Analysis
-
max time kernel
97s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11-08-2024 19:46
Static task
static1
Behavioral task
behavioral1
Sample
BorderlessGaming9.5.6_admin_setup.exe
Resource
win7-20240705-en
General
-
Target
BorderlessGaming9.5.6_admin_setup.exe
-
Size
3.9MB
-
MD5
026e065f1d1e22bfecea6cb03460e513
-
SHA1
ec946f15b659258328fc8e83e9f65fd964a47714
-
SHA256
250d2d883cb9f5a05a60be5b74191ca357489686a979cf7832fcb4c5f0522eda
-
SHA512
29d8fda89350c26c283eaa2011427d5a5026f83c5cdd77db62f2c203aa6d03f02929ed428b1ce5b7fb95204b051a4b5a9f0dfef6dd427ae45cc4545fec3b14fe
-
SSDEEP
98304:+56YKaUquBz6FaCaukvYiVjLwsJ9lO0DR3n8J:WKKuVGa1ukvYiFlj8J
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
BorderlessGaming9.5.6_admin_setup.tmpdescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation BorderlessGaming9.5.6_admin_setup.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 54 IoCs
Processes:
BorderlessGaming9.5.6_admin_setup.tmpdescription ioc process File created C:\Program Files (x86)\Borderless Gaming\is-D1RG2.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-7CMID.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-BDB7M.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\de\is-T2DUQ.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\CommandLine.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-1FAKE.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-FTC8M.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\en\is-AB2BN.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\en\BorderlessGaming.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\steam_api.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\ru\Microsoft.Win32.TaskScheduler.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-BPIVD.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\Facepunch.Steamworks.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-R9PHS.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\en-US\BorderlessGaming.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\fr\Microsoft.Win32.TaskScheduler.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-M88C8.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-8LVLV.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-P754K.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\pl\is-MQ9TL.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-14E1R.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-E9ULN.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\it\is-2FN13.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-JE39O.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\de\BorderlessGaming.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\DotNetZip.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\it\Microsoft.Win32.TaskScheduler.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-IJG9G.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\en-US\is-I8JVR.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\es\is-MEP1L.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-FA0AO.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\unins000.dat BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\de\is-HTD3O.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-3APMH.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-4GCCD.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\protobuf-net.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\es\Microsoft.Win32.TaskScheduler.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-7BS2C.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-4143Q.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-63NG8.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\ru\is-PUFLN.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\zh-CN\is-TLD4H.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\unins000.dat BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\Microsoft.Win32.TaskScheduler.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\de\Microsoft.Win32.TaskScheduler.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\pl\Microsoft.Win32.TaskScheduler.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\fr\is-OEQT1.tmp BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.Logic.dll BorderlessGaming9.5.6_admin_setup.tmp File opened for modification C:\Program Files (x86)\Borderless Gaming\zh-CN\BorderlessGaming.resources.dll BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-2DL38.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\zh-CN\is-1GOSA.tmp BorderlessGaming9.5.6_admin_setup.tmp File created C:\Program Files (x86)\Borderless Gaming\is-KOMBC.tmp BorderlessGaming9.5.6_admin_setup.tmp -
Executes dropped EXE 2 IoCs
Processes:
BorderlessGaming9.5.6_admin_setup.tmpBorderlessGaming.exepid process 4124 BorderlessGaming9.5.6_admin_setup.tmp 1108 BorderlessGaming.exe -
Loads dropped DLL 11 IoCs
Processes:
BorderlessGaming.exepid process 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
BorderlessGaming9.5.6_admin_setup.exeBorderlessGaming9.5.6_admin_setup.tmpBorderlessGaming.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BorderlessGaming9.5.6_admin_setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BorderlessGaming9.5.6_admin_setup.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language BorderlessGaming.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 64 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b98ea471d7e4da019b1ccb8adfe4da01fcdecf5227ecda0114000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{BBC10EBE-284E-40EA-B109-E517C0CC64D1} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "3" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\NodeSlot = "4" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 6c003100000000000b59e09d1000424f524445527e310000540009000400efbe0b59dc9d0b59e09d2e00000086340200000009000000000000000000000000000000b39efb0042006f0072006400650072006c006500730073002000470061006d0069006e006700000018000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 98003100000000000b59dc9d110050524f4752417e320000800009000400efbe874fdb490b59dc9d2e000000c304000000000100000000000000000056000000000000f38d00500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
BorderlessGaming9.5.6_admin_setup.tmpBorderlessGaming.exepid process 4124 BorderlessGaming9.5.6_admin_setup.tmp 4124 BorderlessGaming9.5.6_admin_setup.tmp 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
msedge.exepid process 3736 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exemsedge.exepid process 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
BorderlessGaming.exedescription pid process Token: SeDebugPrivilege 1108 BorderlessGaming.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
Processes:
BorderlessGaming9.5.6_admin_setup.tmpBorderlessGaming.exemsedge.exemsedge.exepid process 4124 BorderlessGaming9.5.6_admin_setup.tmp 1108 BorderlessGaming.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
BorderlessGaming.exemsedge.exemsedge.exepid process 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 3248 msedge.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 1108 BorderlessGaming.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
msedge.exepid process 3736 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
BorderlessGaming9.5.6_admin_setup.exeBorderlessGaming9.5.6_admin_setup.tmpBorderlessGaming.exemsedge.exedescription pid process target process PID 4936 wrote to memory of 4124 4936 BorderlessGaming9.5.6_admin_setup.exe BorderlessGaming9.5.6_admin_setup.tmp PID 4936 wrote to memory of 4124 4936 BorderlessGaming9.5.6_admin_setup.exe BorderlessGaming9.5.6_admin_setup.tmp PID 4936 wrote to memory of 4124 4936 BorderlessGaming9.5.6_admin_setup.exe BorderlessGaming9.5.6_admin_setup.tmp PID 4124 wrote to memory of 1108 4124 BorderlessGaming9.5.6_admin_setup.tmp BorderlessGaming.exe PID 4124 wrote to memory of 1108 4124 BorderlessGaming9.5.6_admin_setup.tmp BorderlessGaming.exe PID 4124 wrote to memory of 1108 4124 BorderlessGaming9.5.6_admin_setup.tmp BorderlessGaming.exe PID 1108 wrote to memory of 3248 1108 BorderlessGaming.exe msedge.exe PID 1108 wrote to memory of 3248 1108 BorderlessGaming.exe msedge.exe PID 3248 wrote to memory of 1668 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 1668 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4128 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 944 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 944 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe PID 3248 wrote to memory of 4056 3248 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4936 -
C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp" /SL5="$601BA,3856765,82432,C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"2⤵
- Checks computer location settings
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4124 -
C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe"C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rainway.io/?ref=borderlessgaming34⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3248 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9b7846f8,0x7ffd9b784708,0x7ffd9b7847185⤵PID:1668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:25⤵PID:4128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:35⤵PID:944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:85⤵PID:4056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:15⤵PID:3104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:15⤵PID:3108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:15⤵PID:4776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4812 /prefetch:85⤵PID:4288
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:640
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4160
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x468 0x3a41⤵PID:640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9b7846f8,0x7ffd9b784708,0x7ffd9b7847182⤵PID:1068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:22⤵PID:2908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:32⤵PID:2024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:1152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:12⤵PID:4632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:2528
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:82⤵PID:2700
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:82⤵PID:1584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:4056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:12⤵PID:3104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:12⤵PID:4556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:4412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:82⤵PID:5428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5072 /prefetch:82⤵
- Modifies registry class
PID:5436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵PID:5648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:6040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:6092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:12⤵PID:5572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:5424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:5588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:5612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
95KB
MD5d2cc785f9f78c69b8ed8cc6c89047a64
SHA1554e903441b433e743438f6e952b4dfef734faf5
SHA2563c140c5e3bbbaa6ae643d8343a1a6cb207cd67f483aaf1742266ae489e549126
SHA5120ea69bb50b13cb9019fa7269a57610c65bda53f10bc1ab6ef53165faef1b1d900edf4a6e6161fbc85417d33ab8814bb9efd4e9a3ce3ebd69c66b1a1f0f429f48
-
Filesize
2.8MB
MD5744fc319f32b3ed3417bd93d6e3d5ddb
SHA1ac7dcbfcfba00710666f390573fa818d641be7e1
SHA256d9312f8c6e473004f4a50b533de30bee30f7a8763ac0c567ca1b0dd2eb017afa
SHA5120e3027e521438aedbe9bbf9959c9487e38638a4364ae1774c690cabda3b275d1b4bd40b405fbe9ccd75c5a1f900b521b39d58c3e656f76f68e87803c638666c3
-
Filesize
184B
MD528960c034283c54b6f70673f77fd07fa
SHA1914b9e3f9557072ea35ec5725d046b825ef8b918
SHA2568d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479
-
Filesize
57KB
MD5ec0e2dd54144d6f6a317b7daa715d418
SHA162c2e04bba8436912d9bcec1ec4d4c7afc843a47
SHA2564923528d3d18689d58fa30b3d822ab72a13be21a57f13e0bc59b55b864424f7a
SHA512ccaf01f89fab001ef2ded15b352e1dd2ab3967584a8720acb7c6b7203240f9c896f7d46600b12e0e86b25b30779b1e5ed59ce97fb3f295afb11d6391670265ef
-
Filesize
448KB
MD5f292d363754984c8fbc921fa2b5e2700
SHA17a855f57741d91c12aef038aa4f18f259872ff3c
SHA256aaaf2670c222cb0af424a796c4831af6258ee40da29ea81d9fc7e2fcb171f345
SHA512be3fc49ef90a60ed6418f66a4a1196c56e97fad7519e9b0fde7d3c47711370a2b85b89ff496f896b3086744052c92f5baa31255c2db5e5a81fbc3bcc827b0041
-
Filesize
1017KB
MD5e3752a681002136f751b21fec89669be
SHA1f23eb0f1bfd08e3851ca2128cca40305d1970962
SHA2564dd4a33d1e71a3d775bddd311de3bdfa8c472e5ae557f7d0df2d1c3469d03864
SHA512a7dd21c90947535db31e2d72851d7888dd7eb430c973271cc3620b3e6c9e03af9eb3c631d30b49c14e7ecd0ffed82947dbbe110b0f3834647b0baedd2fce55eb
-
Filesize
54KB
MD5be8519f34a516bc8fed58aa2e6f7ee22
SHA1e0dd24cd2194f6f898031bd31458352e1d41661e
SHA256fb27fc7584286569c0cc60f39712d487f71eb5da02b8d2fe5bf955aa70144674
SHA5125e088a06e12e04477a49e5cac78dcffa7833aeb9e44e5de4043f2a8c2d7ae57ccaf22b8f77ffcb0a47c795ad4012f92db7fe83c0e57bd2841b7d821366d00007
-
Filesize
269KB
MD54a4756e227c10623d81228bc4bc49c1d
SHA1964014f538918d85f6eb6a7b4023b304067b28f7
SHA256042b8c1c1e0eb7648b164ee48c95168c48324f1fb439cabd5f2e41db0938d807
SHA51293d2c6f47c618dc9493f5a538cbfb5a32c1e3bb35a623b51561057245f2fa557c452ee18ae274182c3e0440b77353c5490d196f16eda142b6129e8d1108e5a04
-
Filesize
216KB
MD504c58bd2e83dd1aae1ab2bff988f5451
SHA139274dc210b3dd8c7f0bf2d18b51df3fd4242f60
SHA256fe302b9cf000b5b56b8f48df9a6737fc43b1c225db91306e92c779cae0d2908d
SHA512803c0bea494f4fbbb7c7ec57d38185966a668d282da82d41cb2ef18ef5432e77655dc5799b4ce6fd1b1782099d056591bf77130bd71675468660a83cebb2f390
-
Filesize
10KB
MD5c2088fe7e3ebb8934244b2e5b6dc1340
SHA112dafad4f68bd23c471f092ceed02430b06f9c39
SHA256b5f3aaaafafd01f0c4fd7a1f2acf9a1b51ff884310a10da625b0c4d1889644ca
SHA512a013bc7ff9e0ee6f9e5b219cf84b0a8fdf3b65af617a62d5d92eaad6eec3f151742d89c8b87c7192da17a6b80baa0bb2a72ba6630853ef2ef9fe51f35b491f1b
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD5c075495049be81b9ce2815c1bc009b36
SHA11befacff91d652f8376955358af77de55a2bc7fc
SHA256f556c7856e80b0fdd93f4c0a6ee721a26722c54cbd32a8133cbda0e8dd91babd
SHA512138e988324533e3902abac1676c6076d1ac2db868e5f26eb47736e9fdf572da11b3db798f61660f3eed582f89f3607d8b7192bdb2f959bab96eaa2fd410ec307
-
Filesize
44KB
MD5ece17fe22e636b5f61dfd07378432ea0
SHA17f672a7bc2c80ee3397f7a820f4e27b825c90576
