Malware Analysis Report

2024-10-19 11:22

Sample ID 240811-yhbebavcqm
Target BorderlessGaming9.5.6_admin_setup.exe
SHA256 250d2d883cb9f5a05a60be5b74191ca357489686a979cf7832fcb4c5f0522eda
Tags
discovery steam phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

250d2d883cb9f5a05a60be5b74191ca357489686a979cf7832fcb4c5f0522eda

Threat Level: Shows suspicious behavior

The file BorderlessGaming9.5.6_admin_setup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery steam phishing

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

Detected potential entity reuse from brand steam.

Checks installed software on the system

Drops file in Program Files directory

Loads dropped DLL

Executes dropped EXE

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 19:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 19:46

Reported

2024-08-11 19:49

Platform

win7-20240705-en

Max time kernel

140s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-4POFO.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-4POFO.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe

"C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-4POFO.tmp\BorderlessGaming9.5.6_admin_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4POFO.tmp\BorderlessGaming9.5.6_admin_setup.tmp" /SL5="$4010A,3856765,82432,C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"

Network

N/A

Files

memory/2104-2-0x0000000000401000-0x000000000040C000-memory.dmp

memory/2104-0-0x0000000000400000-0x000000000041B000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-4POFO.tmp\BorderlessGaming9.5.6_admin_setup.tmp

MD5 98242be0a249553b9b4f1bdbf14cd9d3
SHA1 72fca546b10fad3cf719c5e008748ded45da1228
SHA256 a166749687ffeb6938a0a24bc431a96f054e080994b3292b07d933f67ab7002a
SHA512 08ec542ddfe1e9defa4fd67e8cefb3929bdec727f81611f98602b9057296d7afb55f845fafff578c30ebc6ab254a8be2aa150b05bd95802cbe6bd37a56e8cfd0

memory/3044-9-0x0000000000400000-0x00000000004C4000-memory.dmp

memory/2104-10-0x0000000000400000-0x000000000041B000-memory.dmp

memory/3044-11-0x0000000000400000-0x00000000004C4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-11 19:46

Reported

2024-08-11 19:48

Platform

win10v2004-20240802-en

Max time kernel

97s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A

Detected potential entity reuse from brand steam.

phishing steam

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Borderless Gaming\is-D1RG2.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-7CMID.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-BDB7M.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\de\is-T2DUQ.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\CommandLine.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-1FAKE.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-FTC8M.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\en\is-AB2BN.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\en\BorderlessGaming.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\steam_api.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\ru\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-BPIVD.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\Facepunch.Steamworks.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-R9PHS.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\en-US\BorderlessGaming.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\fr\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-M88C8.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-8LVLV.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-P754K.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\pl\is-MQ9TL.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-14E1R.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-E9ULN.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\it\is-2FN13.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-JE39O.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\de\BorderlessGaming.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\DotNetZip.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\it\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-IJG9G.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\en-US\is-I8JVR.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\es\is-MEP1L.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-FA0AO.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\de\is-HTD3O.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-3APMH.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-4GCCD.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\protobuf-net.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\es\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-7BS2C.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-4143Q.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-63NG8.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\ru\is-PUFLN.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\zh-CN\is-TLD4H.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\Microsoft.Win32.TaskScheduler.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\de\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\pl\Microsoft.Win32.TaskScheduler.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\fr\is-OEQT1.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.Logic.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File opened for modification C:\Program Files (x86)\Borderless Gaming\zh-CN\BorderlessGaming.resources.dll C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-2DL38.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\zh-CN\is-1GOSA.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
File created C:\Program Files (x86)\Borderless Gaming\is-KOMBC.tmp C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b98ea471d7e4da019b1ccb8adfe4da01fcdecf5227ecda0114000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{BBC10EBE-284E-40EA-B109-E517C0CC64D1} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "3" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\NodeSlot = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 6c003100000000000b59e09d1000424f524445527e310000540009000400efbe0b59dc9d0b59e09d2e00000086340200000009000000000000000000000000000000b39efb0042006f0072006400650072006c006500730073002000470061006d0069006e006700000018000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 98003100000000000b59dc9d110050524f4752417e320000800009000400efbe874fdb490b59dc9d2e000000c304000000000100000000000000000056000000000000f38d00500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4936 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp
PID 4936 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp
PID 4936 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp
PID 4124 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe
PID 4124 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe
PID 4124 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe
PID 1108 wrote to memory of 3248 N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 3248 N/A C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 1668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 1668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4128 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3248 wrote to memory of 4056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe

"C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp" /SL5="$601BA,3856765,82432,C:\Users\Admin\AppData\Local\Temp\BorderlessGaming9.5.6_admin_setup.exe"

