e12b35bb96f789fe856cae00c7cf465bf355c8315878e502527262fff3e74fcf

Analysis

max time kernel
1896s
max time network
607s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

reboot_launcher-9.2.7+9.2.7-windows-setup.exe
Size

69.5MB
MD5

bfecd3cd092a3224723e48b147767880
SHA1

5a7ace5dc9ee44d5916b1b679ee2f4cc6584007e
SHA256

e12b35bb96f789fe856cae00c7cf465bf355c8315878e502527262fff3e74fcf
SHA512

179fa2f0ad6540d511fcbb5aab86dde8c32c5d2c3f3dda0ae71a9443dcc478e7ebfc11089305ff4924f272d600979422d657c2e19069cb792e76e392c5bd4e95
SSDEEP

1572864:ALlXQv2+gRYYxOP+bobZwWbqH59R0V4AwDBEZX61JJU9+H9Ip+KaV4e63:YXO2+gw+b4+WCRpk5CJJU9+dIGV4e63

Score

8^/10

discovery execution persistence

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4884	powershell.exe
4488	powershell.exe
540	powershell.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	VC_redist.x64.exe

Executes dropped EXE 8 IoCs

pid	Process
4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
1936	_setup64.tmp
1904	VC_redist.x64.exe
4284	VC_redist.x64.exe
5036	VC_redist.x64.exe
4960	reboot_launcher.exe
1708	playit.exe
4204	winrar.exe

Loads dropped DLL 16 IoCs

pid	Process
4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
4284	VC_redist.x64.exe
1680	VC_redist.x64.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5af95fd8-a22e-458f-acee-c61bd787178e} = "\"C:\\ProgramData\\Package Cache\\{5af95fd8-a22e-458f-acee-c61bd787178e}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Blocklisted process makes network request 4 IoCs

flow	pid	Process
159	4408	msiexec.exe
161	4408	msiexec.exe
163	4408	msiexec.exe
165	4408	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
69	raw.githubusercontent.com
72	raw.githubusercontent.com
41	raw.githubusercontent.com
49	raw.githubusercontent.com
53	raw.githubusercontent.com
61	raw.githubusercontent.com
62	raw.githubusercontent.com

Drops file in System32 directory 51 IoCs

description	ioc	Process
File created	C:\Windows\system32\vcruntime140_threads.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-GJJ0D.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-9UA5D.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-5HIBC.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-UON2N.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-N6EH2.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-T5043.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-UBAMG.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-IRFP6.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-7JOUE.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-9PN9O.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-CV37B.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-OCE9H.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-S12CE.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-C0OMK.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File opened for modification	C:\Program Files\Reboot Launcher\settings\backend_storage.bak	reboot_launcher.exe
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-PKAL6.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-NFB8O.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-E8I4N.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\fluent_ui\assets\is-QMM9T.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-56KCT.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-8G9L4.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-0GKR2.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-M5R63.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-36R3K.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-KRQGT.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-ILN9O.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-4R0IM.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-71FRS.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-ET6VB.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-HOCQV.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-PSU0S.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-G65QO.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\dlls\reboot.dll	reboot_launcher.exe
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-VBGOL.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-NLHM9.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-B1IRD.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-SI8U7.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\is-GG2II.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-862NN.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-KFOQ7.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-1JPB3.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-1JRPI.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\is-2K6GL.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\is-AHUT1.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-2OH1V.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-1TKSD.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-OB3BP.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-RE6MO.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-IT9T0.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-AL21Q.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-9Q9MP.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-A6LQM.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-UJ1VS.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\is-0BBI8.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Campaign\is-73JRS.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-I5GEA.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-G6BNM.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-37UKD.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-1C3I5.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-B8F5R.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\is-1PT6O.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\is-5EIQD.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-HHCGS.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
File created	C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-CJ64E.tmp	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp

Drops file in Windows directory 25 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID91A.tmp	msiexec.exe
File created	C:\Windows\Installer\e57d6f0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\{8C17366B-843B-49DC-AC1B-748DC264E06F}\ProductICO	msiexec.exe
File created	C:\Windows\Installer\e5d3878.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\e57d6c8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDFC3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5d3878.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8C17366B-843B-49DC-AC1B-748DC264E06F}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3A2D.tmp	msiexec.exe
File created	C:\Windows\Installer\{8C17366B-843B-49DC-AC1B-748DC264E06F}\ProductICO	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\e57d6db.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57d6db.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE2C2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e5d387a.msi	msiexec.exe
File created	C:\Windows\Installer\e57d6c8.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDB3E.tmp	msiexec.exe
File created	C:\Windows\Installer\e57d6da.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reboot_launcher-9.2.7+9.2.7-windows-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009fc5eef0dbaffe7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009fc5eef00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809009fc5eef0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d9fc5eef0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009fc5eef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 10 IoCs

evasion

pid	Process
752	taskkill.exe
2592	taskkill.exe
4600	taskkill.exe
1932	taskkill.exe
1332	taskkill.exe
2160	taskkill.exe
4948	taskkill.exe
2304	taskkill.exe
3220	taskkill.exe
4652	taskkill.exe

Modifies data under HKEY_USERS 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732953562405643"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents	VC_redist.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Reboot\shell	reboot_launcher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\PackageCode = "0F1976868EAF8784585CF1DB265C6A81"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}v14.40.33810\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{5af95fd8-a22e-458f-acee-c61bd787178e}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}v14.40.33810\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4AEF046202130BD4399AB6404AFE7E2D\B66371C8B348CD94CAB147D82C460EF6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\A4BB3B8BD01A15F4197B6AF4AF3CE17A	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A4BB3B8BD01A15F4197B6AF4AF3CE17A\Servicing_Key	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.40.33810"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\ProductName = "playit"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F84DEC95EFBEC084A883CF70C9B2CEF0	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Reboot\URL Protocol	reboot_launcher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}v14.40.33810\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B66371C8B348CD94CAB147D82C460EF6	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\AdvertiseFlags = "388"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\ProductIcon = "C:\\Windows\\Installer\\{8C17366B-843B-49DC-AC1B-748DC264E06F}\\ProductICO"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A4BB3B8BD01A15F4197B6AF4AF3CE17A	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4AEF046202130BD4399AB6404AFE7E2D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.40,bundle\Version = "14.40.33810.0"	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.40,bundle\Dependents\{5af95fd8-a22e-458f-acee-c61bd787178e}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{5af95fd8-a22e-458f-acee-c61bd787178e}	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Reboot	reboot_launcher.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Reboot\ = "URL:Reboot"	reboot_launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\Clients = 3a0000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A\ProductName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A4BB3B8BD01A15F4197B6AF4AF3CE17A\SourceList\PackageName = "vc_runtimeMinimum_x64.msi"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\PackageName = "playit-windows-x86_64-signed.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\Media\1 = ";CD-ROM #1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A4BB3B8BD01A15F4197B6AF4AF3CE17A\VC_Runtime_Minimum	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Reboot\shell\open\command	reboot_launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Reboot\shell\open	reboot_launcher.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.40,bundle	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\F84DEC95EFBEC084A883CF70C9B2CEF0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F84DEC95EFBEC084A883CF70C9B2CEF0\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}v14.40.33810\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\Language = "1033"	msiexec.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
540	powershell.exe
540	powershell.exe
4808	msiexec.exe
4808	msiexec.exe
4808	msiexec.exe
4808	msiexec.exe
4808	msiexec.exe
4808	msiexec.exe
4808	msiexec.exe
4808	msiexec.exe
4884	powershell.exe
4884	powershell.exe
4884	powershell.exe
3820	chrome.exe
3820	chrome.exe
3912	msiexec.exe
3912	msiexec.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1180	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	540	powershell.exe
Token: SeBackupPrivilege	3260	vssvc.exe
Token: SeRestorePrivilege	3260	vssvc.exe
Token: SeAuditPrivilege	3260	vssvc.exe
Token: SeShutdownPrivilege	5036	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	5036	VC_redist.x64.exe
Token: SeSecurityPrivilege	4808	msiexec.exe
Token: SeCreateTokenPrivilege	5036	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	5036	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	5036	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	5036	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	5036	VC_redist.x64.exe
Token: SeTcbPrivilege	5036	VC_redist.x64.exe
Token: SeSecurityPrivilege	5036	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	5036	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	5036	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	5036	VC_redist.x64.exe
Token: SeSystemtimePrivilege	5036	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	5036	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	5036	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	5036	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	5036	VC_redist.x64.exe
Token: SeBackupPrivilege	5036	VC_redist.x64.exe
Token: SeRestorePrivilege	5036	VC_redist.x64.exe
Token: SeShutdownPrivilege	5036	VC_redist.x64.exe
Token: SeDebugPrivilege	5036	VC_redist.x64.exe
Token: SeAuditPrivilege	5036	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	5036	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	5036	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	5036	VC_redist.x64.exe
Token: SeUndockPrivilege	5036	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	5036	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	5036	VC_redist.x64.exe
Token: SeManageVolumePrivilege	5036	VC_redist.x64.exe
Token: SeImpersonatePrivilege	5036	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	5036	VC_redist.x64.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeBackupPrivilege	884	srtasks.exe
Token: SeRestorePrivilege	884	srtasks.exe
Token: SeSecurityPrivilege	884	srtasks.exe
Token: SeTakeOwnershipPrivilege	884	srtasks.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe
Token: SeRestorePrivilege	4808	msiexec.exe
Token: SeTakeOwnershipPrivilege	4808	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
4960	reboot_launcher.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
4408	msiexec.exe
3820	chrome.exe
4408	msiexec.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe
1180	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe
4960	reboot_launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 4836	4500	reboot_launcher-9.2.7+9.2.7-windows-setup.exe	87
PID 4500 wrote to memory of 4836	4500	reboot_launcher-9.2.7+9.2.7-windows-setup.exe	87
PID 4500 wrote to memory of 4836	4500	reboot_launcher-9.2.7+9.2.7-windows-setup.exe	87
PID 4836 wrote to memory of 1936	4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp	88
PID 4836 wrote to memory of 1936	4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp	88
PID 4836 wrote to memory of 540	4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp	90
PID 4836 wrote to memory of 540	4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp	90
PID 4836 wrote to memory of 1904	4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp	93
PID 4836 wrote to memory of 1904	4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp	93
PID 4836 wrote to memory of 1904	4836	reboot_launcher-9.2.7+9.2.7-windows-setup.tmp	93
PID 1904 wrote to memory of 4284	1904	VC_redist.x64.exe	94
PID 1904 wrote to memory of 4284	1904	VC_redist.x64.exe	94
PID 1904 wrote to memory of 4284	1904	VC_redist.x64.exe	94
PID 4284 wrote to memory of 5036	4284	VC_redist.x64.exe	95
PID 4284 wrote to memory of 5036	4284	VC_redist.x64.exe	95
PID 4284 wrote to memory of 5036	4284	VC_redist.x64.exe	95
PID 5036 wrote to memory of 888	5036	VC_redist.x64.exe	104
PID 5036 wrote to memory of 888	5036	VC_redist.x64.exe	104
PID 5036 wrote to memory of 888	5036	VC_redist.x64.exe	104
PID 888 wrote to memory of 1680	888	VC_redist.x64.exe	105
PID 888 wrote to memory of 1680	888	VC_redist.x64.exe	105
PID 888 wrote to memory of 1680	888	VC_redist.x64.exe	105
PID 1680 wrote to memory of 4212	1680	VC_redist.x64.exe	106
PID 1680 wrote to memory of 4212	1680	VC_redist.x64.exe	106
PID 1680 wrote to memory of 4212	1680	VC_redist.x64.exe	106
PID 4960 wrote to memory of 4884	4960	reboot_launcher.exe	111
PID 4960 wrote to memory of 4884	4960	reboot_launcher.exe	111
PID 4960 wrote to memory of 1148	4960	reboot_launcher.exe	113
PID 4960 wrote to memory of 1148	4960	reboot_launcher.exe	113
PID 3820 wrote to memory of 3428	3820	chrome.exe	116
PID 3820 wrote to memory of 3428	3820	chrome.exe	116
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 2804	3820	chrome.exe	117
PID 3820 wrote to memory of 1088	3820	chrome.exe	118
PID 3820 wrote to memory of 1088	3820	chrome.exe	118
PID 3820 wrote to memory of 1020	3820	chrome.exe	119

