hxxps://we[.]tl/t-rEWqYAEl7u

Resubmissions

01-03-2023 19:43

230301-ye9spshe2x 1

01-03-2023 19:24

230301-x4tbkshd5y 7

Analysis

max time kernel
398s
max time network
431s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-03-2023 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-rEWqYAEl7u

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3496	GalacticFortress.exe
4688	UnityCrashHandler64.exe

Loads dropped DLL 3 IoCs

pid	Process
3496	GalacticFortress.exe
3496	GalacticFortress.exe
3496	GalacticFortress.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133221723212083839"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zG.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
1528	chrome.exe
1528	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4288	7zG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
4288	7zG.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 4036	2788	chrome.exe	89
PID 2788 wrote to memory of 4036	2788	chrome.exe	89
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 1020	2788	chrome.exe	90
PID 2788 wrote to memory of 2648	2788	chrome.exe	91
PID 2788 wrote to memory of 2648	2788	chrome.exe	91
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92
PID 2788 wrote to memory of 4104	2788	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://we.tl/t-rEWqYAEl7u
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8766f9758,0x7ff8766f9768,0x7ff8766f9778
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:2
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3228 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5424 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5700 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4724 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5856 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5876 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6032 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5436 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5344 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 --field-trial-handle=1816,i,12113077909957619012,15440804800746061428,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Temp1_GalacticFortress.zip\GalacticFortress.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_GalacticFortress.zip\GalacticFortress.exe"
1⤵
PID:4688

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\GalacticFortress\" -ad -an -ai#7zMap4819:94:7zEvent6172
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4288

C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress.exe
"C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3496
- C:\Users\Admin\Desktop\New folder\GalacticFortress\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\New folder\GalacticFortress\UnityCrashHandler64.exe" --attach 3496 1988194930688
  2⤵
  - Executes dropped EXE
  PID:4688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x3c8
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
104KB

MD5
ac5128e748aa8ebb9a6a1de0cf5ad15c

SHA1
c3e7e99fbb87e2473dee57c07472d480609e2b50

SHA256
cbb5b9158527557b43633b9ee030e9404b1f6e2b1def34e0c13370aab542c2d4

SHA512
db57b5ee5ca69dafa0021bc98242aa81e3f894ebe17262ba04ed393f4fbdb87483c7b2ed5b9ba74ba0b46f116a3d4d72eebc6c81e28d434a29563c00cd3343fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc219d167cc06e009d47d2be9eb20940

SHA1
703ea7eb4c949d1b9d50ee8fb9eca7d969b4aa7b

SHA256
4061628e842ab4f56c947ecc87328fb02b315594759cded9016970e1480c3774

SHA512
02b059ff4a75f7196207704d34121464f2b950ba726641877ee34e66e35ac9828791b26552804468760c79c90087e1e7b72df31b79a3e19b3edf2139d65c31d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
0de26f420bbab0215bd2da419363ae2e

SHA1
6e4683c4450749141530eacfa274ced011dc0989

SHA256
0b04a0c8d963ee38b256847fd87b0f67f4352457c43780710952d3af9576b2b5

SHA512
8822d29461ad2bae8669599e9d37f9feed39223e30dee2d0ce8cb0ab51eb88d6d2f2036f612c68e01f01427d1679daa3acb13dbd98bd365ead7c60aa3439804e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
130007a0d3242335908a1c2dd6b01f72

SHA1
93c4fa164858a0ec57d32d676a93b6056637104f

SHA256
fa33dfd144007797e250d203d4a7324373294da6288e36a28fbc88e2e8416794

SHA512
afb3e89d857919a5442f98aae2a128b82d712264527650357ea75ab1b49084a7844bd94f4656cf7a96ed3aed5859180c04f08c56315e192806e61af344215214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e046b09d123398d0046705f64f8fbc84

SHA1
2c9936fc4883e2769227c83edfabb50dc4fbb6bd

SHA256
28fb0693a00ba05d86d21c1b5e7dd4b95a9ce8e8d7227c3af6096388c3bf296a

SHA512
765139867a5e5e62887046bfd5db465983973000f192727b8b055856500e393d0c3da6035cca3054612c9ff6f6a777028d3c5b5bffeb60bb20819dea043d9563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a31575ea701e0f269bd80214d3885066