C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe

"C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rainway.io/?ref=borderlessgaming3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9b7846f8,0x7ffd9b784708,0x7ffd9b784718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16049237633338674198,7153475674271132259,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4812 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x468 0x3a4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9b7846f8,0x7ffd9b784708,0x7ffd9b784718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7779222162315010671,7157101655761927365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 raw.github.com udp
US 185.199.110.133:443 raw.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 rainway.io udp
US 104.21.54.4:443 rainway.io tcp
US 104.21.54.4:443 rainway.io tcp
US 8.8.8.8:53 rainway.com udp
US 104.21.39.177:443 rainway.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 23.200.147.41:80 apps.identrust.com tcp
US 8.8.8.8:53 store.steampowered.com udp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 19.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 4.54.21.104.in-addr.arpa udp
US 8.8.8.8:53 177.39.21.104.in-addr.arpa udp
US 8.8.8.8:53 41.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 51.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
GB 2.18.190.140:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
GB 2.18.190.140:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.140:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.140:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.133:443 shared.akamai.steamstatic.com tcp
GB 2.18.190.140:443 cdn.akamai.steamstatic.com tcp
GB 2.18.190.140:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 140.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
GB 2.18.190.140:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 video.akamai.steamstatic.com udp
GB 2.18.190.137:443 video.akamai.steamstatic.com tcp
US 8.8.8.8:53 137.190.18.2.in-addr.arpa udp
N/A 127.0.0.1:27060 tcp
GB 95.100.245.51:443 store.steampowered.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
GB 95.101.143.201:443 www.bing.com tcp
GB 95.101.143.201:443 www.bing.com udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.33:443 th.bing.com tcp
GB 88.221.135.33:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
GB 95.101.143.201:443 th.bing.com tcp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
GB 88.221.135.33:443 th.bing.com udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
NL 142.250.179.163:443 recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
NL 142.250.179.163:443 recaptcha.net udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4936-0-0x0000000000400000-0x000000000041B000-memory.dmp

memory/4936-2-0x0000000000401000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-ISDJ3.tmp\BorderlessGaming9.5.6_admin_setup.tmp

MD5 98242be0a249553b9b4f1bdbf14cd9d3
SHA1 72fca546b10fad3cf719c5e008748ded45da1228
SHA256 a166749687ffeb6938a0a24bc431a96f054e080994b3292b07d933f67ab7002a
SHA512 08ec542ddfe1e9defa4fd67e8cefb3929bdec727f81611f98602b9057296d7afb55f845fafff578c30ebc6ab254a8be2aa150b05bd95802cbe6bd37a56e8cfd0

memory/4124-6-0x0000000000400000-0x00000000004C4000-memory.dmp

C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe

MD5 744fc319f32b3ed3417bd93d6e3d5ddb
SHA1 ac7dcbfcfba00710666f390573fa818d641be7e1
SHA256 d9312f8c6e473004f4a50b533de30bee30f7a8763ac0c567ca1b0dd2eb017afa
SHA512 0e3027e521438aedbe9bbf9959c9487e38638a4364ae1774c690cabda3b275d1b4bd40b405fbe9ccd75c5a1f900b521b39d58c3e656f76f68e87803c638666c3

C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.exe.config

MD5 28960c034283c54b6f70673f77fd07fa
SHA1 914b9e3f9557072ea35ec5725d046b825ef8b918
SHA256 8d65429e0b2a82c11d3edc4ea04ed200aedfea1d7ef8b984e88a8e97cff54770
SHA512 d30dd93457a306d737aac32c0944880517ed4c3e8f2d1650ffca6c1d98e892082b41b40fb89ccf75d5f03d2464b0b4f943cd4b082071f0abfe978d149bd61479

memory/1108-99-0x000000007277E000-0x000000007277F000-memory.dmp

memory/1108-101-0x0000000000350000-0x000000000062A000-memory.dmp

memory/1108-105-0x0000000005580000-0x0000000005B24000-memory.dmp

memory/4124-104-0x0000000000400000-0x00000000004C4000-memory.dmp

memory/4936-106-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files (x86)\Borderless Gaming\BorderlessGaming.Logic.dll