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\reboot_launcher-9.2.7+9.2.7-windows-setup.exe
"C:\Users\Admin\AppData\Local\Temp\reboot_launcher-9.2.7+9.2.7-windows-setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Users\Admin\AppData\Local\Temp\is-1394B.tmp\reboot_launcher-9.2.7+9.2.7-windows-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-1394B.tmp\reboot_launcher-9.2.7+9.2.7-windows-setup.tmp" /SL5="$90050,72047000,832512,C:\Users\Admin\AppData\Local\Temp\reboot_launcher-9.2.7+9.2.7-windows-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4836
- - C:\Users\Admin\AppData\Local\Temp\is-7AJ04.tmp\_isetup\_setup64.tmp
    helper 105 0x478
    3⤵
    - Executes dropped EXE
    PID:1936
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Program Files\Reboot Launcher'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\is-7AJ04.tmp\VC_redist.x64.exe
    "C:\Users\Admin\AppData\Local\Temp\is-7AJ04.tmp\VC_redist.x64.exe" /quiet
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1904
  - - C:\Windows\Temp\{4C9B2114-92D2-442C-B863-1EDD4B29D2CA}\.cr\VC_redist.x64.exe
      "C:\Windows\Temp\{4C9B2114-92D2-442C-B863-1EDD4B29D2CA}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-7AJ04.tmp\VC_redist.x64.exe" -burn.filehandle.attached=672 -burn.filehandle.self=780 /quiet
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4284
    - - C:\Windows\Temp\{52C9A6CD-8051-4F19-B703-C943968F67B5}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{52C9A6CD-8051-4F19-B703-C943968F67B5}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{FC5D7FFF-3151-4A85-9EEF-1FB04CEA82FB} {B50CD4BF-0273-4254-B6C0-80030A797C79} 4284
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:5036
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={5af95fd8-a22e-458f-acee-c61bd787178e} -burn.filehandle.self=1160 -burn.embedded BurnPipe.{9B646CB6-0D16-401E-84C4-F76FB563DB19} {CC36C29E-933A-442E-89D5-050BA1B97C6D} 5036
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:888
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=668 -burn.filehandle.self=688 -uninstall -quiet -burn.related.upgrade -burn.ancestors={5af95fd8-a22e-458f-acee-c61bd787178e} -burn.filehandle.self=1160 -burn.embedded BurnPipe.{9B646CB6-0D16-401E-84C4-F76FB563DB19} {CC36C29E-933A-442E-89D5-050BA1B97C6D} 5036
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1680
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{0747ADB7-6DB2-49AD-99F6-2BCCB9E8C5F1} {4CC03A60-083E-4CB8-8B9A-B4C78B0232A7} 1680
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4212

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3260

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:884

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4808

C:\Program Files\Reboot Launcher\reboot_launcher.exe
"C:\Program Files\Reboot Launcher\reboot_launcher.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command get-wmiobject Win32_volume | select Name,Freespace,Capacity
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Windows\System32\net.exe
  C:\Windows\System32\net.exe use
  2⤵
  PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files\Reboot Launcher\data\flutter_assets\assets\build\stop.bat""
  2⤵
  PID:2612
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im winrar.exe
    3⤵
    - Kills process with taskkill
    PID:752
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im tar.exe
    3⤵
    - Kills process with taskkill
    PID:2160
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -command get-wmiobject Win32_volume | select Name,Freespace,Capacity
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4488
- C:\Windows\System32\net.exe
  C:\Windows\System32\net.exe use
  2⤵
  PID:2088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\reboot_launcher_process60c58a88\process.bat
  2⤵
  PID:3652
- - C:\Program Files\Reboot Launcher\data\flutter_assets\assets\build\winrar.exe
    "C:\Program Files\Reboot Launcher\data\flutter_assets\assets\build\winrar.exe" x -o+ "C:\FortniteBuilds\3.5.0\.build\3.5.rar" *.* "C:\FortniteBuilds\3.5.0"
    3⤵
    - Executes dropped EXE
    PID:4204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files\Reboot Launcher\data\flutter_assets\assets\build\stop.bat""
  2⤵
  PID:4024
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im winrar.exe
    3⤵
    - Kills process with taskkill
    PID:4948
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im tar.exe
    3⤵
    - Kills process with taskkill
    PID:3220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files\Reboot Launcher\data\flutter_assets\assets\build\stop.bat""
  2⤵
  PID:2036
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im winrar.exe
    3⤵
    - Kills process with taskkill
    PID:2592
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im tar.exe
    3⤵
    - Kills process with taskkill
    PID:1932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files\Reboot Launcher\data\flutter_assets\assets\build\stop.bat""
  2⤵
  PID:840
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im winrar.exe
    3⤵
    - Kills process with taskkill
    PID:4600
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im tar.exe
    3⤵
    - Kills process with taskkill
    PID:2304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files\Reboot Launcher\data\flutter_assets\assets\build\stop.bat""
  2⤵
  PID:4692
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im winrar.exe
    3⤵
    - Kills process with taskkill
    PID:4652
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im tar.exe
    3⤵
    - Kills process with taskkill
    PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffed8c7cc40,0x7ffed8c7cc4c,0x7ffed8c7cc58
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3736,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4452,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5140,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4504,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5040,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4060,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5220,i,15086280315961055599,14291428487143008989,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:184
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\playit-windows-x86_64-signed.msi"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:4408

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:900

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3912

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4928

C:\Program Files\playit_gg\bin\playit.exe
"C:\Program Files\playit_gg\bin\playit.exe"
1⤵
- Executes dropped EXE
PID:1708

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1180

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57d6cd.rbs

Filesize
19KB

MD5
14709c2c413472fc9d35b61ef4c21928

SHA1
4f3b35dfba05cba52a89d8b4c8da9a2fcd8c20f9

SHA256
4a595cfb94582956df5cff29fc18a85ec09a3ad88086d2b7099ef47f06b92878

SHA512
615f1bdbb425050678476b87b48d8f8b6ead7db4cb55b9eb0020cb837586505d93f081b5bde0f80f14b2b0cbdbbe43616c5fe758c7cb8c44b531a61680a0c126

Download Submit
C:\Config.Msi\e57d6d9.rbs

Filesize
19KB

MD5
69bee2510aa2a7c89089ef480361b51a

SHA1
f27448fce4477c444c88c14d6e5e034f58677656

SHA256
b43eda105a4c10ca845712023ecef768d52b73ef294a6fd4621fe79c8917786d

SHA512
262b1086569842ad10d747291f176b59185c52ace306926c233d020a1996b62e17bdb6a8a765b92020c257bb40775a6f9533675d7646e0f2c0da35bb24f45bd9

Download Submit
C:\Config.Msi\e57d6e0.rbs

Filesize
21KB

MD5
31cda625701491557797e2fb62f549ab

SHA1
ec826af90d0d2a0d11bb87dd000089493311f08b

SHA256
c6a47e4791ff55cc7129a64f7844463032ae747f6858dfe4d37f02a2cd285c4b

SHA512
3dee27a3e3f403b0fabca9edb6c1d20644652efdaff6063aae79cbc194ae90a5f277e80eadbd8e175a2757694f4f452283fdf60b66acad2d4a583c136ad4dff5

Download Submit
C:\Config.Msi\e57d6ef.rbs

Filesize
21KB

MD5
204d6d2c6bb09c3cdc6825724f4a2414

SHA1
55c1d9eb6a8b03508a180ba3b3e411358efbc78a

SHA256
447b4a77835426069055db3bea1c6a1bf2c046d5c6b6a947c39b510d97c459e0

SHA512
e664c5874ab9a177d624fd0989061aa7bed41423007bace2e7e047ca0ca357a589ef2f3bc5df2fe7da61e0aad39bb3a40df2e41d0f780f95d600071175c22fb7

Download Submit
C:\Config.Msi\e5d3879.rbs

Filesize
9KB

MD5
b343a58af30c7b9d46d7e9fbc837d36c

SHA1
74e5e6fd7811d7891d70906a6be49c41f2905a93

SHA256
59aad5cb4f112c613bd5f90e6ea88b6c69504e2b64d09b064ff3811da0ceac6b

SHA512
d556ff6472fac64a9e9cf340a2a72f23a16f8d440aa883388c367ed4d7edcebb5561b5ca8ffea537b578e8817bef8929ac85368f71e632da42cac1194836a2e5

Download Submit
C:\Program Files\Reboot Launcher\app_links_plugin.dll

Filesize
89KB

MD5
abbfd15abced4ea3c7a42d3e87bff580

SHA1
bc4cfde0fcf68ffadb65472617cc576530309ba6

SHA256
d7fc517e1e0e3fe14b21c8a8cdf46d7bfda0db46a29082089fae4bedb844ea42

SHA512
12bbc398ff541a4d552ab9ec261cb6d802e7a5daf894437783f3c390546f2da9d40f04c59b27224d865e1a41a27b6307afa59218221c04f1984b244cffad4b92

Download Submit
C:\Program Files\Reboot Launcher\bitsdojo_window_windows_plugin.lib

Filesize
179KB

MD5
5f9c2a61b3b4bc35ff2166be54033b31

SHA1
e591c596b8a0bf3ac30cd25a14c548228313104d

SHA256
e60f5ff5d71503104d3194c43d7b56816dd0fdd8924f2241157c738238342e99

SHA512
991d34e74e6299afbb84dc57245c689206753bb85dfca433938d3665b5c4d225e0070d33226e3ab35b79b07d47e1a6b38a116a6399ced8713d58701888167433

Download Submit
C:\Program Files\Reboot Launcher\data\app.so

Filesize
7.3MB

MD5
e99b610f63b4c52d10d31d3f48c0580a

SHA1
b4be10c9a14f08a7230e2385ef3f91243e5f64fa

SHA256
776cfe7f8da1177c5e9128b79c6969606eb8a6b491302d0e0872cde2fce0bba6

SHA512
33d40dd4186d5812a9cfa665629a840bfa511d664361694b785a17448beccab0b9a1cb2bbdefd7fa05400404c95cec50d8bf6ba7aff625730f0f26b36372527a

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\AssetManifest.bin

Filesize
70KB

MD5
9b4c4dd7b20bf02fa80879350dd87306

SHA1
13c55e0b92f073629ab0b5d2a1245639741776d1

SHA256
6637f47b4880e432c9e9d0172d6b1450e1b13943e3feac2aa1c1c1c505ce76f2

SHA512
6f436cad23444ccf7bf1aff6881f30a3cafecbd5961baf907070fb942920393a76b424ccf1f82a4bcfa1a5490ee4ff18ebe9e1d39441057c978c49f645ff50f4

