Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 17:58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/earhsbezjv5bgnh/Ultimate_Discord_Nuke.rar/file
Resource
win10v2004-20231215-en
General
-
Target
https://www.mediafire.com/file/earhsbezjv5bgnh/Ultimate_Discord_Nuke.rar/file
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 1704 msedge.exe 1704 msedge.exe 1572 msedge.exe 1572 msedge.exe 3140 identity_helper.exe 3140 identity_helper.exe 4688 msedge.exe 4688 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe 2976 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exepid process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zG.exedescription pid process Token: SeRestorePrivilege 1248 7zG.exe Token: 35 1248 7zG.exe Token: SeSecurityPrivilege 1248 7zG.exe Token: SeSecurityPrivilege 1248 7zG.exe -
Suspicious use of FindShellTrayWindow 58 IoCs
Processes:
msedge.exe7zG.exepid process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1248 7zG.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
msedge.exepid process 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe 1572 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1572 wrote to memory of 2380 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 2380 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 4556 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 1704 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 1704 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe PID 1572 wrote to memory of 456 1572 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/earhsbezjv5bgnh/Ultimate_Discord_Nuke.rar/file1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb753f46f8,0x7ffb753f4708,0x7ffb753f47182⤵PID:2380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:4556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:4676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:1892
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵PID:756
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵PID:4888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:2196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:4304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵PID:3920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:3532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6476 /prefetch:82⤵PID:1952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4688 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:12⤵PID:644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵PID:3928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:12⤵PID:4040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2231595418452939248,8757700649336169876,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1268
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2228
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Ultimate Discord Nuke\" -ad -an -ai#7zMap32318:104:7zEvent203871⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1248
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ultimate Discord Nuke\Ultimate Discord Nuke\bot_token.txt1⤵PID:5020
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Ultimate Discord Nuke\Ultimate Discord Nuke\bot_token.txt1⤵PID:2044
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5798729ed1c16b01c1534aefb32ad43bd
SHA16ef65d9351b006a40e3c0e8d83b758108a00226d
SHA25612465af7d8a57f1c650586cef76a950338493becbb32fcc133ba4bf922e726a8
SHA512e52637cfe9f4b55e262667c8219ea1a4aae9372fac419fd82670520a77ccf4bb0a1c5c2c18cea4ea3baa31d0ec9a72b64bcd5ce0764f4bff899aed28d0ad6ad3
-
Filesize
152B
MD5fa070c9c9ab8d902ee4f3342d217275f
SHA1ac69818312a7eba53586295c5b04eefeb5c73903
SHA256245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7
SHA512df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5a967f2f507ec5787231472bdb4e1fcf3
SHA10735049f68d1ae1c8210c2785c1a2be22dbad997
SHA256c239704dfa897599731e864218dd471c00c55c39082f57b40b9d54c7a70363bd
SHA51299c19e6dfe220c0504405354f06a2e2b7252a732776e506221dd46782bbb0a19358d021135e921fb8ecf5eb4c8191b1251d7fa102145d1c79f1727fcbc0c2152
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5f253cdd8321ae31385821af7ca5a943f
SHA1db4ed5c8a3e8e367786e9eed75096f71f52f1fef
SHA256b431623a64cafa28156f8a0801dd0ced3304dac0058f6caaa157b60927e72e69
SHA5124de776a25abfbdb84deb798e4b91e660615cea50d9fbb9e6d9be5df9bd5d1c22246ba63233702121cc8a6fa66062a7972ea4b19289f9067574cdf75f72cf0c84
-
Filesize
8KB
MD570b6e17e9b0e8fa8f56d1084ab16f577
SHA1cc8984bb8d92194788e6ce07916feec76b8c9acf
SHA2561921a115d7702f2108da87fc4b1ece2334eab75df5fc4aa6f5ddfb762dddb6f3
SHA5128b674a18a6ac16d54c50adad7a173e5fb25ba53a9e031a08a9cf32cad1f13c134cd2f962b8df642ad43ea01aa29972d7be9429566ce573306a4076b178162666
-
Filesize
8KB
MD5f020d38959241e62ed2c02e7280cffc1
SHA185e97555dfb44fa106e4a9048a021e0b30343a14
SHA2560d80cf0f769226f486c2fa4e004d31302d6145535d33d6d1a08634478dfb679e
SHA5127bc26e5309bd90903ce0c420286da168764e04070471ca0abab65aeab3a1897aa48bcfa743a441405eccc3b1588820c51c058cd7fc7da58900225684654b28b8
-
Filesize
5KB
MD5fbd391f9348ba47ee958bcf87b7b44eb
SHA1332af99a33e1bb81506e14c12472ab77892b82ac
SHA2567bc9f6a99d2ab401541795b639a17f3d64771a4ee83449fcb37edc55a0cde966
SHA51257fb08806eba7e81560ad73585961e683253612055676caf51b25a40a5dce585f39955d63326489883f5662faa522b2a195dd42f2f44964d8dadd08cefb82498
-
Filesize
7KB
MD5d6d0eb687473f8a0365a3ea61df3cb4c
SHA1c32e89d08dde2d1deb5818dfe3d09bfa014a9456
SHA25659b3b6d0e4a7ca8d39874cd5de4588e37356ad5841921b0e34aedec693e89716
SHA512ab3876501424b9c61db9c2a17a3a229c80d96510092051110510ce6272f15d291b4bd68ccff01630344900aaf7eda07cbdd445c00cad5dbfdab998b9f82c1f3d
-
Filesize
8KB
MD5fc632c9799d3eea648b1de3ebe72dbcb
SHA158d21d5e8615cc45e9cf59c05effb517ff517e4b
SHA25603f2212539d258c10b3a78dbdc02213fc9cf6e556effee01fbcf4d532d2d2cc6
SHA512b670feffbe6a844bb417cadaf20f0dad387efbc61bbb95c0a8cd556deedbdec203e7761c82f7f2a8d0a266cfe77fadf558c757d3a00a71220da08a61050c93a7
-
Filesize
24KB
MD5917dedf44ae3675e549e7b7ffc2c8ccd
SHA1b7604eb16f0366e698943afbcf0c070d197271c0
SHA2569692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37
SHA5129628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5cc1247d556a97cfe5d27666fb29fb815
SHA118a064da05ac10d65bd0f7f749dec08c9fa28b85
SHA25640b60658e7695d6c2193bf0a2287942508c5e92d09233dfbc50b970ec41ce467
SHA512a1afc5dfb79000d07481dc76a2fac78aad5c9eea2b67eb43327d3e73179aa2abd84302e623edd85e8e0aa1721d015fbc19b6eda3996fb1f7c555330e21e14193
-
Filesize
3.4MB
MD59fe7ae9a01378f4795830979c5c23663
SHA10762db3e2c2c579ba32e110d0f9677e3e130a61c
SHA25655ba32fc038f06fb92a14eecd45ebf946635e80be3103a65dcd6e39b542aa76b
SHA51261ce8eb74abbb67622a85465314ef85fb38300b59b5edee9a3ade80c02eeb2cc13dc896027177eb6649de067e1013257c46fe055ddc34d7467c10e09279d14db
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e