SHA25695f5197acb1eefd404175fcf16161b28af3fcadeb707d8d7ccce7a36decb8a09
SHA512676ff6285a371758f8357deb9a6f9011b0c21920ae1240e04ef2c66436a9750f094a0f76202bca0281be9292e2bda3db258f194d0e63e2a057045f543b678705
-
Filesize
264KB
MD5de766dbd0f3671260f34d25ffefb1e71
SHA116ab9fd5d451e34d9a0f80c986dba50e848cb5b0
SHA256c0353f28ae422b7ad3532c73195d5da40bdb3dddc85fc5724cfe9db4d625b36e
SHA512e7da93758c73325d79da17678797a543e4437c85984b12bcaebdf8c7a8cb52989b3097840523dae76121d1d8be9a22f36c411747aaea14445b7c582d0ff9570c
-
Filesize
1.0MB
MD525fff3e390fa0753c595557682e7d8dd
SHA12a5a2449a41a6292de333bb99be2aa3d4c34e419
SHA2569f3c55dda01408202992040eb9f19a584a75e9030434c90c4c3b188bcc8f27fd
SHA51254eb574d1fb079278020be03f26685e1469251427c3ad76ff8537eec61335c62434ef9ce04ede3200d739ee6f57f477b1147afb79aef44275ed46ce68619e4ef
-
Filesize
4.0MB
MD53840ab780891338cdb1c4eae18177795
SHA16ad4d2b0e5422cd91528c044b7a85c76ee35eb65
SHA25669201cbe2cd790f9bfa5f9ad05561e96ff2739ba49f69775b00cc247af45c449
SHA5120f4ae705786eb2f2fb04da26c26bf4b2667c7f35dda6d9fc9e2a4c8b170b7e8b62b0d11033f8231da891837b3093c7617cc753ff31acdd019ea1d443aeaafd99
-
Filesize
210KB
MD548d2860dd3168b6f06a4f27c6791bcaa
SHA1f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA25604d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e
-
Filesize
4KB
MD516b531a54aa2fd84b96236180b6a4502
SHA1c577fd7cc3f620630826f504794286faf225650f
SHA25631cb437e06794b5527554ab86016813c0b09ff50695fd730fa3033a768622308
SHA512e39168f2f62b4abc8c3e00b4e578ffb5de04eb1be66feceaef778f4455f9168c9e96609c4a2da833f553969d29395b06ae753be35c8ca6429b57f25bf27a3762
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD558ecf373f376180e307b258b93733fd7
SHA1368b6030c6bd5f8d194ee4a4f1947c98737abc4b
SHA256b058a2ff86cdfe058c3bfd4f67b2854d9d33814242e29da006637e34005a76e1
SHA5124201d308b2d479a421bb705683aa1f1c81c8d5464fdd741e6ea0bc61d83b4e321d368b31b6f2486951e786beb35634ec803cac61c630d115d1f689210ec3304b
-
Filesize
20KB
MD520f55457f8e5ec1ce41457c850f9e08e
SHA1ae506d858fd4c4d90fee6717eaaea83bf099efa1
SHA256be2e427f9202cdf2c90661b73c6f0f8f8812433222f8f5174147123388d7ff4b
SHA5128e61c31b61259942bf1d80f4e80bc0af4e1c3d9f099620f79cbad8103770a77db4478800964057b31b71bc4e642c502b6f119ef22fc36b13a710f2a1241cf744
-
Filesize
319B
MD5463da219401b888b057d17d5f3857edd
SHA13673edc207cc08a79a4f3ef2be25cfac22fd9278
SHA256f89ef386269a7a345517bb32fc06362a19f7380b1180b9b1437dd305c44a217a
SHA512adc01d01f8c795227a8d293ca49bbdfb1667f531c0cfaaec557e1a7b9104e025a7ccef3235e172e33d3e2e59955662b82a795b52de8a854255f76854f563db24
-
Filesize
124KB
MD5d176dc3c963c101ac8363b7a9f558380
SHA181a2b6ad2e50d99f84255c5418242c2d05f91d7a
SHA25674a68996a6b421379586e838f4e0a3bd60ee681a78970d66e0b19c5a2ea924d9
SHA5123ab79c3b395c97976b54806f42757cd4e7cda698b642d4d308e888f64337ed1d22b6afb8d958477895811f0d4e88f2e86caac25bd2f16405d77df37ab0cf6d0a
-
Filesize
1KB
MD5f38641ab36d797c97473fa00f9a0a8cd
SHA100719f35e463f4c72406dca104e49d7933dcddd6
SHA2565be9d07bef91446b9121c1a1ea5642b18a28894a459f14b44e7a4938085377d3
SHA512c62935a72f4f52655bd6a1fe341e7dd97ff8c5ef8fe4c00385abaf8666126c5068ef3acc063e9a5176483620560644046f77a7283d7dddebc665c5358852e848
-
Filesize
334B
MD5791483bc31d258ac2573ce42e7fe3c10
SHA13de97d31420e2d5dfeea5473a04a8ffa3f37f063
SHA256c59e0b24ef5a46e4079593e2c14219129d2bbcf3eb468409dab44f238564f8a7
SHA512a7af8700458bb33eb36f370ccf15ce636b3c0faa0df756bed866d28440f04612b0205a4a7a27fa5c79948f823c96e877734bbd558e27532e9ea54e6af268bc64
-
Filesize
420B
MD539852517dc19b3127d929f26669efda5
SHA1e2c1894c6481e68b9564077267f7f5b87ca47741
SHA256474029b0253139928c5bcf24eab6eaabc364ca8d780e0089e36b83f28602b4d1
SHA51289a0517a29224726903dc54d7d9cf3de7778468590ea4bc188782143c6b7a530044df4af0c59bb4a78cda81784562088e2a18930db34896a8698d58d5f2c5b73
-
Filesize
6KB
MD5078568a2b3e6ba5755142fee77b00b5a
SHA137388c2d163de48f258c0eb2ed7408ef44da1578
SHA2564c297588a1063b5da24f8495fb62d3b7fe093c13cf60845caea3e29cee91c1a0
SHA51271479dc32381556c7d572294dcefb299977c26ec21d8b77759abcb9040751003120eea41d377530f36c8a3e99089233253791ec34e315d4e21f9c310094ac762
-
Filesize
6KB
MD5b50305e099cb045f5d744eb279aff1c5
SHA142f0be651d59ba311a90dac23e4bd98d4e38cf2b
SHA2568198e66f97193fbbfc4446aa882a01f199fefd0a4e70d3869df892fe182324f9
SHA512a5abe7115ade52c672ec510cddf93e397d953eab221f3fc163f3db87fc56fbc19fca8f70a7b1ecfc941323a8953100ab0f2eeaefbcd8cd639ccac9dd99d69fc5
-
Filesize
6KB
MD511ecd4d8e8596ae2468e81476bbf6009
SHA1ddf8b1f68e1a4784cb5832a254c9552b535c860e
SHA2562828e4b843b40248a1bdb455b41848eac006306a2b0ef255a43e564016fec787
SHA5126bc878e1e0877eebbeddbf282f8a59c7a73aa1187b68e852640dfcb031573e9e32130241f991a09f30666605ec2ce50b6cbef7c7baf4bfbf04479a5122259452
-
Filesize
7KB
MD52e6d989fdad21ed4c27295bc4434aa49
SHA1a39ac042dcad4e93f9eff19f10386c79a2e4c707
SHA25647b92e1f02e0442a2b7c59810c7b7035ce9cf9cb6f8ec1fcb661edcac8190ac1
SHA5129e43b3959944132d1d72b8000650b92c324bdabb43da27877b9c0789fd7b29617bcf2efbf788ace4901d53da50324b11c8841b3d28600c20dbba1ae7b6263ef2
-
Filesize
8KB
MD58455f7cf3bc5cda2be6b3dad0859b123
SHA112e1254451a28715a40881c214f61f3fd05e8bc2
SHA25636f1fe67540d88a1b031bc1e7a025bba6af43a738dc23676af5a204b0165a117
SHA5128b85398ea6622ad09730bd639f5751f5197c784628b4c6c80cf54b53ab4a4bdaeffe2bfb62b980075250d26cad93d53d4c72399d2049b197113ea85b33696c34
-
Filesize
9KB
MD5aab8804e22374f38ac865e9887e4a4c7
SHA1a283367edc4e4db803fe7594c661ce38ce5d3890
SHA25659d904582b2e7a524f821f6f43fc87ed3183bd4e905f8e2179a431f5d46ebd63
SHA512c57c78aee0f69782020bce80343844e99ca4e141b9773f69f1a50f54954185b442e51e44f0d6e69be0b016682ad0f647ee5b63bdcb86ec6d5fa5c83b4ad0a2fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5d0ed1b415304e0f600df04d8d9fb8055
SHA153867f095e2b5a3b479060561e5cba68ba799db4
SHA256bb8cb7958632565e4431baa645b35c5639c8500e273544983a3ce2828fe1b22a
SHA512eda0e41bd258ec7453c0eae456dae2b5eef3e39f3ac7e753666a91b9d63bed2d9002ed1589ee6afcd05f29c0fb5f69ac0e0912de52c11dbf8c74b359b3b67502
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589824.TMP
Filesize48B
MD579f2968548bcbfe48ebfac60e51bed64
SHA17e1c5a6916256017677f2346a47c86a7180f5ab0
SHA2562166c135f449b3d0ffb7e567843eb1b9c34c6066040d14de5ee83a3ab6a083cb
SHA51287bb9510f7beb468b52e3921853269d32caf7fa85d014f30cf49f51ebbdfa4220316cf5a2d239c69fefc70d0b68a0568047d1f85608724334cf61f39c83729d2
-
Filesize
333B
MD53c767b457cfb67ae7987ff9e27d898ce
SHA1031aaa145478ed72b07b8669e411a1e35f617b33
SHA25684ba10191fa14d883df3abedabef1e57ab68f70f3c64eb1f83154fd9f28f7ae0
SHA512d56687fcd7f5c11511ec247770d3a6f91acdb3b17dd13fc3883b6652b525ea923a573ae7ef854dd4bb016a01d47c3c8426882a1abb9611cc18092183a2c96977
-
Filesize
322B
MD5434e31d8de0faf2028ba213f6bcce64b
SHA1abfc1fb3472f54d218599d09445bffd3872c9405
SHA256ed1e75ef7fe772ea142d39a27e56126a076ec35f3f855f218f302e52d0d44f39
SHA512d5dcce09aa384956294957a0779f38fd99e7276af0c447c703cea87084fc0a977a38d1760ff934f8c1cbb034963ef38de6030d410c309965618813e658ffc925
-
Filesize
5KB
MD5a8495211803c5213f5f52afebf9ec36b
SHA14bfca44b24a18253e73b0f4f26b40c3dd178820b
SHA2567fe70dafb337708a1c4c0841d3dfb9b42db0bd7383fab8e52d976ce76f7bd7e1
SHA512e5dfa2fb7f7f36e0efc5169343968dca848b081c3de627b35dea358cb8f39662b02c4704ecaef5e4a3616eb183cb0ed37cf2b962620f3f2d9364fa6d6dbf5170
-
Filesize
347B
MD5c7eb4b8e3a22b0ecd1a2aa3e7cc3c405
SHA1287cb9e6659080f84f585d6a0161afb4ae542032