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\AssetManifest.json

Filesize
65KB

MD5
60a6cdfbee74e781c107d82ffd664908

SHA1
cf55dbdbd4e4762555722f6d5e9d2b1cb163ec97

SHA256
a65fd7a5744109b9753e43d2622f40d46d8653b2c99bfc92f50e531eda2c8a65

SHA512
69c726906901a4f7b61e42d66cbba69e0a0a2e9bf94f40746dd7629855637b5d2fda807354e6ad524fcd5119a36506067d3cd145ad7d0bc93ce03486cab5857c

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\FontManifest.json

Filesize
505B

MD5
8caa442fc65746900f933ee2a63f5b97

SHA1
d0166283e7e1dff49a6e49fa2abcfe0b9803b6a9

SHA256
bab67ac982d2e5d466a5baafbd9e004c5ea1e6e07881327640a1028dd0395d90

SHA512
bf87fd7667bf06ba48ac159a521bc32855e3e0007b8388d2b55c59281c31c5de60e86e350a33fe927609681ad2e8c2be8caa2182b3d28f62afbe8c326208aaa8

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\NOTICES.Z

Filesize
97KB

MD5
ac7e744499d98b050d20abf769b9d584

SHA1
41be76d381dcb8e58ec542ff0089ac2653f760be

SHA256
fef471cd044277eb22ce45dc4acfe82d625b97dcf3d0f8e2b027e564a694bd41

SHA512
9d6f5842a29bf52f99c78a2a49df9b3c13ee13b1bb02d00b6ac5961cdc37e465b324a9e13d5c04bc6bf284b2948dad1e3070373547a996cdad6e821f4eb8121f

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\CloudStorage\DefaultEngine.ini

Filesize
834B

MD5
cfaa9e710a0bcf707d4ed9c92f2ebf5f

SHA1
6e3492cdafcb967634bbd83cedb6c16432d64728

SHA256
84b40aba694d1f183337c19b16893565b35b0108a220cac2f884b3d4fa5e5bd1

SHA512
a8f401dc4ea5005b1b9cde8876ef7a4f321490f1129693d84daf2af878ceef74824febdb81721e127476855fa663965562ac91d56f50dc789b24a61f7d13148b

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\CloudStorage\DefaultGame.ini

Filesize
3KB

MD5
1db7ea439b9ca7d16d26519f7f7a0557

SHA1
99a96a4152847aca2456753a090d14fe52eb099d

SHA256
d6614ce021dd15fdc0bd3724bba982463b6957baaa5b650664ce6bdeadcf836a

SHA512
e32013d71d9857f497982cbc4b4cbfd244ad56f5240eb57ec0768dfa8a8d79ec2f64a7531f837071a0e6323ea020c88c99dd90fc1342979ab2af638f988df6db

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\CloudStorage\DefaultInput.ini

Filesize
140B

MD5
bcdb6fc7cc50367478870a5a246e40c9

SHA1
f4e2ad51e329f9cb4360bc4a21895d40be19b8cb

SHA256
fe79e7f0881f826b0ffdb7da24fa7dc7c4f1431dc56c40a51c16cdd4095acd1d

SHA512
6bd0e587799bf2b0ef5f098c290f1c3a6b5044dd414c871ac864f86d9b206575944ee29c197afd22af3dc9eab8d0230add8eddc736833cc48f24ddd3885d5132

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\CloudStorage\DefaultRuntimeOptions.ini

Filesize
743B

MD5
feafd07dc9cb7de979833151c80a9d57

SHA1
9ad69c617a9a75a028e35fee86dd3e007d113aa6

SHA256
ff49d46eee13650648b41b38a4bb296cc93f114eb2a362aa49e2a50c6d05db5a

SHA512
7e64a89e6fe7ff9e491f5ec572125b1e8043b8736b68f8ed59c4e83597cb1e1e1bd9d1c4324169c1430726a124880c27152ff1d91c905b7469be3a206ce267bb

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\Config\catalog_config.json

Filesize
635B

MD5
5154dd9a3b2b9ee3e9b41aa0481b150b

SHA1
9bf86622d2c2cc5061972207ff0613cb7f031625

SHA256
0a4eef6a8209257169e846ae7ae3c1684858cfbbe2e5b0e8cd8cdd1e4cc7d31c

SHA512
ed4a935b17e3932b0fd7d5ff83d8ceb02b991bc8392ac0c7667df28bf4bfe511a7b87da9dbf015af3b28f0c18e0df9d3adbe6c9df4d4426b056f894f7895b408

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\Config\config.ini

Filesize
3KB

MD5
afbabc3bbc346127ef6628925757eabb

SHA1
9d9e90b5e67dbcf4d837d9b1d7c5b9840331f587

SHA256
50aaa4c475a0aca4736fe7bd6be3101256d6e19e9e27d94a6a3a3f91b5d3f191

SHA512
f332f2948fa39f21f19b2b68e18c609002f62bd86f7b64c7c1d142c9209e9f5996509a42b4b6e040a70ca60712e055f063f25b0ff4f9f0d6bc39a89a8492f3db

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\athena.json

Filesize
3.3MB

MD5
4db396e20f7299702c40f26bef1e83ed

SHA1
f30a957d65918f17fc54122256cb347b862fe119

SHA256
c3be183a6606b492862f02c1d2d1986a20e194187e5628d7a87fb0f496676ac1

SHA512
06ab1db050495f1abe4d91be7bb548d937ae957613a3ed5ea5fb21cc2c6d2d281d8dcfa2f3d365a2abc68a048359939fe068eb5e2ebd91ffd335c9ba6a28fded

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\campaign.json

Filesize
1.7MB

MD5
50f4fe217045f00f00006d0de0b45a6f

SHA1
51550b7d05a3a2b5313597e09812bb0d59c5959e

SHA256
3607ba803e160dbfcfa044d90e17c35bfc40cf41265cc7694c62bf1f73421ffb

SHA512
ca2a0b75f2c652883983bb73595472dfdf50fa575edde6dbfb7be5b91a1576374c44b8b918e447c3f7d2cfc911a7d6500ce548337cea3480714401d9da833aab

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\collection_book_people0.json

Filesize
5KB

MD5
7bb883975aff5efc3d21b1486a96267a

SHA1
682ffd47c2e7e23a41baaa4a74d02b08ae19835d

SHA256
9aa8ff09c85347e317bd70eb8ef5e1d58771ac6931babc6e38acf79fed6476c9

SHA512
37dd3e7c91f778a718474c88f4351b987e6f4ede14ab920480517281af8cf7c41761d7b0604040b8b65b9d84582e70a3454daa7e5a7e4b4b8dff929f5837752b

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\collection_book_schematics0.json

Filesize
14KB

MD5
9a7b68e65d64f059c37b894f5ff77ebf

SHA1
c1b371326f197c288798a7830b0ec03e4e621aab

SHA256
e31c06b4ad1effa8f47897d27ecb2c4f39a6926bdc09dd39c60d81463d2d9915

SHA512
462f12faa68117f212c0eb1b6d82adcc888a94e57161201ff6cd09449a739bb30319bdb6f0c9cf8537bc6a08948169d74beac9f612e30e82a53cce615e59c1e8

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\collections.json

Filesize
318B

MD5
56e845daf03711e8fac7055ada2f8e2b

SHA1
c21f024a34a82c11b62dbd4c446fb401c9ad82c3

SHA256
b44bed9630622dddbe1a8fd6d2976408afe3adf670f7828624295ce9248cb1e7

SHA512
ffc77317fecb823d6c0ae1d116acc2562d45fb5c3195c4f0f286924bd2b559f9651913dd6312e0ba950320af1b9b1598c779f55a09996de71f2f6848e790fdb9

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\common_core.json

Filesize
61KB

MD5
bcaf5971bd7711a3152411facd9fcc56

SHA1
f0707d37c02d241b25eb0e3a4cd0e9feeedad786

SHA256
205bf8be349b09cfe181c1a1f25a22b468ebaeda795cfca19a760e4f5273bb20

SHA512
234c55a0742419570cd102a10993eb2a255f96221b184fa4adc572ec5694c005dbcabadb09441f7311fbafffa74e5439e24562152f79e71a49e4935a1105e660

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\common_public.json

Filesize
451B

MD5
4f89d71a17f7522a6675901ccea14cb8

SHA1
f11ba4a3ddc5a6e993c3ab59c6316dcc8ed294a5

SHA256
334d7bb8264008ff275edb1e03b74a79ea17f4535f4d0fb0fbd7102a40381fde

SHA512
651f19dee139457b43dfdef9e283089aa271a6f1849c234b9e5b5b71f55f0192ecfd118cbd34501707a9e313b2a7169490607a54e111676c833ec35cb422beda

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\creative.json

Filesize
315B

MD5
b06fc534afe78727afa5b1f44547c336

SHA1
3cf0c680bd6f2a910abf4e0abe489d4cc2b23fae

SHA256
d18728f8211e3e627475e329f4092b0867219bd604994314a2e7617198594741

SHA512
34be00432cb0a0e5d8954a271c3ea8a480738291bd5b81be3ffc6fa8618890e11a61f48bbb575709098536aef178225fa39c4eb62be10ae7fa5578d6b1b69011

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\metadata.json

Filesize
7KB

MD5
fa5fa90eb42836c18d976b8e91a1d053

SHA1
b5d262ee5f1db639dd1c0444087eb86a93fbc2cf

SHA256
b1c67941a6b5897a94dabb2d679d054131fa5694b8cdd2b138bac5eb1180966f

SHA512
e4dfda11b0e4ecce87bedbc0833d2e06283cf7c58a04403e3a72ed43b40e0da520645b13f99c98c2cc644b3df5abc20563a625720daa2b0ca298354230520f19

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\outpost0.json

Filesize
355B

MD5
f8a49f4264aede58e29fa35163320bcd

SHA1
a01f6d9ca1c52f58cc15e6bd67dc018299132cc5

SHA256
712425333fc3c65ba54a86f72113e95325277488094960386c2fc086089f3222

SHA512
9da349c8af70884e4f534efd7b7db7eb94dd41a0a27f4603e9cd7ee1658207626b468387cabb635c5062030ba3d42b6c0e828cdaa274ee0cf0e88c47c023e81e

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\profile0.json

Filesize
926KB

MD5
8a23d8ae90939a30cc1b5b0408540a62

SHA1
09f8a8f0c8882f7bb3bcc48cbb0d50246f5080a2

SHA256
a337be1968224f515a5f4ca0cb76a14c55861aa7d9bdc570fc2b8937edbe0af3

SHA512
d0ae1b01a696c6fe87a78db2fa704d90cd0148748b5dba5da363df1d9394865b8693eb57c5a0baf5789bc1772d4909bde06d9c687fb74edcc1f18160f0f7d00f

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\profiles\theater0.json

Filesize
18KB

MD5
9864a552f0453f2e2c8b9342e6867cd2

SHA1
3d4d4f3200ac076535f7fafbbb0b5264fbd5b8ab

SHA256
65e1a8bd315106d9c76c019e7e1927ab42513e5a0d651e7888cca53459c05cec

SHA512
ef36242fce323b9d2b77e0db6cd0ab31a5462f16f49994a19b7dad376fd71c6308c203154b41c677960eb4ef4b8343d22da05964536fce66901b393742f9dd46

