a15810bb4e49e29191ef909985a569339f0d309d65087aa3cd4f1f16eea162b0

Resubmissions

11/08/2024, 13:15

240811-qhjfxs1cnl 7

11/08/2024, 13:11

240811-qe2hbs1bpq 7

11/08/2024, 13:05

240811-qbzvbs1amn 7

11/08/2024, 12:58

240811-p7tshsvcma 7

Analysis

max time kernel
213s
max time network
218s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BorderlessGaming10.0_admin_setup.exe
Size

48.8MB
MD5

d52cda79789a76bc6687e99a206d3ef4
SHA1

3e8e1f1f17bd0c5087e26bf5b6c6f63dd110b01e
SHA256

a15810bb4e49e29191ef909985a569339f0d309d65087aa3cd4f1f16eea162b0
SHA512

7677362141297e7e1eab3bbeee08b6df10ba21de5ccf5232e5fa80dcb097c57f0802534a0a62bbf4a37c0c51c97d2f8cd23e432f011ea717ea8bf9d7aafb1071
SSDEEP

786432:RgyfSSjla4cxOAyl45+TpT+qluCGXmsGjVfKaC93M9RHwDqmOX4Cpw85z9JYlb:RgYSSUY3l3doCGX0uUQems4CpJhJCb

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	BorderlessGaming10.0_admin_setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	BorderlessGaming.exe

Executes dropped EXE 2 IoCs

pid	Process
1796	BorderlessGaming10.0_admin_setup.tmp
3740	BorderlessGaming.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
77	raw.githubusercontent.com
78	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Borderless Gaming\is-5CFSV.tmp	BorderlessGaming10.0_admin_setup.tmp
File opened for modification	C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-VPS38.tmp	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-Q0TQ5.tmp	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-581SB.tmp	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-JAEJK.tmp	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-DVJGI.tmp	BorderlessGaming10.0_admin_setup.tmp
File opened for modification	C:\Program Files (x86)\Borderless Gaming\uninstall.ico	msedge.exe
File opened for modification	C:\Program Files (x86)\Borderless Gaming\uninstall.ico	msedge.exe
File created	C:\Program Files (x86)\Borderless Gaming\is-4UNVA.tmp	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-PMBTQ.tmp	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-4JPFC.tmp	BorderlessGaming10.0_admin_setup.tmp
File opened for modification	C:\Program Files (x86)\Borderless Gaming\unins000.dat	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\unins000.dat	BorderlessGaming10.0_admin_setup.tmp
File created	C:\Program Files (x86)\Borderless Gaming\is-8KVL2.tmp	BorderlessGaming10.0_admin_setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BorderlessGaming10.0_admin_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BorderlessGaming10.0_admin_setup.tmp

