Windows Analysis Report
velocitysniper.exe

Overview

General Information

Sample Name: velocitysniper.exe
Analysis ID: 672174
MD5: 1da2d88d05a0bab13b316f7f45e570ed
SHA1: 4995c8e76eea6b9b879a96a85ee2516afd6eccd4
SHA256: f43837b6c84589775cb7a7814cc627f02dd1ba494c3c9897fe900daaf47aafd4
Tags: exe
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Obfuscated command line found
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges

Classification

AV Detection

barindex
Source: velocitysniper.exe Virustotal: Detection: 7% Perma Link
Source: velocitysniper.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

barindex
Source: Traffic Snort IDS: 2027758 ET DNS Query for .cc TLD 192.168.2.3:58116 -> 8.8.8.8:53
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: velocitysniper.exe String found in binary or memory: http://.css
Source: velocitysniper.exe String found in binary or memory: http://.jpg
Source: velocitysniper.exe, 00000000.00000002.528760296.0000020E62FFF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: velocitysniper.exe String found in binary or memory: http://html4/loose.dtd
Source: velocitysniper.exe String found in binary or memory: http://ivpaste.com/p/https://anonfiles.comhttps://controlc.com/https://justpaste.it/image:
Source: velocitysniper.exe, 00000000.00000002.527736380.000000C000208000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://pngjpghttphttphttp://txt.txthttphttpPATHEXT.
Source: velocitysniper.exe String found in binary or memory: http://vpaste.net/https://dumpz.org/https://gofile.io/identifier
Source: velocitysniper.exe String found in binary or memory: https://1ty.me/id=
Source: velocitysniper.exe String found in binary or memory: https://1ty.meid=
Source: velocitysniper.exe String found in binary or memory: https://anonfiles.com/https://paste.org.ru/?https://pastelink.net/https://safenote.co/r/https://slex
Source: velocitysniper.exe String found in binary or memory: https://apaste.info/https://discord.com/https://hatebin.com/https://revealit.me/illegal
Source: velocitysniper.exe String found in binary or memory: https://apiv2.gofile.io/getUpload?c=invalid
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.discordapp.com/attachments/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.discordapp.com/avatars/
Source: velocitysniper.exe String found in binary or memory: https://cdn.discordapp.com/avatars/%d/%s.gif?size=%dmallocgc
Source: velocitysniper.exe String found in binary or memory: https://cdn.discordapp.com/avatars/%d/%s.webp?size=%dillegal
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.discordapp.com/banners/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.discordapp.com/channel-icons/
Source: velocitysniper.exe String found in binary or memory: https://cdn.discordapp.com/embed/avatars/%d.png?size=%dmap
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.discordapp.com/icons/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cdn.discordapp.com/splashes/
Source: velocitysniper.exe String found in binary or memory: https://commie.io/lib/router.php?do=load&uid=invalid
Source: velocitysniper.exe, 00000000.00000002.526003340.000000C000092000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8//voice/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8//voice/ice
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8//voice/regions
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/forgot
Source: velocitysniper.exe, 00000000.00000002.526003340.000000C000092000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/https://discord.com/api/v8/trackhttps://discord.com/api/v8/sso
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/login
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/logout
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/register
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/reset
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/verify
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/auth/verify/resend
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/channels/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/gateway
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/gateway/bot
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/guilds
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/guilds/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/guilds/https://discord.com/api/v8/channels/https://discord.com/api/v8/use
Source: velocitysniper.exe, 00000000.00000002.526003340.000000C000092000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/https://discord.com/api/v8/auth/https://discord.com/api/v8/trackhttps://d
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/integrations
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/oauth2/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/oauth2/applications
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/report
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/tutorial/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/tutorial/indicators
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/users/
Source: velocitysniper.exe, 00000000.00000002.527329656.000000C0001C6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/v8/webhooks/
Source: velocitysniper.exe String found in binary or memory: https://discord.com/api/v9/entitlements/gift-codes/message
Source: velocitysniper.exe String found in binary or memory: https://discord.com/api/webhooks/901122212122230784/ok-UGzt2KRbpZo-MEVH9fckVhpmTxKmULwEz19qA-xwdijRE
Source: velocitysniper.exe String found in binary or memory: https://discord.com/developers/docs/reference#authentication-example-bot-token-authorization-header
Source: velocitysniper.exe String found in binary or memory: https://discord.gg/https://paste.ee/p/https://paste2.org/https://revealit.mehttps://safenote.coif-un
Source: velocitysniper.exe String found in binary or memory: https://discordapp.com/api/vhttps://keyauth.win/api/1.1/invalid
Source: velocitysniper.exe, 00000000.00000002.527091707.000000C000156000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://genefit.cc/velocity/dashboard/stats?total_servers=0&alts=0&nitro_claimed=0&time_running=00:0
Source: velocitysniper.exe String found in binary or memory: https://genefit.cc/velocity/dashboard/stats?total_servers=json:
Source: velocitysniper.exe String found in binary or memory: https://github.com/andersfylling/disgordinvalid
Source: velocitysniper.exe String found in binary or memory: https://gofile.iohttps://temp.pm/?id=
Source: velocitysniper.exe, 00000000.00000002.528121612.000000C000250000.00000004.00001000.00020000.00000000.sdmp, velocitysniper.exe, 00000000.00000002.526003340.000000C000092000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://keyauth.win/panel/Jonko/Velocity/
Source: velocitysniper.exe, 00000000.00000002.528121612.000000C000250000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://keyauth.win/panel/Jonko/Velocity/C:
Source: velocitysniper.exe, 00000000.00000002.526003340.000000C000092000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://keyauth.win/panel/Jonko/Velocity/SOFTWARE
Source: velocitysniper.exe String found in binary or memory: https://paste.ofcode.org/https://pastebin.com/raw/inconsistent
Source: velocitysniper.exe String found in binary or memory: https://privatty.com/en/?page_load=ajax&url=/ajax/reading.ajaxmessageID
Source: velocitysniper.exe String found in binary or memory: https://slexy.org/view/index
Source: velocitysniper.exe, 00000000.00000002.526003340.000000C000092000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/
Source: velocitysniper.exe, 00000000.00000002.526045372.000000C0000A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/active.json
Source: velocitysniper.exe, 00000000.00000002.526045372.000000C0000A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/active.jsonhttps://status.discord.com/api/v
Source: velocitysniper.exe, 00000000.00000002.526045372.000000C0000A2000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://status.discord.com/api/v2/scheduled-maintenances/upcoming.json
Source: velocitysniper.exe String found in binary or memory: https://www.saltify.io/en/halophilic/internal
Source: unknown DNS traffic detected: queries for: genefit.cc
Source: global traffic HTTP traffic detected: GET /velocity/dashboard/stats?total_servers=0&alts=0&nitro_claimed=0&time_running=00:00:00&giveaways_joined=0&giveaways_won=0&username= HTTP/1.1User-Agent: fasthttpHost: genefit.cc
Source: global traffic HTTP traffic detected: GET /velocity/init/ HTTP/1.1User-Agent: fasthttpHost: genefit.cc
Source: velocitysniper.exe Virustotal: Detection: 7%
Source: velocitysniper.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\velocitysniper.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\velocitysniper.exe "C:\Users\user\Desktop\velocitysniper.exe"
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c cls
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "$Host.UI.RawUI.WindowTitle Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00"
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "title Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00"
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /C tasklist
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c cls Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "$Host.UI.RawUI.WindowTitle Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00" Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "title Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00" Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /C tasklist Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\System32\tasklist.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3044:120:WilError_01
Source: C:\Windows\System32\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: velocitysniper.exe String found in binary or memory: "name": "accessing a corrupted shared librarybytes.Reader.ReadAt: negative offsetcannot find crlf at the end of chunkchacha20: wrong HChaCha20 nonce sizecompressed name in SRV resource datacrypto/cipher: input not full blockscrypto/sha1: invalid hash state sizecrypto/sha512: invalid hash functiondid not find expected <stream-start>did not find expected version numberdocument contains excessive aliasingedwards25519: invalid point encodingerror dispatching internal event, %serror reconnecting to channel %s, %sexpected an ECDSA public key, got %Tfailed to send handshake request: %wfailed to write control frame %v: %whttp: no Location header in responsehttp: unexpected EOF reading trailerhttps://apiv2.gofile.io/getUpload?c=invalid characters in heredoc anchorjson: encoding error for type %q: %qkey size not a multiple of key alignmalformed MIME header initial line: method ABI and value ABI don't alignmime: SetBoundary called after writemultiplication of zero with infinityno acceptable authentication methodspanic while writing body stream: %+vpipeline connection has been stoppedproxy: failed to parse port number: received negative payload length: %vreflect: NumField of non-struct typeruntime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackryuFtoaFixed64 called with prec > 18strings.Builder.Grow: negative countsyntax error scanning complex numberthere are bytes left after unmarshaltls: server did not send a key shareunable to acquire needed global lockunable to cast %#v of type %T to intunable to connect due to above erroruncaching span but s.allocCount == 0unknown problem parsing YAML contentunsupported SSLv2 handshake receivedx509: invalid CRL distribution pointx509: invalid subject key identifierx509: malformed algorithm identifierx509: zero or negative DSA parameteryou must connect before you can Emit) is smaller than minimum page size (2220446049250313080847263336181640625<red>Error opening Nitro codes file! Server is already serving connectionsTrue Color support on WSL environmentUnsubscribeServiceChangeNotifications
Source: velocitysniper.exe String found in binary or memory: github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778/load.go
Source: velocitysniper.exe String found in binary or memory: github.com/magiconair/properties@v1.8.5/load.go
Source: velocitysniper.exe String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
Source: classification engine Classification label: mal60.winEXE@12/1@1/2
Source: C:\Users\user\Desktop\velocitysniper.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: velocitysniper.exe Static file information: File size 10061312 > 1048576
Source: velocitysniper.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: velocitysniper.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x448600
Source: velocitysniper.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x455600
Source: velocitysniper.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "$Host.UI.RawUI.WindowTitle Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00"
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "$Host.UI.RawUI.WindowTitle Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00" Jump to behavior
Source: velocitysniper.exe Static PE information: section name: .symtab
Source: C:\Users\user\Desktop\velocitysniper.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: velocitysniper.exe, 00000000.00000002.528676210.0000020E62FCB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\System32\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c cls Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "$Host.UI.RawUI.WindowTitle Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00" Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /c "title Velocity v1.8.1 - Alts : 0 - Total Servers : 0 - Nitros Sniped : 0 - Giveaways won : 0 - Time Running : 00:00:00" Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Process created: C:\Windows\System32\cmd.exe cmd /C tasklist Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist Jump to behavior
Source: C:\Users\user\Desktop\velocitysniper.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior