Analysis Overview
Threat Level: Known bad
The file http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073 was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Scheduled Task/Job: Scheduled Task
Modifies data under HKEY_USERS
Opens file in notepad (likely ransom note)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-07 17:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-07 17:55
Reported
2024-08-07 17:59
Platform
win10-20240611-en
Max time kernel
157s
Max time network
163s
Command Line
Signatures
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675269915508094" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://westechsolutions.net/sites/WindowedBorderlessGaming/download&token=b978821a&token=b98c8073
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb93079758,0x7ffb93079768,0x7ffb93079778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2712 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2720 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3748 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5288 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4972 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3084 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5460 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5840 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list
C:\Windows\SysWOW64\schtasks.exe
Schtasks /Query /fo list
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5196 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5264 --field-trial-handle=1764,i,9416601320354870005,3275348777168094807,131072 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\ReadMe.txt
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list
C:\Windows\SysWOW64\schtasks.exe
Schtasks /Query /fo list
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe "/c" "schtasks" "/create" "/tn" "WindowedBorderlessGaming-Admin" "/tr" "C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\WINDOW~1.EXE" "/sc" "ONLOGON" "/ru" "Admin" "/it" "/rl" "HIGHEST"
C:\Windows\SysWOW64\schtasks.exe
"schtasks" "/create" "/tn" "WindowedBorderlessGaming-Admin" "/tr" "C:\Users\Admin\AppData\Local\Temp\TEMP1_~1.ZIP\WINDOW~1.EXE" "/sc" "ONLOGON" "/ru" "Admin" "/it" "/rl" "HIGHEST
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Schtasks /Query /fo list
C:\Windows\SysWOW64\schtasks.exe
Schtasks /Query /fo list
C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\WindowedBorderlessGaming.exe" "-GameSettings"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ae9055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | westechsolutions.net | udp |
| US | 67.20.76.65:80 | westechsolutions.net | tcp |
| US | 67.20.76.65:80 | westechsolutions.net | tcp |
| US | 67.20.76.65:80 | westechsolutions.net | tcp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 67.20.76.65:443 | westechsolutions.net | tcp |
| US | 8.8.8.8:53 | 65.76.20.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 67.20.76.65:443 | westechsolutions.net | tcp |
| US | 67.20.76.65:443 | westechsolutions.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | catbox.moe | udp |
| US | 108.181.20.37:443 | catbox.moe | tcp |
| US | 108.181.20.37:443 | catbox.moe | tcp |
| US | 108.181.20.37:443 | catbox.moe | tcp |
| US | 108.181.20.37:80 | catbox.moe | tcp |
| US | 108.181.20.37:80 | catbox.moe | tcp |
| US | 108.181.20.37:80 | catbox.moe | tcp |
| US | 108.181.20.37:80 | catbox.moe | tcp |
| US | 108.181.20.37:80 | catbox.moe | tcp |
| US | 108.181.20.37:80 | catbox.moe | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dbdee4da7e74192cb7fe066b8b9c2f27 |
| SHA1 | 45d875f2a016d35d91d8612fa44965d86f77472c |
| SHA256 | 0e1bad3bb42821fb1fd88b0f5b7f5c997c3e9ecf07c29fc4619d95e62e56c422 |
| SHA512 | f8572c558bab1da69772d929864eae7a1e3c6871042836b90bb1c39b307c4988a55e5a55c1538c1a59c489779678e2e6c6df05ce0a1db9851c7e17e6e3f020f6 |