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678557624746687"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 03000000020000000100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\4\0\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0400000003000000020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\LogicalViewMode = "5"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\4 = 19002f433a5c000000000000000000000000000000000000000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = b5021f006502d5dfa3235702040000000000530200003153505305d5cdd59c2e1b10939708002b2cf9ae9301000012000000004100750074006f004c006900730074000000420000001e000000700072006f0070003400320039003400390036003700320039003500000000004c010000aea54e38e1ad8a4e8a9b7bea78fff1e9060000800000000001000000020000800100000001000000020000002000000000000000500014001f50e04fd020ea3a6910a2d808002b30309d3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000d7b42c6dd7e4da01b4ed6681dde4da01a8b26b81dde4da0114000000000000000000000000000000000000000000000001000000010000800100000004006900740065006d00000000000000000000000000000000000000000000000000000000000000000000000000000000001e1ade7f318ba54993b86be14cfa4943ffffffffffffffffffffffff00000000010000001900530065006100720063006800200052006500730075006c0074007300200069006e0020004400650073006b0074006f007000000000000000000000000000000000000000000000000000000000003900000024000000004100750074006f006c0069007300740043006100630068006500540069006d00650000001400000090ea853a0d0000006b00000022000000004100750074006f006c00690073007400430061006300680065004b006500790000001f0000001b000000530065006100720063006800200052006500730075006c0074007300200069006e0020004400650073006b0074006f00700030000000000000000000000000000000741a595e96dfd3488d671733bcee28ba671b730433d90a4590e64acd2e9408fe2a0000001300efbe00000020000000000000000000000000000000000000000000000000010000008b020000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7FDE1A1E-8B31-49A5-93B8-6BE14CFA4943}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\4\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
1796	BorderlessGaming10.0_admin_setup.tmp
1796	BorderlessGaming10.0_admin_setup.tmp
4340	msedge.exe
4340	msedge.exe
2420	msedge.exe
2420	msedge.exe
5928	identity_helper.exe
5928	identity_helper.exe
5768	msedge.exe
5768	msedge.exe
5464	msedge.exe
5464	msedge.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
1028	msedge.exe
1028	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5464	msedge.exe
1028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe
Token: SeShutdownPrivilege	4520	chrome.exe
Token: SeCreatePagefilePrivilege	4520	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
1796	BorderlessGaming10.0_admin_setup.tmp
3740	BorderlessGaming.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
5464	msedge.exe
5464	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
3740	BorderlessGaming.exe
4520	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
2420	msedge.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe
3740	BorderlessGaming.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
1028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 3688	4520	chrome.exe	87
PID 4520 wrote to memory of 3688	4520	chrome.exe	87
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 1096	4520	chrome.exe	88
PID 4520 wrote to memory of 4948	4520	chrome.exe	89
PID 4520 wrote to memory of 4948	4520	chrome.exe	89
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90
PID 4520 wrote to memory of 220	4520	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8964ccc40,0x7ff8964ccc4c,0x7ff8964ccc58
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5040,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3312,i,11694575554317894623,4833532621164996582,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5216

C:\Users\Admin\AppData\Local\Temp\BorderlessGaming10.0_admin_setup.exe
"C:\Users\Admin\AppData\Local\Temp\BorderlessGaming10.0_admin_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2976
- C:\Users\Admin\AppData\Local\Temp\is-57EMT.tmp\BorderlessGaming10.0_admin_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-57EMT.tmp\BorderlessGaming10.0_admin_setup.tmp" /SL5="$801D6,50295133,805376,C:\Users\Admin\AppData\Local\Temp\BorderlessGaming10.0_admin_setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1796
- - C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe
    "C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3740

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8830346f8,0x7ff883034708,0x7ff883034718
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,6089442131330762006,6529870492395789763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Borderless Gaming\Facepunch.Steamworks.Win64.xml

Filesize
164KB

MD5
e4525b83395e0e28690c06eb91b77288

SHA1
75dfd52bfa87581e277dee1d89abd97e5f9d88fc

SHA256
4a7e38fb8cb7569a74b8c755399bb319a93ee9b76cb51e747826802fffec450e

SHA512
cba036f3220e079c54b7065904c2f0b7962fb0d15e7134d316c3c82bb48f1aead9d5740b91d8d598504bca8719d4aa4c06d79d50b50618f7f429098217fa8a08

Download Submit
C:\Program Files (x86)\Borderless Gaming\Languages.zip

Filesize
22KB

MD5
ea581fa582ae31b03360b453c6d3e17d

SHA1
49d430e8855e313fd34aab8f84bab84613798b9d

SHA256
e2f2bf8a5c2727553b08db6468a4cbc2869e661db2d6d69fe9678312ef9644fe

SHA512
6431e5af1089de02f13f9d64de1be65ec60146a4566c5766b924345dde8a5517beb480b8329180fe76ff04dd9ac62e5d4b8538d807d30f2d66458ee2f3199627

