File name:

Borderless Gaming.msi

Full analysis: https://app.any.run/tasks/032277fd-f824-4a07-a2da-5c145d3fd812
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Malware Trends Tracker     >>>
Analysis date: May 15, 2021, 22:05:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
trojan
rat
redline
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Borderless Gaming - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 9.5.6.0, Subject: Borderless Gaming - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com, Author: Andrew Sampson, Keywords: Installer, Comments: Play your favorite games in a borderless window; no more time-consuming Alt-Tabs!, Template: Intel;1033, Revision Number: {32F0F5A0-01F4-4373-9CF9-DA127C16BB07}, Create Time/Date: Thu Feb 18 21:32:30 2021, Last Saved Time/Date: Thu Feb 18 21:32:30 2021, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (10.0.50.0), Security: 2
MD5:

6FD6D12F50970AC6BC654B37DAABC6EA

SHA1:

4687193B4D2F053DEEB2688BBE317AEEB312EE84

SHA256:

BDD01849B61BF417F4505CA5736D20CDFF56DE0C9A4EDE3B24E2442329724502

SSDEEP:

6144:ybtOIiRQYpgjpjew5LLyGx1qo8vwRhiQ/NfK0yyh:ybtMRQ+gjpjegLyo8vweQ/Nf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Borderless.exe (PID: 3708)

    • Steals credentials from Web Browsers

      • Borderless.exe (PID: 3708)

    • REDLINE was detected

      • Borderless.exe (PID: 3708)

    • Actions looks like stealing of personal data

      • Borderless.exe (PID: 3708)

  • SUSPICIOUS

    • Reads Environment values

      • Borderless.exe (PID: 3708)

    • Searches for installed software

      • Borderless.exe (PID: 3708)

    • Reads the cookies of Mozilla Firefox

      • Borderless.exe (PID: 3708)

    • Reads the cookies of Google Chrome

      • Borderless.exe (PID: 3708)

  • INFO

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 2804)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Installer (100)

EXIF

FlashPix

Company: Andrew Sampson
LocaleIndicator: 1058
CodePage: Windows Cyrillic
Security: Read-only recommended
Software: MSI Wrapper (10.0.50.0)
Words: 2
Pages: 200
ModifyDate: 2021:02:18 21:32:30
CreateDate: 2021:02:18 21:32:30
RevisionNumber: {32F0F5A0-01F4-4373-9CF9-DA127C16BB07}
Template: Intel;1033
Comments: Play your favorite games in a borderless window; no more time-consuming Alt-Tabs!
Keywords: Installer
Author: Andrew Sampson
Subject: Borderless Gaming - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com
Title: Borderless Gaming - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 9.5.6.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs #REDLINE borderless.exe msiexec.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2660"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Borderless Gaming.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
1603
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2804C:\Windows\system32\MsiExec.exe -Embedding A7FC9FA50FA3E946C0AD578C2224D0C2C:\Windows\system32\MsiExec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3708"C:\Users\admin\AppData\Local\Temp\MW-c1daeaca-2fb7-4a0c-996b-0a7bd4313cbb\files\Borderless.exe" /S C:\Users\admin\AppData\Local\Temp\MW-c1daeaca-2fb7-4a0c-996b-0a7bd4313cbb\files\Borderless.exe
MsiExec.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\mw-c1daeaca-2fb7-4a0c-996b-0a7bd4313cbb\files\borderless.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
1 120
Read events
1 094
Write events
26
Delete events
0

Modification events

(PID) Process:(2804) MsiExec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2804) MsiExec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASAPI32
Operation:writeName:FileTracingMask
Value:
4294901760
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
4294901760
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3708) Borderless.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Borderless_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
0
Suspicious files
19
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF045.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF056.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF066.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF067.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF0E5.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF0E6.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF0F7.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF0F8.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF109.tmp
MD5:
SHA256:
3708Borderless.exeC:\Users\admin\AppData\Local\Temp\tmpF10A.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
2
DNS requests
1
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3708
Borderless.exe
POST
200
91.219.62.42:31814
http://91.219.62.42:31814//
UA
text
150 b
malicious
3708
Borderless.exe
POST
200
91.219.62.42:31814
http://91.219.62.42:31814//
UA
text
4.55 Kb
malicious
3708
Borderless.exe
POST
200
91.219.62.42:31814
http://91.219.62.42:31814//
UA
text
261 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3708
Borderless.exe
91.219.62.42:31814
PE Khersontelecom
UA
malicious
3708
Borderless.exe
104.26.12.31:443
api.ip.sb
Cloudflare Inc
US
suspicious

DNS requests

Domain
IP
Reputation
api.ip.sb
  • 104.26.12.31
  • 104.26.13.31
  • 172.67.75.172
whitelisted

Threats

PID
Process
Class
Message
3708
Borderless.exe
A Network Trojan was detected
AV TROJAN RedLine Stealer Config Download
3708
Borderless.exe
Generic Protocol Command Decode
SURICATA HTTP unable to match response to request
5 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Borderless Gaming.msi