Analysis Overview
SHA256
b99bb0941d2258332591632921c5fd9a35bcc2487e69cf2b7a92579965dafc2c
Threat Level: Shows suspicious behavior
The file Retrac.Launcher_1.0.14_x64_en-US.msi was found to be: Shows suspicious behavior.
Malicious Activity Summary
Network Share Discovery
Enumerates connected drives
Drops file in Program Files directory
Executes dropped EXE
Loads dropped DLL
Drops file in Windows directory
System Network Configuration Discovery: Internet Connection Discovery
System Location Discovery: System Language Discovery
Event Triggered Execution: Installer Packages
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Checks processor information in registry
Checks SCSI registry key(s)
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:59
Reported
2024-11-09 22:29
Platform
win11-20241007-en
Max time kernel
930s
Max time network
1159s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Network Share Discovery
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Retrac Launcher\Retrac Launcher.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Retrac Launcher\Uninstall Retrac Launcher.lnk | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{1DEBC8E2-16D4-4E22-8390-1DC685669AD1} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF32FF36347BBC4DF0.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFEDD3D9E7C6A5BDDE.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFFF95585A2CEB540E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC498.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{1DEBC8E2-16D4-4E22-8390-1DC685669AD1}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{1DEBC8E2-16D4-4E22-8390-1DC685669AD1}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57c2e4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFBCBFE3E8890460C8.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57c2e2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57c2e2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | C:\Windows\System32\oobe\UserOOBEBroker.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Retrac Launcher\Retrac Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Retrac Launcher\Retrac Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\Retrac Launcher\Retrac Launcher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Event Triggered Execution: Installer Packages
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000002fc80c284bade0450000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800002fc80c280000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809002fc80c28000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d2fc80c28000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000002fc80c2800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2E8CBED14D6122E43809D16C5866A91D\MainProgram | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\Version = "16777230" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\Language = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\287324E2A8A2DC05090DA73D4E4E3F4C\2E8CBED14D6122E43809D16C5866A91D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2E8CBED14D6122E43809D16C5866A91D\ShortcutsFeature = "MainProgram" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\ProductIcon = "C:\\Windows\\Installer\\{1DEBC8E2-16D4-4E22-8390-1DC685669AD1}\\ProductIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2E8CBED14D6122E43809D16C5866A91D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\ProductName = "Retrac Launcher" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\287324E2A8A2DC05090DA73D4E4E3F4C | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\PackageCode = "81B208A4D7FEB6D46846DBD889F777F4" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\SourceList\PackageName = "Retrac.Launcher_1.0.14_x64_en-US.