hxxp://drive[.]google[.]com/drive/folders/1d3iHt6d6V-rx2A205KgJCD6xp4OWWfzq?usp=sharing

Analysis

max time kernel
105s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://drive.google.com/drive/folders/1d3iHt6d6V-rx2A205KgJCD6xp4OWWfzq?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1152	reboot_launcher-6.4.06.4.0-windows-setup.exe
764	reboot_launcher-6.4.06.4.0-windows-setup.tmp
5036	reboot_launcher.exe

Loads dropped DLL 7 IoCs

pid	Process
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
13	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\reboot_launcher\screen_retriever_plugin.dll	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File opened for modification	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\craniumv2.dll	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-S8I0I.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\profiles\is-0S6R2.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-A4P9G.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-PTFP0.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-BMN7F.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File opened for modification	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\winrar.exe	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-L9KLD.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-8J4JS.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-L1788.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-IUA5J.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-9UP13.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\is-FKHH2.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-1IPAF.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\profiles\is-38KHA.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-6NEEL.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-HA3A2.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-O3LSE.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-JDVOV.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\packages\window_manager\images\is-733QD.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\is-TNU9I.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\profiles\is-2H31T.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-8DPKJ.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File opened for modification	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\build.exe	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\is-UI5LO.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\is-LTRQF.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-UF8O6.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-06N35.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-TRQPQ.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-TUR9F.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\profiles\is-2QMA6.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-55IIU.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\icons\is-8CQ2T.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-D6K2R.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\profiles\is-U3HF1.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-T2ISQ.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-F30BR.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-PU1KD.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\packages\fluent_ui\assets\is-31D76.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\is-V2FNS.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\is-9S1ED.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-B89CM.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-8CAEE.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-DJ04F.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-GIDMM.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\profiles\is-T3UM2.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File opened for modification	C:\Program Files\reboot_launcher\system_theme_plugin.dll	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\is-GPMIN.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\is-3UGPM.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\is-50VAB.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-DVUP7.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-AOMI5.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-TS25V.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\responses\is-7A42V.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\packages\window_manager\images\is-2RF3L.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File opened for modification	C:\Program Files\reboot_launcher\url_launcher_windows_plugin.dll	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File opened for modification	C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\leakv2.dll	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\is-27NME.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\is-F96NN.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\config\is-MA3ST.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-TBE7V.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-9O1RL.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp
File created	C:\Program Files\reboot_launcher\data\flutter_assets\shaders\is-ROIAA.tmp	reboot_launcher-6.4.06.4.0-windows-setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reboot_launcher-6.4.06.4.0-windows-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reboot_launcher-6.4.06.4.0-windows-setup.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 862656.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
708	msedge.exe
708	msedge.exe
2576	msedge.exe
2576	msedge.exe
4552	identity_helper.exe
4552	identity_helper.exe
1084	msedge.exe
1084	msedge.exe
764	reboot_launcher-6.4.06.4.0-windows-setup.tmp
764	reboot_launcher-6.4.06.4.0-windows-setup.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
764	reboot_launcher-6.4.06.4.0-windows-setup.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe
5036	reboot_launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 1776	2576	msedge.exe	82
PID 2576 wrote to memory of 1776	2576	msedge.exe	82
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 3748	2576	msedge.exe	83
PID 2576 wrote to memory of 708	2576	msedge.exe	84
PID 2576 wrote to memory of 708	2576	msedge.exe	84
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85
PID 2576 wrote to memory of 4376	2576	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://drive.google.com/drive/folders/1d3iHt6d6V-rx2A205KgJCD6xp4OWWfzq?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9f5746f8,0x7ffc9f574708,0x7ffc9f574718
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,12018158827598003404,13638197734122843406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1092

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3600

C:\Users\Admin\Downloads\reboot_launcher-6.4.06.4.0-windows-setup.exe
"C:\Users\Admin\Downloads\reboot_launcher-6.4.06.4.0-windows-setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1152
- C:\Users\Admin\AppData\Local\Temp\is-B5TL9.tmp\reboot_launcher-6.4.06.4.0-windows-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-B5TL9.tmp\reboot_launcher-6.4.06.4.0-windows-setup.tmp" /SL5="$202A4,17582819,832512,C:\Users\Admin\Downloads\reboot_launcher-6.4.06.4.0-windows-setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:764
- - C:\Program Files\reboot_launcher\reboot_launcher.exe
    "C:\Program Files\reboot_launcher\reboot_launcher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\reboot_launcher\data\app.so