MD5 d2cc785f9f78c69b8ed8cc6c89047a64
SHA1 554e903441b433e743438f6e952b4dfef734faf5
SHA256 3c140c5e3bbbaa6ae643d8343a1a6cb207cd67f483aaf1742266ae489e549126
SHA512 0ea69bb50b13cb9019fa7269a57610c65bda53f10bc1ab6ef53165faef1b1d900edf4a6e6161fbc85417d33ab8814bb9efd4e9a3ce3ebd69c66b1a1f0f429f48

memory/1108-110-0x0000000004F60000-0x0000000004F7E000-memory.dmp

memory/1108-111-0x00000000053F0000-0x0000000005482000-memory.dmp

memory/1108-115-0x00000000053A0000-0x00000000053B4000-memory.dmp

C:\Program Files (x86)\Borderless Gaming\CommandLine.dll

MD5 ec0e2dd54144d6f6a317b7daa715d418
SHA1 62c2e04bba8436912d9bcec1ec4d4c7afc843a47
SHA256 4923528d3d18689d58fa30b3d822ab72a13be21a57f13e0bc59b55b864424f7a
SHA512 ccaf01f89fab001ef2ded15b352e1dd2ab3967584a8720acb7c6b7203240f9c896f7d46600b12e0e86b25b30779b1e5ed59ce97fb3f295afb11d6391670265ef

C:\Program Files (x86)\Borderless Gaming\protobuf-net.dll

MD5 4a4756e227c10623d81228bc4bc49c1d
SHA1 964014f538918d85f6eb6a7b4023b304067b28f7
SHA256 042b8c1c1e0eb7648b164ee48c95168c48324f1fb439cabd5f2e41db0938d807
SHA512 93d2c6f47c618dc9493f5a538cbfb5a32c1e3bb35a623b51561057245f2fa557c452ee18ae274182c3e0440b77353c5490d196f16eda142b6129e8d1108e5a04

memory/1108-119-0x00000000054E0000-0x000000000552A000-memory.dmp

memory/1108-120-0x0000000072770000-0x0000000072F20000-memory.dmp

C:\Program Files (x86)\Borderless Gaming\DotNetZip.dll

MD5 f292d363754984c8fbc921fa2b5e2700
SHA1 7a855f57741d91c12aef038aa4f18f259872ff3c
SHA256 aaaf2670c222cb0af424a796c4831af6258ee40da29ea81d9fc7e2fcb171f345
SHA512 be3fc49ef90a60ed6418f66a4a1196c56e97fad7519e9b0fde7d3c47711370a2b85b89ff496f896b3086744052c92f5baa31255c2db5e5a81fbc3bcc827b0041

memory/1108-126-0x0000000005BB0000-0x0000000005C26000-memory.dmp

C:\Program Files (x86)\Borderless Gaming\Languages.zip

MD5 be8519f34a516bc8fed58aa2e6f7ee22
SHA1 e0dd24cd2194f6f898031bd31458352e1d41661e
SHA256 fb27fc7584286569c0cc60f39712d487f71eb5da02b8d2fe5bf955aa70144674
SHA512 5e088a06e12e04477a49e5cac78dcffa7833aeb9e44e5de4043f2a8c2d7ae57ccaf22b8f77ffcb0a47c795ad4012f92db7fe83c0e57bd2841b7d821366d00007

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\zh-TW.lang

MD5 33ed9ff0c219ad3a791c58c09542be9b
SHA1 1ec45cfc971a5e10ca99461f76478c96bc375f9d
SHA256 741cd8d1410a72e287637209bad08cbf3b17078b946954b67c58be8ed44dd1a4
SHA512 690d9190d0b7093e1d054dc552113e10f76f5439074df868ca76d4a34ea150c3d69adab14102d8bedf67f156d07a11739486323089e059cfc8f65ab995396fda

memory/1108-215-0x0000000005DD0000-0x0000000005ED4000-memory.dmp

C:\Program Files (x86)\Borderless Gaming\steam_api.dll

MD5 04c58bd2e83dd1aae1ab2bff988f5451
SHA1 39274dc210b3dd8c7f0bf2d18b51df3fd4242f60
SHA256 fe302b9cf000b5b56b8f48df9a6737fc43b1c225db91306e92c779cae0d2908d
SHA512 803c0bea494f4fbbb7c7ec57d38185966a668d282da82d41cb2ef18ef5432e77655dc5799b4ce6fd1b1782099d056591bf77130bd71675468660a83cebb2f390

C:\Program Files (x86)\Borderless Gaming\Facepunch.Steamworks.dll

MD5 e3752a681002136f751b21fec89669be
SHA1 f23eb0f1bfd08e3851ca2128cca40305d1970962
SHA256 4dd4a33d1e71a3d775bddd311de3bdfa8c472e5ae557f7d0df2d1c3469d03864
SHA512 a7dd21c90947535db31e2d72851d7888dd7eb430c973271cc3620b3e6c9e03af9eb3c631d30b49c14e7ecd0ffed82947dbbe110b0f3834647b0baedd2fce55eb