Download Submit
C:\Program Files (x86)\Borderless Gaming\unins000.exe

Filesize
3.0MB

MD5
1d567c9701d7b2474dc37616c00ac9d1

SHA1
187e89f921da9319d99580788177867a39d6b9f1

SHA256
8be7c6ce47e90e5858a3ee42d2f0a5ec6c55c2206020f60d2c7eee2dde43d2a3

SHA512
6816e3b7ad4961687b37913ec8e477fcb0d3c074e5d55a7b0abb0a27d01269433d91414aea7e3778547d681b3d5002ff3073cf9d140bdbcfe2b7caf166e8dca2

Download Submit
C:\Program Files (x86)\Borderless Gaming\uninstall.ico

Filesize
7KB

MD5
3176080643f0b64e58be9ea180a115ef

SHA1
4d6fe9fdcba33b84d38f186533d8604919d7ead4

SHA256
2ee01d0499551f19e4f5613184993b5c562a746a769f7900d30e40cfe33712e3

SHA512
1359bfcefc9a4fd705c87dd2c9cce139c52f36674a29a6f6bef8a520c85778be3847aa59ff9fa9bbf637b81b410a56f5a1eef72f5fff6f290f72e85c0b2c2d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bd777d4741b13290a1fb8da626243ed1

SHA1
4018b04b09051f25fb70e85cb129472f4c685db3

SHA256
e5c00f8a0b7b6274c200872a256f0d9f2649e504915de7aeb4ff19a5ea7e17ed

SHA512
fb66601a69683added6ecafa484d49478f70a872ca910f569e863b68ffa849b6a286be56cfa4aa0c817f9bc0dc4a993c860173a0ad6775453d4ff4fa81a8bb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
523fcffeeca589db2208d54c3d4a5b48

SHA1
ca09b47a1684b255b272e8d61832a37153147c5c

SHA256
3661d77546dede10e9c24467c2e6b561aabea8a17b64fb364a8084d473749411

SHA512
2b43a589bfad841811fb3033ecfb0ae34436c4f35ab685b30b9b0e3bd695d578fa178d331be44f57a572e2d10a995742b78c5c60fc4906c791fdc6443750a4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
24febfd2dcd619668dba1698379bea00

SHA1
8e54c942e1ca7c33d13eb076b728d2f6293fbb81

SHA256
f45d50067cdc0d19940cfd19caf27ebe665cb943a326057be294d1cd3f42cbc4

SHA512
816cb4d6cf3cbc91a66ed2929d21bfd075744786b1e5677021887f44d04d64b22b63ea4ec3f4ecaa5eea830c7b3107dd2d924352a3b64f85efb07b3fe18b3e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b05d01f2f767f776a3826a876be292a2

SHA1
31593971ff3230a0bbb3dd46619cee9d3b614bab

SHA256
d0de6b3d11423106055e6fc286aa9d4583055d1cb0b921fa85d8381ac07c0253

SHA512
37f00ff11cc2866840f2b21326ce1e26a1e6dd19b9a2398b670617bbcca8aa9bdff562eda0d690d199c799e803900d359728557557f9684cef3f3acda2755108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bc65ff926e0c26455f98861078c9e1bf

SHA1
e78664f2d459767bb6db5079b7e659b5033533a5

SHA256
ed5c7044ca7415b8ba1fc6aa8c8f26c11adcd78aa5bb40d210ffe2383e44a56a

SHA512
a8bab1d125117e9be5f4fbcde1eb30ce49297ce2d174d54c7a6ec1af115312c681726c6c9b485a377b7d880aaa7a2856df12048caf6384453c1518ddd6e5bc27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6be6644ec5745aeaf4dfdad2c58d313

SHA1
54520605a10d6892eb8ee29511f3d856e4a2a360

SHA256
82263c59b761562026baf4ffa0e2bb65ade1854b3cfc8520f826ef09e704b877

SHA512
ce49add7509f57174462c3ab7d3ad6d1fa27f3e623c2742e711ac9c495ec0c565d56c59122a2176023656a07f9deeebdd53877fef1291edb9cde7ac1695de457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cb5697c5d48bfa7e818ef769911f5007