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2E8CBED14D6122E43809D16C5866A91D\Environment = "MainProgram" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2E8CBED14D6122E43809D16C5866A91D\External | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2E8CBED14D6122E43809D16C5866A91D\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Retrac.Launcher_1.0.14_x64_en-US.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7C1D7618A5B5DF1BDA7599224AD8D42C C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\Retrac Launcher\Retrac Launcher.exe
"C:\Program Files\Retrac Launcher\Retrac Launcher.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=2928.580.1111920064680559712
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x1b4,0x7ff950b73cb8,0x7ff950b73cc8,0x7ff950b73cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1748,13458164895707656266,17776706879315726288,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,13458164895707656266,17776706879315726288,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1748,13458164895707656266,17776706879315726288,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2376 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1748,13458164895707656266,17776706879315726288,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
C:\Program Files\Retrac Launcher\Retrac Launcher.exe
"C:\Program Files\Retrac Launcher\Retrac Launcher.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=4292.904.17877778215088332262
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1d4,0x7ff950b73cb8,0x7ff950b73cc8,0x7ff950b73cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,17106004087787512639,12038670116873076917,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,17106004087787512639,12038670116873076917,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1936 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,17106004087787512639,12038670116873076917,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2712 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1880,17106004087787512639,12038670116873076917,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Retrac Launcher\Retrac Launcher.exe
"C:\Program Files\Retrac Launcher\Retrac Launcher.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1544.1948.17778581921518955680
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\site.retrac\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x1a4,0x7ff950b73cb8,0x7ff950b73cc8,0x7ff950b73cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1860,10070950758971533600,7985444307262009310,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,10070950758971533600,7985444307262009310,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1936 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,10070950758971533600,7985444307262009310,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2468 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1860,10070950758971533600,7985444307262009310,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\site.retrac\EBWebView" --webview-exe-name="Retrac Launcher.exe" --webview-exe-version=1.0.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a903720-58bf-4192-a65e-7de94052650c} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" gpu