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season10.json

Filesize
9KB

MD5
be7395d4dbf5e4a2f3fe8d00db248f04

SHA1
8bd2c719d82853be709a5825288e6c7530fdf890

SHA256
c47df9312dad194aeff6342dbba8451951c5145db686b5985593aa5a1914a0c5

SHA512
b027e9b27bac754707f7bb83dffcb7bf0acac03e08b3145a7f3aea1fd2fd9706d58fa459232808e9efa01785446a8e4cf7335c448dc2940686b41883dce04b05

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season2.json

Filesize
5KB

MD5
24ceedcfb4fa7c4dbba4984ab69371af

SHA1
8f5e935e0772d577207899e077e104affc43af43

SHA256
3e350e6788bcf3989b8a74bafc2ad5d33f9d8b60a8d6c6356d916ba8d37f5880

SHA512
690107c92c7b5f34b60568d5a098569de36e504cc88d8bdb05e5de0cfdf3c4f40dc93c51f67ef3f317ba31a13c3e3e74eabbb83661d723d1edfa8b473bc46f7e

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season3.json

Filesize
7KB

MD5
bfb1a930c84c233add890cdeb3ad31f7

SHA1
7afc9f0398fe20388fc59956615c0fd27ff9aac4

SHA256
80fbc5f942b56b56aa81c29550d95e035d0e9ded59f4b5b5477162a3efd45a34

SHA512
714efbd20d2d939004a5a226ae66e9c5be080b1746cb6e8b1db83ce7826fcd3323aeeeb79e7b77915c53199707c64d70dd4a1b8f906faae5c70c8655d1d1dc86

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season4.json

Filesize
7KB

MD5
d095067d4023fda316c084ed9ea27ae8

SHA1
4bf4cd7aee96f92b84b0c78b49ed8681822112d1

SHA256
f4a598082ef9263f4fdbdbcdb4e2a17dbf115937d334ce9bb14bd61ef72f4c6b

SHA512
7c37ca2bf203de883d207e8057e8d7282004523be617286f7babc658343966a19a19b92f981e102137ab8ae5fe4550cb61d5e234aadda0bb2f4def19238bdb08

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season5.json

Filesize
8KB

MD5
7f12b5246b8bdccf19dfab2a15f336b8

SHA1
f1b5dd0d257a3f74a58c2b13041d9b96aa6c369a

SHA256
d02ebd9878892cfbc254f0df6830a5c69fd4344c0b92c9937fe0d277ee51af1a

SHA512
8e92c4bc4f204b1093d0ea70e272dd463fe51178739c7f2689158a4a2aae48398646d8baca47b78648ff618534e307552e398660b7d4b6dee62dc3c8045a17ef

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season6.json

Filesize
8KB

MD5
a704a1bacc0d1a80dd09b8504b2e89b5

SHA1
bc85ec613886e2184986133c8072b5cca96f3a57

SHA256
eb5f67065c0de33b12ffe5157f781122c479d42ccd736bf0bc9d39e8da36b33c

SHA512
83e1f32eab542084caf48e1b93416309565d4519322ffbc7e25c323dc00da466487289d8374dbb37ba31cdc318db5acbc7d4badb7e4830dadd9525e7a3097111

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season7.json

Filesize
8KB

MD5
87643aa871c28fa0684591eace6f28dc

SHA1
a323010623f3841413021999225bd53716d9b911

SHA256
9ccf7a0a6c6a2b6768ae26fac14c42b3905be6f048d86b392c523513aec07203

SHA512
0eef145096aac8a743c033284a34c7944c991639856711387f52d2f430b607e8c74adc546224d11913bd49043aafe7d5871255eb15e530540024978ac8da1e46

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season8.json

Filesize
8KB

MD5
43e5bacdf769471c516d68b900b9a5bb

SHA1
9b22f4c472f3d549abfd1aa34ab5418b9f79ca12

SHA256
4ba8dca8362da492f7409a842f27a261bac3ad15172f5edaebf17a3ed1cc5616

SHA512
ed843d54210e58651e7cdfa252680c43f5d7ddcb6ab679a392aa521d9ffbdbbcd6d7b5764a379d88d518bcaa55813ee2003ae2e09efdc15f584e31a4c099be01

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\BattlePass\Season9.json

Filesize
8KB

MD5
993d37f5e4021909da517eb92093a579

SHA1
8264d047ab3208461afbc444c5b9661ea5f94ce8

SHA256
626b8d5b3e4cefb2fec387c85e415e353ef41e99dbad66cf8ec5b98253bf3b8c

SHA512
e10c49ded7b6dd57400aaa7c354cae6370c6de01935c670cbe05eb6e42193ffaf580320692716fbb79a0e2f66d09a04df072c7758efcf643c075be519faf78ab

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\SeasonData.json

Filesize
1KB

MD5
7308745bf8101402e29488166ad223c5

SHA1
2fabde0dd870ec62c8c1fd7321843ab8859b2b29

SHA256
4f9e790f9896675cfa208894e6c873d07bb80792f37c0b041db7965a34971632

SHA512
72e1807caeaf2ea464e93fd6e288c93b20d2bf07dbf4d0eeac32ff8170534c3ab0f6d78115ca725f014e847a80bc5dc30ec79314283910d362b301abe04eb7e5

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\motdTarget.json

Filesize
2KB

MD5
83b5101ec73bcb2d46990b5f7bde99a5

SHA1
1bcc98d908d70079763b728f09e62ca3cf78a879

SHA256
4b6f850d5ef0ab4eec6c48850d65a21bc4badb988da513e8d00ca4303fa3bdfc

SHA512
ab0bd53a9809d2a35aa0574c3d850c2dc75d759b425b4b09645aca7040cc7c9c5c42dd29cad0bcbfda6eaa257b7f673085394dfd879d751611fe93f7bb066565

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\Athena\winterfestRewards.json

Filesize
3KB

MD5
07d69e1036075157f5a902e12363f334

SHA1
2f19462cdf92c7fd79b0eff06aeb8e9d0ff2355f

SHA256
4f8a87e72236380977814612fa6d3153941f63a9e47f7c76229c74c55d3f3405

SHA512
b17ccff1b9d32bc1e589e66ff25d5bfa7c5dc8a68e547fcabbcfa039ec86dcf2df9b4014545ef0d1ecff2cda3aa91973f42be8e5cd50f46545e1de7d7a03be87

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\SAC.json

Filesize
75B

MD5
c53b18caaf45ea1ebbe54c601c216aa0

SHA1
f2d17e5ebd722e8ba1a481b66a48c09ec3474d83

SHA256
e7e8b90237bf18690fe25f99c10bb63a3cdffefe123e3af8417710f94b90a29a

SHA512
fccfea9b9594365d13128f5e416a40168a6da80486a9db859cc4d02da52af4e20accdae6e949ac9622dd7e83d9e5640dae9a7b8a6b1b051e78746f4855daf847

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\catalog.json

Filesize
368KB

MD5
09032b1e224b41f6daab33be72902a4d

SHA1
4ca0b76e993127c61b7450d6718d9a807142bd64

SHA256
6791428c5fe58268ee5883d7c4b7fd7a63c0b6c57387a14b6a628738794079fe

SHA512
f6f345083db4f229c4f0f3001e6676b7e0baf37bc231a296105165d4257762cb77c2fb27f82a77672e366e3d877b1fe7935a1af5950ff8d247e693c9fd271297

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\contentpages.json

Filesize
248KB

MD5
d20fc7943ad2b681a568732d2c803b8d

SHA1
fa5349747a0054e0c4019b390fe9cde60733473b

SHA256
6ccb67c540bdb8b5783d676b87f2dce9639de47ce5a10e93dd01736847d65ad8

SHA512
f68e96d7640efc8aa5059e3db42425e26f154fef0a226ff5c5999928d91a67272262c44c533d406b04d6fb168bc9325634db9c2683fd72100d4077c8af894340

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\friendslist.json

Filesize
1KB

MD5
b25551136b5cacd360334f6f5522df60

SHA1
bf28c3ebf94afba66778b0bfff0630d6fd5e2521

SHA256
9a45398ee9a04a3e5eceb359a901b93cce824e567df83e1eec605f2d51799db2

SHA512
0368c457811dbc16bb5f68bc4348d949d34b6806e4d9a56917030f3c89c9ad62f6f5b19035974d2ef1495eb620df1c77905bf9adf2b96e201d6f145c43e91ee8

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\friendslist2.json

Filesize
1KB

MD5
5a624f999b21318c228128273e21d342

SHA1
bdd6d0e3513ca6e2fe56b401083534edd6a05464

SHA256
4f8ecc4616caec7705bb3e5082370a2b99e6b5eadaaafa8ba0ac7351bb3848f6

SHA512
462981e42aace1603e35c8a6265ed5e06a7e22f3f5f03076ac366c6f9c517e57e34e26bb363b9de56ac6f34efd15fd79f9ae11582faed6d5af948389e71fbe73

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\keychain.json

Filesize
132KB

MD5
e5e3654d5b210bbe6e20f436b6baa4a8

SHA1
9b5fb825649843a0feb490948f0dda82d39f96b3

SHA256
b25ff4bfca91bd83e989c6777a00311e2c6556462b983f8c645009ffff215c25

SHA512
7e6ba13e2107290210e7b3d2843a3557fcf3a56db91746e3d55794471cdbaa8354b32994545a688a733c1ed6940bf0f0242b417d92e0812ec5c98a34c02539d1

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\privacy.json

Filesize
63B

MD5
b9464a0d5bdfb88f237f7a9e6fed1ec6

SHA1
8e230fd5d10d9b710086e5290afc02c74fdca128

SHA256
f65f929eefaf8973e73828303e80943ceea7e4a5ade567f70ffbbbcb1dc152b2

SHA512
5f2cd5f051ea446f17265250347c766a635fc570a73956b8af6d15f9ea9a67147ecef7187617995eed9728ded17f3cc9892bb4803d56c5939483f9843aa2f30d

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\quests.json

Filesize
4.5MB

MD5
6015dbe427fce3805046bc979ed4807a

SHA1
92210c238af5e84fadd2e237f7ef6d08979a2712

SHA256
c0ae433c8b757e742629a3b0e204db45fa896836f7495e0e028e32a8f302a582

SHA512
ecefb3d86b6784aad51af27fca0e16ee638132a1411ede520f441d8da96b21f7eeeb79a04dd2ddfb347b6d66ebbedf27b2d7f1ba80410ada6990271f9c4046df

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\assets\backend\responses\sdkv1.json

Filesize
19KB

MD5
d54d47d37575a3d0936cf8d5c75a59d8

SHA1
526f32ef156eb293ba0b40b6d58e0385d3053e5d

SHA256
87c9996dcbbe479cdc36a40212df2f52e278f8684fd1183bdf7488b3f4889609

SHA512
e121ae5746ef93e89711ff715c6263bdc483eda5b854227d2b9a203f0136b7c1317bd06abda27961fe9671624322647f15fd706553b2db78eb388cb67a081879

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-0H04M.tmp

Filesize
16KB

MD5
136c7c4b6791ed01b2618eb30441392c

SHA1
4e8adf0a3f558e0b49b57ad2d74fa6e2f7e79254

SHA256
fdc7aeeb165d34242771b686978ee226dcdeda8a4914a55ed94924e76cd312c0

SHA512
8d2c12e1fc86dd0f86a5c083adf848b26b9771d89ea5bc87beed3dc01da38a09284e2c4517e609c34c79a5dda797b367c05bc980db5e1471d93c9b592cb2f4c9