SHA1
2fa0281f35bbb7351ec375ee2ce6ac172ea9c16b

SHA256
108573b0168a5882afbeb42699730d420b06402ed0d356967ad5571a67807cc4

SHA512
2bd1c3c905dfd48ae3c33d72738ece6dd7b160ee544f3c4bbce41c9f5e7fe4cc56a1b05edf85d87b301e4b438eafa39665753c77fe4b7f325957513bc0de4f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fab836e64b76912bd2973e2683a00579

SHA1
89aad74999f579f442fcab9f966383086afe6b8d

SHA256
8739c0f4a59fdae9984768c504a8728e9407dab8fc0c23ac13d469de5c9a96f5

SHA512
11498356eec940b32f463103888971431411bab2c1af4a71f0baa13e6246752f4eb5833328746d1359ccd9d8521232b3f3747dccd37609015820536aa80ec665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4b0ff6b98393699602bc41013a808c86

SHA1
45592b59618ab6f3cb796d57458ca6036f04c0b6

SHA256
30590b1b164a3122d054c0b2009dd107b44c3deaf7f5d4f5db3f5f41757e3886

SHA512
ee57f0e161fe3dba3d7523d69d0c3662d5f99404205f15beed30aab243540eb66b53838783c0284a03c74f887fe5f3a7bc68567619f5e32440fc304e8cca4764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f23b900fc1bfb11e2f3a078eb7ebc827

SHA1
ec9c414333eb548464be60e5c84a4970931fdec7

SHA256
a62d503da8a4cdd49f5fb9cebdd8f54f0e3b1d4dba3aeb3d5b4d8ae68608a15c

SHA512
1bb1361f242dca69dbc05a3c534daeb950206077f63c5192c844e364d2a7c729a40df5bb6453dd9ea28e21f079c6164ffeedb829be9e6d9a11110c5241076020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c47b7685c9ac9306fe4ce32084e708c1

SHA1
b0bfc6202bbcb60e0eb7316c87edef923198676a

SHA256
c8b843043059e957c1d3908da64e09aa4f5993c61e72ec6d3578e6a771389d5f

SHA512
7919a2ba58e5941ea74f64b1820c2cf23377ab3e4c262e02aaf3e7b08f230dfc64ea627d16b30557e2577c961a891f8d9418d73110a215f38ccb1be7a4debdf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
399feb9fcd4b87dfd4983ed05374ba47

SHA1
a19d91bb54525a47c27bdaa66cfaf34bcf4da3b9

SHA256
e783c24c79530aa34047bd8966ca3fb81ea5ab8365d4edcd6d8e11845d512c83

SHA512
cff98aaae1aeb3779ad8bd9b8f89cd8de7a2dac78168c2c0a76dbfeb1adabfdf1bb87317c87dba6a6cbc4f25477ba8f0c69eb2592d7aaa0710b6cecf5fc4d269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51c36cf741f1aeb27690b0a3dfba3c2d

SHA1
13e28442bbde1187db83a81c6c368c16b1aab667

SHA256
d8cc8e803465c3b87cd9df223be20a9986db6812c396e51879e4ff6c64f77494

SHA512
13536afd665d58da9d91a29cfd4bfc9497506179517888fe2f5f33f7c880cb203428d424564cf2254cb1f4738743de7e427a13c1b9b8973c9070ef9e964585cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
134ea31f341cc94e9d8d9930bb459951

SHA1
e6d26e4e5bb2a34d94c8ea4dd77a5fe4fd591ce3

SHA256
d57d13b8cc7012cd5f458ecad3897a4cabe722500f8c61b37f376f54abb2de90

SHA512
aa065af6a71119467f1a751b0856955d611b7bba2986fab0acdfa5e8e39d8a04b8918d4cac577a6f64c1ee56dff7e1e70581645b9bf429f48d2c1f768e8211a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0aa00ffc10d539333254cfb55818d5ce

SHA1
6c06bf063f66e986b59e7102ac4cc7d18f391ad9

SHA256
571d1275f61ca4a347cc7b05b2b092cfd6998927fe0671e9072c389e1ef8ea02

SHA512
e5a567ae40d3469d8b2bacd57887cbf51d80ec32bb8bc75a4c6cc86a3cfd6215f5ffd28e0b2093013445447b64ed3ae92bd0ef4eb47882e37ceeb728bd9eeaae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e111ee60b169f96a714f262a9030a4be

SHA1
8de26f6958630eef701ab083445bc79ec584fab5

SHA256
4013ad6e87d8b745cb2b631c35ec841848a9c8a8603b4a3a4abe877ce339b2ba

SHA512
5a4e7145801678f35c221103078a3334ea70ac4b9a1bc75deccbae04a6f9c2ebb01373336310bbb3a41150e00e47e969f6d6aa16d664ca14505e6501a59651c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28a5a2aa09b04ffaaef7db24fa049481

SHA1
aa5fba7e8d7fbbdce863deaa0743550e9f2c86c8

SHA256
966b580919102eb2f65045a74f489b74a1ff5f43c403ded39b8974444d3a59e3

SHA512
15d12b7dd2adb67c662a025f74509f550b6b0377992ac8022b59c3a41ac7b827ebbe9ea25c25a59ea40ae2457a6a3e83b6f062f0fab6a68b82ca66db59f49c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51df854d5133a6ebaa65fb8ed6960aeb

SHA1
6c991f574760024923fc323914b33957fb297cd7

SHA256
23c617e0415a233682e92f1de7a966adde89a56e0c3e6f36cf078c8cef9f48be

SHA512
19cbd47f764c819167387881bd192eab6cde5aaf9b875f465bae56d95995bde36bde1ca3740d10cdb86813b891aa5002664ad702b158786aa54aeca3287de9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c103275b81e7c869e35fe69086530d37

SHA1
5544ec3e43a8b0239438de241ab29d9b53b45701

SHA256
aa64c03fcfb89e51516be9bc908a8d38c8f72587e5a1c2f00ee5c0e734eb2dd7

SHA512
940c598933a79040c84902f242bc5fc8bdaaa4eadfc5eb0a37f06e7ed76635ff06a29fa5762088946588208740b3545f466f080c97e1704272c75eca121ca21e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0250631ab7ac833cb63d3728fe150d2

SHA1
896efa08d72edcb20ce9f65ab4cdf320055f8979

SHA256
5a4e142b38fecffada70efc302e2dfea325dcd897d4e544adc98a3f60551cb75

SHA512
6f5e003925602275831914caae30ab82c80c4507f86d878af73cc02294c55bc16043242a58bc5d110d7f743d52cb702ba2f32cefdb4b9b638f7cd93a71c9d88c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46743234d423b1434446453153aad118

SHA1
b7d4e2f6f0ba2b404f1e5f02908500cfca2fdb28

SHA256
38b103ca162fdcae0d7e9daf1465b1f023bfac55b034b528e0587cb9f69518ee

SHA512
29f3218b9a0fe9993f34a6124a76b6a4d03576df713251bf83009a0999bed77c8f54f47e2efd61e194e8afee2c1951c21e0fdaa0d07a4cb10183e622b0cfc1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77466b4ec63d26a3a5fc7c8e0ead44ab

SHA1
86943b019449c8b3470cb00fe9ca910e059e4e5a

SHA256
3ac788f5cc4da843d5838d287a0dc09e74bf643eb2b89feb301a33af33db4579

SHA512
3acfac44843e974cd77a966eb92e663514fcdeb2d79af147bbca70ba97b994f4095de45a66134312b84a2985bf072222c5a93a86e311145269ef591c9e890924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4889a0c48e9fb087b2f41e12de70618

