d1861ff47ec977e9ce72cbeab98d2838f5981adb6ee8800ef41c59ab2bcda26b

Analysis

max time kernel
24s
max time network
26s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23-08-2024 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Retrac.Launcher_1.0.11_x64_en-US.msi
Size

6.5MB
MD5

4eb0f591d4635eef867eba6b30519482
SHA1

ffbdf0b4e300686d4c637ec9ae1e93f5fe31d1e1
SHA256

d1861ff47ec977e9ce72cbeab98d2838f5981adb6ee8800ef41c59ab2bcda26b
SHA512

4f9d7827508e8491af2df7e3adcc9da47871546284381e9873283c00a81a98a0aa4cc60cfc3a2e61247ec13f1de08c72818096b56613be569b83fb1e6d56b4ee
SSDEEP

196608:Ky/Pz3ZHXtF+An59GSwXYUNtJo47IE4xLwe:KAbJtlu71jJo/Lwe

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Retrac Launcher\Retrac Launcher.exe	msiexec.exe
File created	C:\Program Files\Retrac Launcher\Uninstall Retrac Launcher.lnk	msiexec.exe

Drops file in Windows directory 14 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\~DF86505E01D1D0849C.TMP	msiexec.exe
File created	C:\Windows\Installer\{8139B297-E2FB-4C4C-9D44-8CE55558C8DB}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{8139B297-E2FB-4C4C-9D44-8CE55558C8DB}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE35B.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE6A021E83DE89A30.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\e57e261.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF0D2547349CDD2C39.TMP	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8139B297-E2FB-4C4C-9D44-8CE55558C8DB}	msiexec.exe
File created	C:\Windows\Installer\e57e263.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DFA85AABE86CD995E5.TMP	msiexec.exe
File created	C:\Windows\Installer\e57e261.msi	msiexec.exe

Executes dropped EXE 4 IoCs

pid	Process
3460	Retrac Launcher.exe
3768	Retrac Launcher.exe
2280	Retrac Launcher.exe
1960	Retrac Launcher.exe

