Analysis

  • max time kernel
    157s
  • max time network
    163s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07-08-2024 17:55

General

  • Target

    http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb93079758,0x7ffb93079768,0x7ffb93079778
      2⤵
        PID:1384
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:2
        2⤵
          PID:3512
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
          2⤵
            PID:3272
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
            2⤵
              PID:2416
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
              2⤵
                PID:980
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                2⤵
                  PID:4836
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3748 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                  2⤵
                    PID:4720
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
                    2⤵
                      PID:4368
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
                      2⤵
                        PID:3284
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
                        2⤵
                          PID:4864
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5288 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                          2⤵
                            PID:2940
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4972 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                            2⤵
                              PID:3920
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3084 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                              2⤵
                                PID:1920
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
                                2⤵
                                  PID:4848
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
                                  2⤵
                                    PID:220
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5460 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                                    2⤵
                                      PID:3140
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5840 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                                      2⤵
                                        PID:4312
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
                                        2⤵
                                          PID:3800
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5196 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                                          2⤵
                                            PID:4548
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5264 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
                                            2⤵
                                              PID:4412
                                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                            1⤵
                                              PID:3808
                                            • C:\Windows\System32\rundll32.exe
                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                              1⤵
                                                PID:3904
                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe
                                                "C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe"
                                                1⤵
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SendNotifyMessage
                                                • Suspicious use of SetWindowsHookEx
                                                PID:4716
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4660
                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                    Schtasks /Query /fo list
                                                    3⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3260
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:3120
                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                    Schtasks /Query /fo list
                                                    3⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3888
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  C:\Windows\system32\cmd.exe "/c" "schtasks" "/create" "/tn" "WindowedBorderlessGaming-Admin" "/tr" "C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\WINDOW~1.EXE" "/sc" "ONLOGON" "/ru" "Admin" "/it" "/rl" "HIGHEST"
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4544
                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                    "schtasks" "/create" "/tn" "WindowedBorderlessGaming-Admin" "/tr" "C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\WINDOW~1.EXE" "/sc" "ONLOGON" "/ru" "Admin" "/it" "/rl" "HIGHEST
                                                    3⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • Scheduled Task/Job: Scheduled Task
                                                    PID:828
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:3524
                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                    Schtasks /Query /fo list
                                                    3⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:236
                                                • C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe" "-GameSettings"
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5064
                                              • C:\Windows\system32\NOTEPAD.EXE
                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\ReadMe.txt
                                                1⤵
                                                • Opens file in notepad (likely ransom note)
                                                PID:1448
                                              • C:\Windows\system32\LogonUI.exe
                                                "LogonUI.exe" /flags:0x0 /state0:0xa3ae9055 /state1:0x41c64e6d
                                                1⤵
                                                • Modifies data under HKEY_USERS
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2420

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

                                                Filesize

                                                210KB

                                                MD5

                                                48d2860dd3168b6f06a4f27c6791bcaa

                                                SHA1

                                                f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

                                                SHA256

                                                04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

                                                SHA512

                                                172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                Filesize

                                                240B

                                                MD5

                                                a450bcd1b4891024b1ac559d9cdc2ae0

                                                SHA1

                                                fc1c9213af42251aaaf9a75c910e1e202786aba0

                                                SHA256

                                                0759615b76aa0908999e37ce97b40964b45832176d182036004cc64116e349fb

                                                SHA512

                                                557324e2f6bb0b98061159473e0e06b14ab983b985ad90b1afaf9d8b01d182fe2cc6259f47054d64caf8c0e29d4481eddf2e56bf3dc8cf4eb50b0bca8faa59ef

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                Filesize

                                                873B

                                                MD5

                                                63ffd7b143a66e2632332e8b914249e7

                                                SHA1

                                                a5056c31a4452785fdbcafd1d34df68d56a91c40

                                                SHA256

                                                d7065e175cad5d0c03f34ca3f4ac3822362f87e95f52a748ec9198ab8cb5bb61

                                                SHA512

                                                936df799faf13f7621c052f44569ba480588e46c71be4f639bebd89da29afc602e756c526eeebe05cd27fdfa685e65f0a9d2765d9a6e8597f9ef7459b195a583