SHA2569e08597186152cf6f14e31eba00ca0a8ca7d948d8dfdb34eb4c0cada2558be78
SHA512dace84894c5a2b5f744b54a624c6a4b54986e5c9c6d37e945c37bc1089df0e03d1790cb9e7107857b12c4866b260bd6cb5b53c85177228a5022064d1c82edbe6
-
Filesize
323B
MD5ae2505bfead7ce38519ad658767c75bb
SHA1c93f8e4477eb92db66835deb6bfdf39df6d5d9ac
SHA256ce1ed314acd3fbefcc245290d48f0ba6de43d4c56fa4616ce8cda0d6a330c613
SHA512fec5fb71a5bc44f2226a7b36a172cbe44aa4c074b95465b23d9db55fc9f758d297dffe15de4f7a4b2db7c855c35bf7d5b7ddec5c311c97d54ae764e7f6f418fa
-
Filesize
1KB
MD58670f996373386031b2a8ff48655576d
SHA1ae9db79257e3d333a464746ba575128d1591de9a
SHA256b11ef8a3e2ff32ac29f7b85b11897a4655bfce9594b774d8f6f88b3fd3983021
SHA5127ecd7c863aef19d6fc90c443a50eb5957baca4382b0e2323eef53231ace157cd9cd9d4e5a93c877451254439a4cc4c65602902555498dae8f8b825d2297eab60
-
Filesize
128KB
MD504e66793047f30a7011a0ded1efab51f
SHA15897e79dc58e895d4ba2d421866480f97bb767c5
SHA2564f01923086d28bf1fcb8d516b83acdbb241675986bdfe26f9784247fbdeb7494
SHA51252361fb0e7015b621c78260618ad254dc763db7ce0587f18b9018a10b9518804738092a66858a67a3cc69596a597e8cad61562a5192f1ca980ab113dd3864906
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
2.6MB
MD5f96ab09bddb01eb463ac4bd45d1db645
SHA1d5ea3adf2944177188cf7cff99e3fe7d0b752ca7
SHA25675b9fb3f824a328f30b5da29817105f6e638e90b84a5ba979fcdc2292e893032
SHA51202a93bfd89f727495762ec698c6a081b53241f4967602a58c83d495eed6c8d8108aa0477ec87e4359f3f90a5f0ee16da5ca55dfe588f7bd44e7e12dd31f33be0
-
Filesize
319B
MD5e86bb16b2c3a1608af20b54393ea044a
SHA138ce1dc3a80f70290e252fb12605906da895eb41
SHA256813700876353caa7103f36d522c4674b852ff38379023b7145b99cb9043a360e
SHA512572192b366327a323c718a2a48f8727910015582380b3d450dfb6f84abb4c65debe529f38d59aab4349c088951acecbb274c1f8fbc7343de2e2e876fcc0999a4
-
Filesize
194B
MD5a48763b50473dbd0a0922258703d673e
SHA15a3572629bcdf5586d79823b6ddbf3d9736aa251
SHA2569bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd
SHA512536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1
-
Filesize
337B
MD5e21014cc972196d0411bab60d2f86cdd
SHA10d3f0689f92c692459d358b147835c5fd4a56649
SHA2564486f9837489f8929735dc3e4a8e0c54702d0afdfb8fe630e13939eaea8318e5
SHA512069f7bd8ef5a967be4fc54f03e01707ddd82c2175cd352e24513501b1b11ab75290f4c82fa549d014facb2fc8238a4756bc1c6da7abda97290ed4b5eb8990be7
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
10KB
MD583f729f8ba5737934bc4f8423436a10a
SHA1f26a19891e7409b166a9fe679cc663bbc7506574
SHA256621fa456f87a84d6591f9b407c667c95329fbe4d0e88df71f657344a71be7ca6
SHA51214947fef28daaa528169359277d5b405e5fdd0f463ea83510f8fcc324732bbf2e8208f140ee69a35266123d0f3c6e049bccd234e83122e2fb7e1d269cfb7bc58
-
Filesize
10KB
MD5a1c8fb94d6ff08e49b153dc26b90e40d
SHA19df008aa201bf0d92132e0282dd214dfdeb05f13
SHA256f297d97b9fc8bfd418420a23368be2fd31ab34392f94b40467065b1d497840cc
SHA5128e826875b17f830b77ef6f041b3c1f67080a1bc7e7926d561c0f9a4431dc29607cbd68bd9dc6362f1685b17b8485e0682f9dc156c8344c9e4e170400d862773b
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD59d16d66f85ab3dedec5bba4c0557af47
SHA16e1a154299370eec835f7365dd351b734195348d
SHA2568c3d73900ff47742c52506db1c88a28245a2d024a32c3c59489131cabcb3022a
SHA51211ac360030a521c39831ed0f0ad3e7678a955b599cac5d34c4488c75fabe16b9f9fa9257a891607ee47cb727e0d4daa088f6311de27410fe250f63eae4542211
-
Filesize
721KB
MD598242be0a249553b9b4f1bdbf14cd9d3
SHA172fca546b10fad3cf719c5e008748ded45da1228
SHA256a166749687ffeb6938a0a24bc431a96f054e080994b3292b07d933f67ab7002a
SHA51208ec542ddfe1e9defa4fd67e8cefb3929bdec727f81611f98602b9057296d7afb55f845fafff578c30ebc6ab254a8be2aa150b05bd95802cbe6bd37a56e8cfd0
-
Filesize
4KB
MD5a908de34cc5d1a32e5c905adbd54c36f