Loads dropped DLL 2 IoCs

pid	Process
1344	MsiExec.exe
1344	MsiExec.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
3904	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 12 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3180	msedgewebview2.exe
4104	msedgewebview2.exe
2064	msedgewebview2.exe
4532	msedgewebview2.exe
2060	msedgewebview2.exe
2376	msedgewebview2.exe
2988	msedgewebview2.exe
1148	msedgewebview2.exe
3116	msedgewebview2.exe
4132	msedgewebview2.exe
2284	msedgewebview2.exe
804	msedgewebview2.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000700a100e0a6bdd5f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000700a100e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900700a100e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d700a100e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000700a100e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 26 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\792B9318BF2EC4C4D944C85E55858CBD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\792B9318BF2EC4C4D944C85E55858CBD\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\ProductName = "Retrac Launcher"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\287324E2A8A2DC05090DA73D4E4E3F4C\792B9318BF2EC4C4D944C85E55858CBD	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\792B9318BF2EC4C4D944C85E55858CBD\MainProgram	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\792B9318BF2EC4C4D944C85E55858CBD\External	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\Language = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\287324E2A8A2DC05090DA73D4E4E3F4C	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\792B9318BF2EC4C4D944C85E55858CBD\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\ProductIcon = "C:\\Windows\\Installer\\{8139B297-E2FB-4C4C-9D44-8CE55558C8DB}\\ProductIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\PackageCode = "3CE005AD71AF367438DF36D86888FD85"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\Version = "16777227"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\SourceList\PackageName = "Retrac.Launcher_1.0.11_x64_en-US.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\792B9318BF2EC4C4D944C85E55858CBD\SourceList\Media\1 = ";"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1028	msiexec.exe
1028	msiexec.exe
1496	msedgewebview2.exe
1496	msedgewebview2.exe
3556	msedgewebview2.exe
3556	msedgewebview2.exe
1936	msedgewebview2.exe
1936	msedgewebview2.exe
4260	msedgewebview2.exe
4260	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1476	msedgewebview2.exe
1112	msedgewebview2.exe
4728	msedgewebview2.exe
1916	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3904	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3904	msiexec.exe
Token: SeSecurityPrivilege	1028	msiexec.exe
Token: SeCreateTokenPrivilege	3904	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3904	msiexec.exe
Token: SeLockMemoryPrivilege	3904	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3904	msiexec.exe
Token: SeMachineAccountPrivilege	3904	msiexec.exe
Token: SeTcbPrivilege	3904	msiexec.exe
Token: SeSecurityPrivilege	3904	msiexec.exe
Token: SeTakeOwnershipPrivilege	3904	msiexec.exe
Token: SeLoadDriverPrivilege	3904	msiexec.exe
Token: SeSystemProfilePrivilege	3904	msiexec.exe
Token: SeSystemtimePrivilege	3904	msiexec.exe
Token: SeProfSingleProcessPrivilege	3904	msiexec.exe
Token: SeIncBasePriorityPrivilege	3904	msiexec.exe
Token: SeCreatePagefilePrivilege	3904	msiexec.exe
Token: SeCreatePermanentPrivilege	3904	msiexec.exe
Token: SeBackupPrivilege	3904	msiexec.exe
Token: SeRestorePrivilege	3904	msiexec.exe
Token: SeShutdownPrivilege	3904	msiexec.exe
Token: SeDebugPrivilege	3904	msiexec.exe
Token: SeAuditPrivilege	3904	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3904	msiexec.exe
Token: SeChangeNotifyPrivilege	3904	msiexec.exe
Token: SeRemoteShutdownPrivilege	3904	msiexec.exe
Token: SeUndockPrivilege	3904	msiexec.exe
Token: SeSyncAgentPrivilege	3904	msiexec.exe
Token: SeEnableDelegationPrivilege	3904	msiexec.exe
Token: SeManageVolumePrivilege	3904	msiexec.exe
Token: SeImpersonatePrivilege	3904	msiexec.exe
Token: SeCreateGlobalPrivilege	3904	msiexec.exe
Token: SeCreateTokenPrivilege	3904	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3904	msiexec.exe
Token: SeLockMemoryPrivilege	3904	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3904	msiexec.exe
Token: SeMachineAccountPrivilege	3904	msiexec.exe
Token: SeTcbPrivilege	3904	msiexec.exe
Token: SeSecurityPrivilege	3904	msiexec.exe
Token: SeTakeOwnershipPrivilege	3904	msiexec.exe
Token: SeLoadDriverPrivilege	3904	msiexec.exe
Token: SeSystemProfilePrivilege	3904	msiexec.exe
Token: SeSystemtimePrivilege	3904	msiexec.exe
Token: SeProfSingleProcessPrivilege	3904	msiexec.exe
Token: SeIncBasePriorityPrivilege	3904	msiexec.exe
Token: SeCreatePagefilePrivilege	3904	msiexec.exe
Token: SeCreatePermanentPrivilege	3904	msiexec.exe
Token: SeBackupPrivilege	3904	msiexec.exe
Token: SeRestorePrivilege	3904	msiexec.exe
Token: SeShutdownPrivilege	3904	msiexec.exe
Token: SeDebugPrivilege	3904	msiexec.exe
Token: SeAuditPrivilege	3904	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3904	msiexec.exe
Token: SeChangeNotifyPrivilege	3904	msiexec.exe
Token: SeRemoteShutdownPrivilege	3904	msiexec.exe
Token: SeUndockPrivilege	3904	msiexec.exe
Token: SeSyncAgentPrivilege	3904	msiexec.exe
Token: SeEnableDelegationPrivilege	3904	msiexec.exe
Token: SeManageVolumePrivilege	3904	msiexec.exe
Token: SeImpersonatePrivilege	3904	msiexec.exe
Token: SeCreateGlobalPrivilege	3904	msiexec.exe
Token: SeCreateTokenPrivilege	3904	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3904	msiexec.exe
Token: SeLockMemoryPrivilege	3904	msiexec.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
3904	msiexec.exe
3904	msiexec.exe
3460	Retrac Launcher.exe
1476	msedgewebview2.exe
1476	msedgewebview2.exe
3768	Retrac Launcher.exe
1112	msedgewebview2.exe
1112	msedgewebview2.exe
2280	Retrac Launcher.exe
4728	msedgewebview2.exe
4728	msedgewebview2.exe
1960	Retrac Launcher.exe
1916	msedgewebview2.exe
1916	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 1344	1028	msiexec.exe	85
PID 1028 wrote to memory of 1344	1028	msiexec.exe	85
PID 1028 wrote to memory of 1344	1028	msiexec.exe	85
PID 1028 wrote to memory of 3104	1028	msiexec.exe	89
PID 1028 wrote to memory of 3104	1028	msiexec.exe	89
PID 1344 wrote to memory of 3460	1344	MsiExec.exe	92
PID 1344 wrote to memory of 3460	1344	MsiExec.exe	92
PID 3460 wrote to memory of 1476	3460	Retrac Launcher.exe	93
PID 3460 wrote to memory of 1476	3460	Retrac Launcher.exe	93
PID 1476 wrote to memory of 928	1476	msedgewebview2.exe	94
PID 1476 wrote to memory of 928	1476	msedgewebview2.exe	94
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 2060	1476	msedgewebview2.exe	95
PID 1476 wrote to memory of 1496	1476	msedgewebview2.exe	96
PID 1476 wrote to memory of 1496	1476	msedgewebview2.exe	96
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97
PID 1476 wrote to memory of 2376	1476	msedgewebview2.exe	97