C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c138934e-c1f5-4368-aa24-5e09e7a084b5} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3260 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce7242fe-6638-4901-98b2-8a0ef73d8635} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {265b0ca5-6ff4-4e24-a674-5e187e9a1666} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4756 -prefMapHandle 4744 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c453c70c-e573-4105-8143-6815b4026d25} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a5d7aa6-9244-4ab5-bd1d-5db4b71aee3a} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 4 -isForBrowser -prefsHandle 5616 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dd8be70-8de7-404b-a106-56f17ca8a6ae} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5864 -childID 5 -isForBrowser -prefsHandle 5784 -prefMapHandle 5788 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 992 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c7f2b07-1413-44a5-8d0d-0561508a9000} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" tab
Network
| Country | Destination | Domain | Proto |
| GB | 88.221.135.35:443 | tcp | |
| AU | 40.79.167.8:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 92.123.128.165:443 | r.bing.com | tcp |
| GB | 92.123.128.165:443 | r.bing.com | tcp |
| GB | 92.123.128.165:443 | r.bing.com | tcp |
| GB | 92.123.128.165:443 | r.bing.com | tcp |
| GB | 92.123.128.165:443 | r.bing.com | tcp |
| GB | 92.123.128.165:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.128.123.92.in-addr.arpa | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| N/A | 127.0.0.1:50153 | tcp | |
| N/A | 127.0.0.1:50165 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\MSI8722.tmp
| MD5 | 4fdd16752561cf585fed1506914d73e0 |
| SHA1 | f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424 |
| SHA256 | aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7 |
| SHA512 | 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retrac Launcher\Retrac Launcher.lnk~RFe57c63e.TMP
| MD5 | 7bb1ab659bc5d0944151d9dd8900073b |
| SHA1 | cea745bb1b1951ec2ef304b258727930482861cc |
| SHA256 | 31a52ec3e3fd06191e0d6da1420d5791ffcae9206c7a248654e21d56a157312e |
| SHA512 | 7264d8702925f398108ad86575d1a5e3197353de8e167d278866b65d6a8e364bb551da0c4d5f35c1774fe61cc7a7fca369f055f1b6bac51ac724f27f33e4af16 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Retrac Launcher\Retrac Launcher.lnk
| MD5 | 441abf82664a82b15ffec561d7720e76 |
| SHA1 | ef796089fc9a90ccaa64b98b1821b885030ebdbf |
| SHA256 | 5f2a200444229aaa80cfe73fa35ec81d36357867af690e29bfa0c867910850c8 |
| SHA512 | 3c3dd0da8d109ca8210d49605850a2ef61be21212e0f7415f9a0446a82bf8d0a0161bffdc542f7962edc37b035eca50418600c47a4843e3ffda240bc48784f4a |
C:\Program Files\Retrac Launcher\Retrac Launcher.exe
| MD5 | 581db83f7ec4b6d773abbf1f5ce67b64 |
| SHA1 | 92bda9c192cd611ee969bdbfb3f9019fbd5a0a9a |
| SHA256 | 36657fd756a26c855923e601e239c855e36593c2a7ffca04a7d9629cdc0c6ca3 |
| SHA512 | 837d2609cc3cb4270759f6d23ba730a220ea684e1b4b3f82da1d64cee69c30c61a1ba9e0e59c8473f7042bce7f00c4b31e52dde69ad7d8e59f76566870906b65 |
C:\Config.Msi\e57c2e3.rbs
| MD5 | 4f12dc30c635de0a51b5c60651b39364 |
| SHA1 | 5dc4ecf171021221acd8a5d72c0a8fcfa1d947e0 |
| SHA256 | bc4132a831a7c8b03e1a1bea57e45e50b16cbae4b41e473b333be183504165dd |
| SHA512 | 8888bfa4e2ac85bafa226b031f9422c0ba1d8a6df009b19e74877bce30220e6e0eec245c2b0ae89c96418e459e4295648c853716264722c0d48d26943532e732 |
C:\Windows\Installer\e57c2e2.msi
| MD5 | ae30168aa8f32e9a4f00df855a303509 |
| SHA1 | 287b7fba5ff1ba3f5261b8a842da3f6b23e61e02 |
| SHA256 | b99bb0941d2258332591632921c5fd9a35bcc2487e69cf2b7a92579965dafc2c |
