord Nitro Gift Generator.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Discord Nitro Gift Generator.exe"
Imagebase:	0x1a0000
File size:	423'424 bytes
MD5 hash:	484CE744443C399363DEEF4067FDC154
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	13:07:02
Start date:	15/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://youtu.be/dQw4w9WgXcQ
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	13:07:03
Start date:	15/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2056,i,2045306851710728707,13359951368696531064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2088 /prefetch:3
Imagebase:	0x7ff778810000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	9.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	88
Total number of Limit Nodes:	12

Executed Functions

Function 00B9D088 Relevance: 6.1, APIs: 4, Instructions: 130
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00B9D116
GetCurrentThread.KERNEL32 ref: 00B9D153
GetCurrentProcess.KERNEL32 ref: 00B9D190
GetCurrentThreadId.KERNEL32 ref: 00B9D1E9

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 7d7dcc7c6dce550f63c71392e63ae01be50ba079d002153b84a91aaac404349c
Instruction ID: 3d5ecbaf1bdd935835afd53c656b89225bfd5519e177776c9aa4eba06eede575
Opcode Fuzzy Hash: 7d7dcc7c6dce550f63c71392e63ae01be50ba079d002153b84a91aaac404349c
Instruction Fuzzy Hash: 7F5165B0D007098FDB14CFAAD948BAEBBF1EF48304F2084AAE419A7360D7746945CB65

Function 00B9D098 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00B9D116
GetCurrentThread.KERNEL32 ref: 00B9D153
GetCurrentProcess.KERNEL32 ref: 00B9D190
GetCurrentThreadId.KERNEL32 ref: 00B9D1E9

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 92a660c6ad9576e536daf33b7376d97a169f730f191d6ba56de4e3be00366f2c
Instruction ID: 9983d9cc274067bad40c1f0a0b75568da7768a6c4698669175d8b0d34dacede7
Opcode Fuzzy Hash: 92a660c6ad9576e536daf33b7376d97a169f730f191d6ba56de4e3be00366f2c
Instruction Fuzzy Hash: E75165B0D107098FDB18DFAAD948BAEBBF1EF48300F208469E419B7360DB746945CB65

Function 00B9AE10 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00B9B066

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: fa2009de620498eb764268d8f769dd0b2db2fc898bf04beca43909be95ef726c
Instruction ID: fb336ceab61103035d4b8a2c691d6bc61c2d85831c661e24630698fae024e6df
Opcode Fuzzy Hash: fa2009de620498eb764268d8f769dd0b2db2fc898bf04beca43909be95ef726c
Instruction Fuzzy Hash: E7716770A00B058FDB24DF2AD48575ABBF1FF88304F10896DE48AD7A50D775E84ACB91

Function 00B9590C Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00B959C9

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: cde4a2103cd1bc3f7a9ddd60bd1136e5970e94cb26137a91279b6037525068c4
Instruction ID: 6780e335f4a5a41de28ea2ea4a2c25e95ad0aaaf20ac3a6c032db35bf51913e5
Opcode Fuzzy Hash: cde4a2103cd1bc3f7a9ddd60bd1136e5970e94cb26137a91279b6037525068c4
Instruction Fuzzy Hash: B841DFB1C00719CBEB25DFA9C884BDDBBF6BF49304F20816AD409AB251DB756946CF50

Function 00B9449C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00B959C9

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 8949f45ca05ba63dc0ce895f5d220956a32afac5572b068e54bd36b0cc8a7ad2
Instruction ID: c8c01e928977713dc09f2e05fc70461375957c89affda2a25d02d46429ebf85d
Opcode Fuzzy Hash: 8949f45ca05ba63dc0ce895f5d220956a32afac5572b068e54bd36b0cc8a7ad2
Instruction Fuzzy Hash: 2941CFB1C10719CBEB25DFA9C884B8EBBF5FF48304F20816AD409AB251DB756946CF91

Function 00B9D2E0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B9D367

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b723bc7855ed96f18415e004811d9d4871df336feb07f0f195e7a9450ca1ff81
Instruction ID: 636dd7a096870da5c830f8a659a527aefc94f29830dba4d2662197f263900f2a
Opcode Fuzzy Hash: b723bc7855ed96f18415e004811d9d4871df336feb07f0f195e7a9450ca1ff81
Instruction Fuzzy Hash: 3721B3B5D002499FDB10CFAAD885ADEBBF4EB48310F14841AE914A3350D379A955CF65

Function 00B9D2D9 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B9D367

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ac7ae8abbfe896ab025c7c13085eb7d5aac4da7e3fac6f188352585602a01e85
Instruction ID: 5b328e37e35fd8ee8bb91cd049e41faf13b83e2569f301210e815b48d0209264
Opcode Fuzzy Hash: ac7ae8abbfe896ab025c7c13085eb7d5aac4da7e3fac6f188352585602a01e85
Instruction Fuzzy Hash: 4521E0B5D00249DFDB10CFAAD984AEEBBF4FB48314F14842AE918A7350C378A955CF65

Function 00B9B000 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00B9B066

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b06db7d06bb67383db4a319296aa658fdf0c4423c872d27537fa6c1ef71a9971
Instruction ID: a8e06f3364acb7b05edea3da5ba6863acb112a8c1823cda4e5fefa1b7a6d6167
Opcode Fuzzy Hash: b06db7d06bb67383db4a319296aa658fdf0c4423c872d27537fa6c1ef71a9971
Instruction Fuzzy Hash: 17110FB6C00749CFCB20CF9AD444ADEFBF4EB88324F10846AD428A7210C379A945CFA1