\??\pipe\crashpad_904_RXDMIEJQEILMIBUZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 349852c8b19ada57d5af487d1556e807 |
| SHA1 | c220dfe0c99d1d8391cda39cfd7988d0bb07d823 |
| SHA256 | 4a1141484e5f2bd9070c9861274f3dbf45102036d46bd7c76c11e3f333913e74 |
| SHA512 | 4d72f89991480b5e8a612d2be8379ce6426653c06fff63586a2f0075e1fd8b18b7eb3b6a0187d75b2fd1ac4bfedb9c02d21ef8d54778a71e9a1c368778704ba0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04c1e1d9e5e73955fb8c610600a052c9 |
| SHA1 | 910af809dbf4b208537e522337c19f666a97c733 |
| SHA256 | 18a76a73614f34aee9287cace5a0b57028fff9d404474947b59ce70637017dba |
| SHA512 | ff474b520ee368498d81947835c50ab4d388bbb607c762fc8d8ac531809d2ef6984bcd5e011a728cf1685a4d279ac26f5d191ddea58f9411472f9e13028b81ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 63ffd7b143a66e2632332e8b914249e7 |
| SHA1 | a5056c31a4452785fdbcafd1d34df68d56a91c40 |
| SHA256 | d7065e175cad5d0c03f34ca3f4ac3822362f87e95f52a748ec9198ab8cb5bb61 |
| SHA512 | 936df799faf13f7621c052f44569ba480588e46c71be4f639bebd89da29afc602e756c526eeebe05cd27fdfa685e65f0a9d2765d9a6e8597f9ef7459b195a583 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9a1f039cf0ee14619c460e3681c6ddf0 |
| SHA1 | 5fff0209e9d0b4ca68044f9f633ca10ff3a18b53 |
| SHA256 | e381e6d1488bfb7cc58cee9880da590c36af1a2e531411af7bb4c8f1a6986e75 |
| SHA512 | ed8a667b819a45f76f820c572761b7cd55c5d5a51cee853c9a460d36be5be78c09c7b5b9eebc3324f79d2341ed653dad1e87affe0f378c260b96ad0b9a03e34d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 48d2860dd3168b6f06a4f27c6791bcaa |
| SHA1 | f5f803efed91cd45a36c3d6acdffaaf0e863bf8c |
| SHA256 | 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77 |
| SHA512 | 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc7affff5b4d59566ac82a5243532bef |
| SHA1 | b63afcc698ad06a655de1cb09120c7f8ab479118 |
| SHA256 | 8ccfd50e025f9af12074591755fffd2c73fac59a6eeab21e9c33cb322b58960b |
| SHA512 | 8c1fcdbe9fbe71301dbb204aa15cdbfbcfb862ea1ca18f35ce7fd94e0c181b23c9f12d434b4a6ed9098a1e810f82a02da9cc3f8586dd26470abdb6a2731a0864 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b5e8437f2e956e2fa0ff6df3e31c54ed |
| SHA1 | 5d70df5efeca4b4d7fc24c5db5e2f686ae09b499 |
| SHA256 | 8d0b9faa5467486b6b669e68eda750057832132a102ce790474eec2406513b06 |
| SHA512 | 928d20a96c54f7ee5542ee6887bf3c3450748e9c4891fc78b89417c1562ac0dacf4beb85691ac245858b7870ae914cd2a60e892ef678b37852d35ee1acbe5182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4aa19be5a37d38cf9a471ac0c89db1f1 |
| SHA1 | f3aee82a9d8f6799f7e7bef628fd5ecc9b7cc489 |
| SHA256 | b7a20eb916a0d0c6102633e2019b2843e9f2bec04dd0c3e759f71a0368d0fb62 |
| SHA512 | 309b2c95d8d80b3ff6e03cc384af7d17f928732a085be957f37b099be09e7bd66c439cb3125eadcdfd760558ee049d173962491e9d4dab8bdc9e9e15974eb35f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2c0c3844902212f266e37af5aaedb8fe |
| SHA1 | cead3540d46ab0d9a2ca14bf8a4bb8ad44d4bb34 |
| SHA256 | c4b8231119a97fa15f7d2a1070f3ee92bf0275f849ec0a952ce47ee9bc77d283 |
| SHA512 | 83dc58185090f825fffb2e793ba25d78cd747167515ac86a4081f9fc6596c0680951425dbe7769c946dddf2018adf7dcd3734ab922f102c05d58094fa038b753 |
C:\Users\Admin\Downloads\WindowedBorderlessGaming_2.1.0.1.zip
| MD5 | a6d2811762a0c71f029e2ce35adfba84 |
| SHA1 | e6417f785b49d3e19757a564d82e055a88a512ea |
| SHA256 | fb6b8f77ed92c1775ecb7132cda28b578028128fa86408250a6afa8736ede0e3 |
| SHA512 | f850782530af811637008f8c3ae425a8ebe5860c7e73762d7ee9daa93ab0b7bc263d0f5577f53155cd7f0e00c4bc892a836a325648dc4668d4b9cd998296355f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d35c487768d4707b4b6282b417da9634 |
| SHA1 | aa362a43f37d3cefc88263c3b83f7fa29510a181 |
| SHA256 | 4e6d66328c97a0047d1b5aaee802f8f1e940b748539d8c46d83952418620dc98 |
| SHA512 | 87a1b546315e316f3fff3bdc6f42520728ef8b34e4455043f07de8081a7f2aca60d5992d91d88841fc433dc73fcc00f6a6e0192dc7450afc697ac781e532971a |
C:\Users\Admin\AppData\Local\Temp\Temp1_WindowedBorderlessGaming_2.1.0.1.zip\config.ini
| MD5 | 22479528144ae6a71723c29006c7fd96 |