| SHA512 | 4e88b2402fcf60465d8990227f13d5d0c7e016a7a62b0478d7b26406e3cbde86e31e212d5b5cbcb4dad08222694f02008c078cfcd0ed6cd851756fd832bf563d |
C:\Users\Admin\AppData\Local\Temp\MSID09F.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad\settings.dat
| MD5 | 55cb14bd8c0287298a113ae6f9aaf190 |
| SHA1 | f3851c0a34ee1776d8201637628cdbc097853460 |
| SHA256 | 481306b2adb744789505d20ef68c1112bca49e7e4c8a2b8dbfc3cdc50b3950c5 |
| SHA512 | 4b334c9ea9e5162e507d2d348fa0f822c7f0c9fea24d70d33cdfffb78b4c2945272cdaf84aad5f55b475e21a63539a734812563e09f786125d39194881c1840c |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
memory/4188-68-0x00007FF972C50000-0x00007FF972C51000-memory.dmp
\??\pipe\LOCAL\crashpad_1848_XJYUWTZFILMWEVMV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Crashpad\settings.dat
| MD5 | 8e543c36b0ae5402dadf2176e4104cf1 |
| SHA1 | eaa57994a1daa7af53da443e62108cabb6f17718 |
| SHA256 | c20246e8dcea30564a70091ed3cda004803f88166c2fa13b7d3885b8b90c15d8 |
| SHA512 | 8ec2050fea82d8741829bbcfce94dd42004fa0c6d6c72d5b48cbdaa5f91cd9468c5a67cfaf5f2cf3279f8e883fd3a182579ad214bee19de391fea309202faad2 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\2810e7e4-ef3f-4aa4-96fb-62aa69650c1c.tmp
| MD5 | 985cc16013a4badcc2ee01ed62494b67 |
| SHA1 | 0b39003a243be5c84d667069d8a8744283075a00 |
| SHA256 | b07f208a957a04d3cfc2d131ea0cb0037dace7a2aedd30d89bf2eafceba1f2ac |
| SHA512 | 596198ecb205dbe720f0b2333cb64da133689dfd82bbaa80c36a55b58b1cc4eba6c679cb758814af3086607a4a24eda1d7532968a8e80e0ad7c508e0946dcb4f |
memory/4556-158-0x0000023B5E000000-0x0000023B5E09E000-memory.dmp
memory/2328-223-0x000001E1440D0000-0x000001E14416E000-memory.dmp
memory/4188-224-0x000002D0C0AD0000-0x000002D0C0B6E000-memory.dmp
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\ShaderCache\GPUCache\index
| MD5 | be2eb57b2443964801448d61e1474b81 |
| SHA1 | f713d4c1a88729cd18d1ecb99bc20ee7b4b257b7 |
| SHA256 | c7195b1ba409ed4eabae7da7bddb5ff3767b834fed09fcf3e14d0a079ae51248 |
| SHA512 | 0960481473ffe5c539e3788c78b487bdd9ef0db66c5b2ea865157337ffb2665502f2b2efcf9b81d22e7618167c1f15ef901ed5b95d6717c8936c271153dd55fe |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Site Characteristics Database\000003.log
| MD5 | 148079685e25097536785f4536af014b |
| SHA1 | c5ff5b1b69487a9dd4d244d11bbafa91708c1a41 |
| SHA256 | f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8 |
| SHA512 | c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\load_statistics.db
| MD5 | 144dfaaa82df72858197f4ef7ddd34f2 |
| SHA1 | e6bbbc5593c1d782e2d23c6ba6a5f5468e7548fa |
| SHA256 | fe2844d9713e3f49ff6e5c6d5e9f3b7af671fe9165cafe01ebbaf61bb1ae84b9 |
| SHA512 | 5a53b1dfd4729dd2cf7c5fb45b4b15e3b1729c7c7dca1a029b39964a6e0f9435bde61ba5c8e7b859254798fa135264c9814533409e5980159e52cdca2b1a5793 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Session Storage\LOG
| MD5 | 06eaf43a678d044173d222f72358d117 |
| SHA1 | 45d15e09de6ce9bdc76d334bfde24a35b94be96b |
| SHA256 | 48f9bfcab69f2d17d46fc44edf61e394d191cc258df67e0eb6b20d862764b242 |
| SHA512 | f91c83be81125842bf16e155d8b0fcb365d0b675554b11fde135ff02d9531b79378ef46caae1415d0f3fabfe95b003dc0e6408ea95bb0d24298083fe21b3f387 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Session Storage\000003.log
| MD5 | 9f7eadc15e13d0608b4e4d590499ae2e |
| SHA1 | afb27f5c20b117031328e12dd3111a7681ff8db5 |
| SHA256 | 5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923 |
| SHA512 | 88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Preferences
| MD5 | cf32461392dbaaa0763a95dfc2e7ccd6 |