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\zh-CN.lang

MD5 4961b813e28a208a6a902d3e71e62c27
SHA1 a3300c52ee3630d7c270c1e9dd5bb7094c705792
SHA256 b49906aa1ef0d83a6a31663d19f5f83a61c01ec116f291202ec3b32b60a772c9
SHA512 4e889226cf8a1d610cea5a2ecc21e443e445c07d3e92ab276f720d8c9ad7f600c7fac2e0eb992b8a672333797efc5f96e95aa13bdad270d57891cec63f767cb7

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\sl-SI.lang

MD5 2fc15d0fafc658521db4d45a2ff3d012
SHA1 2c885425467c8dd23e6e1c8c75af748d5020f610
SHA256 f42d91a5b925f0a6bc058ca83ca46c05e951c73e724a6a6c6c2105c898207f11
SHA512 b4cecd4e065b6a1379d7362f09b822a2d3c0161d0027a806b2f51f89b1550e86a58e11e1605885d43827fc7e251d5a6a81fd73a831edf659e1f7c1f936e553f2

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\ru-RU.lang

MD5 0d4476a5992ea81dd2f4e083abf1d6e9
SHA1 964ee26c4d6c8285a73b76edc3079ab0926c741f
SHA256 9d2927ecfb04e3416f674366d47dfaa3fc0eff90063429b714911470c368c9bc
SHA512 3585015d832da9d6ca2d8f0f3c06d08d7199e13977820dc491a1374d4dd5a37cf9f05bcd05e2b717af81b7f33fa70c12add63749391af0fc406e3a4a092f774e

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\pl-PL.lang

MD5 74d9b28b7a9b9aefa06cc2b537ea2c72
SHA1 6f20ebcc738754ac9e41bde2c3b3696d90eb06fe
SHA256 b8b988fda43e41b17f3942e3267c9a57f474ff888a45d9885e7677a02cf945f4
SHA512 cf5b71711be22daa021b7d54a0fab49d8a7986ccd8ee9196971e4b5440233cd6bf478f325d926bbbed15d2361341c4529aa03153ea739838dc8608935fab5dcd

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\ko-KR.lang

MD5 3c7b36819de2dd3a830cfa0389e4356b
SHA1 39d70df1abec4fc9318b9515727c95b0d824f69a
SHA256 e667c55d3cd296a845ecc7ac3de9e8955f1b2ad9a916dbb7779465b9f341005a
SHA512 7096f40d0140ff8beab64976d318ab340f474aa328fc58fc624e88535690bb2ec52183598ec7441cef18c3fe98df89392a13d126bdb5466cd48c9c851481795c

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\ja-JP.lang

MD5 c7648c8d89c8663de1fa9ec90a616637
SHA1 67276de37eaa9ee254af2f0259fb6a89b743a18a
SHA256 474aaed53d0604bf17555ccbb408469403f841d65717566660c85827402e222d
SHA512 c3b328faab6fca6a41bc76a91cb489fdb464008e23b19dc346e26f92adacf361fd5c3d9fef145d06bdeba64838a3afedf21dc06935932b9c28d305707a9eccf7

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\it-IT.lang

MD5 d9d509be32230886db9f3e8bb9534de6
SHA1 119a53c7b00326844eb07d807c8885f8e753678e
SHA256 f030b1854fe48edfc973734cc5f0426c4a10817fcbfec4f5bcd28af120d00429
SHA512 7037e2bdddb65be820bff6d84406703eea7c45828a0865dc220c7fac6dc7e324887b6ff1b9493d6980be481f0d9eafd44c15a18e50459e4f2d8edd33cf25fcdd

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\fr-FR.lang

MD5 0b4c462659f700d97c9b5bcf94637eb6
SHA1 21ed213fc9cbb85bde62a28f43218f88fb782c4d
SHA256 291192a64d826d331073f0c46704fc20641f56dd018b7fe779340336afc1fe2e
SHA512 db2377e5a34c29a838135948b2cfb1afc82430c7387d973067bf65b8e6fbdecf02131fa490d92faab946cc9105d8370ef849742d715f6f91bc23c5bb62ff5198

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\es-419.lang

MD5 ab0b84ed43934cd270af6a80f5def13c
SHA1 a5c2aa40a8b3034ca90cbf76c23f0d01d3d99047
SHA256 bf04ad6e90d986687406ed36f8d985caeb5b507a928fdc27d969fa88b21e9321
SHA512 3b586ab40f2dd0b8a54da11bd29a61874be0e190e08eaf44047b7d5e25322ba26aa824923c24d1f5d9ae4970371a963afa07048b781ea4dee473fd10706735d4