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Retrac.Launcher_1.0.11_x64_en-US.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3904

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding FAB3A387887E65B3C8240D94B0126754 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1344
- - C:\Program Files\Retrac Launcher\Retrac Launcher.exe
    "C:\Program Files\Retrac Launcher\Retrac Launcher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3460
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3460.2880.13707591205706537109
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:1476
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x118,0x7ffcdc1d3cb8,0x7ffcdc1d3cc8,0x7ffcdc1d3cd8
        5⤵
        
        PID:928
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1716,15116175340127093781,10377763953641190594,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1796 /prefetch:2
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2060
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,15116175340127093781,10377763953641190594,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2072 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1496
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1716,15116175340127093781,10377763953641190594,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2372 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2376
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1716,15116175340127093781,10377763953641190594,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3116
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3104

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

C:\Program Files\Retrac Launcher\Retrac Launcher.exe
"C:\Program Files\Retrac Launcher\Retrac Launcher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:3768
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=3768.1740.14565379756717513706
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1112
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x134,0x7ffcdc1d3cb8,0x7ffcdc1d3cc8,0x7ffcdc1d3cd8
    3⤵
    PID:3968
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1804,7956966238609891116,13066362483883760626,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2284
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,7956966238609891116,13066362483883760626,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2012 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3556
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,7956966238609891116,13066362483883760626,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4132
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1804,7956966238609891116,13066362483883760626,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

C:\Program Files\Retrac Launcher\Retrac Launcher.exe
"C:\Program Files\Retrac Launcher\Retrac Launcher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2280
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2280.2336.18320397881937713391
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4728
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x1b8,0x7ffcdc1d3cb8,0x7ffcdc1d3cc8,0x7ffcdc1d3cd8
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1836,10849368034662919772,4060336637102800641,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3180
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,10849368034662919772,4060336637102800641,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1988 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1936
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,10849368034662919772,4060336637102800641,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2596 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1148
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1836,10849368034662919772,4060336637102800641,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Program Files\Retrac Launcher\Retrac Launcher.exe
"C:\Program Files\Retrac Launcher\Retrac Launcher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:1960
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1960.2988.10951467692813922056
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1916
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x118,0x7ffcdc1d3cb8,0x7ffcdc1d3cc8,0x7ffcdc1d3cd8
    3⤵
    PID:780
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1816,3457281827664828700,4159459278200315255,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1828 /prefetch:2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2064
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,3457281827664828700,4159459278200315255,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1892 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4260
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,3457281827664828700,4159459278200315255,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2368 /prefetch:8
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4104
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1816,3457281827664828700,4159459278200315255,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57e262.rbs