Filesize
7.0MB

MD5
3c7d5c059b0c74d8581c644346120d66

SHA1
10bd9ba49cc1ac5e508a9d716027281c5f797415

SHA256
5f7a19b9fd9c1d58e9812362c307b6bee29c0ad3e752ac43b41626a46d3c4796

SHA512
7839a02716cd920c913f904d4d46256da58feeadcfc840d6de4ec56c378596661202ce8aefef5f2a6bb507958f4436292fc11ed90be4bbbff2f6b4efc2306e31

Download Submit
C:\Program Files\reboot_launcher\data\flutter_assets\FontManifest.json

Filesize
189B

MD5
6b53bbac7e12ce88331411914c31782e

SHA1
63e13560f741fff28e1eee14161cf86b8e05b8af

SHA256
0f22e430aa6c127c70f16f33d4b263c3bb841c62d2a0051b0b89337d61d2c69b

SHA512
e9b7b4da3af9f38a4d4c37e9e52b1d7da98af574d236fc4bf123db12bfeec91a8ae93ebb06d4e6f2e5eac6359797fb3e4de7147fb265f0e3707b3623e036ab73

Download Submit
C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\console.dll

Filesize
295KB

MD5
e826d5247f904ffbafda339552cb2e4c

SHA1
cac9199cfaebb0a3515b507a6d4c160542a6d8fc

SHA256
1449fb74303009acef9b18bc84806656c886a742f9cbbe8e0bc8f0f8f4f7a585

SHA512
1b2623fff24c85b49a7cad49999645d155a925d055787be9b1b02e4d13db581ace33b6b9f10fc57e5cb8c4513e7188613c851c3446d1a6a95c68d8ee99b00084

Download Submit
C:\Program Files\reboot_launcher\data\flutter_assets\assets\binaries\craniumv2.dll

Filesize
142KB

MD5
66b0160276845c19b320cd874c7533ea

SHA1
2682cc60b225ee43868856f8f0e177e3873ad5a0

SHA256
eaf169f9c898cf42ea8fc4292d28bc5c6d4ea2c1784518476c0205767feb4c08

SHA512
f945f67b875fbc9a558dbee2209c099d9453361351a6d733eadd764c6ec4f7a3ffb5b4cc97631200fae368469d5236c2d8041a71e6fedb51b63d94338619b444

Download Submit
C:\Program Files\reboot_launcher\data\flutter_assets\assets\images\is-GIDMM.tmp

Filesize
1KB

MD5
164fa71be03ea27655a3fe9ce7ef1f11

SHA1
651f1eb5e805118d83548e77edd97e165252c09f

SHA256
f9a55a8d8eb8998a32472833bccbcfb595078c49b01b363bcd6ab08a62adbeaf

SHA512
65b22256a097e80ce23a60dd3c7f9f7bece44ddf91efffe4f3938959f3035dd0889178172199b7ec6d4e44bfc330922a440bdbf658bf716eb96f4ad0d889a4e5

Download Submit
C:\Program Files\reboot_launcher\data\flutter_assets\packages\fluent_ui\fonts\FluentIcons.ttf

Filesize
487KB

MD5
1cd173aed13e298ab2663dd0924f6762

SHA1
d32f44a20abcbfc777ddf1c26aef5653fba000d5

SHA256
e43677df65d4e314282e7bcb15ec5c02b57056184064cb94942e938918b305de

SHA512
684f9ced2ecca478d90fc816d78daaed82dd07a2088d53222d0d91db651f66f1532805aa18f3ec8f1d75d4c994ea2b8ca810909218849ce84cfeee596a37ca67

Download Submit
C:\Program Files\reboot_launcher\data\icudtl.dat

Filesize
796KB

MD5
dc1d7fbeacfb517e801dcb886074ed42

SHA1
ab969ca7aace910f9c906d5ed7473a79caccafc5

SHA256
b00f83f6938d2ec735ac8f970c779f8ff28063b91a73d022b7a954bb85231c38

SHA512
085815b511544f531effffc46b0ed5cde5834d4c85497487fa5cbd8e7b3dbfef597b63c47c92b5512a1f80e7924ea41ba797c3b90d2818d34630a7f5f0bc3161

Download Submit
C:\Program Files\reboot_launcher\flutter_windows.dll

Filesize
15.1MB

MD5
ad39134489085f1983c0cbf801df7a5a

SHA1
d35d2408ee6449aaf3b8ce338dbba5e31107dda8

SHA256
76ba47ebf660de9c9271e3a9881c14c592559377a765d5e43ef19924c83c5524

SHA512
09bc769f77f2c7a193505a741c16f2ac991830ecea67ea8f20efd008d44ab8b1c1fa029a6d5154dffa2f338d9fd0a7a7e68d69ef4f0ac38576c046fe75c91fe7