SHA1
721aade5bc1027f02c57ae1589aaa66cf9c27234

SHA256
256c1999ac2c20e8312808f992245e8ec945c0c1dfbe498f3cefe212daa6be86

SHA512
9e92baf03bc31ece1d360442fd96e22d417e6890a02d681a51c702367260ddd722045516a7c12ee5a79daa4bcb947646b5da7949b3e0846dcd434acaf39c5d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
5aa35b05d728d73fa474f73f806ed88f

SHA1
d9ea880f5a182c6129e171a2e4583647ab03587a

SHA256
19d9117a08fcbc653536e264ed7f23ba36504d06dfea6677b89757000bc5fced

SHA512
7e55cf5b1aa477c5ef02276c9cfef300634c7f6b12567b29b7f3eb687baeddb602eee93580e5fe63b46cbc38a39de77f78dad9514e5b453030916681756a4719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f706d27fccdb43c1e3e6f80ec68d0077

SHA1
b9835c2dccaa1b5e1f2901fe5bb3150e32213e7a

SHA256
06c9a77eb543c68b16140579fd8f985add22e099ba98e6a342c33eb19b0aab76

SHA512
cfb1c1ffda65149f3e524d91355c445746c151f4ee3830703f54ef8b656d83debc8ee5c7a2af480c9d0dc204cd7eaddf0cd8bc2caa0f8f54f35df095cd68f76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9242478ad3d1126c366a7d8b8f74f89b

SHA1
8802161b39706f74b65a7eb3d0f9a70ed77e0c7b

SHA256
38ac789e82a03a0b2446e6eaf62bf5c37becaaa054cfe92613619900768fd71f

SHA512
12297a969364ba13b3b3dda27a21aa261e5add98bf20e02aebdbbfb671df82a4c3827861a59b232760694a041adbec62b7818b765f3b08959e664ddb1c62e2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
af696035606d8e41e71674055504615d

SHA1
60e5f12e4624e5598f4486e098749270953d2d75

SHA256
a4fac96700dbd5a5584c5a2bf49fc99ab4c0204325c2dd5a429e07f6b1e016ee

SHA512
41293d466ca87cd021ba7cdd2a975fbe4405e97e796775988e4bf16b5e327d7fac1a48d3c22d52f334794fe44865ee4d526e2955502595e50815c8f459bfa3fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2b064479b2b8965b8672792850ae7428

SHA1
1efb10cb426add4ce8b1e2c51e2a7bab61352085

SHA256
59b9217c9ab50e9d8a34ee15c767e048e232a411979c52c43e7b0e643c96113a

SHA512
c9a03479acf28d742436c97344fb0b679899bfad91fff8857c8ab07e0bcae59d8a5ff5c11cb4ac822c33fc0f3a728c5171b24db20fc37cfaa82c5533af038889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e154f1ee9bc175a297886f8a82265c9d

SHA1
288179c53bfea2e9f18b87487373d80687dbd023

SHA256
5c0216e82db6bb388f349bf019735525db3061a21792e3399b050db0c83e413a

SHA512
b93cc163b6eebfbb3f092bbfcc600bc1efc2cc75c7580cba72f50145756e1a6ea239d48088d91c9f45af9be9b7ba17297b448a5f2c5cfcf75ade620cc0483823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3c44187ee0f745283ce6be0ee10ad951

SHA1
e497348509296007501e9c021bdd9a4b5b6fe86f

SHA256
30ece14a13aa2e1f4ddf15aabc0f930db138627898d5eb0ac943f2b647e5be7c

SHA512
9c53af101369ff62f2b7b0f9099b02b287b56f2ecbc09a5778ad25fde531a7b866048028b009e0e69abcbce1e7fac900f8c186a40b2797fde5b42a6d685406b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0a41c4c74193903f204369765bbbc974