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\en-US.lang

MD5 e6d2c2f004c8afac83623b467f08a15b
SHA1 bc1dde982d7a68ab5bdb0feafdd8d4a179f747b3
SHA256 219e753a62ed3c7fb90ddb3921557bfc5bccd3a736daad39b4eb642d2256b4e5
SHA512 46fc6b58504e5286d4c25753862a7562f83b17e6fd2394c6a5dd2212b3ca6d559c889b2c95cf48fa45a50317c0f7e3bbdcf6f505469bc45dc6739c9dbf2be0c6

C:\Users\Admin\AppData\Roaming\Andrew Sampson\Borderless Gaming\Languages\de-DE.lang

MD5 a908de34cc5d1a32e5c905adbd54c36f
SHA1 a09d69674143b0518ad18a9f3de9cc6480b8483b
SHA256 5c1ed7ad1dd10255d0daac6eaceb9126ebddf53ddefd9edd6d26e6fcfe9c4423
SHA512 36bd24d0c13786415940ce36eeef57f9b03b600228101f91ec2326d0bcc5ba92268347daf0e616cb16769c38c6a444725541b31c5c4f07b3ebbd1b360400c8f5

memory/1108-218-0x0000000006620000-0x000000000662A000-memory.dmp

memory/1108-220-0x0000000072770000-0x0000000072F20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dd2754d1bea40445984d65abee82b21
SHA1 4b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA512 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecf7ca53c80b5245e35839009d12f866
SHA1 a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 078568a2b3e6ba5755142fee77b00b5a
SHA1 37388c2d163de48f258c0eb2ed7408ef44da1578
SHA256 4c297588a1063b5da24f8495fb62d3b7fe093c13cf60845caea3e29cee91c1a0
SHA512 71479dc32381556c7d572294dcefb299977c26ec21d8b77759abcb9040751003120eea41d377530f36c8a3e99089233253791ec34e315d4e21f9c310094ac762

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b50305e099cb045f5d744eb279aff1c5
SHA1 42f0be651d59ba311a90dac23e4bd98d4e38cf2b
SHA256 8198e66f97193fbbfc4446aa882a01f199fefd0a4e70d3869df892fe182324f9
SHA512 a5abe7115ade52c672ec510cddf93e397d953eab221f3fc163f3db87fc56fbc19fca8f70a7b1ecfc941323a8953100ab0f2eeaefbcd8cd639ccac9dd99d69fc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58ecf373f376180e307b258b93733fd7
SHA1 368b6030c6bd5f8d194ee4a4f1947c98737abc4b
SHA256 b058a2ff86cdfe058c3bfd4f67b2854d9d33814242e29da006637e34005a76e1
SHA512 4201d308b2d479a421bb705683aa1f1c81c8d5464fdd741e6ea0bc61d83b4e321d368b31b6f2486951e786beb35634ec803cac61c630d115d1f689210ec3304b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 39852517dc19b3127d929f26669efda5
SHA1 e2c1894c6481e68b9564077267f7f5b87ca47741
SHA256 474029b0253139928c5bcf24eab6eaabc364ca8d780e0089e36b83f28602b4d1
SHA512 89a0517a29224726903dc54d7d9cf3de7778468590ea4bc188782143c6b7a530044df4af0c59bb4a78cda81784562088e2a18930db34896a8698d58d5f2c5b73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83f729f8ba5737934bc4f8423436a10a
SHA1 f26a19891e7409b166a9fe679cc663bbc7506574
SHA256 621fa456f87a84d6591f9b407c667c95329fbe4d0e88df71f657344a71be7ca6
SHA512 14947fef28daaa528169359277d5b405e5fdd0f463ea83510f8fcc324732bbf2e8208f140ee69a35266123d0f3c6e049bccd234e83122e2fb7e1d269cfb7bc58

memory/1108-495-0x000000007277E000-0x000000007277F000-memory.dmp

memory/1108-496-0x0000000072770000-0x0000000072F20000-memory.dmp

memory/1108-497-0x0000000072770000-0x0000000072F20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c075495049be81b9ce2815c1bc009b36
SHA1 1befacff91d652f8376955358af77de55a2bc7fc
SHA256 f556c7856e80b0fdd93f4c0a6ee721a26722c54cbd32a8133cbda0e8dd91babd
SHA512 138e988324533e3902abac1676c6076d1ac2db868e5f26eb47736e9fdf572da11b3db798f61660f3eed582f89f3607d8b7192bdb2f959bab96eaa2fd410ec307

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

\??\pipe\LOCAL\crashpad_4856_SPGWNUUYGRSSMZGL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 04e66793047f30a7011a0ded1efab51f
SHA1 5897e79dc58e895d4ba2d421866480f97bb767c5
SHA256 4f01923086d28bf1fcb8d516b83acdbb241675986bdfe26f9784247fbdeb7494
SHA512 52361fb0e7015b621c78260618ad254dc763db7ce0587f18b9018a10b9518804738092a66858a67a3cc69596a597e8cad61562a5192f1ca980ab113dd3864906