Filesize
10KB

MD5
c305013ec9ac658a7f4cff22d8c7a7fc

SHA1
2f0b035e859388358b51e88384c33c607339a9b2

SHA256
9c90114fbda57a88beff0d25817c24e24df4a002ceb8f6cead40c8518c63c830

SHA512
56f399d76323a3cc0abc896e29ec3be5262dcc0af04f717cec63aa23af5304bd90b7fe0e0cd2fa8131eb71eb04ecc8366b9d1071c853ad08c87de13c97f759a6

Download Submit
C:\Program Files\Retrac Launcher\Retrac Launcher.exe

Filesize
12.7MB

MD5
d4581b57cf0ebc65ede69ae6105a612d

SHA1
fe9a4784c4f40f04fdff4d603ff6bbc1daf33044

SHA256
389b21dc194f7973175f047d55df4bfb3de2216e64b1967d2132fc528bdda9d7

SHA512
cf19e79feafdf5e11e64661d94af002cb7c9e0f2da8b67186067abc2debecb619c0c6476fdb1949cce63ad60926d8cc40595f2d32ae5d7203c4c95f62572631b

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retrac Launcher\Retrac Launcher.lnk

Filesize
2KB

MD5
442199377b2d8486c4175eaf9e34827e

SHA1
ab074306cb6d930e88740d90ba7c23b4c166c4df

SHA256
d3c72f4a485e7e126766bd62030f0d2c18f38fa9cdbab2f38e523bf475317e4c

SHA512
6b46e5681a95f498c21900405461aee2a4ac5686d729043a89c7d0a24091bdd625cddc0232a209a11042294d63fd10a3cfd3ef82e12dd411445eab2db0c39c67

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retrac Launcher\Retrac Launcher.lnk~RFe57e436.TMP

Filesize
1KB

MD5
62a5ee86d45b431fe0eae4eca5de5f2a

SHA1
140bfee292c3e4dab7a0eb142df931d46eddeef6

SHA256
871b34e539797e0fd746a715bb2cad0707b599d9f995428a651945a236bd0ba9

SHA512
db5dc3c13b8e46ba330f31a1608b67aa20238c7709803de4c214e549ef9d6bd309ce58275ce8894f567d250391b2b5b332375d4904a58ab154c45775b4854326

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC3CD.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIEDAD.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\9ea3433a-2351-4b9b-8316-deb2976cfb34.tmp

Filesize
2KB

MD5
6632efbab7042b08069d1acf3530979f

SHA1
46d8ecd333120588b769ed5859579a417673ef8b

SHA256
a5a0b954363922a09428927540f45058b311c8f8943c7051a9883741e88b8e86

SHA512
91eb2777120355d60b33d788a3639802906ce7152c77e58551365d2f306daa274dfe581184a5a7d7909a27fe2e2e7b7cefbe9de7902b05ca09b8759d046f3b6a

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
ff9bbe2541c3ea2e7a7f15f5b2380943

SHA1
283996a5a8e5d1d392c06588e6dc88baed3a4a24

SHA256
9fd5238e4611bfcb4a42ec00c2bfafb99a24fe0a267271838b9e7421d40938e7

SHA512
b9967009c937f55edb271518fcd6fd3c1ed3dc499bd9afc5913b66ef7c3b5fcd65e511a4375208127b2bc1e3d173f3e693fd2f0331aab1d8557ca7094ece8bb9

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
31651df421eda8923662b36eed35bc7a

SHA1
a24c1d3d4e670b7cfc8a3db6449cca35d748dd8d

SHA256
28f2f3f082f7ff94398a2add49ff0effd27d1050d7e8a69455bf163f7af4fcd8

SHA512
c040d9b392fbffd273e9743e1031a7aea99b2b0d11f890a9f414e957a15cb5413d9fb688d887b7ff25014c323595dd6391d8315c08571ebd0029202701225cb1