SHA1
e4a6852f76bdb333deb1193013342547089c1f40

SHA256
8f562d9271b7efc7267fceab1528a9eff380aaef38dd0602ef7d2a280500ee36

SHA512
d07f04ad5127d91d3c9f15db0aba67b0645be07e20d10a28dee799a1f04c9553451aacb8a6192b4b472ec1a186a2dd61f84f0b07378ffd5f636b84929f8d5440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
09556a0a30e514021c582e4304230164

SHA1
27f4ca996572906de8dd0b8498ebd8eab7f9c994

SHA256
32fc6a26cefa1e866e29a180abf2dd54661d3da7559b0a175bb8d0346718235b

SHA512
ebd62a9315ae7872a96a796eff4599f860c1e029d0b35d9a8f325452ccac2371921aff8e1160a4de129f1d8de2666d6370368c737975c88e3b287a451abad5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
54f265b378bd2c3c2964962f6e55dbfb

SHA1
20cc0176963e1609804db8efb3ec58762e9384c2

SHA256
3f469ea0474f81d7bf834884b5ce46dd9475ba7c4661c29cffaf2f02eebe9e3e

SHA512
8783c37f477df6f28eca1f68308472df661d520e5775973979133cccccbeb16f54832cfc800fae66516fd1bf77faa5accc0fda049bb9775e68acad32c0aafa2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
943182738c9505d811fcbb5e536edb3a

SHA1
6db8911725f496eda7853f2818a49aaa8cf7109e

SHA256
7f16756adadaf5417d1a05db6b261ac5c49a55d37889357dfb02bb07f0f01f76

SHA512
d5426b9fb47a4b97162bdb5f3f1d064fb20086c68d2c4ffe6ec7ba575df8bbc21c576f8d6f10f75cdd4195be353f5cac57c4d63168927091cff181e8c00f1938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e3c0e9207e970e4ccb197e82e817a485

SHA1
36d96b6e99a8b9c9b8f2538713f8e178191b354c

SHA256
816ecc934512c0ecc47ceb8429f2fd238fca7ce0789432aa1fe46818625a46db

SHA512
5c8d241e2c974ca27bbafdf0780ac14486d919f09966bdf9d848ee4dec22f2f4189bdfd9edee367f90802d00b60fa15e43c6d2b825e5cb2adc6a852a29040dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2cae609b0888fc44b6229ac729753461

SHA1
59c96b65b5ce77ea741921dc399431c4232eead7

SHA256
f1e6a9174faee104275c28add8e54c46c1722966ae4ef5a63b91575046ef1cc3

SHA512
594cb51d4aaaae1d3077b17b77f3d7fcc079934cbaaa2affadff4965685338198735947652b44a590e5eac3803d07b0b32ea416a0dd0eb43a6673eb1c9514435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5c440a9a350dc152d2445390bab8771e

SHA1
08a32c9b938702611f7ac83df2d650d9b0beb78c

SHA256
cbb35bd9b558ac2cd9841d86434697c7b1366e7f01e78403d5b90ff2cbb34be9

SHA512
bc1a1579355e588ce02415c00996dba67a3f996f3515dca108b0ba947fe465f2e147f20c86e8c8164f47246cdb47b7735981d19dffdcca0d1c227bbea18c94a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c64c68824f81cb77740e4ba039a85d8c

SHA1
6e55f73f80813304d8acfe7f781d83b5f5917827

SHA256
06c7b1f6e3ba4ff7f8fd8fbbd07f566c139b9fe506a2173bb8d8655c009f98eb

SHA512
176f586f6f414a333048d0f4a0bb649efd40c56b99eaedea60037fa9c7c28deca9a8d34846026ff0c2c59e59a2cb6fb90281e07bba6b64310647b55be64520c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b0e1d29fc378cf19f6764afe37407cb4

SHA1
ffc2dd7ca87eb1e82d951d42ac37665b27778a71

SHA256
8cc934b98233961e1cbd65db52d5a4f67025336600eb9dcb45965d8bb8a9e581

SHA512
290a058d5fea34b9170c07b1221945981fb7945f6e3004cd0695aab801c7e4870ad1e63c315025a29fd61e389f5dfb53070ed393e5e466ad1495d813b1a1b811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
616fcfc19664debfa053b633d60f9990