| SHA1 | 98c3f482300a12f89c3d33a5b4367ae19d2e2814 |
| SHA256 | 77f9357ecb6baba8ff0dd5bc5830064c0d09076b36afdff8f8cd770016fc37f3 |
| SHA512 | 288dfdc810d599f681f98b1fbf98039c71250793e26c22f54ff47e62b0b4b354cc69ce15ff3705d2dca5e0b433ee5a88ad5f23ddec70c1780553c10f97dc73e6 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Local State
| MD5 | 1d00052a0e49b49a2cd26e6740293977 |
| SHA1 | e4ec33ca1fe1d34844c7d8fd0e1ffa8ae086842e |
| SHA256 | 247a276eb39ce47e1b5025ca3798ee716088eeb3c5ae55ff653ef311fe2c4d6f |
| SHA512 | cb3adaae9173da17c4995a1df8cbdb5431bf6a06de2485625448c940e31386be7c3e301d448b120208008e1ad35b82e0f8a64681c9b6cc9449e587454c759d38 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Local Storage\leveldb\LOG
| MD5 | f7b328c83dd4db8ad7d20af8973a450e |
| SHA1 | 6bd36fc0fc26b098a4ed09c163101f41721e8403 |
| SHA256 | 132057fbe24ab06b82c21b15dbb06ed131008f42d04f428a9263cd10089b629d |
| SHA512 | 72f140f8d24ae8baa878eb6825d346d48cd9b7b4b38ae7da8740098e8dcc636182ea76b5a230d11c4f2963596477109a872825d811c6e00319d68c221d716ec3 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Cookies
| MD5 | 22be08f683bcc01d7a9799bbd2c10041 |
| SHA1 | 2efb6041cf3d6e67970135e592569c76fc4c41de |
| SHA256 | 451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457 |
| SHA512 | 0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936 |
memory/1844-330-0x000001F0EBC00000-0x000001F0EBC9E000-memory.dmp
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\GPUCache\index
| MD5 | 31616b4e0ea4f35c37e12f4a836dc94c |
| SHA1 | 86e661e9196f29b2ab047718f0b8ef3e5660b46e |
| SHA256 | 2c651902422936160251244f9ca8817096b4550d3bd8609a3e9b44ac6e18fba2 |
| SHA512 | 5e6e490dbe73d3830684ef406d11ac8715b3dc53a3ead00a1f6b22daf8c6261a65d68c4a08be0e2a95d667759ea9f6ae77bf1636af5bbaa2fe47fd6b628d2f83 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Top Sites
| MD5 | 325ddf165383376a8e530a8288a9fb73 |
| SHA1 | f451204bb6f3de9de42f27bd887576b083026e87 |
| SHA256 | 53eb4fcb3cbcaacd4d94036c9379715990f86185b8ef7fd18cb27665193da6c8 |
| SHA512 | edb9c49956741560f40df102b81c3b558b1ae9ce902040f89cecb2fbbf60277dcb73f68d8b7c60340a92c46915828b7a204420292d0a4906ac0e9082943ad528 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | 30ce6a340aa387436945788c029363af |
| SHA1 | 05b394af9bcc1a2fd4f8a8fa014541c35a8e7a55 |
| SHA256 | 943fc6aeb36fa77609bb3b52f17ea8513e844ec73f2a1a3dbaef43786902bc87 |
| SHA512 | a3bd36065203b2a212ce3543a0dc5adc93b7be29a39e40b6c3a92db884cd098bb90cf3d69c9600a7f20afbf8cf7a58faa464ddd957db929cbe307abd32c9ac22 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Web Data
| MD5 | 12aff5c24b1e165da94cc9ddef6d752a |
| SHA1 | 345a57b067d6c7561b149b6a7de1d0cf53e42cc9 |
| SHA256 | b49ee954c97289b707fcaed55266f7c49720d1c24f4a8872038384155081aabf |
| SHA512 | fd584f3d7e3a5603ff2699e1b4930d6594b0ea09c0a194b7329f44d3d4d2e1e985a42ab512afc1b6a0f35412ef839d35f27fab1f6506e871d74c648c3adb0ae6 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Sync Data\LevelDB\000003.log
| MD5 | 90881c9c26f29fca29815a08ba858544 |
| SHA1 | 06fee974987b91d82c2839a4bb12991fa99e1bdd |
| SHA256 | a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a |
| SHA512 | 15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Login Data
| MD5 | b608d407fc15adea97c26936bc6f03f6 |
| SHA1 | 953e7420801c76393902c0d6bb56148947e41571 |
| SHA256 | b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf |
| SHA512 | cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Sync Data\LevelDB\LOG
| MD5 | 4425cc77febc40778a910aa4b926e15d |
| SHA1 | 5228d63f92fc7f6d73ae07c96006b19599669d23 |
