Malware Analysis Report

2024-10-19 11:21

Sample ID 240807-whxansvdmc
Target http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073 was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Scheduled Task/Job: Scheduled Task

Modifies data under HKEY_USERS

Opens file in notepad (likely ransom note)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-07 17:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-07 17:55

Reported

2024-08-07 17:59

Platform

win10-20240611-en

Max time kernel

157s

Max time network

163s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073

Signatures

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675269915508094" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 904 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 1384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3512 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 3272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 904 wrote to memory of 2416 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb93079758,0x7ffb93079768,0x7ffb93079778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3748 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5288 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4972 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3084 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5460 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5840 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list

C:\Windows\SysWOW64\schtasks.exe

Schtasks /Query /fo list

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5196 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5264 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\ReadMe.txt

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list

C:\Windows\SysWOW64\schtasks.exe

Schtasks /Query /fo list

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe "/c" "schtasks" "/create" "/tn" "WindowedBorderlessGaming-Admin" "/tr" "C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\WINDOW~1.EXE" "/sc" "ONLOGON" "/ru" "Admin" "/it" "/rl" "HIGHEST"

C:\Windows\SysWOW64\schtasks.exe

"schtasks" "/create" "/tn" "WindowedBorderlessGaming-Admin" "/tr" "C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\WINDOW~1.EXE" "/sc" "ONLOGON" "/ru" "Admin" "/it" "/rl" "HIGHEST

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list

C:\Windows\SysWOW64\schtasks.exe

Schtasks /Query /fo list

C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe" "-GameSettings"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3ae9055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 westechsolutions.net udp
US 67.20.76.65:80 westechsolutions.net tcp
US 67.20.76.65:80 westechsolutions.net tcp
US 67.20.76.65:80 westechsolutions.net tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 67.20.76.65:443 westechsolutions.net tcp
US 8.8.8.8:53 65.76.20.67.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 67.20.76.65:443 westechsolutions.net tcp
US 67.20.76.65:443 westechsolutions.net tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 catbox.moe udp
US 108.181.20.37:443 catbox.moe tcp
US 108.181.20.37:443 catbox.moe tcp
US 108.181.20.37:443 catbox.moe tcp
US 108.181.20.37:80 catbox.moe tcp
US 108.181.20.37:80 catbox.moe tcp
US 108.181.20.37:80 catbox.moe tcp
US 108.181.20.37:80 catbox.moe tcp
US 108.181.20.37:80 catbox.moe tcp
US 108.181.20.37:80 catbox.moe tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dbdee4da7e74192cb7fe066b8b9c2f27
SHA1 45d875f2a016d35d91d8612fa44965d86f77472c
SHA256 0e1bad3bb42821fb1fd88b0f5b7f5c997c3e9ecf07c29fc4619d95e62e56c422
SHA512 f8572c558bab1da69772d929864eae7a1e3c6871042836b90bb1c39b307c4988a55e5a55c1538c1a59c489779678e2e6c6df05ce0a1db9851c7e17e6e3f020f6

\??\pipe\crashpad_904_RXDMIEJQEILMIBUZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 349852c8b19ada57d5af487d1556e807
SHA1 c220dfe0c99d1d8391cda39cfd7988d0bb07d823
SHA256 4a1141484e5f2bd9070c9861274f3dbf45102036d46bd7c76c11e3f333913e74
SHA512 4d72f89991480b5e8a612d2be8379ce6426653c06fff63586a2f0075e1fd8b18b7eb3b6a0187d75b2fd1ac4bfedb9c02d21ef8d54778a71e9a1c368778704ba0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04c1e1d9e5e73955fb8c610600a052c9
SHA1 910af809dbf4b208537e522337c19f666a97c733
SHA256 18a76a73614f34aee9287cace5a0b57028fff9d404474947b59ce70637017dba
SHA512 ff474b520ee368498d81947835c50ab4d388bbb607c762fc8d8ac531809d2ef6984bcd5e011a728cf1685a4d279ac26f5d191ddea58f9411472f9e13028b81ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 63ffd7b143a66e2632332e8b914249e7
SHA1 a5056c31a4452785fdbcafd1d34df68d56a91c40
SHA256 d7065e175cad5d0c03f34ca3f4ac3822362f87e95f52a748ec9198ab8cb5bb61
SHA512 936df799faf13f7621c052f44569ba480588e46c71be4f639bebd89da29afc602e756c526eeebe05cd27fdfa685e65f0a9d2765d9a6e8597f9ef7459b195a583