SHA1
db1c4dac1b52e5d777da471e9abb2af0dc45d0de

SHA256
8bd69b08777d771331c9c5c1115c84bfb67051278246fc828c58f91c39890471

SHA512
f978e55b10d7556552ad8c5767f966b58673b097663112afc52be0bb2ca417f01c257b0b89252d5538101bce746c3cba91dbbf854d58a6df9388d7fa2c3cad6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ac975bba68d359f81bac63d85cf6934c

SHA1
ad9b3898b9f74fdba7ba6c49b155ee022b5c3a73

SHA256
ad48e0d86d3cdccf2e5ae6413544e83130aa6838b0549881c1cbd01a30902253

SHA512
67d170b8748175473bb4ead0cce031190a66e539bff4ba9366015e4697fe1a41a6ac37794f67f1bd9161a872dd9e10c63a4ac1813ecc8977a6252fc202ec69a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
06dfbd05a8f74a07f4e8272ba2cf6062

SHA1
722b11e3911f8fe170ea6c9f1f1a3a4bb3917dc3

SHA256
c25d15a8ec66a92ba8cda67b8eb147dbe2c3f6235aa4b33609f428e76e933f58

SHA512
b29bc04fe23902f5e84e7afddc33cf2b80b26ef94795e2570d43df718244338504c0ee48b1fb65ae93208358db5a9cf3bd0fed229946e3ad93e2b0819a8ebe66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aa6b98ef437454aedc013130a37665e0

SHA1
08bc08db3ce33a5feddbdc0d71861c6e60e585c3

SHA256
cb838bd8335e00efac51cbd192708fbea716e84b26e7098e00b281b0d278a561

SHA512
fe2251c10ad2cdbb95c95c8fe8c428e2699f845833293b117c501a9eb25bf15984f782fe69a8e050b609d4a098c717b601ba345407b223067aef6d88cb4c36d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bc9fa65fa034499862cd5123f86698ea

SHA1
4f64d54e8994abc64635cec2edef8823d66573f7

SHA256
ed0a59af6476a15f9c0b00240aa08df28a47b2b10f4d86b5ae998ab24d966911

SHA512
b50cc6d36e6c338251bff5e442d9fe05e6a3c19c2422c9ffde028bcebc39c350f52f27d7c50cd1e0a747f654f49db64ded2a9d3a2ba1fde62214b0b4dd4887fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
408634769cb01ca1d19b16248f4fed37

SHA1
5ad9828a4eb3d08b78d75a560e9b753b1a09bf23

SHA256
f7bca2001754fd632811e151fa85ad4bffc39dfb419986170686e9e306723dc0

SHA512
63fc4f0ff5e612147c42e8b5fe6a42f5e66028738c627d36a6e03d6868639b3490eaaa841762f79ccccbf0ddbaf86f3ef691bae65d738178bce01e299ed3fece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
afcb8e5840fb71cdf96a9a28fb8d4278

SHA1
35e078ed30ed31b59804ff337399a1da74bea2f0

SHA256
f04dc59e2d88db141ca5a9d5ec406519a863ae98b29a507abe259924a81c22e6

SHA512
7dc64aa084d148bb827641df60b005f2aae023f14d61664417baffb63913570cdb86ebea5c826699149c0dbba503c94af5f82ab3b37b4b16b7c21ca63e0d8dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c3e7.TMP

Filesize
48B

MD5
1fcd442b593122125ced62887d7a173b

SHA1
b4617336e6e2309ba3d5dcc95dd94a985cc1d651

SHA256
a6b3e51875b0e84a22c091274bb75e00c1ed278d1d96d662a3aa0196b5953dec

SHA512
a7f1abf957b78f26ee9a59eb53e9cdaade16d0848a304ecef0a4dea45aa8994806a2ae3fea8d74c6a74b4cfaa68014d1ca16657347f9b5eb242cb4c7f4ed1be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
e793e77406c22ab53661a3ff13b30286

SHA1
0926270aa9caf2cd26d9067db748a982c0f085d0

SHA256
de60d54d21d3b80957a89fcdbe98a5a2e9abaac43348f824cae4f95052127995

SHA512
02bb444571d3047910b2fbb671a33aad8311086427aff49be6fc6163c92c6ed6bd77976ede4a2fabc9f2f2a66b073de7d188fce30f18adb3699dd894821f7555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
142KB