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
6516ef8f69df00dcad9898860819263a

SHA1
2b6e4c0e1dc137de4b3d96f9592dc17427af92c7

SHA256
85532c5ca838c02d8b613238d664ea0d2f9509f1cd43c64cea492055f3a2a15d

SHA512
7a987ccaa724d310ce8a5b4034eb39b6ce13c46bf999300e8638096a49f6e2315275463dfdde5544ccaab4d6309f8fcce32aeedacdecd483299412eb1ac11d98

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Cookies

Filesize
20KB

MD5
22be08f683bcc01d7a9799bbd2c10041

SHA1
2efb6041cf3d6e67970135e592569c76fc4c41de

SHA256
451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457

SHA512
0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\index

Filesize
256KB

MD5
47a7695debb1d56adb128103d1feb185

SHA1
2adb1daa2c8640be4d8cdbc40e9168c1280802af

SHA256
bc3aa7aef187bcf9c7106aa17bc0e4ceba087bc2b3774b0439a3a42e40d229d8

SHA512
0002bd42b5e9f1d5981d9bae9150e7282a08be6f0928553b86f4c96a2addc5f5fbdc4056cb906d528d6ce77e217da2c86ee56a754f752096722dfe747b3a36e3

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Local Storage\leveldb\LOG

Filesize
285B

MD5
555980224b196f6f65c35765d71673fb

SHA1
34e1c7e2f59b23d8eb47e88e1865c6dcd4d3f4a6

SHA256
1e3719185a3d9538384e8b5b9f08af771ebaa6d20675b8ba3bef5b4711868ca2

SHA512
77592c56c8ac4bacec48cd0110d969d0b00eb019b75b323c2f0a4332e00eb806d1e65fd4bc32fb9d27c4b3909aab39d9631d416a407900904d7aced863f194ab

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Login Data

Filesize
40KB

MD5
b608d407fc15adea97c26936bc6f03f6

SHA1
953e7420801c76393902c0d6bb56148947e41571

SHA256
b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf

SHA512
cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Media History

Filesize
76KB

MD5
cf7ac318453f6b64b6dc186489ff4593

SHA1
b405c8e0737be8e16a08556757dc817bd02af025

SHA256
634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a

SHA512
b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Preferences

Filesize
3KB

MD5
28af20abdb06c72fa57907d703b4daf4

SHA1
5ac6ba95bc8a3f12039de79c6e28e1995c90c83d

SHA256
81ec77e4ed0057e134a0010c6237179678eddbee06e0d9ed6b096b7588b22f6d

SHA512
d234f19bec9ba9b30a001ad03a4e329caaec6b941de34bf9828b911f0d9fad789fe4dcf2ad5420998bc07f89d8cc5f193865d8da6c384bf6b2a3ea84595dbaa7

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Preferences

Filesize
3KB

MD5
9bbe136cd49ff935c600a47d61cecd3d

SHA1
5348874749e2a3c71d075c0d342abe2d4d6abc2c

SHA256
47bd6f3c026f7badb14c5bfd95d13934597124e89508d7a6613ed8ce30d84cd0

SHA512
31cb1b3fc33cf9eb432095218ea752d1cdcfa92ed1f71d22dcf4c6cb51330bb3b3fec9ca48d68acb4c3228200b65dcd4cd7623b5db3a29dc21e9203eb3c89790

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Preferences

Filesize
3KB

MD5
989a687239a6f665dd6ffbcc42a2ff41

SHA1
fd4b5285c652443b36b355bb5af8a3b55ee77feb

SHA256
8242ce39d2dbc766ab240e3550a93c494f2c5d71e5b7e00fa940f611452d709c

SHA512
3b7c97c4971240b7902008c3d6ecacf25a775b34569f2f792b7dbd054673d6d79014065bd97586ba80c74c80c8033976b000bc605229966cd775d248137dd862