Function 0080D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.913391309.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_Discord Nitro Gift Generator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0708fd4580ff8d1d3ac78992d7cbbd3578b7989288f7bd5bd11a94e31791044a
Instruction ID: ab4d12cb2e21b4e21ca57fcf1b006cdc64fa28fa06c1103bae469eb51dafcd2a
Opcode Fuzzy Hash: 0708fd4580ff8d1d3ac78992d7cbbd3578b7989288f7bd5bd11a94e31791044a
Instruction Fuzzy Hash: 0B210771504304EFDB55DF94D9C0B25BBA5FB84314F34C56DE8098B296C336E856CA61

Function 0080D2D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.913391309.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_Discord Nitro Gift Generator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9dad91a5142b062cf57d0c76531dbac110a19ca595531044dda1ffccf9945a5
Instruction ID: 518d46d5336fb5405a8ca4c4a8bc68a353dbb9ed956053834fdcf7a9b3d89387
Opcode Fuzzy Hash: a9dad91a5142b062cf57d0c76531dbac110a19ca595531044dda1ffccf9945a5
Instruction Fuzzy Hash: 8B212671604344EFDB54DF54DDC0B2ABBA5FB84314F34C669D8098B386D33AE806CAA2

Function 0080D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.913391309.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_Discord Nitro Gift Generator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ce3de382868c9a2226322792f7c0f084e21d36633ea27945e7e5df2bf43c09d
Instruction ID: be3757410ad9d95bd49f471c511aab8c1496b6e0e601af805d93a21e301745e1
Opcode Fuzzy Hash: 8ce3de382868c9a2226322792f7c0f084e21d36633ea27945e7e5df2bf43c09d
Instruction Fuzzy Hash: 35210071604704EFDB54DF54D9C0B16BBA5FB84314F20C569D80E8B286C33AD807CA62

Function 0080D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.913391309.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_Discord Nitro Gift Generator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca54a8d87c36567c23f1f3029dd474bace64bacfb949533de9693f411bd8625
Instruction ID: 67b1a243eed7037b8c06f737a16f42831674a5d47d6d1771436693fa291e4ba5
Opcode Fuzzy Hash: 3ca54a8d87c36567c23f1f3029dd474bace64bacfb949533de9693f411bd8625
Instruction Fuzzy Hash: B811BB75504780CFCB15CF50D9C4B15BBA2FB84314F24C6AAD8098B696C33AD80BCFA2

Function 0080D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.913391309.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_Discord Nitro Gift Generator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca54a8d87c36567c23f1f3029dd474bace64bacfb949533de9693f411bd8625
Instruction ID: e778a85ee05015131abe214ee40035fe999139d621d5571bab28b59023f0f9b4
Opcode Fuzzy Hash: 3ca54a8d87c36567c23f1f3029dd474bace64bacfb949533de9693f411bd8625
Instruction Fuzzy Hash: 6E11BB75504380DFDB05CF54D9C0B15BBA2FB84314F24C6A9D8498B696C33AE81ACB61

Function 0080D2CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.913391309.000000000080D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0080D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_80d000_Discord Nitro Gift Generator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93f6efceeafdf1107d77734be3a839d4d60f7490e0731771b3d46bb0312b4569
Instruction ID: 649e7843c1ebf8f835a3feb8735a7301f33f734baf9ee3faa9ed16220351316b
Opcode Fuzzy Hash: 93f6efceeafdf1107d77734be3a839d4d60f7490e0731771b3d46bb0312b4569
Instruction Fuzzy Hash: B5119075504280DFDB11CF14D9C4B19FB61FB84324F25C6A9D8498B796C33AD806CBA2

Non-executed Functions

Function 00B9DBE4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.913903585.0000000000B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b90000_Discord Nitro Gift Generator.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffa4af767da69bc81b1002ae895eecfa2e3c86fa040a609c984f2ed361341481
Instruction ID: 1f6f9fb80ecf794df63a6ffdf815d6c346a68112318b854c2f368c49a3d1b6d6
Opcode Fuzzy Hash: ffa4af767da69bc81b1002ae895eecfa2e3c86fa040a609c984f2ed361341481
Instruction Fuzzy Hash: 08A16E32E0021A8FCF05DFB5C9845AEB7F2FF85310B1545BAE805AB265DB71D956CB40

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Discord Nitro Gift Generator.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Discord Nitro Gift Generator.exe.log

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\LICENSE

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\keys.json

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\manifest.fingerprint

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_2045889304\manifest.json

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\Google.Widevine.CDM.dll

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\_metadata\verified_contents.json

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\manifest.fingerprint

C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6892_244143957\manifest.json

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

Windows Analysis Report
Discord Nitro Gift Generator.exe

Function 00B9D088 Relevance: 6.1, APIs: 4, Instructions: 130
threadCOMMON

Function 00B9D098 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 00B9AE10 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Function 00B9590C Relevance: 1.6, APIs: 1, Instructions: 98
COMMON

Function 00B9449C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00B9D2E0 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 00B9D2D9 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Function 00B9B000 Relevance: 1.5, APIs: 1, Instructions: 47
COMMON