| SHA256 | e65335d901de1dcda177419427fa4d62ac7bc78999351b95941956549622fea9 |
| SHA512 | e21e51fb23b2e90920fb0af553aa96a63cb085327e1c28d62c0e35a6e99545710b10139e146d8d91159688d4a1e1a04721b5b9ad47619565966ec3907ac95d74 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Visited Links
| MD5 | e059b44309043f3335fa3818b78eb989 |
| SHA1 | 81f505edf0ac9faa2a1e1f7e708760aaca7ad073 |
| SHA256 | 2674940ba88ce8ae9d5f7da6e6c18be17ff883c32c8becf9b18b6af46e74bda8 |
| SHA512 | 4b6b52f27332895a4e6954b83fce86980afa91de608fd85309c35119694816c45e16fe57cd2a8ec02f9a25b64558dfb4623700f0098f609d39c29c6fb5115eff |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Favicons
| MD5 | 5688ce73407154729a65e71e4123ab21 |
| SHA1 | 9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7 |
| SHA256 | be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60 |
| SHA512 | eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Site Characteristics Database\LOG
| MD5 | 62477fb9a8c97f6bc60d1ac3f10370db |
| SHA1 | 2bb6974112136f078a19fdd71c9d90484abc68f4 |
| SHA256 | a4f3ec4d4291f0869f1435b1653cfa810aa7c0e5ea3f2b648f44cc30b1b60736 |
| SHA512 | 7989155a2ab5de377c1aa152510900262a527aed8f0c889ba5424a6c1a923e0f5e76d46de339dd2bc2e1ac4bbfc8a50f5fd0e843befc6777be1ff157a08a1eff |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Media History
| MD5 | cf7ac318453f6b64b6dc186489ff4593 |
| SHA1 | b405c8e0737be8e16a08556757dc817bd02af025 |
| SHA256 | 634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a |
| SHA512 | b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\History
| MD5 | 4e2922249bf476fb3067795f2fa5e794 |
| SHA1 | d2db6b2759d9e650ae031eb62247d457ccaa57d2 |
| SHA256 | c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1 |
| SHA512 | 8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Secure Preferences
| MD5 | 8ed6be14c6f1f1d7034968290cf34479 |
| SHA1 | b2a13f354ebedd8de61ae3336baf48d8723188ab |
| SHA256 | d9099b54170ae5a011ec2bbd015944bd8c7a30c93d66940d51ca53219595363f |
| SHA512 | 6314355700099759441408f71b8f3d520a78f1ae9102a56f5f607c817c42d8c6da993d372634204fd3def8245d50520eee89443dc5f8cb47a62d62d92e3b56af |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Preferences
| MD5 | 2b3e53b7ec32f074b6d8c5da4e146e0d |
| SHA1 | 1c04c544fd6eb506716bf514e572bd5c00dcbd52 |
| SHA256 | 902e9e6d2f6437ba592e196c184278714b025f5932e48b8d25ada8394e2afad4 |
| SHA512 | 402a3dbd175f04a29b166913ea571d95bc99152adbdaed91ac552e9ba1794ac28a5731bcdd435e008010081e65a6f8c4d1ad8d24c4dcdb5eaa29ce691c67a953 |
memory/2884-331-0x0000011C952D0000-0x0000011C9536E000-memory.dmp
\??\Volume{280cc82f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{4fc937bc-c3be-40c0-9a8b-0a5a0bed2c11}_OnDiskSnapshotProp
| MD5 | 49e5891443b218931bf620d16a0583a4 |
| SHA1 | 0530f122e87dead094ae62b715951f62317f7eb5 |
| SHA256 | 2fc27f9560dc15a787af87f9d610d50ea5a744c304a8eff0122811b7015a0ac6 |
| SHA512 | 1698281219525dd4769b1bca328b3b19cec6ccc65d369ac8448f98c193cfe96906959fcc4deb237e25cce3c3be963beb7e8f43c5f348fdc677ff87e38b10ff2b |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 1c2b155509c531980ca882bb5786b65a |
| SHA1 | 1baca924f881736c1db11ed7fa54514c21493db9 |
| SHA256 | 43494879799df765609faa83157e75c9e002e556faecb8cc68bab43c0dabbd16 |
| SHA512 | d033bf0c19d571834d8abae35642beb6c050eb111abcaea65d67538af46c1966ad40469a891bc9fa794819101d9a6523a39ed6415164f7cba68ef839cdc2ec58 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\4786c813-a45d-433e-9e35-099fd15b9d52.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
memory/1904-361-0x00000179D0860000-0x00000179D08FE000-memory.dmp