Download Submit
C:\Program Files\reboot_launcher\reboot_launcher.exe

Filesize
127KB

MD5
0f54b65adc5f211b7439340e31fea3c9

SHA1
71eee9d509ec0c6c3a30d2fa02d35244de1690d7

SHA256
29bfd922cc037ee07a3a5c5895273c3e66e4fed6c8274a0ed10b36066d6188b9

SHA512
5e94451a7e105447f65b2dacb6000b70d41a5fed74e1d483c00b7773b6658837925969744533aa21b42c57a8cafbef976c9a6f10a2b1b013fd47212f6679ff33

Download Submit
C:\Program Files\reboot_launcher\screen_retriever_plugin.dll

Filesize
94KB

MD5
217d2d24d79c2602235c2c8aeb71ee4c

SHA1
f03540d7ffbea51f014b741a98f1d2b02581ca68

SHA256
658a746a3d837191b55d352692adb34ffce34169026b936038e9ee81973bbecd

SHA512
515a5c78975f687157b012a8dd5aa3dfe419e791b03ef3bbefbd0383567071393d37d56b707e4e89429626a150c4ea30ae9d4c83a1a2fe3d306ed680c3ddc63c

Download Submit
C:\Program Files\reboot_launcher\system_theme_plugin.dll

Filesize
80KB

MD5
8e9163aca221905e373d878373038d1c

SHA1
62882d1115082695ab1c0cc6de6e60193217fc1a

SHA256
483121dd29d231b303769c46dc18c1b622bdde1de3313f410a0cf0d82df4e141

SHA512
bb7501c88d4bf256d19716cbf43bef704edb552ebce0a39ea6a8ec74efa9b09c41a442ffe139b6a7298fb50e404458c34b2276e5bbd63c4507c5fcac2bc27f7b

Download Submit
C:\Program Files\reboot_launcher\url_launcher_windows_plugin.dll

Filesize
78KB

MD5
f9cc40ba8d330108bdcbafa906e79deb

SHA1
c367ea3ac6c541fd9517d07c5746c49a6d57c60b

SHA256
aea1875aec21e298fdf4d28f121598a81eb850a78131eacbd331febc2ede2798

SHA512
0fc04efab06dd91b8c8e5c048e52d247ce032bede16b5275889f4ff18131a64447252e220c3782130d1e7bc1f6a13b06b94f85254b9361bf939af00703e7070f

Download Submit
C:\Program Files\reboot_launcher\window_manager_plugin.dll

Filesize
126KB

MD5
a547cb34b23255125c9aaa4dfe2aaf1b

SHA1
38162d2f41d13a4169cf7a36c5352ee29d310cfa

SHA256
bf1330c8a06fd40752a66ccbde234fa167d84de57a6148b3fe51afbecabb604d

SHA512
a6c2ffffc661003473ed5d3ff66797fe80677af3f3ad20832a9d2cfb6414a6237b1ef5bb3a9c54235af6145deab682b8450baf18985e61399a6b0eb5f65bf475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c701250-4258-4709-a551-0acb9f93942b.tmp

Filesize
5KB

MD5
7222968bbb5f700eabf9152f220ba847

SHA1
083e13b08a3999b9dabeec9abfad802511eb6bd3

SHA256
b1bef5b270407532f02274fe7199e6efa8396bfc276c00c7619f8ade16c59ba9

SHA512
48be46e702346abd78ca85cb183b35d5bd74622667f1a7d43ffc24cc3b51997e1278bb833a46e86797229b4f0a84548dba4d909313f072a4bdf6c9ad7a06d9ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
28KB

MD5
78fbaa6c69ccc961b8ec438a8588001b

SHA1
990c7f85fd6739a39ceb934cacbddd8ca7672627

SHA256
708cc85c1b714f37d78a73e237276b2525f644e3e5ab935d7671368f21c2d4d9

SHA512
c9b167bc97e6a65745576831721bc21c1ebb4ea9545643f2af6e7b4879b5930db85991013a12a8debf645f3b152b9c27afa619c245e21d35d9cd66b1347a0aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0b05e5f091c37285a57a3add6772693e

SHA1
682330c8629bf251c940bd9e7e2c25299f651fd0

SHA256
5c907e130763eef6a7c33b214556b7d608aba625cdb5c09b4b37ba732c33cdf4

SHA512
4e61d02a181571a459cc51659382e6e1cd37b72a2e789b9dbbe8bfdd6d4cd52b3d87bf46a64c5d36488c369fcecce97e0cc425262630023680dcb9459f408dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7fa467770673079008864f3b118ae79c