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Preferences

Filesize
3KB

MD5
43de1882209c3730d5c635411ba69bdb

SHA1
3bfa74569efe69020e42d172e14e110851dad3b9

SHA256
21ead0f66c8166716a86f262019529aa68bd1135d7defbac7ecfbe3d2491be60

SHA512
8551a1998b7e475b1b6319bb98d630e34dc996843fa2e6552a88f5e129400e57c163639a3bbafb0bf31bfd91e977bda21a3b391970fbce701a1aecd5d012939a

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Secure Preferences

Filesize
8KB

MD5
2ac0509f2738eb0b801ee4cc481d7522

SHA1
c9a5f99c8cbdc8497d9a2d2cbd3b6089df689b24

SHA256
587a6fad579a18c955167950e1c721a85d3efd1e6630700332f88df132e1ac73

SHA512
9ab2040124618706248116a532bf8acbde0692518067b53131694d71555416b5c62ee1ad140022f319883733ce6e781699158c662890cee350e764254b35a7a0

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Session Storage\000003.log

Filesize
61B

MD5
9f7eadc15e13d0608b4e4d590499ae2e

SHA1
afb27f5c20b117031328e12dd3111a7681ff8db5

SHA256
5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

SHA512
88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Session Storage\LOG

Filesize
275B

MD5
c95355530df6365ec7df19f1ae6f7749

SHA1
41113a746ae6bc9ac34efa13ca0c939f089a5a87

SHA256
87a619d1f3e4ca5bc13f0ba1660cf9476ff80cd5b588f3dab97934aeeef2f7c6

SHA512
746b913b0cb62bda30987000faf82050b193d25b426c85d0a5b8161825e752413a56ed691fd6224e30d585a6590e98c6046bfdc77121ef44b39574fa48b1a1e3

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Site Characteristics Database\LOG

Filesize
301B

MD5
49e8e57a88f72d505b01a86f2d16055c

SHA1
b4676f1ce58ea0006b59b47dd5f1d16f3f6de97e

SHA256
37f5a22eacf699ee6a743f6ca1a4c9e941c94d6040e8cacedf68c63cadceb941

SHA512
435bf798139eb29bc28899332b8b3b9ac8a681519099aa5602bd974c7dca4fd763c58b80aa7856015c6b94fadcffe3f84a06f1bce6e3d50bc57583b3a51ad111

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Sync Data\LevelDB\LOG

Filesize
277B

MD5
27c91635882f2e3909d4b9a961f31507

SHA1
12c3a235e0472c2739220f11ad31a0ae4d4412ea

SHA256
a966c3c5c50aeca86ea2034328c9a6ee4a9544aa1166735c123601f18ad7028a

SHA512
47836ca86b433f75b07fbc24819e3b3affa5a85b33469019a2cf45a061543d3d057b9f80f87ed49f309cfbec4ddbdcbd1c8e21328a553ebe22f7e3ac874cebcc

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Top Sites

Filesize
20KB

MD5
325ddf165383376a8e530a8288a9fb73

SHA1
f451204bb6f3de9de42f27bd887576b083026e87

SHA256
53eb4fcb3cbcaacd4d94036c9379715990f86185b8ef7fd18cb27665193da6c8

SHA512
edb9c49956741560f40df102b81c3b558b1ae9ce902040f89cecb2fbbf60277dcb73f68d8b7c60340a92c46915828b7a204420292d0a4906ac0e9082943ad528

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Visited Links

Filesize
128KB

MD5
a5682daacfc0916a763e504079d38d22

SHA1
dc28d6d4a4c1787bcb31f322fc2dcd78cf5e4025

SHA256
dd5a5bd4aa5be0292d228186e392bfecfd9794f4f54399fe15b7ffa8fd2f1926

SHA512
bd1f5fdbe87b3985581efc661fe8159e6f2459db6529cc16edb2814ec174c121d61ef7025f039b7ac80cffb439763e1a1363012a667cb7531c1ca6c293015068