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 ae2505bfead7ce38519ad658767c75bb
SHA1 c93f8e4477eb92db66835deb6bfdf39df6d5d9ac
SHA256 ce1ed314acd3fbefcc245290d48f0ba6de43d4c56fa4616ce8cda0d6a330c613
SHA512 fec5fb71a5bc44f2226a7b36a172cbe44aa4c074b95465b23d9db55fc9f758d297dffe15de4f7a4b2db7c855c35bf7d5b7ddec5c311c97d54ae764e7f6f418fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 c7eb4b8e3a22b0ecd1a2aa3e7cc3c405
SHA1 287cb9e6659080f84f585d6a0161afb4ae542032
SHA256 9e08597186152cf6f14e31eba00ca0a8ca7d948d8dfdb34eb4c0cada2558be78
SHA512 dace84894c5a2b5f744b54a624c6a4b54986e5c9c6d37e945c37bc1089df0e03d1790cb9e7107857b12c4866b260bd6cb5b53c85177228a5022064d1c82edbe6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367879237008937

MD5 a8495211803c5213f5f52afebf9ec36b
SHA1 4bfca44b24a18253e73b0f4f26b40c3dd178820b
SHA256 7fe70dafb337708a1c4c0841d3dfb9b42db0bd7383fab8e52d976ce76f7bd7e1
SHA512 e5dfa2fb7f7f36e0efc5169343968dca848b081c3de627b35dea358cb8f39662b02c4704ecaef5e4a3616eb183cb0ed37cf2b962620f3f2d9364fa6d6dbf5170

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 f38641ab36d797c97473fa00f9a0a8cd
SHA1 00719f35e463f4c72406dca104e49d7933dcddd6
SHA256 5be9d07bef91446b9121c1a1ea5642b18a28894a459f14b44e7a4938085377d3
SHA512 c62935a72f4f52655bd6a1fe341e7dd97ff8c5ef8fe4c00385abaf8666126c5068ef3acc063e9a5176483620560644046f77a7283d7dddebc665c5358852e848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 d176dc3c963c101ac8363b7a9f558380
SHA1 81a2b6ad2e50d99f84255c5418242c2d05f91d7a
SHA256 74a68996a6b421379586e838f4e0a3bd60ee681a78970d66e0b19c5a2ea924d9
SHA512 3ab79c3b395c97976b54806f42757cd4e7cda698b642d4d308e888f64337ed1d22b6afb8d958477895811f0d4e88f2e86caac25bd2f16405d77df37ab0cf6d0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 f96ab09bddb01eb463ac4bd45d1db645
SHA1 d5ea3adf2944177188cf7cff99e3fe7d0b752ca7
SHA256 75b9fb3f824a328f30b5da29817105f6e638e90b84a5ba979fcdc2292e893032
SHA512 02a93bfd89f727495762ec698c6a081b53241f4967602a58c83d495eed6c8d8108aa0477ec87e4359f3f90a5f0ee16da5ca55dfe588f7bd44e7e12dd31f33be0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 a48763b50473dbd0a0922258703d673e
SHA1 5a3572629bcdf5586d79823b6ddbf3d9736aa251
SHA256 9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd
SHA512 536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 e86bb16b2c3a1608af20b54393ea044a
SHA1 38ce1dc3a80f70290e252fb12605906da895eb41
SHA256 813700876353caa7103f36d522c4674b852ff38379023b7145b99cb9043a360e
SHA512 572192b366327a323c718a2a48f8727910015582380b3d450dfb6f84abb4c65debe529f38d59aab4349c088951acecbb274c1f8fbc7343de2e2e876fcc0999a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 3c767b457cfb67ae7987ff9e27d898ce
SHA1 031aaa145478ed72b07b8669e411a1e35f617b33
SHA256 84ba10191fa14d883df3abedabef1e57ab68f70f3c64eb1f83154fd9f28f7ae0
SHA512 d56687fcd7f5c11511ec247770d3a6f91acdb3b17dd13fc3883b6652b525ea923a573ae7ef854dd4bb016a01d47c3c8426882a1abb9611cc18092183a2c96977

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 434e31d8de0faf2028ba213f6bcce64b
SHA1 abfc1fb3472f54d218599d09445bffd3872c9405
SHA256 ed1e75ef7fe772ea142d39a27e56126a076ec35f3f855f218f302e52d0d44f39
SHA512 d5dcce09aa384956294957a0779f38fd99e7276af0c447c703cea87084fc0a977a38d1760ff934f8c1cbb034963ef38de6030d410c309965618813e658ffc925