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-0QHF4.tmp

Filesize
59KB

MD5
87869e860759adce97e2a07e5444f478

SHA1
8fcac8f5ab7bc6aab9778a0e01ec6ab67fb45f31

SHA256
59e4d62b9f0f93bc22bbb995a91e73f1f21bc7c3099b024dfb84797916d721d1

SHA512
1099c45b862479982a3d5fe68ad3f2892f7b78636aa43007768667d40584ad99f3765c0fc11cb630561409fbb44642f9421cf6ea4162497ecd62efa8a7651db8

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-0UPB4.tmp

Filesize
17KB

MD5
7fb5407e0c2b5d386a106d5b2f9e3ba7

SHA1
703d96a15e3077b461ec5ac75b1754f20587869a

SHA256
c36bb2336886642f8f6bd697b21a0a98e1adf9e550f5cf1dd475ab7f34f04649

SHA512
aa659650979f659fc1dba80d6f6d1e629ff51c2e97f66f674b554051dbbb940337ca0ff47d2c9413859fac41ad919f7468b6a3ddd162ff965bbcaf9b63efc669

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-1N9B3.tmp

Filesize
16KB

MD5
a03cb2751576fd6708d64821131e5c7e

SHA1
e19192e04d10e90a954a0950336e892ee627bcfb

SHA256
1e8b2a4f6012956a92c8e9549f253fce6af7d488a75ced764249fd815b5920dd

SHA512
84d607c146ec22fd1e24bf19323a40e896cbb2f732cc76055c2722a5ed41c19df4b6ba390dbad00601d89ed2da51537b730415670a2c4a5382c1b7f57c69324a

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-1VHBM.tmp

Filesize
50KB

MD5
6fcb5606c3b26afd42c61a3a5d6917ec

SHA1
8a290eb12e160dc1fe84f76cf9fab64eaa4799f8

SHA256
55d164fcbedc805169004d7caeb3784f579b9b3dfa8d72ceb08cc1994b332280

SHA512
db148d59291a7aa4f2d289c5b51198ef1a67ddef2692f3e92f9c115c4ac847d1bcc98da2f3c9b226c962667ad1565d85845034f101a37f8f5213358037e62db8

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-2LSUO.tmp

Filesize
16KB

MD5
e44663a4329ad578c923369c47d4f971

SHA1
4d429e36798e13227ba98ec00e99273c53fff107

SHA256
0a4b84f16995a13c36c9199ac4375b8e218833128e31872d4686df4d61057897

SHA512
18be48d75f6881035799ea388293118f5182e83158029b52621186d466bb67e17e5cb1ea4f22c8948ed951175df7f134fbec8d77826958ff6c3bc2ce9c0be3c3

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-31O23.tmp

Filesize
56KB

MD5
1d363c9639ac5041d6418997ca486564

SHA1
632029d60bfd76801223beb36f54b4cc3e6ec4ab

SHA256
dbcf02d37aea057f721339933914489cdf2c7c93699f9f109fd6f78c04d95516

SHA512
2fb95ba404ee793fcffb764b5983e89feff7b43b4ef9271b4b8fe85b90142d7eeff9c6489a9d1e224b281213078be446017334de8f1b6c27282640bec6e7ddf2

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-4CGBA.tmp

Filesize
29KB

MD5
a336a155c02bf59982dd5ffc427a84d9

SHA1
3f2c68f4c8789c29a837e06d6329d15a8969bd7b

SHA256
90de158e3288c7553af5367a273025fe1650ce3a02718300cb7e99128a4607a5

SHA512
82951c4c6a171aeacd6b37dc312ca2fb7278f45c526b2eda67fd72fbf4edca22e87d4d6e22e475bde55b6f5662b747f43f58c346693b75a6c01a398d25923e87

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-5OP7N.tmp

Filesize
61KB

MD5
5c2cb4a377b8031f8fa72f72c9469129

SHA1
242613073fb7e814e3bfde28c22270302e0e3463

SHA256
632c1b5abefc65a51d8c2cbcaa21e40330560e7d5c2be892fe92bd168677c071

SHA512
766ce49666661f1c15de26f8faa3cd972f7b7af7c86588747133d03840af51bc4d028555bce21383dd9b0d040ca595394950c3136422af6ab776cb513d6945ae

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-67SQO.tmp

Filesize
17KB

MD5
b1f57db62c3295304a2f205255ed36bb

SHA1
f21fa615edb20914c62b6fc1d2e2e7c24c95a7f3

SHA256
f7df2dc844b096201ab39d104767a8ce65765eb05ac4fb7721b0266ba46cea07

SHA512
823617850ec14af719d631a0eec79c7d56a65941fe70808360c7619d612ea022c47da520b9a43476d077c8092953dd680d193fa70d0149c1abbc3c966c4adcc5

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-72QRU.tmp

Filesize
55KB

MD5
332dc5172ab3f99f592ab72517f280d3

SHA1
f0439fbedac697c3d31afe1d75ffb0ab086bde7c

SHA256
0a04be6e53a5ed64013834d7ea64a84407dd269835096b810546328e7602fc09

SHA512
6840443370c516a822c1369559823b2d639315710c832e02823982fd01e2c408e95082922da8bfe08fab023e30144d726a56904ea378e0a4ddbd391799bab69f

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-7RA5K.tmp

Filesize
15KB

MD5
ecb0a9e7387ed41ee0e2c42bb89c7b19

SHA1
282e140a98c22b4cc6c2c332a6aaeee68820302a

SHA256
4f3e36427ba8e0e869c350ef754ef4e1f569c3ba3b1299cfebe1b791a44386bd

SHA512
66294d9762d14d2d59a2b5047764b0ce0a38d7fa7ad5a5173e4ec20233d3e7a1f08e06ab1356fbdee27af77d63fa69fdb9caf2ab7e65acf82d4433fb78212da1

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-91LE4.tmp

Filesize
56KB

MD5
6c0588011ac72f7871ea5442c2bcbe62

SHA1
d7651a5e10c197a05b26d90d961f3e02fb1ae818

SHA256
4286e35151059b2adbd9373d95a425ecd69a81b5f3d6a025d25a3d6c161368a0

SHA512
336563867aeef253483e2f00c35d87f7771bd6aa38ec222237c50f9f4368b160291875789d1605ebf5ba3a292d1cf97ab62cb886bb9932ab0673d0153528a0f0

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-9OGAI.tmp

Filesize
17KB

MD5
e16a99953a2ef9d08f70521d53c8fc28

SHA1
067eefad723ca4d9a016316a40bc542ba9a0e0a9

SHA256
e9263a6073b0b1f28fd3752b7f8d7e259678ed34fe27383c2bde127782aaa1b8

SHA512
1fb2db9f192d5a56550c315611ac6a7ae627f13e3aa3da0afba308ab8056f2d298452549d0e9a4bef7ff29312c410c23c5b2d4193796c674a1229d5c8d88185f

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-B39TJ.tmp

Filesize
17KB

MD5
6265b707ef237ee8c9902a29a426c49d

SHA1
779de57d390538bac295b1c1b0de4ba746192663

SHA256
bb6e58153637fc1beceba0fe2b84fd70762c2c3ecfb45c1292a0b0c245c623d1

SHA512
6e8df599dedc35e02d1889755e5e079a1ec219f2c498098472993e25345c8f78e96314af33bbbca3e04371a1288a1210d735bd18e845e06ed458d334c7ed0713

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-B5MQ3.tmp

Filesize
18KB

MD5
69f5f4ed961e71f166dfa1618db7e942

SHA1
88ac67af3136206472c1a7baac6536b9b9be0b35

SHA256
28eddc860813773da70b72e767ef321e9e93f565b480b109f4bd0e833d843f5a

SHA512
8c0a51449a2405cacc010c2f0ccb85e65c7aefac1f254c55ac372c71f7bf1647a76414de4b57ffd3f61b4619c82787b386c69ea97d0e4da307f83a73113fef33

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-B8KN9.tmp

Filesize
16KB

MD5
4a2fc282b0ba63bfd56dd155c3cf097d

SHA1
4d709ac7f996de824e8855d99e34ce528ea035af

SHA256
d75027d22847787f28cd456fb5d38238e2c81df309f9f901c8d8633ce7fb29db

SHA512
d479c2ec701e9b21571776effe2e7b7d8388a0582ebdb17ff31d36507082736cafdc6f09a61501f19d6e86a607bf8e403f5a13dfdfeca0956f9290aeac8293cb

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-B9OI7.tmp

Filesize
15KB

MD5
27e154e05b4a81306cc217ff55a632f8

SHA1
b34bede90ea62f02512e5679d4c77a47f961404f

SHA256
362417115ddaa4af90a2fe51a9e35183884748f3d17ae83fbf91957f24666948

SHA512
b4dbf3b3fd36cf3045aa8a4044f83a07de9dbd3440600b69f2dc720c61c6054c1c2f424a823d326478ed07ece226cc5210c4f87c5b7ea7603d0528bc71c72236

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-BAKA7.tmp

Filesize
60KB

MD5
025299c082a269d8f169cf25d11d0e7e

SHA1
319349004e0346d08f83624d379241832e642c09

SHA256
4ea0103d4becd57221e583dba1ce1d353b69b6e70f1916e5ea0f984ac32400d1

SHA512
fe1909690aefa3ae3348f0c6d02e84f409642646e5d888c3dbd7481c3c1731fbde706cb8a01af1a5762f0580a206c4048661baad51eccfdfcfb8fd541be2a27e

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-BF12E.tmp

Filesize
21KB

MD5
759577ec0b59da61a03d187167b4dabc

SHA1
83874b6554bce76cb32d2ef45be7212a3c4c1c1b

SHA256
6ee0bcaddf0ddf8a24b4c92b7f0931e1f6ea48a309155c07d74934a4b1c7ece1

SHA512
3633972f36563c35600a535622ffc54d8fa341e66b01feeacd10f2479a7d135b489823dcb10dc346cdf557e00b2ba8dc8805b19fcda5aabc39a689758f386fc9

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-C8785.tmp

Filesize
62KB

MD5
ecb670242bfea1c7e9f36eb6d95d1eb6

SHA1
aef90140bcbf299c053263b67f8a7740d0bd11bb

SHA256
71f34870e22426216427239342db20cc474fd82c4352bb4f90ec09f763e9b382

SHA512
cf46c4476e045cc24c01321868054a0cbe28d4e866910f6e1f1556dbecf1dd1ae76a514fc9772cbe8c2ce2fdfbfef3ca0cea756f6c7ce1ebfead4e3e6ae9cfe5

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-E8I4N.tmp

Filesize
16KB

MD5
c2ce31f0afbc2b9b77f6088a0e707961

SHA1
4201d69f479d97ed38d7ff37f1514a6b311746fc

SHA256
01cb98664bfc7af0278ed97f3efd05daf62f8111847e614842ea99d1f3e1a388

SHA512
a1b374c758ca5a0460be5887867b9b21fc3ab7193c2a4986d12e9c4ff8867f8d72de0c353ea39d40276077d408dce995bb083b9d948aa5a71c2a511e6e80fe27