SHA1
6ec95c127716e6dda31de6137adf6dbb8187463d

SHA256
a98dba90b30b77fcaf9e6f5b3d3dc3d7400899b513f3e8c64cff2433661dc31f

SHA512
ac657d524a31122d8110016faf6e5a58adc96c100e42e7b3242a409eed710e1d33d3a96daf63872b8d7a8bff65b69ba8f895cb44896f1a143d45855ed4906c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
0208b903f31741f84d7f416642332b2d

SHA1
671194e24c1f9b42f0d87a3e71eac3a074135f4c

SHA256
bc482288a7fa21cba1189dde4c1cf4902574d0dae3c55b2b6f0d4a78c56f6f56

SHA512
9a3e3d9abf06ff2a20099e42a9bcaa538113e34a03afe5bcc5d81ee1a101b9bdffe5d8b91911a0f8d5a8717cfbdf67bd37f6f649d79b9cdc9403799488b54c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
1389f63e5cceb0a3790ce9489af0d2af

SHA1
58805e3143241b60f0a64447cf39f5d31a86453b

SHA256
eef321882032edbd4a8cb98f1c65a4a626f984928814a1454beadc81263b0261

SHA512
6586947f8614d30dca5f862cb71d235d631b22b861c37c1dc446acb72159f30323bd80e9ac50e031ed389960eca703ad4f5dd19f07e83c871b1eb95bb0d678b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
1288a6c5b9da994624762ea16b1a982a

SHA1
d31891ef90333714d2fe3b015aa9ed8854ba8906

SHA256
b0836d189230622c0dcc18c25e057b0d70b6271134c43ea0b96c58c5d7128283

SHA512
4bbe04c0c8289ef020344b5d86d90ffa5a0e237ba93e8069f79d60f953f113afae02171f6776bf1f017ea590454a0071c784a2b1c57686c54edc16ddf9b5bf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
78767d825b7729d5126989d0faa7f4c7

SHA1
90571750f2ec6bdd4e0240dd215314d85d758e80

SHA256
dac1d0999281db568aadcd0730e6d23051d639b5b292cac3c24dea5c27136223

SHA512
981176088791d252f32f86e31bd6e80f0d059b3e1f3d351e30eff48cca0e2b4d34adc3830b9baa55b9a07e9dd73227f8a046b06f7b3f65e588c0d40edac10017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
b0a9d17abc26bc073411af0d4be5db44

SHA1
3f553b77aea41ad274763fabf5426514c8046f59

SHA256
42fde26211e20646aa5ac8edc7842e68fea6048241dc10fc101848a2732cd855

SHA512
7983ebb3f3541558123f90387fdfaef5ff28ff8df527b87ff3275e777558d3a25646a4429be9128f6a1c54a3e82337a193d9fa5cb764d066f2892f29807b0d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
045acfd16e85059ac737092b12b6dba3

SHA1
dc9f7343f501bebcee9837d51e3d4926bbe53b80

SHA256
7efcb275391c51489e2841ce1efd7d0da8f988fd49d0c2980b3d796294c93766

SHA512
30f2b1a4acd93989260e4fa10bce269b5918a6f0d77872e928186b693edb463bd75851867525ad23d1d8c530f2cdb6ba56487eaaf569ce05238e033d8f07295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cb3c54cfdf164605d21a04ccb48702d5

SHA1
f7cfe1d738073074e23a291caa5afe67635c765e

SHA256
47cf1390eca3b160bea208d6d57a2314159ac90a77f14321a7e763609b5c71db

SHA512
f5861625d2f1816b9443deadfec7a66c9569d48ec3071a2381204ad48e6dad78fc2c041100be70219868401176d0113de15daefc4973ca3ef8361da6572fe597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e5a3378880cfb37579356f7ebd0c1760

SHA1
9cd2a8765a4af3a53f035f818fa00da64e18b058

SHA256
dab07e06641522529167282310222f3332339dbbba3553e58f3f69ddb2ec2ea7

SHA512
ee68674fdb7a1f89b27a29f4741c8dfd33e69fd7d7bdd5a0b9e6685c99d1e88c8b016430ebbb2ff3af043eb792ba7104ee6e0dff8e49eebec6fdf3bf00f89df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7806d25d66b2ccc3b22a15933e52027d