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9a1f039cf0ee14619c460e3681c6ddf0
SHA1 5fff0209e9d0b4ca68044f9f633ca10ff3a18b53
SHA256 e381e6d1488bfb7cc58cee9880da590c36af1a2e531411af7bb4c8f1a6986e75
SHA512 ed8a667b819a45f76f820c572761b7cd55c5d5a51cee853c9a460d36be5be78c09c7b5b9eebc3324f79d2341ed653dad1e87affe0f378c260b96ad0b9a03e34d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc7affff5b4d59566ac82a5243532bef
SHA1 b63afcc698ad06a655de1cb09120c7f8ab479118
SHA256 8ccfd50e025f9af12074591755fffd2c73fac59a6eeab21e9c33cb322b58960b
SHA512 8c1fcdbe9fbe71301dbb204aa15cdbfbcfb862ea1ca18f35ce7fd94e0c181b23c9f12d434b4a6ed9098a1e810f82a02da9cc3f8586dd26470abdb6a2731a0864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b5e8437f2e956e2fa0ff6df3e31c54ed
SHA1 5d70df5efeca4b4d7fc24c5db5e2f686ae09b499
SHA256 8d0b9faa5467486b6b669e68eda750057832132a102ce790474eec2406513b06
SHA512 928d20a96c54f7ee5542ee6887bf3c3450748e9c4891fc78b89417c1562ac0dacf4beb85691ac245858b7870ae914cd2a60e892ef678b37852d35ee1acbe5182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4aa19be5a37d38cf9a471ac0c89db1f1
SHA1 f3aee82a9d8f6799f7e7bef628fd5ecc9b7cc489
SHA256 b7a20eb916a0d0c6102633e2019b2843e9f2bec04dd0c3e759f71a0368d0fb62
SHA512 309b2c95d8d80b3ff6e03cc384af7d17f928732a085be957f37b099be09e7bd66c439cb3125eadcdfd760558ee049d173962491e9d4dab8bdc9e9e15974eb35f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2c0c3844902212f266e37af5aaedb8fe
SHA1 cead3540d46ab0d9a2ca14bf8a4bb8ad44d4bb34
SHA256 c4b8231119a97fa15f7d2a1070f3ee92bf0275f849ec0a952ce47ee9bc77d283
SHA512 83dc58185090f825fffb2e793ba25d78cd747167515ac86a4081f9fc6596c0680951425dbe7769c946dddf2018adf7dcd3734ab922f102c05d58094fa038b753

C:\Users\Admin\Downloads\WindowedBorderlessGaming_2.1.0.1.zip

MD5 a6d2811762a0c71f029e2ce35adfba84
SHA1 e6417f785b49d3e19757a564d82e055a88a512ea
SHA256 fb6b8f77ed92c1775ecb7132cda28b578028128fa86408250a6afa8736ede0e3
SHA512 f850782530af811637008f8c3ae425a8ebe5860c7e73762d7ee9daa93ab0b7bc263d0f5577f53155cd7f0e00c4bc892a836a325648dc4668d4b9cd998296355f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d35c487768d4707b4b6282b417da9634
SHA1 aa362a43f37d3cefc88263c3b83f7fa29510a181
SHA256 4e6d66328c97a0047d1b5aaee802f8f1e940b748539d8c46d83952418620dc98
SHA512 87a1b546315e316f3fff3bdc6f42520728ef8b34e4455043f07de8081a7f2aca60d5992d91d88841fc433dc73fcc00f6a6e0192dc7450afc697ac781e532971a

C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\config.ini

MD5 22479528144ae6a71723c29006c7fd96
SHA1 ae35d65d37a44ed2612a206e0634e2ce5538e9c7
SHA256 c9dbf738eb23a717a1bf2aaa5f47c383cefc4718885d8c4bb398fd5e3fabb158
SHA512 5214775cd1179a9eb5ec1853d4f719e06ecac1a2ae04a7ba58476b7ecc1953878d5be32382f77315474de7d7410e9e74c64bdf6ed5dd4a18bf8276fec2ce5eab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7c6b0797174105a8476ffed5dd398b70
SHA1 ae29735d35035d7d094c45369c89fb1d97fbd38c
SHA256 7bff400b5a5f5b511b4b252b834ab31eca7862821be630670d30ebfc5422acb4
SHA512 2a47aeadc003eaabb5f33dea4e5b611f2110afbc3b3e5544fd75032010b4aad51a61ec1b0f787d7f1a328c18d09ecc86c9036c80c8925774daf434c5c2d4a37b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588344.TMP