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-GL9VM.tmp

Filesize
17KB

MD5
03ea0818e97c80e8b5504fdc44fe8af1

SHA1
a32a9d0a770b2a3ac5899f22c7befcbf8536f49c

SHA256
edb16195e5cf3a22446df91b11bd4a079027b69ec5f67a1c34ca3a42d35fa549

SHA512
4cc64b4a299e4035bbaebb0894c7cf962dd0679820af769341fe4679bfc90fd052ad7f73c69688bdeb437469519177c473d1a57fee7d5874d4c309fdc436251e

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-IISE7.tmp

Filesize
17KB

MD5
26d635787910816d372473bd9298db02

SHA1
d7a843090d40435748e18e68f607049a070f0de1

SHA256
01e079f573af0cbba9bda3f36919fc91dbd509401fd50e0d589838b50cb1dd3e

SHA512
775d74fd3b5d1ec267bf0cb14ef9be9fa4060a4f7c77fc587c8105c3bcc174d0c515fefcc9140ca48ee9b28765491d97f2f30ea40b3f0672ae90aaffac16c88e

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-ISJSV.tmp

Filesize
16KB

MD5
3b7f153d0c2d08a03549973173d57436

SHA1
bc2d86ca3dff05c76843bb96ee9ccca50891918c

SHA256
b7bab5c33a4cb40b779749b36cb5c1c17de1d174b84e46dc1d517c11693cb3a6

SHA512
ddb37bd3c1ead424b9050a69e01e8826f36f2bcfa5fe677413a13638613dbb87ec9352312a83f7d33176d70c613d6ec528d350588302bdc6cd936aac4e9bbf9a

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-K8IH3.tmp

Filesize
16KB

MD5
9eebdba073120807a14d142dd13d68f6

SHA1
785fcaf902d0bd1fdb9dfcb71b89e734b03bb3b7

SHA256
fd09487126e613ab0bb4d65b665f05205ff5742e25354e64b8153c5cdccef3db

SHA512
7af4b096a44235e2da9d2808abb16605ff1aaf0944c82e1dc8185eaf88c662d5214eeba554ffa737721e6fd778d41592f6972b8edfb1c00d3ca608a341b90f99

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-KUCAB.tmp

Filesize
18KB

MD5
c21f730e59b89fd526dd593db7048ebd

SHA1
7207c42bb97f89adc86013011d0465e77d175dc3

SHA256
b617c8ec304f4518b63ee16fd04f5ef2d323025c71d88decacbbd6c2a1b9ea90

SHA512
a1cca8f6aef8bc6f5c482c573d8d198f3b68c15f59bde523ba42535facf1599f19889c081538c748adbc429a1564f3cdedb5ea2b9e3595e5802c91a249974fcd

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-LA003.tmp

Filesize
17KB

MD5
f00ca4d2d1623fb6e2899e7317576d06

SHA1
93fa1c8974608c2405a203816486482bf52857f1

SHA256
8b53e0b7d347aef33a8f7d3d0bd7b0a49358d0e7563576a74e8e54f0b2e17b75

SHA512
a8bd31fa219ba0302f2b36953e7518e91ebe4b2e2afc8e8625f43ff3140cf01a4df8db35d91800e404e2261433dc6891b2fa4accf45463dfc3477cfd7ef4797e

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-LHRE8.tmp

Filesize
48KB

MD5
b6e86d99b76b4e73356abed32db1b71c

SHA1
61650cd290f10967747d61a63acdd09e244db772

SHA256
fc26f6e46e13715922878436d3f53d07090ec6a73d00b8fd765f86ac0c4ebc24

SHA512
f15219811402f89b3170c2c057b4ceabaa904bc98c6cb2073175fcdf8c5b2c1472854db588bee702218ed1e321e756614ddb87b57a955840443a686af7ee7ca0

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-LQELV.tmp

Filesize
29KB

MD5
62b608c1b6419632f312608335a7e9c3

SHA1
10ddd3e3fb0c7868028de1f06bd8fe33e4ad4021

SHA256
058e9b9255e713e4cf6e09eae282c72d9f852fccb02f0b90147fb2be849e3270

SHA512
3a0de7b2957e3ae6053150dbbb36025a0fca7021093818c25af0c06a38183c80e8b3a7f1a8d42b8adca516e074abc22a5d96bc4ac183ac1b7afd6ea08f849b0c

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-M6GF2.tmp

Filesize
60KB

MD5
c7d79c7c974a365649b3c332b8900ef7

SHA1
48520550b73d74e0fe27375262eaa93227ca048c

SHA256
66d0c4d6926177496b1639c4d08dfa18c95ea969bbf67da7c8ac972d92a3ac6f

SHA512
14c72ff511aafb092944ff20c648e6a456edfbe886f8969cceda17721f14ac1d52808b484c64f838aa46482ae3436092a43775ed54af92013b19bcbd304c58fc

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-N2JHU.tmp

Filesize
19KB

MD5
0033fd816c3fd2e12d7403a88f48267a

SHA1
0ec4b584ebb38819c84908f27a71085b1a3e0888

SHA256
bad6519c8e1171763cded59c37c35b4d0a2fff88d023b4ffbc4104e8886d72ad

SHA512
79ef1c528c149d2453c74bafd06a504d6eb6f347ccd322b898a0c099b8869fa0e8a757575f4631ef0be1d45094f876eef6e1c55b401fe516a89088d0b6f4a02b

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-N7PBN.tmp

Filesize
16KB

MD5
ccb277a8ba503c8994491a6df6f5a51f

SHA1
da19b05b2caf6dc97c47b865a7aa6aea35eca5fa

SHA256
a0a87358b15b7a71b13f0e8d6bea272adf8224d47fa4df81f54d2a0d5604c689

SHA512
e25078bed6bb68196c48c15a150fc8903dac8d623095e3549bbc2a9bca78f1605fb539316b51e3206822f95cfcd52c917dbe3c3757f80ff7f50e4656e2b41015

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-NOCIE.tmp

Filesize
18KB

MD5
cdf7787c446f89dacddbed2ee3758064

SHA1
64639f8c4c59ba2cd484936aee3acc04f0405df8

SHA256
d4058237dc4734445711876cb243977957297b052d188c85e7641e947fd824a8

SHA512
1a63c94625246cc1b0feda880ca6cdd047ef50b19ce4ca3237b8f3f2d76299a8e485393b4be0b7544b63456e59bf180c79e5ed2c0a17c321a118d3ffe4fa7988

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-NQHFP.tmp

Filesize
15KB

MD5
99e2dc0ac952c2163a6075ab3f5897ff

SHA1
83768e83acac120f0cf6135fd41286773fd5c6b7

SHA256
7c29e9bb329912967c2f6b23add57ebeb0b93e61205c6da4fe0b1249d6d51ac4

SHA512
1936c8868815aa30df9a5ed3807457155986a9e5d1856d5d9b54a463bbae372780250c637ad48351e4d014f5c83f26f29ad9519ec570329ce76afcdff0fa6128

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-O6TCG.tmp

Filesize
19KB

MD5
cfc4513b41aa487da9072a12a7e0ad52

SHA1
f600e49dfc391d52565838fb45b78c5c16d1f62b

SHA256
719206d8d18b54ac8dc6b890df14101526e5ddf4e26ca728e572cbceefad9dd0

SHA512
d0ab802a4c1d4e93ea23a46f69f11d7b3f7dd5121589fc00c7a716391ed6330eca1f25ddaaa3a4782db22246a252fb61130a7f186278399f9d79d267f96fba5b

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-PCAG1.tmp

Filesize
63KB

MD5
836780ef5836e4acf454bb5e4d0fdf20

SHA1
b0789f4ff7d06d86c31b838ba565a8bc819b253b

SHA256
23f8fd376e725b190ed78715416259b02546b3d557c057c5b581094e89daaf50

SHA512
c23776213add6e3b86a19fb96a931c797f8a94553ccb3f68cb33b9feb5c8a9100b5813e253eeed5abdc12ca888b336f72e19f6fa89ee411ab61add727c98b673

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-PHE9P.tmp

Filesize
29KB

MD5
0c520483792d7ea613be99d4a920cf79

SHA1
4cb567d7af02db377e2f090b0816bed231bee874

SHA256
c9699519eb8396a8e250141fff7d4ccdd58148e86f8143407da840fc30341a94

SHA512
01ad2dfab99d419fa6f71b3fae7e1a3852556bba10738475341021198350edc42b8d239afad395eda45b5bf53a341f1e3a789331561c1d7b9c074cbb2ef253ea

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-Q8RUC.tmp

Filesize
17KB

MD5
316556663b11ec3418947eeb984b0346

SHA1
b390855c7d759ddb8a407d94b45f368375e6c6c5

SHA256
84c30fd2c5f90c56b3be3f937eccd7993a4d87defdfb4400bb9da449ee03edb3

SHA512
2033d4dcd303cfcdde9b1f52714f917cfdace5f2dbb6037900db71bb34848b2f183f398a9cf485a6153109d78bc63ce3a4fde61036bc4dab4b646f233db5f248

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-QEB3O.tmp

Filesize
16KB

MD5
0445a0d4e1399d30aa2ea49bb24f47d8

SHA1
47ba0f43b1cc3cfb172d3b2b659232c2c80d3972

SHA256
1fef34dadb20a97f60d1468b48e015f0ebebfdd9f4d01145e2f8f6220183f67a

SHA512
19cf0a52c0b4896e8f1007848ab96a8c0866ab8ab261ec782d59440cd95be379a06e52d9f7960615af45e4786426eab2a32cd318728c78f7dbf3e53159f96da2

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-QJ2RS.tmp

Filesize
56KB

MD5
27e97f6b12a5b46c03bd869470c1ad02

SHA1
84f61789642d1188b422d66545e062e1a7515cf7

SHA256
b661883aa286043018d9c0f0a9c04645bad1afa11329771d3b831ff0d5e04751

SHA512
7b196af7ee84f74317e2aa6d2095be3374c4abf97ad0bf942ccc524d4a3c240935bfdf0134e72ed79ecc3044aef98b9b44da9858dc3fc8373b596de1eb8009c3

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-R7NN0.tmp

Filesize
15KB

MD5
8f850a1c09d71493baea7a283d64558e

SHA1
dfabda46829f4e08f53eb87942ea2c4737ae73bb

SHA256
1c2d03cfc710ac9b87bdf01826467ccab70c7d6696069698e35812ebbdcc24ab

SHA512
85c41ccec23a047871d303957431223d318f4804b4fbc0cfe61a3fbc137fe53aa27afa723a4c055e0adcc3d92ce3b3cbd2bdd7164646a8f47e66d23226fa012c

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-SH6F8.tmp

Filesize
17KB

MD5
7d8251fbbb46c6f8692e4cb4b556366b

SHA1
de10de0630f02d1ca345fb55da5b62e9073d0a5f

SHA256
bce0afb8fed96dbd49d410dfa1efb60c5baa592d2c9f80123255d65968282f01

SHA512
2dbff9eeb2c5fafdc56748ab07a97ea9e47d245fd3a25a544983ac19ed530313b60f6d1bfc16cd5332d03baae2ea53c98e10a761b1081333f7197096d7962d00

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-T07LU.tmp

Filesize
17KB

MD5
dc35123c573f781934203b85cdae33cb

SHA1
27135a60075a1b72b220a6171e082dfff23afbf1

SHA256
668bbecdaa09535e30d2d7fb66c26470b680419475a118756bee4c6ad151bb31

SHA512
11a8b3ce727142cccaaa3ebea1e68fd48c0c79a3036a2e9b79d9537924ab7e0a053a8c128d3d45a43fd71c1c34e6c01ffa9afbf8cb980a6788022a4dbc28f24a