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 3840ab780891338cdb1c4eae18177795
SHA1 6ad4d2b0e5422cd91528c044b7a85c76ee35eb65
SHA256 69201cbe2cd790f9bfa5f9ad05561e96ff2739ba49f69775b00cc247af45c449
SHA512 0f4ae705786eb2f2fb04da26c26bf4b2667c7f35dda6d9fc9e2a4c8b170b7e8b62b0d11033f8231da891837b3093c7617cc753ff31acdd019ea1d443aeaafd99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 25fff3e390fa0753c595557682e7d8dd
SHA1 2a5a2449a41a6292de333bb99be2aa3d4c34e419
SHA256 9f3c55dda01408202992040eb9f19a584a75e9030434c90c4c3b188bcc8f27fd
SHA512 54eb574d1fb079278020be03f26685e1469251427c3ad76ff8537eec61335c62434ef9ce04ede3200d739ee6f57f477b1147afb79aef44275ed46ce68619e4ef

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 9d16d66f85ab3dedec5bba4c0557af47
SHA1 6e1a154299370eec835f7365dd351b734195348d
SHA256 8c3d73900ff47742c52506db1c88a28245a2d024a32c3c59489131cabcb3022a
SHA512 11ac360030a521c39831ed0f0ad3e7678a955b599cac5d34c4488c75fabe16b9f9fa9257a891607ee47cb727e0d4daa088f6311de27410fe250f63eae4542211

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 de766dbd0f3671260f34d25ffefb1e71
SHA1 16ab9fd5d451e34d9a0f80c986dba50e848cb5b0
SHA256 c0353f28ae422b7ad3532c73195d5da40bdb3dddc85fc5724cfe9db4d625b36e
SHA512 e7da93758c73325d79da17678797a543e4437c85984b12bcaebdf8c7a8cb52989b3097840523dae76121d1d8be9a22f36c411747aaea14445b7c582d0ff9570c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 ece17fe22e636b5f61dfd07378432ea0
SHA1 7f672a7bc2c80ee3397f7a820f4e27b825c90576
SHA256 95f5197acb1eefd404175fcf16161b28af3fcadeb707d8d7ccce7a36decb8a09
SHA512 676ff6285a371758f8357deb9a6f9011b0c21920ae1240e04ef2c66436a9750f094a0f76202bca0281be9292e2bda3db258f194d0e63e2a057045f543b678705

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 20f55457f8e5ec1ce41457c850f9e08e
SHA1 ae506d858fd4c4d90fee6717eaaea83bf099efa1
SHA256 be2e427f9202cdf2c90661b73c6f0f8f8812433222f8f5174147123388d7ff4b
SHA512 8e61c31b61259942bf1d80f4e80bc0af4e1c3d9f099620f79cbad8103770a77db4478800964057b31b71bc4e642c502b6f119ef22fc36b13a710f2a1241cf744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 463da219401b888b057d17d5f3857edd
SHA1 3673edc207cc08a79a4f3ef2be25cfac22fd9278
SHA256 f89ef386269a7a345517bb32fc06362a19f7380b1180b9b1437dd305c44a217a
SHA512 adc01d01f8c795227a8d293ca49bbdfb1667f531c0cfaaec557e1a7b9104e025a7ccef3235e172e33d3e2e59955662b82a795b52de8a854255f76854f563db24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11ecd4d8e8596ae2468e81476bbf6009
SHA1 ddf8b1f68e1a4784cb5832a254c9552b535c860e
SHA256 2828e4b843b40248a1bdb455b41848eac006306a2b0ef255a43e564016fec787
SHA512 6bc878e1e0877eebbeddbf282f8a59c7a73aa1187b68e852640dfcb031573e9e32130241f991a09f30666605ec2ce50b6cbef7c7baf4bfbf04479a5122259452

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 e21014cc972196d0411bab60d2f86cdd
SHA1 0d3f0689f92c692459d358b147835c5fd4a56649
SHA256 4486f9837489f8929735dc3e4a8e0c54702d0afdfb8fe630e13939eaea8318e5
SHA512 069f7bd8ef5a967be4fc54f03e01707ddd82c2175cd352e24513501b1b11ab75290f4c82fa549d014facb2fc8238a4756bc1c6da7abda97290ed4b5eb8990be7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 791483bc31d258ac2573ce42e7fe3c10
SHA1 3de97d31420e2d5dfeea5473a04a8ffa3f37f063
SHA256 c59e0b24ef5a46e4079593e2c14219129d2bbcf3eb468409dab44f238564f8a7
SHA512 a7af8700458bb33eb36f370ccf15ce636b3c0faa0df756bed866d28440f04612b0205a4a7a27fa5c79948f823c96e877734bbd558e27532e9ea54e6af268bc64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2e783f67-b7ff-4dc4-b141-f9e896d2adcb.tmp