MD5 bcab68538e1a564f737fb73e5f250054
SHA1 f5f67d0016f5f87f7d012123a4136a56dc11a7b2
SHA256 0883d8a071732569212beba240cdd350c767b527a178c3d385bbf4f3d5c5e441
SHA512 10e1cee00fa43b855cc08014c84202ae6c01cf925bf69f8fc1b9f06e129cbb63eff930b20a1ba8735a0643dfb3d32610b2518511d466bc6677e32cd8b1d3a2a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a450bcd1b4891024b1ac559d9cdc2ae0
SHA1 fc1c9213af42251aaaf9a75c910e1e202786aba0
SHA256 0759615b76aa0908999e37ce97b40964b45832176d182036004cc64116e349fb
SHA512 557324e2f6bb0b98061159473e0e06b14ab983b985ad90b1afaf9d8b01d182fe2cc6259f47054d64caf8c0e29d4481eddf2e56bf3dc8cf4eb50b0bca8faa59ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7458c3b34922915ddcfe691a2ac07028
SHA1 1eec0a3b78d9e8ae9b6247ce64579360a83d6388
SHA256 c2fcf51987fb95a4761b9cc1c760f32a5cd3635178292993f392efd62263780d
SHA512 33b7d20f5b2193ee542e2ce8a81951f7363bed30ad7c57e33c83e2fbc3935d7dfb9c421a56823fc183c9c1f6170b31da2f9d0f582c3a37bec59bd46f72a62537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 588fed3072928cf4d84169d8efec6c40
SHA1 1b949b3d4573f32ba392805ca9748dd995ea4a40
SHA256 2a51f44f03961461da9a190aa230f95e2f6c2492bc0320db066cbfc7eef2d118
SHA512 ad5fa29298a17926d21171c5b6eb2bfbacdaef22601b1efc875f6e54d63190a38ed07c6a30af446bb9cfdff2aaf2b11ff128d43a4bb815ab4315f325efac4b28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f1e40179-ebf5-4ff7-9adf-6f72f9e4dac9.tmp

MD5 a22f48525a8953bd2af47f4c27e38dda
SHA1 5853285a101dafe4bf3da986512921e2755eee30
SHA256 21870225c9ccbcdd3d38d48aa929a27c5c086ba6e3e3467e86fff9dfde8185ce
SHA512 be6383b16f4e037f99398bcc5ba9505bd7c01a905f194d9a22c318cbb1d552eb398081599c80f9ef60e1f6b22963e3c979861e134ab531ffe455e9664269c59e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b91a482132d4f150f32ec513762ae47
SHA1 73a8905913ae3426d5ea57e5770953957ceaaa36
SHA256 cf5c32ab29e04b6537225cd84218fa12be1c21ff530aac9555c0ad5cb2d35139
SHA512 4c0565bdb297603bbe97af2e5ef5604fe4a3661b6ccd2d95667e95ad0155d10d3625833bb6b37e58085ad1b688f01f4df885ecda9cbd322e3c63eaf49aab3352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5166c9b80e2ec82104af70317c91732b
SHA1 c65ab7d3fc539bd852ac1c8d8940dd7c04c7895a
SHA256 362c06996b177dbfc218d41dead6fb711f8a0bebfa7b78c52505ad559a211d9c
SHA512 2dd9be8686f9a49d685149fe19ced9e534037cb0595ff617f2fbbb8af8ff26bcc8264c197e64463c1a8e3a820c17e966425268f09863d5d9e1751feb2ae87b36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 13dc48f282778f3bc439fd5cf9a2e40c
SHA1 d894dc014374add3f0cd2d0d128569730520bef2
SHA256 efccff8996d75a1f896f34ba78a1685db09368a1eaadc1aea07ebc36ebb52875
SHA512 b33e811b2a9fab8c8b12157ea35ce81a798cb8f51919158ee4acb06f280e1fe2f88935d1013b952fa74d45821da3f53d7f38b5c5cfe3610a9f518fbe4666e11f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 250e716ca81b3e0c57c6b36edaa16958
SHA1 78631921499d1daa502f9627976a63c7335fb493
SHA256 81b467fe27f1f8927173c2fb9f4505855c23a29d2b153e3e2040f74016ea6187
SHA512 2b3e18f6e0378c75346b24a56ff02d0e03cb7c5c5cda2979071f888d2ebfff9fdde2d7aed4163f60177f5ca441e7ca7583ccad5483f815fbb8ecdbc4302225dd