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-U2STA.tmp

Filesize
18KB

MD5
a311f563294e5da4480ecdc681cffe35

SHA1
8c8d000e20579aafc1555935e21a5325ebb025a9

SHA256
bb684c539dba3b9483691f672d47af5ad4b564bbaf9bcd793ebe3576cfb10ac9

SHA512
2bce6e4c40f5e76e2f64c4b5b3667b8412703beb4924f89533e28883e66893abb0fa1b44c3c43d9954f0b97e659e3447de0e2691c5eb8687bb7a03260eb93a5d

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-U75OB.tmp

Filesize
17KB

MD5
e8202caf5da9bb32d214f4d509f2940f

SHA1
29c58ef80d59b9dd6524f7d2631cd07792b54730

SHA256
65eef2918cddca4ea10c3b9ac6b8619040faaf1da5cd85840fe3fdbf89b5f47b

SHA512
75d1283c3defec504116d5eff533ddfba66466deb83bce0633fcdd7ef29d472dc54f0ac846781b5e286969d552fd252f8756fb952f4ac6e40feebc4de2563195

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-UB7NN.tmp

Filesize
17KB

MD5
1ec1ba6d72a4ede43cabb49b89882cd1

SHA1
a55bc279df1cda0fe7b07310557a82e8491943b4

SHA256
f4b0526568bfa0f8ec9715d29e664616128e7ef88208f50fb752a5f96d16e46a

SHA512
c457b28b8ab835bbb4610f96638534c0a9da02479bd5c6f8805e79fc1a70fef2ddb8d1e580be80b046bef53d24a9c27fb7816cd5988677a0ae61668a6b450072

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-UH0SP.tmp

Filesize
63KB

MD5
39544db54054b43ac62ce25d7e964789

SHA1
3d46a429fa5764f20a147288276e516379fdba4e

SHA256
0dca4c50c5556a7ee08b2dcfc39bb4d24285ded90cd7d8173a0c1a466eaf28d3

SHA512
dc37dc4e7912b0ce985376c0ad6ccd7bedffb3800cf69047be44d571956d253e06ec4091e428186409d3e6e2c76c7f20ea01b0a997c894fcd465748b85c483b9

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-UK8NJ.tmp

Filesize
15KB

MD5
8b1ee1d78b3734ed728326faf6afd3f1

SHA1
6531922c23410e5f60e1ae063a3cb181cc29645b

SHA256
0c63f184957f53d755efc9c7126f273c1426efccf7e8a60f6272299354e9016c

SHA512
6e51896e2616fda0f98639053a18aedbcacd174f4457466282046e4f5e063de8c84ef5b6a3c4c4078552475ea78a5c7fbf8059337240914b1bd98c2a7653fd00

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\is-UO9H5.tmp

Filesize
15KB

MD5
bf74d66b5e8e980eedf36a517daf8a7f

SHA1
ff02264603556c7c384801acc6e5b35119721078

SHA256
1eac9e838c57c5c0b891ded9fbf05380eae3038dac0a5112c7c47de794570356

SHA512
90a8c42958ac67a28dbd8ec35e2abe5205a982167d53c418906212c87eed61da2e4ba05237add57394abb33a1a253d595f0311a5711e03ef5c7e7c8fcee8d75a

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\ko_KR.json

Filesize
31KB

MD5
776090ce18472fffc8e4038e2eadcdfb

SHA1
647cac825c47ab09a366f5a7ee13f562eabbf18c

SHA256
1b61f4d223525454a9fc99527196ff677bffd62c1914a3dfd8cd58baafc67939

SHA512
d05db5bd3c3a3b85c5f1e9a05493b479afc166006b98c994fef51d6fa19c544d5cece9fff7c96703966d429bd96b721977d23e6371134b1601466e8c90f87e66

Download Submit
C:\Program Files\Reboot Launcher\data\flutter_assets\packages\flutter_localized_locales\data\zh_TW.json

Filesize
29KB

MD5
83feaf4b539212076f79f6028ed91451

SHA1
b2372198c552422d541038db80fb37028fee384d

SHA256
903bd6b70c8d8be312d91aad90cc9dbca4cb322267d7ba449b59883b3614fe5f

SHA512
60522a3e7fd67bed28552aa400e0ddf5135662a38a542be532ca63759c4cf79600c10c531046de5f7488fae3c694fdc0bc641a7b6d279efe5877534071f0ed86

Download Submit
C:\Program Files\Reboot Launcher\data\icudtl.dat

Filesize
798KB

MD5
da48e432fe61f451154f0715b2a7b174

SHA1
51b6add0bbc4e0b5200b01deca5d009f1daf9f39

SHA256
65ea729083128dfce1c00726ba932b91aaaf5e48736b5644dd37478e5f2875ac

SHA512
5af9c1e43b52536272a575ca400a9eee830a8fcecb83bb1a490515851bef48957d8de669b9f77b8614eb586838af23385e1afce622edb82a90ec7549f882d381

Download Submit
C:\Program Files\Reboot Launcher\flutter_acrylic_plugin.dll

Filesize
74KB

MD5
a2b2ea070658f9fcb228d246c7ab5b25

SHA1
bb3698db131afe5955ecbd524e589013ec962342

SHA256
f4298e3f6d35e1c03926372b7686c46ad2fe78a1feebc76de1b708b9c0bf01ed

SHA512
5538f6607a544e9f132ae1b71e7c9d788b79739432f34f876b550d187f073116eee3748c5f5a8e30f14fa52056c45557406fb722936eba999b4f7767f22dfb03

Download Submit
C:\Program Files\Reboot Launcher\flutter_windows.dll

Filesize
17.3MB

MD5
6576073f0d38612d1b86b6edb38eaaf4

SHA1
80450c43bec49886e0b78e452d43659b2425e536

SHA256
7810c7379edd462cbd9882ecb2317774c48a43bc8a283344bf4cae1d916b82fe

SHA512
ed15b45a8afac81a256d1b41385830d3bc18d136586e0f4312b8e177f3b37b18630c8d751488953a5c584b40a35c27869a480f03697a4c9e967a43df8690ee52

Download Submit
C:\Program Files\Reboot Launcher\launcher.log

Filesize
579B

MD5
e4b8e86f6d290d59aff853aa3cadb694

SHA1
0a343e5f38ee0739d8de763e1cd3e3a1bf4c8800

SHA256
f70a6a81e24822d90f05976920810a986f6120c6669fbdabdaeb83c5c358d4db

SHA512
020d8e77492fcbe958bb78c847353cac306f308dfefd91cb9974277a5c25bee76087ec46866c9e2045b87065da81ad5b651bb6167a379e50f9d9aa7578973c3c

Download Submit
C:\Program Files\Reboot Launcher\local_notifier_plugin.dll

Filesize
158KB

MD5
b3e554fc9237c9dacc051266e6c5080a

SHA1
c6fdfe2dd263385a21d9738c5bc9e551437dd6c5

SHA256
675cba976b01de3053f473eefa2de0c246bc9e104952efa6d15e14f02b3c03b7

SHA512
5cfce827017d5e351b73125aa0c9a0d30d76265d6ca24528fe6bbbe905c0858f21210e196404f45e4b63655fe2c71f016c06ed76253d61641e56b936d6cecc5a

Download Submit
C:\Program Files\Reboot Launcher\reboot_launcher.exe

Filesize
133KB

MD5
1bf247432b10fe0e9d068b233d943024

SHA1
105f5be088b4e449cfab1a715c4dd9597d75f738

SHA256
42416ac44cf8b0286040030337696000ec92149d2d9aac9b9099b1c7afe2e544

SHA512
eab1cbd2d7045dc1cc03122c3a27e05e9c158bb460e701bf6c3dacf7b7fa824aeba25b30130d29b73ddb6dec72fb998d65c6c4e770662833fdec5075905eb45d

Download Submit
C:\Program Files\Reboot Launcher\reboot_launcher.exp

Filesize
886B

MD5
696903fb4523d7fc5eda193cc7b8ec02

SHA1
8ba1fdb3bfe2001fd27ec08c4f56ab42f9786b68

SHA256
cdbd5aad9e81355697d3dbf7867a4c9d1f6ce1c8e3f53cf2f6948be22f25a263

SHA512
76177f483a67815fb9d7d5efe460ca9524055180b66e6dfab01036097c8979ba18e3d70a1a3984fb79c84301a9ff5b8c81b04b1a82df3940b4fadf3bf7d17960

Download Submit
C:\Program Files\Reboot Launcher\reboot_launcher.lib

Filesize
1KB

MD5
fb065f331cb20362caa11e5f7448c592

SHA1
21b2941930dbe12e9ab37764c564dfa03d4775de

SHA256
28051685f99151d3e963c208edfc118f52501280b52720fed444c47591ce4530

SHA512
72342fa3af1106da73f09a00b9e5d5ff474a867d5baca3da0db786e5f90057e26a6aed11bec46005ad8c590098bf15229990b5f376dc4e80d56cce692cdb2d03

Download Submit
C:\Program Files\Reboot Launcher\screen_retriever_plugin.dll

Filesize
95KB

MD5
61deaedf418b866620f4ef3b0dd93fbb

SHA1
3c00e2e97fd80651dcc5140ec850e3213832a672

SHA256
912cf28fdf93eba2e348142b62b54c7f7ea974a0688694d74bcd03d8de1e476c

SHA512
f9b81db9b7d43915cbc4fe9c7a8a5aa7d565542ce6bda877e6c88da448b821dd4e403423926ae21dda10e88a6dee0250a50c9ab6fe40b4d293c44efcae416dec

Download Submit
C:\Program Files\Reboot Launcher\settings\dll_storage.bak

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Program Files\Reboot Launcher\system_theme_plugin.dll

Filesize
96KB

MD5
4c53e31327d53c6cc4e30efe36c960da

SHA1
ac5193fdbbf6b7b21794ead11e9fb3658221c839

SHA256
4bd959c63912608849516f395479c4e00072ed2a89706e7a3c854ec077ecd0a1

SHA512
e437ec5ef5222b89267fe5f1378b35d9abad446a18446c573fcd34e84f74d49a2f79cbf2a0c845ea119c2ab3a0cfcf179bb293b524635f4906478a2aa5849298

Download Submit
C:\Program Files\Reboot Launcher\url_launcher_windows_plugin.dll

Filesize
82KB

MD5
d7ef01583493ced0511ea8ca28f75604

SHA1
174115a7cfc022ce0339579dbd4d8746297423b0

SHA256
22fe84092027376af4e4cda9d2046eb16adef8c69869c35eaee71d55cb9452e6

SHA512
f56da79b1d8c14df88a1c255816750b5a4b627e8f0382edd4a8d706473438d8c9dc0c0fb631009b17b396f082c87d2e4de972791306d235aa298757d47341612

Download Submit
C:\Program Files\Reboot Launcher\window_manager_plugin.dll

Filesize
135KB

MD5
0d16b1c1e265ca018b9814f4e13b544d

SHA1
0f1ced68e893b7a3d95f487f44a88a316652a961

SHA256
e0c7886dfa1864a6a89f18a34046df45c674e150fc68e3f07622658018ca6ba3

SHA512
81a55322a2be622c1c04d71a4ba94d7dbd070960959ebe6738797371577774a88d927434edde8787cf57055828ce97cb485e05191c4d59ca21f1f2bfb2fcd75e