SHA1
73a203ea827ab3b3f005efaed4dda54f120a2561

SHA256
b0b692b096ec3cc24e0d63cbd62ee6614f4eedcd53848aa245b614d5e14c7e23

SHA512
11098bd0d0a23fc9a0fbbc6623e9b9c983d4ceb996001878d6288278c1ce3c0e72688cecfe4ef006cb467b5979e857d7cd104ba88b4e7cd096a50e25bb7d7e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0106412a78f5c7d27fe5015cb06fbfa3

SHA1
cb48b5fb2da5e8e999db22e0a55f9c49a1e9ebcb

SHA256
4de79364745ef513bdc4f88c17bbb7ae26eb4b8e4227a7f1ff20401e5119ff3a

SHA512
aa12be99f7a425ae55340695fe762f8e3f94a6a75f28f96ff9361853c97d32f1ee7b61f94f25883fbd18181bfaf2b991fb0faf9766d01fb554d34a7831f7cd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31da8a57e77b328da4622be0010f9b91

SHA1
ae97591244ff09841908fdc9ba41ab004c5dac2d

SHA256
997ef98eda47feb90b20b3e8548ef80587e7db33223170f44c9930195dae0ee6

SHA512
1b0139f0a99759ff34c481106f19cf53a9811dc98fba305c9a40ca76bc4179fc5ac9a4ec2040362fcd3a5c7c9c5da63c0a7efa7b10713ea8527e21a2dac1f512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c190bd023eb4769d934192ac857e0a16

SHA1
8cd68b7269a95ae59567d9bfb588ec920e90ca51

SHA256
93c8aeb4878c7ab4f49d55dfdb09755fb935d81ad0803618822f00fc01a8fc1c

SHA512
a2b0c89906961b088a50b7c764eec59f3359af6f821338da319b1dcf096a372ec15e077ad41ae414e9a5adaf7829b8313216aaef973276e8a24dc6b93a900949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c3e4d24158e2dcbed1c5c9e5ff40c47

SHA1
315b1041726c2906715af046f5c554be918bd993

SHA256
300d074b3fbd8234739daf3fe9a90b936f0c872d235b268738d4a0b7b3b9cb45

SHA512
31018de046a3e96ae7025c8025d98b1ab6a5cabcbfe6d2eb1bb97b10a6836683f4a1dd6b0466ed18fd33874331297d2acb4937732459fcee83282bffba5fba19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9029fe9a95d478426f1bb4c0d7d7791d

SHA1
338adf6ed78a77dee4ef45faf2a2b712a96d2d19

SHA256
5cee861fad2a4adb9584b5bcdc72376c3bdeb29eb6adca3d69afd3ca009b2d18

SHA512
5b5cf001d987f6fe81c86996ff450d6ac6849124e605e18e8e1c7570638eb97a79c95d0f1383701ba967283f807575d9d861baf0d7ad53fd569069b777b35d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
810cfaefce7277242ec4157965b35bfb

SHA1
5215f78d3901a1f3d11aa2a80f17e607b69476c3

SHA256
0ef3decad077e0eff238d85cf51f52db25a28e6979623637d7713431c2c7ff5a

SHA512
a3485a5bf5c8fe0101acfe0a556de58559a3ea187335579c63a627e4b3913cc197b982591dd8a0a3ee692e7e04d8e1c27647091f3b11f87c4a8091fa2c97d223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3079b7fa5989388cb58c9835c6a16d4e

SHA1
d50aefcee4ffc78557ca6191c0059c3fbe4ec5ca

SHA256
c9bea273b619697c36797ab7155b3632d04c228dbc81540c2ddc3ba804058b29

SHA512
4010093b34b70bf4e07aa19df38b6af5a71e0aaec4bf7b2655f3ec69f496c6398c32999517ca66f7efd90e3c36d98af55189fe89d04b89852275b393dbe9ea73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de9e1bb013cdf7087b16a5970a53097a

SHA1
aef07a5dc5d6fead262882c73e0de815ff80b14b

SHA256
4a6484c0ca4a02e9fde2fbd7aa281ccd572a047e1143f3bea97b37dca88c8da7

SHA512
7958f5500a43fa239526fba729772e5e9d27ba3a99fe2c424365c7fcfb30cbd6b6bbeb87e5e93d0d50ff8f888b1b35ea8c0f86f11ab045416a17dc0580c446c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583515.TMP