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                Filesize

                                                873B

                                                MD5

                                                2c0c3844902212f266e37af5aaedb8fe

                                                SHA1

                                                cead3540d46ab0d9a2ca14bf8a4bb8ad44d4bb34

                                                SHA256

                                                c4b8231119a97fa15f7d2a1070f3ee92bf0275f849ec0a952ce47ee9bc77d283

                                                SHA512

                                                83dc58185090f825fffb2e793ba25d78cd747167515ac86a4081f9fc6596c0680951425dbe7769c946dddf2018adf7dcd3734ab922f102c05d58094fa038b753

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                369B

                                                MD5

                                                9a1f039cf0ee14619c460e3681c6ddf0

                                                SHA1

                                                5fff0209e9d0b4ca68044f9f633ca10ff3a18b53

                                                SHA256

                                                e381e6d1488bfb7cc58cee9880da590c36af1a2e531411af7bb4c8f1a6986e75

                                                SHA512

                                                ed8a667b819a45f76f820c572761b7cd55c5d5a51cee853c9a460d36be5be78c09c7b5b9eebc3324f79d2341ed653dad1e87affe0f378c260b96ad0b9a03e34d

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                Filesize

                                                371B

                                                MD5

                                                4aa19be5a37d38cf9a471ac0c89db1f1

                                                SHA1

                                                f3aee82a9d8f6799f7e7bef628fd5ecc9b7cc489

                                                SHA256

                                                b7a20eb916a0d0c6102633e2019b2843e9f2bec04dd0c3e759f71a0368d0fb62

                                                SHA512

                                                309b2c95d8d80b3ff6e03cc384af7d17f928732a085be957f37b099be09e7bd66c439cb3125eadcdfd760558ee049d173962491e9d4dab8bdc9e9e15974eb35f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f1e40179-ebf5-4ff7-9adf-6f72f9e4dac9.tmp

                                                Filesize

                                                1KB

                                                MD5

                                                a22f48525a8953bd2af47f4c27e38dda

                                                SHA1

                                                5853285a101dafe4bf3da986512921e2755eee30

                                                SHA256

                                                21870225c9ccbcdd3d38d48aa929a27c5c086ba6e3e3467e86fff9dfde8185ce

                                                SHA512

                                                be6383b16f4e037f99398bcc5ba9505bd7c01a905f194d9a22c318cbb1d552eb398081599c80f9ef60e1f6b22963e3c979861e134ab531ffe455e9664269c59e

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                13dc48f282778f3bc439fd5cf9a2e40c

                                                SHA1

                                                d894dc014374add3f0cd2d0d128569730520bef2

                                                SHA256

                                                efccff8996d75a1f896f34ba78a1685db09368a1eaadc1aea07ebc36ebb52875

                                                SHA512

                                                b33e811b2a9fab8c8b12157ea35ce81a798cb8f51919158ee4acb06f280e1fe2f88935d1013b952fa74d45821da3f53d7f38b5c5cfe3610a9f518fbe4666e11f

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                7458c3b34922915ddcfe691a2ac07028

                                                SHA1

                                                1eec0a3b78d9e8ae9b6247ce64579360a83d6388

                                                SHA256

                                                c2fcf51987fb95a4761b9cc1c760f32a5cd3635178292993f392efd62263780d

                                                SHA512

                                                33b7d20f5b2193ee542e2ce8a81951f7363bed30ad7c57e33c83e2fbc3935d7dfb9c421a56823fc183c9c1f6170b31da2f9d0f582c3a37bec59bd46f72a62537

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                fc7affff5b4d59566ac82a5243532bef

                                                SHA1

                                                b63afcc698ad06a655de1cb09120c7f8ab479118

                                                SHA256

                                                8ccfd50e025f9af12074591755fffd2c73fac59a6eeab21e9c33cb322b58960b

                                                SHA512

                                                8c1fcdbe9fbe71301dbb204aa15cdbfbcfb862ea1ca18f35ce7fd94e0c181b23c9f12d434b4a6ed9098a1e810f82a02da9cc3f8586dd26470abdb6a2731a0864