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Web Data

Filesize
110KB

MD5
12aff5c24b1e165da94cc9ddef6d752a

SHA1
345a57b067d6c7561b149b6a7de1d0cf53e42cc9

SHA256
b49ee954c97289b707fcaed55266f7c49720d1c24f4a8872038384155081aabf

SHA512
fd584f3d7e3a5603ff2699e1b4930d6594b0ea09c0a194b7329f44d3d4d2e1e985a42ab512afc1b6a0f35412ef839d35f27fab1f6506e871d74c648c3adb0ae6

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\e02c7615-34a6-4c62-9c78-e16240ecdf2f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\load_statistics.db

Filesize
44KB

MD5
144dfaaa82df72858197f4ef7ddd34f2

SHA1
e6bbbc5593c1d782e2d23c6ba6a5f5468e7548fa

SHA256
fe2844d9713e3f49ff6e5c6d5e9f3b7af671fe9165cafe01ebbaf61bb1ae84b9

SHA512
5a53b1dfd4729dd2cf7c5fb45b4b15e3b1729c7c7dca1a029b39964a6e0f9435bde61ba5c8e7b859254798fa135264c9814533409e5980159e52cdca2b1a5793

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Local State

Filesize
2KB

MD5
176c7a7a7f33e559cb9e5e07836b9819

SHA1
f47ba694d69b8777477a160017b987903d4fd89e

SHA256
1e949a835ce300b0058efa03a822ba6b38fd93e11bff9bb97418a38e8e1c2b0a

SHA512
fc98b87262b938361943b64a1c920c8ec6612a9f7a1d221a6bba5996360e70902cc5fe36b25616b1fcb6f78b67f908a574d9bc18d8b4c635193ed4c9d2764a25

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Local State

Filesize
2KB

MD5
8e529f5cc3e53644718ee4af438b4874

SHA1
eeead43c33c8c78e3af5d88a156fedb2a946c3e4

SHA256
ef637569071ffb4d471fc4147bee645924f9fc0d5218dd68f56ce9cd3b7cf679

SHA512
a13a3476f2153024da24df977e7c71aa9c2cc389dfb0cb2e9054ea36e0d5dc80bbe42a968179aafd3a0d1d2509cb9bca4eb8ef03af9827925f06f0f258743e21

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\ShaderCache\GPUCache\index

Filesize
256KB

MD5
a9b31b1b49270884e06aba86c8ddec77

SHA1
a64bd6f5b27f226a88c20ddfc73180dfdad6d00a

SHA256
3560552ebd142c1e0ecff47770d245f9880f2d6b8e7607bb51b2c03a845a3e4d

SHA512
5418b25b199f702093f839744585340d6a43d3ac8e7ee65ae6a2f43c9f532e4cf8a6841a16b71e4aaa188fd763a82698c21e1593f8f281a6d7b156585d44afc8

Download Submit
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\c032707d-be28-4d46-b67f-2ce5ff86b6a7.tmp

Filesize
2KB

MD5
a81bdb7e078e885a49c95c0a0f236b13

SHA1
f45f8170755863930fb57ad0bc1c0b5ced927901

SHA256
252e5c33f8dbac2880be9e55fed88e1c92f69aaa0795679b6da6d314817b30cb

SHA512
b0d91ec3b3d863ed10d4ac6d24c0f7d9adae7e462791be7f94f0103a6366a64c334a15fb41ffa83395724640fb6238654f311a13d321652931d4346d60794ca6

Download Submit
C:\Windows\Installer\e57e261.msi

Filesize
6.5MB

MD5
4eb0f591d4635eef867eba6b30519482

SHA1
ffbdf0b4e300686d4c637ec9ae1e93f5fe31d1e1

SHA256
d1861ff47ec977e9ce72cbeab98d2838f5981adb6ee8800ef41c59ab2bcda26b

SHA512
4f9d7827508e8491af2df7e3adcc9da47871546284381e9873283c00a81a98a0aa4cc60cfc3a2e61247ec13f1de08c72818096b56613be569b83fb1e6d56b4ee

Download Submit
memory/2060-67-0x00007FFCFD3C0000-0x00007FFCFD3C1000-memory.dmp

Filesize
4KB

Download