MD5
1d2fe2c31f7dca91ec65bd920f9c84a6

SHA1
c652ddaff7a75a31ddcf5786c62ae264a044fab3

SHA256
41850fd4453977d025ee8369c9ae2ce46af2c308bf5c52e794d0a4c376c9d411

SHA512
7b3eb5a0073301fba4888670dd3cffdb162c9dc3ff9e626d10697589e5950060ce23f87498fa3ea01f2940249d56366af41455ad4f8a011b172987c1c3ba9abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
fb16118dc20d9c618232d67f3368eb60

SHA1
fee51016cc16b78f42213f0a5543daecece69f74

SHA256
c24fe937631472e06fa9542a75cb4c4b1895d115b1d602300b61e8e679d2ac73

SHA512
43b95205ae52a6ad007d314c6488bc4f60cf386ae43388919c23a70b83bdadfb3dc417d423b670fe576991421c5ec839b1a4ac4de94c27474a9436dcc4a12672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
7db201b78306fbe7c7efa2aa6ea189e6

SHA1
10045197db2a847da8e3c755b905d19ae566bd2c

SHA256
bda8e55b7e2acfca78f1ec102617ce811adf6ad3319331e6e9a3e280a06c2698

SHA512
91ec65a86873da3948a7a967e9bee3e6676315e47f2433e57a9608e683378b008a80859477c565b9c883dc321173feb737962bd95d660614983a7833d947063e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fa8c.TMP

Filesize
103KB

MD5
059c92b15cb506641f7f346d55d956bb

SHA1
3a4a24906af8f6e637379f54d8d53f4e3a167660

SHA256
bcfb58b54180db34f8c6e1c973fb917060361d3b52a57e6617cc92692516d8e4

SHA512
84f41e28fd47dee9a906e9543bfcbcc1731d4df54be9417c4c5cd00663ee0f4bad2e4a32b405f457a7012a92e3cb5282a87f1add8970cb4efdb050784db7aa90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress.exe

Filesize
638KB

MD5
865341b23824439e8107c62262d144de

SHA1
bf15d01e6d63a94fa66efdfbbd91084a1f0e20f8

SHA256
582b1c0952d228be76f2acdb4a423c2404d802564e9add4021f87d751ed6fcfe

SHA512
35fd3b77cb5ea84c251d184f3ea2b09ce5d371deb922fa7835f02ae5a73f0b67bda58dabfcd83c6bb78dd2a8d41717e3b7a97d5aef331fec15649c6f1fc4770e

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress.exe

Filesize
638KB

MD5
865341b23824439e8107c62262d144de

SHA1
bf15d01e6d63a94fa66efdfbbd91084a1f0e20f8

SHA256
582b1c0952d228be76f2acdb4a423c2404d802564e9add4021f87d751ed6fcfe

SHA512
35fd3b77cb5ea84c251d184f3ea2b09ce5d371deb922fa7835f02ae5a73f0b67bda58dabfcd83c6bb78dd2a8d41717e3b7a97d5aef331fec15649c6f1fc4770e

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\Resources\unity default resources

Filesize
4.6MB

MD5
81dc95b4cd2025b3763d12e16573fff4

SHA1
885038e0ac4ebd5318aca09c6d5fa14165762012

SHA256
fbe40cef10b60da04f384839af187ed9685f6dfe2fddd586340ccf6e0d3b9448

SHA512
42f8b12df006b72d0436ade43f61cfeff926ba9dfad70519999c433dd2a39e911f83e509299a1dfa61dc0498f8a214239367412b7d32ebfd5591c5040b8b68b3

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\Resources\unity_builtin_extra

Filesize
388KB

MD5
d3642a713c4321512f65a3ad3ad69cb9

SHA1
cc4091db359296c172965855f75074a72789d8f9

SHA256
9b08034cb8ad8a7d63fa5a595b9482240127dc6537ccf81c9f43105c75543f1a

SHA512
9b7a5ac3ec81b0d66bef7f8c043281ee0cae3d2bdb1f9317eef87b3a113fbccfb70133b5685161ac9e2b058188946a4f47237c9de8933b4f9d17360799db7de4