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                6KB

                                                MD5

                                                d35c487768d4707b4b6282b417da9634

                                                SHA1

                                                aa362a43f37d3cefc88263c3b83f7fa29510a181

                                                SHA256

                                                4e6d66328c97a0047d1b5aaee802f8f1e940b748539d8c46d83952418620dc98

                                                SHA512

                                                87a1b546315e316f3fff3bdc6f42520728ef8b34e4455043f07de8081a7f2aca60d5992d91d88841fc433dc73fcc00f6a6e0192dc7450afc697ac781e532971a

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                Filesize

                                                5KB

                                                MD5

                                                04c1e1d9e5e73955fb8c610600a052c9

                                                SHA1

                                                910af809dbf4b208537e522337c19f666a97c733

                                                SHA256

                                                18a76a73614f34aee9287cace5a0b57028fff9d404474947b59ce70637017dba

                                                SHA512

                                                ff474b520ee368498d81947835c50ab4d388bbb607c762fc8d8ac531809d2ef6984bcd5e011a728cf1685a4d279ac26f5d191ddea58f9411472f9e13028b81ba

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                149KB

                                                MD5

                                                7b91a482132d4f150f32ec513762ae47

                                                SHA1

                                                73a8905913ae3426d5ea57e5770953957ceaaa36

                                                SHA256

                                                cf5c32ab29e04b6537225cd84218fa12be1c21ff530aac9555c0ad5cb2d35139

                                                SHA512

                                                4c0565bdb297603bbe97af2e5ef5604fe4a3661b6ccd2d95667e95ad0155d10d3625833bb6b37e58085ad1b688f01f4df885ecda9cbd322e3c63eaf49aab3352

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                168KB

                                                MD5

                                                588fed3072928cf4d84169d8efec6c40

                                                SHA1

                                                1b949b3d4573f32ba392805ca9748dd995ea4a40

                                                SHA256

                                                2a51f44f03961461da9a190aa230f95e2f6c2492bc0320db066cbfc7eef2d118

                                                SHA512

                                                ad5fa29298a17926d21171c5b6eb2bfbacdaef22601b1efc875f6e54d63190a38ed07c6a30af446bb9cfdff2aaf2b11ff128d43a4bb815ab4315f325efac4b28

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                157KB

                                                MD5

                                                5166c9b80e2ec82104af70317c91732b

                                                SHA1

                                                c65ab7d3fc539bd852ac1c8d8940dd7c04c7895a

                                                SHA256

                                                362c06996b177dbfc218d41dead6fb711f8a0bebfa7b78c52505ad559a211d9c

                                                SHA512

                                                2dd9be8686f9a49d685149fe19ced9e534037cb0595ff617f2fbbb8af8ff26bcc8264c197e64463c1a8e3a820c17e966425268f09863d5d9e1751feb2ae87b36

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                150KB

                                                MD5

                                                349852c8b19ada57d5af487d1556e807

                                                SHA1

                                                c220dfe0c99d1d8391cda39cfd7988d0bb07d823

                                                SHA256

                                                4a1141484e5f2bd9070c9861274f3dbf45102036d46bd7c76c11e3f333913e74

                                                SHA512

                                                4d72f89991480b5e8a612d2be8379ce6426653c06fff63586a2f0075e1fd8b18b7eb3b6a0187d75b2fd1ac4bfedb9c02d21ef8d54778a71e9a1c368778704ba0

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                150KB

                                                MD5

                                                dbdee4da7e74192cb7fe066b8b9c2f27

                                                SHA1

                                                45d875f2a016d35d91d8612fa44965d86f77472c

                                                SHA256

                                                0e1bad3bb42821fb1fd88b0f5b7f5c997c3e9ecf07c29fc4619d95e62e56c422

                                                SHA512

                                                f8572c558bab1da69772d929864eae7a1e3c6871042836b90bb1c39b307c4988a55e5a55c1538c1a59c489779678e2e6c6df05ce0a1db9851c7e17e6e3f020f6