SHA1
3fc01575841b6ff3042810342f1bdb2a5f05bc2d

SHA256
67f5178165c1fb97de81a986561b2603d44a21e5ee6fa4f4eabe760c12f5c37c

SHA512
b45c343f4902fc135cec2301bbfb8ce3a0d7cc0e874a35ebeb1fb5ecbe84bc38e8790c9ced8d5ae6e77428bcf590a5b555be4662353a263f46434e031bb46df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68653f07f630825448d6efd038636afe

SHA1
ebd9cd93f5490018818722683818d66cb691491a

SHA256
d3cc0a13bbbea041e0bdffaea35f775df251acadf7f046189248f4ac8a82bf73

SHA512
f45f5c2f92cf680da6b173cbe69a400edf05121362362daa01f301e75457f0fe86604c18dd8ec0e069522758cc964368899c3bffa05934a9df41db3133055bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cfa68ccbb3e4496564d3ebcf8e359d27

SHA1
95c258c22d4072401d93b3a90edffeaeb0634d67

SHA256
6fdcaa4f59ad7acf1818ae33cfff772aaa14c834f85346173e159e6aad67d021

SHA512
09596670e33ad2bcb9c5ae6ac9b3d31762b6e11ab7cdf401230f0efa49b7121add5ae73aa38908454164d26a77d38618e9b91574d4be4eb765199011e504438d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c648e66caef491c4e005d9cd9fb4e848

SHA1
e282c8dfd905dad15f544c957538226d7f313ba2

SHA256
4aa007e41111134e1ddcd65ab7b73225d014ef3bf7c7cb80661b5ac3c76d9ad2

SHA512
a48962d2cab6bc1b92f0889f7b3b17868960aa9eabd3a5e4da46c58d4a5c3094cb7b6beefc7871973aaa58046c507e0bcc203286fbebc004c1acb8e2fdfa7ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5058847a5387d2b3344eb260799b5113

SHA1
c01fa0a3dfc28e7ace37b53515a39873e35673ed

SHA256
04a6566f29192f3abb293c467ab22aa17c8f5400d0f7c254c0107bdbb5324099

SHA512
293543f63b3d98b19122d9e71f7991dcdbff2b6b24b95b0ec949a3285e62cc6f3634137bcfbca039ed9f5f73abeebe4962a9af8b3d2a02d882c3675bed4abf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0e1033f8e88c1ae67495da9344aa2fba

SHA1
c8f5ce0eddd4f127d23e3da01f68ac7b12da09a8

SHA256
850a9507c71af2c7074ba41237b460c2ddec19218dec7010eed214a884c54a90

SHA512
7daa7ea07ee8fb1fee0b4ea941b307f17060af616dbff4a904fc9800626bad1735374cc3a5600a0fbb52cc5af032bda76e6c1e9bd1dfd185bf5c235be6526e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ca60.TMP

Filesize
48B

MD5
da20e5b44a82dfa432c161b249bfea3d

SHA1
76f350df7107a9bef9fa92fceb52a5d664eb0bed

SHA256
4972b99bacebd5889bc9a6feb8b69aa2c985b93835619cfcf9941d944323dc6b

SHA512
16d8fbf0b54a582e0c3c270357179c205e54798f14816d2889e71145a573ce40fc5d94030951f86dbd56efcbaa315905af5c3ac46a486f04ff3db31411a23e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f0995069d56458339453b80745551ad

SHA1
672dc3bfa95ddf880d7345fac2f2cfd0c4df6357

SHA256
c8378f3f1e0198900fc8976b2849e5adad6a9f92d7e7c5f16b18e30d78bf81f6

SHA512
9fbf5e6c8529bf0c181281964136c6cffc168a57ffda2ef9017e94031fb5e7c16d1f9b903a0677be00d709fbb11c4d007cc9db34741b80baf4fa264963bd5201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589ff4.TMP