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Local State
| MD5 | 3f71d443ccaa00e6a22196e5e961b5d5 |
| SHA1 | acb4212514bd669ffa81cabf43e91c64493cb2be |
| SHA256 | d9fb52648f607fb4ef772f1044c2d4c4210ec33038cec0531b98bc6b1f3a63aa |
| SHA512 | 7549171adf493c8edee636933cb971d92c544ac4eaca4defd4e6492a9dc3806f5bd4cb03eb90bc165b76a9bee14557f5b0c28b6ec58a2900950e57cf1891ce31 |
C:\Users\Admin\AppData\Local\site.retrac\EBWebView\Default\Preferences
| MD5 | 2ba099e348774df09122861d470a9d3c |
| SHA1 | 3f03da6e2ceb5f556fd0d403ec7bacc2a4ea02f2 |
| SHA256 | b63045ea38aec6f3d454d1502c051384d5f13098b6c9b3c89f7db41222ea7a8a |
| SHA512 | 293aaf1dbffb34d1f2f61c1fad7f909ac8b60837627516a55957b1297797f8bfd055c1bbe94fdd8927cd9777ca268739150dabe69975a661317ae0f136a849f0 |
memory/4676-406-0x000001BE092D0000-0x000001BE0936E000-memory.dmp
memory/1180-407-0x000001C7BB2E0000-0x000001C7BB37E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9f4285fcdb8fd4b4567ad90c604222e8 |
| SHA1 | dbc0a9a816ef2dd570ddc2fefbd657739fa8f960 |
| SHA256 | 0a66b1103cf0ad4de545c1452e071a17770ebb2a9fd3e3bece76fa69123292c5 |
| SHA512 | d5a2b52f5f17d3f2f01d66ad0f7063e703f4cff64b2863af9f2a2c7c5e1333b5c0313646bea3810fd0c863250df2ac2d34df77a3c841b4d2724310067d68def0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\46e8a2c5-d167-4739-88f2-6042a5fb1953
| MD5 | 91dfbfb98be938878afabf2acea2c75d |
| SHA1 | 850d6cccef09e7ad2b0e46d967768b17b5d38750 |
| SHA256 | d5a6351a3b804c245e329e183eec1194c4c7fd0be9a302c85104a51017734965 |
| SHA512 | 37df1545383bae6f4eeb66ea22add70663bb3b64186b3c15968adcabd26e790b12ae57abc0187a10eb8f3b1f08af39f86fbe777b6d2ef364344174a0cf58871d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f9ccdae75fd8848024fef98f820c18ae |
| SHA1 | a1b435ebe0845d5a3abb3a8b67a96c210cb4cf05 |
| SHA256 | ed2f850675fb68d10732abccf36c35613bb113306eaff3a8c817fd2e688e43c3 |
| SHA512 | 99702328c0846776825e5e8753948968b619ae6896005007ea299255c8d829559cbe116b05fbaa82960ae5a5413f479f74961a2809eac22c99f6e7d1c8c04c5d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\193020fe-9091-4984-85f2-6fe047ffe945
| MD5 | aa6b071c2cdb6807b45a4fd541765929 |
| SHA1 | 73c52b126e122cb152fc4e83b1affbceb0ff8243 |
| SHA256 | a8ca6868e1626a0ae56781b0b06de03c3385738854db71c45e8c54b1210f6237 |
| SHA512 | 6bf3d0a30c4afa464f42989e5fdfc76fa4baef8ee076d36770bbf1b033f44b5746cae8debcdc008a23e22246da22656b96d765090b28a8c0b141351a6f2855c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\9f8db288-ad3b-43c3-9d31-7add66fdfab1
| MD5 | e0f12f5a55e80dd0f49edb152c549b75 |
| SHA1 | 358d9d76096172f876a1a2b5b3731d4a0489fa70 |
| SHA256 | 09b66631f19e539c1d9560e5ceb21c9fdef4c8b8d0315de0833583d383600d5a |
| SHA512 | e8f4f9cd8af3f93192f61a3e3de9652f6d905c607dce5954b2be0b30d9b9eaf4ae4effcffa677ef68ec185f0cff8e2c9cd2a6a5cceeb97280801097e3c2a99b1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json
| MD5 | 78c9dd74b5d8a9da93e4c9dc42c75bf7 |
| SHA1 | f9319a4146e81bbe1d99ca4a1725427fc3132b46 |
| SHA256 | 3f0255b07b241e65bfcf322ae8718f864fb1a2f4579a5b7241f2c7254a17c852 |
| SHA512 | 0d7245dec74558069aa9bce32982f0663eb2cddb484bf431c954972c0fadaf138f02459fe58276b3c47ffd17e44e292773608b69519a5819bc25750603694a8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\prefs-1.js
| MD5 | bfc8dfd95e20f02482f380d3885ecb68 |
| SHA1 | 594560fe56158b78a0e8b9f7f10366ad0df57815 |
| SHA256 | d06dd070f2c235df5e1c70e92539a485ad7b7a1ae887e9b3b77bdf0b93970482 |
| SHA512 | 218bd2882f96426bb048bf360fc370a70ee759d21f3ff29dddf47048469b90f7b9c5b17a77be1706f66d98cb5bb89381617314f315c99ee459c1da7a477fda6a |