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\RuntimeInitializeOnLoads.json

Filesize
1KB

MD5
fce9028d4538e1c242c25b23e555b13a

SHA1
e50e418a433ae3718427377800ede37106c740e8

SHA256
01d37be466bd65bbbc4d31c30c1d2d3e79f602d3953105034bb4f9d04fbb4e58

SHA512
c8b44d634ee7c19eee47b75a44628fb204e61f9b3267185499bb43fbd4774ba13c14c824759c0a2b21ac187d688576f3789938eb5d9d4acfb0495ecb64f6833d

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\ScriptingAssemblies.json

Filesize
3KB

MD5
5a85a51fd77386aece5e6c739594a19d

SHA1
b5f428d6e957d6a96562e0ba47ab2e86c58b8441

SHA256
8b3c04a6bb1060d1b8b3347c3226b54ded2977fda4dca2418308f61aac974b0e

SHA512
680d54040cc420d01801830585323e0169a55c3808dd0bc867f3eeae8428d20c2584b021bc8f2b23119e237bd5c50e661f1dbd1db38781def93e3191047e6d17

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\app.info

Filesize
33B

MD5
1305d6d2a355504992600ac862310a30

SHA1
a61f8dce13cf8af970149b4bef9e21c17fcd8e00

SHA256
40ea778826e67b02bb75872ac63fc0a2c3933fb206fa195caf8cbc05bee56af3

SHA512
94862cbc54ef346fb137d5081b4da92dd3f2b441c0346999b797f54d097bcb19ed076841b67377a9e371089afdf84896ea7b0336a180d33314a3486e8347681c

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\boot.config

Filesize
69B

MD5
2b77119d737c1c2caf66bc03e37efed2

SHA1
07516483372e39b828f8a4d8a6f3e13f2a607b22

SHA256
25202c8f0caa8139d220c1db829ac0445de52047059b03c920c7d145ddfeb4ba

SHA512
53de04a485fc86e9327e39f6c2efce794f44295817f7106fc66e814e3f690209ee04c33b08c21dd951a15fbe472bf7b5a92acec465130319b85fa5ac09f9baf2

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\globalgamemanagers

Filesize
94KB

MD5
12c9f854ef0417deec8c41ffe5d9ee71

SHA1
322c1ac3fd34dcee7b83a29068f4d40a5a8294a3

SHA256
df5f112d345afd468c428746ace3886e143fddafe1b538089c1aab20c2f9a3d2

SHA512
21f684c814f224b4209a4d79bb17a11742c2849ee00c8b9f975a0950b55e37f779788a80f817d405a7b19eb3bce9e2d3405bf222956dd6c33863b07d81636469

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\globalgamemanagers.assets

Filesize
218KB

MD5
fa611488a2bc68a63ce1bf3fc47a8e1d

SHA1
6ab667dfe23ad3b15e10d3ddfa0d9f31162bbf20

SHA256
fc17587cd6774d52d6234f0fcc045b0c405877eb148978f2383669a86fe199df

SHA512
647f4106b3cf79aa093622fbf16a2d91bdd5e36218ec48a2d59782697eb4f64f83c6579be21a10f90d8c1fb0db620fbd474351cd4736e8186b269098d42312eb

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\il2cpp_data\Metadata\global-metadata.dat

Filesize
3.4MB

MD5
b4f5231d5e5b342e10e96e9fa2c4694a

SHA1
09f53b321285a2cd60ccdb3e7ed462bcf33298bb

SHA256
cbbca9b467777abd54ceb629c28cc0bff0bdbeba988153cca8c27f528ff05899

SHA512
220c7242312d583831cd8942518772bed037faa6713e686ac3ede1829acf810a058386485e5d31f80dcec99529b242ad278c5e9e042af3ca1619cc6a1a87ffea

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\il2cpp_data\Resources\mscorlib.dll-resources.dat