Filesize
870B

MD5
5794f17a1692088ac75af4718fc739bf

SHA1
30c7665de69d886013974666fc38a642df36211e

SHA256
d4ae788c9012e4921273eb9d491883ef700f36b52c6a57b2dc17db7d92bebcd5

SHA512
d0de448a30a68407ca5cc8724c2bc3d0706bb56ceff341c7a721fdcd064cffe1b594a948cf7c2e2cc6e9315f4bd393bb8cab35d94e8db449845e35c3fbe98697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f64ab9259254f8fd651c897d9aba8dbe

SHA1
99b3506d879475406155d094e482e559fb923ec8

SHA256
0f2b93ac38006c577e643b29a78c9ff6b113c6e633e18d6d554cd7bbe03be557

SHA512
3beaa73f77500a8342f19ce057d7557b54e9952c8e034493dc4a1ac67eeb8b0924ab87be053ec5bcf9aa762f14cfea11f6a8b33be2b4da34266cf8ec7fcf4c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8961361895b1d29ee338e6c448c03c97

SHA1
534048b1c90dcab223c18190193b4f6f4faddf1c

SHA256
79dc3bb677d2bea4fd9b398425673d21b8353d4326377fb020dcbbe0b8098593

SHA512
507f74287278c7c0227ac066d8767aa546e274357be6458d4e00a11ab1c6c7210e6cf3b4f55dbd49b5ed1317cbb726e2a4de4c0f3dd05caee16942601e1171f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0930e4f911b48c75fb93eb31b4e92316

SHA1
200b1efb0756edb9af9125ac01d5f4892f1a234c

SHA256
4ee8381f9165e80821ddd4a0e1ef87232b0e4b8914e35f05ed044aa076174d1d

SHA512
d1ff01ffa9dc4824636e6ad86ac694f0088f54ff6609f83cfcedbaf301e56e619f6ffa885cd5c25328a733e8df7ab14cff7dc5b5ccc73202019c7e19cad38fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cf488f356ff9dfec900d0f528b445efc

SHA1
221a9677f2fa23b748693550cf4047b7f9cffda9

SHA256
cc98a5070ebc36632a33b32ee5b88c9636c5beaaba9e5b8e3fb3d4f445ed8828

SHA512
dfa6b5f66159e0325dea53e3badef975321aa3f093cdf98d597fd6a31fd31430b8ab2653bc19d24f6a63869eacceca50199e9686234a00da38bd0543cedb2ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db

Filesize
28KB

MD5
a396b4742e5d8b74803329e3272d952f

SHA1
8ae97c083cc5ffb15ded3bada03633604ca5c735

SHA256
bb96ced81e082c0635ef1a2645440322d0171864ebc223d5d706c6a3434f851f

SHA512
2526b41333907445a44493f9c9efb72d91f826bc0aaa54c2e65367b9e3c6d65bc6d28044c83ad3632db2dc08bd19b6cfc2293c4168f1c1cba1fb257124c1a22c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-57EMT.tmp\BorderlessGaming10.0_admin_setup.tmp

Filesize
3.0MB

MD5
a7f253a0b50775b6551e22b4d9a24859

SHA1
fd5f8d0375eace3f98e58eefbed312c4a8c1adbd

SHA256
78b2450bfe461841b7feb4f099fda5598d468385a548012eb902793f3a927671

SHA512
c44812a59ac03373d745c74a84f326d3faf52f25d0a2afa90965806958b288ebde1ce133455fc0bbe70ab2c8dbecf88459ed0cafba7ecb646531e6f8e7831a9f

Download Submit
memory/1796-15-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1796-55-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1796-137-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/1796-211-0x0000000000400000-0x000000000070E000-memory.dmp

Filesize
3.1MB

Download
memory/2976-54-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2976-212-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2976-7-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2976-5-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download