MD5 c2088fe7e3ebb8934244b2e5b6dc1340
SHA1 12dafad4f68bd23c471f092ceed02430b06f9c39
SHA256 b5f3aaaafafd01f0c4fd7a1f2acf9a1b51ff884310a10da625b0c4d1889644ca
SHA512 a013bc7ff9e0ee6f9e5b219cf84b0a8fdf3b65af617a62d5d92eaad6eec3f151742d89c8b87c7192da17a6b80baa0bb2a72ba6630853ef2ef9fe51f35b491f1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e6d989fdad21ed4c27295bc4434aa49
SHA1 a39ac042dcad4e93f9eff19f10386c79a2e4c707
SHA256 47b92e1f02e0442a2b7c59810c7b7035ce9cf9cb6f8ec1fcb661edcac8190ac1
SHA512 9e43b3959944132d1d72b8000650b92c324bdabb43da27877b9c0789fd7b29617bcf2efbf788ace4901d53da50324b11c8841b3d28600c20dbba1ae7b6263ef2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8670f996373386031b2a8ff48655576d
SHA1 ae9db79257e3d333a464746ba575128d1591de9a
SHA256 b11ef8a3e2ff32ac29f7b85b11897a4655bfce9594b774d8f6f88b3fd3983021
SHA512 7ecd7c863aef19d6fc90c443a50eb5957baca4382b0e2323eef53231ace157cd9cd9d4e5a93c877451254439a4cc4c65602902555498dae8f8b825d2297eab60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a1c8fb94d6ff08e49b153dc26b90e40d
SHA1 9df008aa201bf0d92132e0282dd214dfdeb05f13
SHA256 f297d97b9fc8bfd418420a23368be2fd31ab34392f94b40467065b1d497840cc
SHA512 8e826875b17f830b77ef6f041b3c1f67080a1bc7e7926d561c0f9a4431dc29607cbd68bd9dc6362f1685b17b8485e0682f9dc156c8344c9e4e170400d862773b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8455f7cf3bc5cda2be6b3dad0859b123
SHA1 12e1254451a28715a40881c214f61f3fd05e8bc2
SHA256 36f1fe67540d88a1b031bc1e7a025bba6af43a738dc23676af5a204b0165a117
SHA512 8b85398ea6622ad09730bd639f5751f5197c784628b4c6c80cf54b53ab4a4bdaeffe2bfb62b980075250d26cad93d53d4c72399d2049b197113ea85b33696c34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d0ed1b415304e0f600df04d8d9fb8055
SHA1 53867f095e2b5a3b479060561e5cba68ba799db4
SHA256 bb8cb7958632565e4431baa645b35c5639c8500e273544983a3ce2828fe1b22a
SHA512 eda0e41bd258ec7453c0eae456dae2b5eef3e39f3ac7e753666a91b9d63bed2d9002ed1589ee6afcd05f29c0fb5f69ac0e0912de52c11dbf8c74b359b3b67502

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589824.TMP

MD5 79f2968548bcbfe48ebfac60e51bed64
SHA1 7e1c5a6916256017677f2346a47c86a7180f5ab0
SHA256 2166c135f449b3d0ffb7e567843eb1b9c34c6066040d14de5ee83a3ab6a083cb
SHA512 87bb9510f7beb468b52e3921853269d32caf7fa85d014f30cf49f51ebbdfa4220316cf5a2d239c69fefc70d0b68a0568047d1f85608724334cf61f39c83729d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aab8804e22374f38ac865e9887e4a4c7
SHA1 a283367edc4e4db803fe7594c661ce38ce5d3890
SHA256 59d904582b2e7a524f821f6f43fc87ed3183bd4e905f8e2179a431f5d46ebd63
SHA512 c57c78aee0f69782020bce80343844e99ca4e141b9773f69f1a50f54954185b442e51e44f0d6e69be0b016682ad0f647ee5b63bdcb86ec6d5fa5c83b4ad0a2fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 16b531a54aa2fd84b96236180b6a4502
SHA1 c577fd7cc3f620630826f504794286faf225650f
SHA256 31cb437e06794b5527554ab86016813c0b09ff50695fd730fa3033a768622308
SHA512 e39168f2f62b4abc8c3e00b4e578ffb5de04eb1be66feceaef778f4455f9168c9e96609c4a2da833f553969d29395b06ae753be35c8ca6429b57f25bf27a3762