| SHA1 | ae35d65d37a44ed2612a206e0634e2ce5538e9c7 |
| SHA256 | c9dbf738eb23a717a1bf2aaa5f47c383cefc4718885d8c4bb398fd5e3fabb158 |
| SHA512 | 5214775cd1179a9eb5ec1853d4f719e06ecac1a2ae04a7ba58476b7ecc1953878d5be32382f77315474de7d7410e9e74c64bdf6ed5dd4a18bf8276fec2ce5eab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7c6b0797174105a8476ffed5dd398b70 |
| SHA1 | ae29735d35035d7d094c45369c89fb1d97fbd38c |
| SHA256 | 7bff400b5a5f5b511b4b252b834ab31eca7862821be630670d30ebfc5422acb4 |
| SHA512 | 2a47aeadc003eaabb5f33dea4e5b611f2110afbc3b3e5544fd75032010b4aad51a61ec1b0f787d7f1a328c18d09ecc86c9036c80c8925774daf434c5c2d4a37b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588344.TMP
| MD5 | bcab68538e1a564f737fb73e5f250054 |
| SHA1 | f5f67d0016f5f87f7d012123a4136a56dc11a7b2 |
| SHA256 | 0883d8a071732569212beba240cdd350c767b527a178c3d385bbf4f3d5c5e441 |
| SHA512 | 10e1cee00fa43b855cc08014c84202ae6c01cf925bf69f8fc1b9f06e129cbb63eff930b20a1ba8735a0643dfb3d32610b2518511d466bc6677e32cd8b1d3a2a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a450bcd1b4891024b1ac559d9cdc2ae0 |
| SHA1 | fc1c9213af42251aaaf9a75c910e1e202786aba0 |
| SHA256 | 0759615b76aa0908999e37ce97b40964b45832176d182036004cc64116e349fb |
| SHA512 | 557324e2f6bb0b98061159473e0e06b14ab983b985ad90b1afaf9d8b01d182fe2cc6259f47054d64caf8c0e29d4481eddf2e56bf3dc8cf4eb50b0bca8faa59ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7458c3b34922915ddcfe691a2ac07028 |
| SHA1 | 1eec0a3b78d9e8ae9b6247ce64579360a83d6388 |
| SHA256 | c2fcf51987fb95a4761b9cc1c760f32a5cd3635178292993f392efd62263780d |
| SHA512 | 33b7d20f5b2193ee542e2ce8a81951f7363bed30ad7c57e33c83e2fbc3935d7dfb9c421a56823fc183c9c1f6170b31da2f9d0f582c3a37bec59bd46f72a62537 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 588fed3072928cf4d84169d8efec6c40 |
| SHA1 | 1b949b3d4573f32ba392805ca9748dd995ea4a40 |
| SHA256 | 2a51f44f03961461da9a190aa230f95e2f6c2492bc0320db066cbfc7eef2d118 |
| SHA512 | ad5fa29298a17926d21171c5b6eb2bfbacdaef22601b1efc875f6e54d63190a38ed07c6a30af446bb9cfdff2aaf2b11ff128d43a4bb815ab4315f325efac4b28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f1e40179-ebf5-4ff7-9adf-6f72f9e4dac9.tmp
| MD5 | a22f48525a8953bd2af47f4c27e38dda |
| SHA1 | 5853285a101dafe4bf3da986512921e2755eee30 |
| SHA256 | 21870225c9ccbcdd3d38d48aa929a27c5c086ba6e3e3467e86fff9dfde8185ce |
| SHA512 | be6383b16f4e037f99398bcc5ba9505bd7c01a905f194d9a22c318cbb1d552eb398081599c80f9ef60e1f6b22963e3c979861e134ab531ffe455e9664269c59e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7b91a482132d4f150f32ec513762ae47 |
| SHA1 | 73a8905913ae3426d5ea57e5770953957ceaaa36 |
| SHA256 | cf5c32ab29e04b6537225cd84218fa12be1c21ff530aac9555c0ad5cb2d35139 |
| SHA512 | 4c0565bdb297603bbe97af2e5ef5604fe4a3661b6ccd2d95667e95ad0155d10d3625833bb6b37e58085ad1b688f01f4df885ecda9cbd322e3c63eaf49aab3352 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5166c9b80e2ec82104af70317c91732b |
| SHA1 | c65ab7d3fc539bd852ac1c8d8940dd7c04c7895a |
| SHA256 | 362c06996b177dbfc218d41dead6fb711f8a0bebfa7b78c52505ad559a211d9c |
| SHA512 | 2dd9be8686f9a49d685149fe19ced9e534037cb0595ff617f2fbbb8af8ff26bcc8264c197e64463c1a8e3a820c17e966425268f09863d5d9e1751feb2ae87b36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13dc48f282778f3bc439fd5cf9a2e40c |
| SHA1 | d894dc014374add3f0cd2d0d128569730520bef2 |
| SHA256 | efccff8996d75a1f896f34ba78a1685db09368a1eaadc1aea07ebc36ebb52875 |
| SHA512 | b33e811b2a9fab8c8b12157ea35ce81a798cb8f51919158ee4acb06f280e1fe2f88935d1013b952fa74d45821da3f53d7f38b5c5cfe3610a9f518fbe4666e11f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 250e716ca81b3e0c57c6b36edaa16958 |
| SHA1 | 78631921499d1daa502f9627976a63c7335fb493 |
| SHA256 | 81b467fe27f1f8927173c2fb9f4505855c23a29d2b153e3e2040f74016ea6187 |
| SHA512 | 2b3e18f6e0378c75346b24a56ff02d0e03cb7c5c5cda2979071f888d2ebfff9fdde2d7aed4163f60177f5ca441e7ca7583ccad5483f815fbb8ecdbc4302225dd |