SHA1a09d69674143b0518ad18a9f3de9cc6480b8483b
SHA2565c1ed7ad1dd10255d0daac6eaceb9126ebddf53ddefd9edd6d26e6fcfe9c4423
SHA51236bd24d0c13786415940ce36eeef57f9b03b600228101f91ec2326d0bcc5ba92268347daf0e616cb16769c38c6a444725541b31c5c4f07b3ebbd1b360400c8f5
-
Filesize
3KB
MD5e6d2c2f004c8afac83623b467f08a15b
SHA1bc1dde982d7a68ab5bdb0feafdd8d4a179f747b3
SHA256219e753a62ed3c7fb90ddb3921557bfc5bccd3a736daad39b4eb642d2256b4e5
SHA51246fc6b58504e5286d4c25753862a7562f83b17e6fd2394c6a5dd2212b3ca6d559c889b2c95cf48fa45a50317c0f7e3bbdcf6f505469bc45dc6739c9dbf2be0c6
-
Filesize
4KB
MD5ab0b84ed43934cd270af6a80f5def13c
SHA1a5c2aa40a8b3034ca90cbf76c23f0d01d3d99047
SHA256bf04ad6e90d986687406ed36f8d985caeb5b507a928fdc27d969fa88b21e9321
SHA5123b586ab40f2dd0b8a54da11bd29a61874be0e190e08eaf44047b7d5e25322ba26aa824923c24d1f5d9ae4970371a963afa07048b781ea4dee473fd10706735d4
-
Filesize
4KB
MD50b4c462659f700d97c9b5bcf94637eb6
SHA121ed213fc9cbb85bde62a28f43218f88fb782c4d
SHA256291192a64d826d331073f0c46704fc20641f56dd018b7fe779340336afc1fe2e
SHA512db2377e5a34c29a838135948b2cfb1afc82430c7387d973067bf65b8e6fbdecf02131fa490d92faab946cc9105d8370ef849742d715f6f91bc23c5bb62ff5198
-
Filesize
4KB
MD5d9d509be32230886db9f3e8bb9534de6
SHA1119a53c7b00326844eb07d807c8885f8e753678e
SHA256f030b1854fe48edfc973734cc5f0426c4a10817fcbfec4f5bcd28af120d00429
SHA5127037e2bdddb65be820bff6d84406703eea7c45828a0865dc220c7fac6dc7e324887b6ff1b9493d6980be481f0d9eafd44c15a18e50459e4f2d8edd33cf25fcdd
-
Filesize
4KB
MD5c7648c8d89c8663de1fa9ec90a616637
SHA167276de37eaa9ee254af2f0259fb6a89b743a18a
SHA256474aaed53d0604bf17555ccbb408469403f841d65717566660c85827402e222d
SHA512c3b328faab6fca6a41bc76a91cb489fdb464008e23b19dc346e26f92adacf361fd5c3d9fef145d06bdeba64838a3afedf21dc06935932b9c28d305707a9eccf7
-
Filesize
4KB
MD53c7b36819de2dd3a830cfa0389e4356b
SHA139d70df1abec4fc9318b9515727c95b0d824f69a
SHA256e667c55d3cd296a845ecc7ac3de9e8955f1b2ad9a916dbb7779465b9f341005a
SHA5127096f40d0140ff8beab64976d318ab340f474aa328fc58fc624e88535690bb2ec52183598ec7441cef18c3fe98df89392a13d126bdb5466cd48c9c851481795c
-
Filesize
4KB
MD574d9b28b7a9b9aefa06cc2b537ea2c72
SHA16f20ebcc738754ac9e41bde2c3b3696d90eb06fe
SHA256b8b988fda43e41b17f3942e3267c9a57f474ff888a45d9885e7677a02cf945f4
SHA512cf5b71711be22daa021b7d54a0fab49d8a7986ccd8ee9196971e4b5440233cd6bf478f325d926bbbed15d2361341c4529aa03153ea739838dc8608935fab5dcd
-
Filesize
5KB
MD50d4476a5992ea81dd2f4e083abf1d6e9
SHA1964ee26c4d6c8285a73b76edc3079ab0926c741f
SHA2569d2927ecfb04e3416f674366d47dfaa3fc0eff90063429b714911470c368c9bc
SHA5123585015d832da9d6ca2d8f0f3c06d08d7199e13977820dc491a1374d4dd5a37cf9f05bcd05e2b717af81b7f33fa70c12add63749391af0fc406e3a4a092f774e
-
Filesize
4KB
MD52fc15d0fafc658521db4d45a2ff3d012
SHA12c885425467c8dd23e6e1c8c75af748d5020f610
SHA256f42d91a5b925f0a6bc058ca83ca46c05e951c73e724a6a6c6c2105c898207f11
SHA512b4cecd4e065b6a1379d7362f09b822a2d3c0161d0027a806b2f51f89b1550e86a58e11e1605885d43827fc7e251d5a6a81fd73a831edf659e1f7c1f936e553f2
-
Filesize
3KB
MD54961b813e28a208a6a902d3e71e62c27
SHA1a3300c52ee3630d7c270c1e9dd5bb7094c705792
SHA256b49906aa1ef0d83a6a31663d19f5f83a61c01ec116f291202ec3b32b60a772c9
SHA5124e889226cf8a1d610cea5a2ecc21e443e445c07d3e92ab276f720d8c9ad7f600c7fac2e0eb992b8a672333797efc5f96e95aa13bdad270d57891cec63f767cb7
-
Filesize
4KB
MD533ed9ff0c219ad3a791c58c09542be9b
SHA11ec45cfc971a5e10ca99461f76478c96bc375f9d
SHA256741cd8d1410a72e287637209bad08cbf3b17078b946954b67c58be8ed44dd1a4
SHA512690d9190d0b7093e1d054dc552113e10f76f5439074df868ca76d4a34ea150c3d69adab14102d8bedf67f156d07a11739486323089e059cfc8f65ab995396fda
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e