Filesize
1KB

MD5
e4237e3bc6336c672318c07a31e4cc14

SHA1
854bb6273bee24bfe6f20e015477644900dd7c20

SHA256
8752ebd19ef8cc662bc1f2c4c52d877584127f1f03bf10980090c1392afb14f5

SHA512
c93dd26f447fee73a2ad41020ec2860d219eee9d745358f8c2681bca8f1c0ebc3572838f69f50cac3779e6198ac3e3255f405cba2b07a6358579635a9d742cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e92d4560118b26a2ba0c570d40a52f55

SHA1
437e0eb8b9fa16ef4e1bd7aaca319f4db2e5d329

SHA256
aa044e307d9128c61a7ec22cf3c73d07b748758e6a4934463aeb2a3c3ac0787d

SHA512
dfa863bf2e8bf7ab55d26d76afc4c118d2730bb423aa8c35231f9f616f679ce0c131cb250e97d9fc942f27d9cb1ee556085735d16f72ff2b415c53680b6f5688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d828a66efe83252c9a5b101429a36046

SHA1
074146948cbb64256716d4c500fa755e4f67c21a

SHA256
ad35daefa2b43332dd964ecbdee23f3a2cbbb27c7ea4b7557e0fdebdcd013158

SHA512
c1815a60a76eabb2a1628f658a7811222c9aa1486ac757af6871e2e6cf78596927c5f1d6744efa39b7e3697e8947253248b9f7060d80538c0ba55631e296619d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4ed8d513d14bab3c718c8d30c92219e

SHA1
32035698e3806f094d5cce5bdb8059175aa17de5

SHA256
fa4ad8ea1f934da339d1b6cd9d2894eb7228fca6b3d45ab944d485f5d524ba17

SHA512
3d66995a21261d2288627a5707078b7f341fca08a96d6c5aef14e4f93bd638b450b8f07cfc4dd9046ae8c134a4761e96c4af9f8a524a9e5c02ca82b55a49a7cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B5TL9.tmp\reboot_launcher-6.4.06.4.0-windows-setup.tmp

Filesize
3.0MB

MD5
9b0cae1ca3bc79c44c0d408b1bce3bd2

SHA1
7a1ce05a73824f9397a891c2fb082c0caf2e5127

SHA256
65a7a72d4debaa6843c42d0b6c979b991e76287350d2a47a4f6c3bee1170aece

SHA512
6bf9e1c8601cb0181fbbefa3051f04f8c1ccf8f38a8960a4e8763f1dd6a85a8a01b5823e8c7836b7ef397c11361499fd28ba3f348dfe1798fb81e4faec54ffd8

Download Submit
C:\Users\Admin\Documents\server.gs

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Documents\settings.gs

Filesize
31B

MD5
cb158ca858e2297a86ddd93c4f13d9c0

SHA1
a55c29b7342a8f81cd20798c033d2e627e913234

SHA256
2bfc4ea40cf5ac13d5636cfa9e902a8125974f48bf1cd967f29da3b7c60382a0

SHA512
8ac7b73544de99bdd9bd74759625b9455bcd07c51a7a92b743d019d3921ceca13b6d2a2f63f98972e0bf5bf38ffd8afcff04b0e2e0c4f2dd51063db1578b0a67

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 862656.crdownload

Filesize
17.6MB

MD5
eea6f23783960b727724b69711cda91e

SHA1
3fce8f515849a9b03ca2b42b79621ae2dd564013

SHA256
b15eb3b072f1dc2f983315cc67f99638f8037c483ae2b9d86e06b98c4cc15b7c

SHA512
2c63f5f93e3d0233c7cd2b7985208fcfb676e82b14af1fc4c1e4c5e4322984180e428bd849d3f1bee5e8aab08158f9ad5ab1d9761f070ec41acbe9ea47f93c24

Download Submit
memory/764-483-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/764-484-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/1152-480-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1152-268-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1152-485-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5036-481-0x000002428B1B0000-0x000002428B1B1000-memory.dmp

Filesize
4KB

Download
memory/5036-476-0x000002428B1A0000-0x000002428B1A1000-memory.dmp

Filesize
4KB

Download
memory/5036-478-0x000002428B1F0000-0x000002428B8E5000-memory.dmp

Filesize
7.0MB

Download
memory/5036-477-0x000002428B1F0000-0x000002428B8E5000-memory.dmp

Filesize
7.0MB

Download
memory/5036-479-0x000002428B1F0000-0x000002428B8E5000-memory.dmp

Filesize
7.0MB

Download