Download Submit
C:\Program Files\Reboot Launcher\windows_taskbar_plugin.dll

Filesize
90KB

MD5
f9676a70bcb669fcf5ad3ac711c03fb8

SHA1
d5d7519bc1d44cf2c3d5cb0b4f33cd092e058baf

SHA256
455d1ce70853f09177ffdad858c418a7ed74ffb0a6192c8509547723e90cb02b

SHA512
b44a17c015495745010e686c21cf018be18f5750e85cfc31504f381a08e46ec0366b6201aaf33883dffd09270ead1bfd5312c61151358de16be4c691fd1a1371

Download Submit
C:\Program Files\playit_gg\bin\playit.exe

Filesize
4.4MB

MD5
241ccb769e4aeea48edd83ad6f3e7020

SHA1
e97a24adc53493545cdd15f461383e734e531530

SHA256
1c36cc49894b8effb0438a0d810f90b0064178b0d73bf4af7e526273c56dc090

SHA512
e99285da2ef1c431465086860f15fb343e00e978c03b4880aeeed3ef916f19a48c455672cf8fae95c6daed5744c49368101afe307b99c7c3c7464f838a43e03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
176ee642823d4e71764f09218563c83e

SHA1
169ed2429a015674786592ddacb30deaab58749d

SHA256
334310a502ec7a499114b1594adeaee31746c37000d119926a46e5e0d7798d09

SHA512
55dee2b024384a56261033bc6d6c4275c55d2755ac7a3d3d8843023d5ae0170fe308e18d79cfabda3798cb1a1bb31a0318df1b745e9be90cdeadc2ee68cddfdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
7d65204456542ac565b2d5389be4990b

SHA1
869a0bab46b04fa3bd92fd2d0e723ef4b14b2cea

SHA256
828b8ebab5cacb2263bb423dc68b086743eaea99351a69fbd707f6c4caceaabd

SHA512
6bde049ed6c48942961ed3d5d2ebe0c4586dfdeba83059227934f741bee8b0b60dbe349c76150627bc0fda971625ca58032433bf37e60dc9c861a9f1732d8e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c063dcd4b82006cc0a4ee4b938f066d8

SHA1
d724cfae6c8dbbcbe1388c4067598efd41b28d83

SHA256
80d89d5a097c082927174fa21d15f54fc2d6176887b47bef28d7ed4a62569d05

SHA512
1f0d7219463f90da4de1c03347549055afda91ae473af933a55787dab13ad109e7d45899602845885483b7282102dca530e7a893fad9e7848eeab0ebd0ba0fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
784a5bcaa0f159f67c69661da514b670

SHA1
9cb76e5d4d89ec12d1edafe21044b553209b3f7b

SHA256
3c1ebe81c8b4a295ff1b6731d1c4a12f87c11e345a750f377cb35397234c36ee

SHA512
f458b2ba5bb69dce54380051681d496833ff37746fe6ee0341f4b4fc34580fed3ad28251f2d5bf593ad07c9fa2c9fbae9283f572320f1aeff37cf863cff577d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
372753a0e47fbf5667ccae90f41e9b24

SHA1
0b47f8f55789e8e705c2384db6e2e7e861bb0198

SHA256
672848f3d0ac95dafa586040fa358311770c5e2866d6a89fe808dc29562a7961

SHA512
44e221bf38923694a003373a8e463aace282990d9661657892c88e64f891f33c1d01769e2c3ef8f1019e964585a05cfb1ddef4dad44fdd875225c4ab2683d715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
56ae162b285c98cef07098357ca3875a

SHA1
05ddcda956dacc0e2830b1d2ff54ad29144db7ea

SHA256
ee01a5bed2dbd63a7cce8e7ab74c61e33c7dcad843ed33cc01ba3c5fcd40fb9f

SHA512
b1f39f0e01d332d9068b80beb736abc990e452272a28058ea511844f7a3c04f5458c26eb495d8df9487ad76073887c8ccb00e2a7fce12c23cbdec46665b25661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f518942f33dac9c62a8477610115da2d

SHA1
7a019181d106caf2e1bbe5cbb3ea39f4c3dd5b9b

SHA256
b5b3c252ea70698ea57e3e9cecaab1b06733cfbb0f365ddf1ede93c7b48b045c

SHA512
a91f89f80dc8e6d7d0c984ea203721a034e1fbfda857789f263f97891b6b305efa812b64f8b08ad255969f12d447069379f4a7edf933d6e6945356f620977a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45cedea1aa0b2285a83769dd66d9d217

SHA1
87a2d7bd45bae6f32fcc2d56808d514c9edf3d23

SHA256
b97a605067c0d8c3080d1b053621da408e2c2d5af3e290006d8eaedaf1683665

SHA512
fc68647f4dd10c3e61e6e8a54d00f24439cf47996040ff27750b144724c8bf856da7814ac9946ef2b157d9f9fcbdcf5e50600f6a1496e5b8242f6dab95e70dcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7ad7e5d87aa6a5ceb3b08009637548ed

SHA1
06920a488982bdb82131c8645e0a2f3ec8a26bdb

SHA256
6f79669a593819bceced4f0b1a911faa4fa320647afb3262871051d708a3ca3b

SHA512
e72e1fc1afa05f59022ea034805bfb075f8e9ead600ccad88792ebe32f353b55ee6fcc22752316e46adb51953270c5bd8d7bc9e87ac5e0e857a8211a7be30af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
492e7e3994cb2a68041acf2ff9f183c5

SHA1
6b5298264dccb22b3032c95b992476dbe8056359

SHA256
dab178fc7f544a8ab9489f2835690752ef14b034575c135930e23637eeb065e1

SHA512
ce48fe350d93170b1bbafd0a438f7edd5593dc8b8f5b8fae3ecd010280faacf37f84830748b691e8a09b5b14a9aa1b0b1aa4b6604d4fb166b82f65f75ca5f765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f47fa744829eb8f60ddd629948fc1e52

SHA1
5f7b1e9217dd52b9ed36c096c6b908123cebf4df

SHA256
b5d7769ac9384b6cc99fa89624edf61d75f6fd20de017a565e8379433b532ab6

SHA512
adefed095fb11917853a6f6a5e11a661b5191d387418da69549d8d4b6414b16b183cb210049c2533c7b0640bccd86add08036f44ac65ac535194a5bb61c377b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ed06e32ab1afb87db12d6e02f3d962c3

SHA1
14a8b3999bfa8b282483aeb3ce22fa1d918b6f19

SHA256
958f84bb3f9aea567922f5fbced9a060c63dbfc3bc7d530dcae4204866ca5ed0

SHA512
93c66c36a6d92a514595e0d19c377b89040c26d828b1bfaeaa0a27f3efe46c8c55f2e8afc570024654f39bf2e1122b64f244c12aa28986659fd17278dcc1f74b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8912310a56887bd53305e5ae8f40cb22

SHA1
c65e31e264b7080fb8b0810e38c276648b69a09f

SHA256
084882ad67b279b4ed7ddb64eb9880d1ffcb6822e8b73c14e88959ba668ff2a3

SHA512
89295a3fc65df746ecdbd89d853d311ea8c8a5a32bea84fe5382c2ebe78c65d0c98ddacc0bf7e64562d1c33127cf78c0bf5831557119fb0376636ef924a51540

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1gzsevtq.iq2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1394B.tmp\reboot_launcher-9.2.7+9.2.7-windows-setup.tmp

Filesize
3.1MB

MD5
29ba43a04692522c9cee68beb054bc1e

SHA1
c307e4d31970f059f00f543a678a3929f1876ac1

SHA256
686802ef83b0862e825190fab356dc6471aff8977c8f2100ef4cdaa9778f0031

SHA512
66f18055f60460c9cb396fca3d23354bf0104796cc245c7ec4a817f3d00b1488446ee7767e17f0194ec2dfd45d5287d1b6f589d48c2ad19d494f3f9f9553a722

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7AJ04.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7AJ04.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 626717.crdownload

Filesize
2.4MB

MD5
9dc4f1f432d21a1b16b1ea956e976c49

SHA1
8dd8f2e19741ad3387110875969f89e8fdd7236c

SHA256
a69bc1b3ee708440bc5022a053b93f3622d22a677a472465d41b6240e5bccea3

SHA512
834808d6ef53dfd2f5c479abffb9fe3cdb6ec1bf8972bbd4bc855c6e097ba31955d6d9b38c71208d24b65ee1f73ce2a1a48246de3391c643d6987d9e75762b12

Download Submit
C:\Windows\Installer\e57d6da.msi

Filesize
188KB

MD5
0d00edf7e9ad7cfa74f32a524a54f117

SHA1
eea03c0439475a8e4e8e9a9b271faaa554539e18

SHA256
e55a6c147daab01c66aed5e6be0c990bbed0cb78f1c0898373713343ef8556cd

SHA512
0b6730fa8d484466a1ee2a9594572fa40fb8eea4ec70b5d67f5910436ee1d07c80a029cf1f8e488a251439ac1121fd0a76a726836e4cb72dd0fe531ce9692f6a

Download Submit
C:\Windows\Temp\{52C9A6CD-8051-4F19-B703-C943968F67B5}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{52C9A6CD-8051-4F19-B703-C943968F67B5}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
ae0540106cfd901b091d3d241e5cb4b0

SHA1
97f93b6e00a5069155a52aa5551e381b6b4221eb

SHA256
8cd998a0318f07a27f78b75edb19479f44273590e300629eff237d47643c496c

SHA512
29bb486bfdd541ba6aed7a2543ff0eb66865af737a8fb79484fb77cb412c3b357c71c16addf232c759d3c20c5e18128df43c68d1cba23f1c363fd9e0b7188177

Download Submit
C:\Windows\Temp\{D9B86CF8-5FC5-4A35-BC30-CB023C86C0FA}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/540-1404-0x000002357C9D0000-0x000002357C9F2000-memory.dmp

Filesize
136KB

Download
memory/888-1639-0x0000000000E50000-0x0000000000EC7000-memory.dmp

Filesize
476KB

Download
memory/1180-2083-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2073-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2084-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2074-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2082-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2081-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2080-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2085-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2079-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1180-2075-0x00000171F4740000-0x00000171F4741000-memory.dmp

Filesize
4KB

Download
memory/1680-1638-0x0000000000E50000-0x0000000000EC7000-memory.dmp

Filesize
476KB

Download
memory/4212-1601-0x0000000000E50000-0x0000000000EC7000-memory.dmp

Filesize
476KB

Download
memory/4500-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4500-1408-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4500-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4500-1686-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4836-1464-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4836-7-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4836-1685-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4836-1680-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4960-1687-0x00000223AD830000-0x00000223AD831000-memory.dmp

Filesize
4KB

Download
memory/4960-1688-0x00000223AD9E0000-0x00000223AE131000-memory.dmp

Filesize
7.3MB

Download
memory/4960-1690-0x00000223AD9E0000-0x00000223AE131000-memory.dmp

Filesize
7.3MB

Download
memory/4960-1691-0x00000223AD840000-0x00000223AD841000-memory.dmp

Filesize
4KB

Download
memory/4960-1689-0x00000223AD9E0000-0x00000223AE131000-memory.dmp

Filesize
7.3MB

Download