Filesize
329KB

MD5
21d06dbc8af6432b2b49536ed30609af

SHA1
11a1c0e2ab2f8c06fe4507535ed47e0dd279a60d

SHA256
c5baa176a5b72cd545266340e42102d393a5e43d38c95796bc828918bb95277f

SHA512
2971f54eaa14c3ce6e2352e5a1aea5b044f0894bf4eac92de8cd92515b6473b5ca56ebfcad4369a9d4935cbefea2540a83f332fd4d832c37768310e8776ceb5e

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\level0

Filesize
20KB

MD5
be05a5dea368ca1b0c4470280e5463de

SHA1
d9d02b016a28736604538fa64f8ecc202898a8ab

SHA256
3f66a06e6004f02a905f2f1d95a34af26c5de935a98ad8ceeb152f8dceace692

SHA512
903064f227101aebc52a216e8e5c3ec313d28f178b56cf998ba2827f9ee50a0f1d3e93deee6f854fecc78477ecf069b7646a8672953a36d812b2f9de4be76723

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\sharedassets0.assets

Filesize
52KB

MD5
23a27e61b62c279f6e4ce035797be857

SHA1
e3c5f6e5834b88b9b9df94d9ce89de009c98179e

SHA256
ab3d4f58652159e57bcf3dd17af63850e86e4dd12d79006de94e937155f43d74

SHA512
52d357e07def65e8a444a8bdb222a5bc3f9e8346a391e49c04d6854ea446ef9303fe0a1be74ae544835511ee2c68ddc590f6b26cf93c766d5f7bbf3914026100

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GalacticFortress_Data\sharedassets0.assets.resS

Filesize
17.8MB

MD5
e773ec670679d722a26a019284cd66d5

SHA1
a36936cb8d0a89c394a5ef5ed66b04a0a7d2c67f

SHA256
948e3c68c5ef78e1c7e8a694b5c0016b704ef4b64d7bb138f2062675772c17ab

SHA512
ec444d4b2bf2704ec2376a64a0037d9eee4fd109313b302a9f63a77e4d64db0daa99e4694059af56e44a3dc1143f34a6921baf1360a1cd5b7ca08cfcf7f085d4

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GameAssembly.dll

Filesize
14.9MB

MD5
b8505c25af52fcf8866d402fcc35dc09

SHA1
5b3b279baf8d600b6524e7061601c4e0ec893374

SHA256
80e86010340a64e1a7d500725b0dbdae6e53b7d1789feacaec233c66444a5e62

SHA512
36d3f3fb35a98db3b96e4310bd5f930835e53fcbb1a3002334a80b54452816d5cd2ed0533d2085ac9ebf3b522a2226540c80295f380dd6d231ca32051d2c5837

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\GameAssembly.dll

Filesize
14.9MB

MD5
b8505c25af52fcf8866d402fcc35dc09

SHA1
5b3b279baf8d600b6524e7061601c4e0ec893374

SHA256
80e86010340a64e1a7d500725b0dbdae6e53b7d1789feacaec233c66444a5e62

SHA512
36d3f3fb35a98db3b96e4310bd5f930835e53fcbb1a3002334a80b54452816d5cd2ed0533d2085ac9ebf3b522a2226540c80295f380dd6d231ca32051d2c5837

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\UnityCrashHandler64.exe

Filesize
1.1MB

MD5
a4256c99c50a7c82eaf40f444c141313

SHA1
3a6d6b92f1d030fee789062bccc879a6e7574610

SHA256
89a1edf1f49c51c8605fd47bb86d102f1860a3fac74ff2256f5a39e3bfe92ca6

SHA512
06719ae086bd1dcf685c9ac3f2b452fc125524c820ebbbd00b0c70985c5703db8fa61226f1dfd7db60dfc1f0daeae11af898216fe06c7f747f8d5fa54e90d1ac

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\UnityCrashHandler64.exe

Filesize
1.1MB

MD5
a4256c99c50a7c82eaf40f444c141313

SHA1
3a6d6b92f1d030fee789062bccc879a6e7574610

SHA256
89a1edf1f49c51c8605fd47bb86d102f1860a3fac74ff2256f5a39e3bfe92ca6

SHA512
06719ae086bd1dcf685c9ac3f2b452fc125524c820ebbbd00b0c70985c5703db8fa61226f1dfd7db60dfc1f0daeae11af898216fe06c7f747f8d5fa54e90d1ac