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                Filesize

                                                150KB

                                                MD5

                                                b5e8437f2e956e2fa0ff6df3e31c54ed

                                                SHA1

                                                5d70df5efeca4b4d7fc24c5db5e2f686ae09b499

                                                SHA256

                                                8d0b9faa5467486b6b669e68eda750057832132a102ce790474eec2406513b06

                                                SHA512

                                                928d20a96c54f7ee5542ee6887bf3c3450748e9c4891fc78b89417c1562ac0dacf4beb85691ac245858b7870ae914cd2a60e892ef678b37852d35ee1acbe5182

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                Filesize

                                                103KB

                                                MD5

                                                7c6b0797174105a8476ffed5dd398b70

                                                SHA1

                                                ae29735d35035d7d094c45369c89fb1d97fbd38c

                                                SHA256

                                                7bff400b5a5f5b511b4b252b834ab31eca7862821be630670d30ebfc5422acb4

                                                SHA512

                                                2a47aeadc003eaabb5f33dea4e5b611f2110afbc3b3e5544fd75032010b4aad51a61ec1b0f787d7f1a328c18d09ecc86c9036c80c8925774daf434c5c2d4a37b

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588344.TMP

                                                Filesize

                                                100KB

                                                MD5

                                                bcab68538e1a564f737fb73e5f250054

                                                SHA1

                                                f5f67d0016f5f87f7d012123a4136a56dc11a7b2

                                                SHA256

                                                0883d8a071732569212beba240cdd350c767b527a178c3d385bbf4f3d5c5e441

                                                SHA512

                                                10e1cee00fa43b855cc08014c84202ae6c01cf925bf69f8fc1b9f06e129cbb63eff930b20a1ba8735a0643dfb3d32610b2518511d466bc6677e32cd8b1d3a2a4

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                Filesize

                                                264KB

                                                MD5

                                                250e716ca81b3e0c57c6b36edaa16958

                                                SHA1

                                                78631921499d1daa502f9627976a63c7335fb493

                                                SHA256

                                                81b467fe27f1f8927173c2fb9f4505855c23a29d2b153e3e2040f74016ea6187

                                                SHA512

                                                2b3e18f6e0378c75346b24a56ff02d0e03cb7c5c5cda2979071f888d2ebfff9fdde2d7aed4163f60177f5ca441e7ca7583ccad5483f815fbb8ecdbc4302225dd

                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                Filesize

                                                2B

                                                MD5

                                                99914b932bd37a50b983c5e7c90ae93b

                                                SHA1

                                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                SHA256

                                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                SHA512

                                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\config.ini

                                                Filesize

                                                314B

                                                MD5

                                                22479528144ae6a71723c29006c7fd96

                                                SHA1

                                                ae35d65d37a44ed2612a206e0634e2ce5538e9c7

                                                SHA256

                                                c9dbf738eb23a717a1bf2aaa5f47c383cefc4718885d8c4bb398fd5e3fabb158

                                                SHA512

                                                5214775cd1179a9eb5ec1853d4f719e06ecac1a2ae04a7ba58476b7ecc1953878d5be32382f77315474de7d7410e9e74c64bdf6ed5dd4a18bf8276fec2ce5eab

                                              • C:\Users\Admin\Downloads\WindowedBorderlessGaming_2.1.0.1.zip

                                                Filesize

                                                464KB

                                                MD5

                                                a6d2811762a0c71f029e2ce35adfba84

                                                SHA1

                                                e6417f785b49d3e19757a564d82e055a88a512ea

                                                SHA256

                                                fb6b8f77ed92c1775ecb7132cda28b578028128fa86408250a6afa8736ede0e3

                                                SHA512

                                                f850782530af811637008f8c3ae425a8ebe5860c7e73762d7ee9daa93ab0b7bc263d0f5577f53155cd7f0e00c4bc892a836a325648dc4668d4b9cd998296355f

                                              • \??\pipe\crashpad_904_RXDMIEJQEILMIBUZ

                                                MD5

                                                d41d8cd98f00b204e9800998ecf8427e

                                                SHA1

                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                SHA256

                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                SHA512

                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e