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\UnityPlayer.dll

Filesize
23.9MB

MD5
d92fa378e5db07c9affbc90bff88864a

SHA1
4327b05ec088a83be44ba42eb0c08d5585288a46

SHA256
fd1a46c1a8b599ecd5ee9d5d69dfd88c4e8a11b1d35fd532fc1e873238a26622

SHA512
08e88578932a10f24514ffadacbae1d6400f527b05d86f1671d04278176c5e33dc438a1872d5403741515efd4f5daa8ffd8211188b9cf0e0548d2f3726ca0ce2

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\UnityPlayer.dll

Filesize
23.0MB

MD5
8f901c891b37317f992708a235d0da0f

SHA1
1729b842628f7b9bec30ea6f3db85747dba05ac6

SHA256
9ffa15b6a531ad22b0e9e6a75154f3c3085aaba959c35eece6f44915438800b0

SHA512
2f887d92174f929f69f348de772a1acf8631b775c9f5973246263523d7df6216f99eb545996acbef48873d4809a84fe55141b6bb04b59899e0f5b3fefe4c9cb2

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\baselib.dll

Filesize
395KB

MD5
683b24a85cc8aa1a2e198b8339b90e4b

SHA1
4d64e584f3475d65d67c6430cf71973b9bc2326f

SHA256
8e27a7f47f6a73677d64fca5717fd733e661649fd67bec0474d01da535a9a935

SHA512
9f185166feaca6236e2379c50ce54c16ca162f25ceb26988a948b1260fe231d11daa390ab2a5bce267f30c83a12dc1f38aa725a2ab7f99ae3758c301b358c996

Download Submit
C:\Users\Admin\Desktop\New folder\GalacticFortress\baselib.dll

Filesize
395KB

MD5
683b24a85cc8aa1a2e198b8339b90e4b

SHA1
4d64e584f3475d65d67c6430cf71973b9bc2326f

SHA256
8e27a7f47f6a73677d64fca5717fd733e661649fd67bec0474d01da535a9a935

SHA512
9f185166feaca6236e2379c50ce54c16ca162f25ceb26988a948b1260fe231d11daa390ab2a5bce267f30c83a12dc1f38aa725a2ab7f99ae3758c301b358c996

Download Submit
C:\Users\Admin\Downloads\GalacticFortress.zip

Filesize
27.5MB

MD5
cad603c7e00e48aed4f37a86b3485e6b

SHA1
d085be9d3cccbc654b635074057e8f2dcf1ca04b

SHA256
bb21b05aea87d6d9db3748183a4549e58d020b88176da52ead806f8c2dbc6010

SHA512
a94b0f78d7f788dba6470adc2f1426002cae2f36982c94f5f44bed549cbe398c703bc1ee2e4486879041f65bb2500bc8361327ff8029db6d01c8c011c85027e7

Download Submit
C:\Users\Admin\Downloads\GalacticFortress.zip

Filesize
27.5MB

MD5
cad603c7e00e48aed4f37a86b3485e6b

SHA1
d085be9d3cccbc654b635074057e8f2dcf1ca04b

SHA256
bb21b05aea87d6d9db3748183a4549e58d020b88176da52ead806f8c2dbc6010

SHA512
a94b0f78d7f788dba6470adc2f1426002cae2f36982c94f5f44bed549cbe398c703bc1ee2e4486879041f65bb2500bc8361327ff8029db6d01c8c011c85027e7

Download Submit
memory/1020-136-0x00007FF8931E0000-0x00007FF8931E1000-memory.dmp

Filesize
4KB

Download
memory/1528-607-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-606-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-605-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-612-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-611-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-614-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-613-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-616-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-615-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/1528-617-0x0000015601310000-0x0000015601311000-memory.dmp

Filesize
4KB

Download
memory/2836-366-0x00007FF8945E0000-0x00007FF8945E1000-memory.dmp

Filesize
4KB

Download
memory/2836-367-0x00007FF892E10000-0x00007FF892E11000-memory.dmp

Filesize
4KB

Download