Analysis Overview
SHA256
3a19fd486163e03d64d375cc71897e833b9f86a2f3935c8578c277eb6227a49a
Threat Level: Known bad
The file GOG_Galaxy_2.0.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
UPX packed file
Loads dropped DLL
Checks installed software on the system
Checks whether UAC is enabled
Adds Run key to start application
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Program crash
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-30 21:01
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-30 21:01
Reported
2023-04-30 21:06
Platform
win7-20230220-en
Max time kernel
156s
Max time network
162s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxySetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x86.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{36796B17-F1A6-4C9B-88BC-471F1782FE8C}\.cr\VC_redist.x86.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x64.exe | N/A |
| N/A | N/A | C:\Windows\system32\DllHost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Run\GalaxyClient | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Run\GogGalaxy = "C:\\Program Files (x86)\\GOG Galaxy\\GalaxyClient.exe /launchViaAutoStart" | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-QRRLE.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-QOD20.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\gogGalaxyLogo\is-C1PPC.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\src\images\is-MJDJM.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\attr\is-GO68R.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-N9EIF.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\galaxy\is-AUKOD.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\angularLocales\is-0UP1T.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\galaxy\unittest\is-JD7FQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-2EN0F.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\locales\is-KU8G4.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\gameImgPlaceholders\is-05OUH.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-P1OGQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\attr\is-82HHV.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\python\is-5OSL6.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\multidict\is-S26KB.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\chardet\is-IAR4C.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-GMDOT.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\locales\is-DL5EV.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-LN9IH.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-CBTV4.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\galaxy\api\is-00T48.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\Icons\is-UP5O1.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\Icons\is-UMQHP.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\discover\welcomeOfferCovers\is-NRGGS.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\locales\ko-KR\is-507KJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\src\images\is-2GQDF.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\chardet\is-6H6KM.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\licences\LatoWeb Font\is-N4Q5J.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\gameImgPlaceholders\is-NAHKJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-L91OU.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\.hash\is-NTFCT.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-BQI1B.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\is-E0IJ1.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\is-3BSRM.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\gameImgPlaceholders\is-P19NF.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\gameImgPlaceholders\is-C819P.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-3QJ50.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\yarl\is-KSSM9.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\locales\is-EIOCL.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\python\is-6FHG3.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\dateutil\zoneinfo\is-VU3SF.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\locales\pl-PL\is-893LT.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\locales\fr-FR\is-CJ336.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\multidict\is-E5TJN.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\GOG Galaxy\python\libssl-1_1.dll | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\python\is-H9R87.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-O7HDI.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-6QTSE.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-VLA2I.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\imageformats\is-14PFQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\imageformats\is-HHI0E.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\swiftshader\is-EU80L.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-9UNK7.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\.hash\is-BP7SN.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-S6TPS.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\.hash\is-13EQM.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\styles\is-969P5.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-IFKLP.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-H071A.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-CHRKS.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\.hash\is-08J77.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\idna\is-913PL.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\dateutil\is-N51S2.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Fonts\is-9GGV3.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Windows\Fonts\is-CVUIE.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Windows\Fonts\is-5PDND.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Windows\Fonts\is-07S2A.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Windows\Fonts\is-NHV0A.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Windows\Fonts\is-PRKHG.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Windows\Fonts\is-03AFM.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| File created | C:\Windows\Fonts\is-REJFS.tmp | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe
"C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe"
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxySetup.exe
"C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxySetup.exe" /lang=en_US /campaign="eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJodHRwOi8vZ2FsYXh5Mi1zaWdudXAuZ29nLnByb2QvZW4vP2VtYmVkZGFibGU9dHJ1ZSIsIm9yaWdpbl91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi85Ny4wLjAuMCIsInVuaXF1ZV9pZCI6IjE2ODI4ODgwOTctODNlRGdJbC9KZW1oeW1QZ1l4SDBEQT09In0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49aHR0cCUzQSUyRiUyRmdhbGF4eTItc2lnbnVwLmdvZy5wcm9kJTJGZW4lMkYlM0ZlbWJlZGRhYmxlJTNEdHJ1ZSZvcmlnaW5fdXNlcl9hZ2VudD1Nb3ppbGxhJTJGNS4wKyUyOFdpbmRvd3MrTlQrMTAuMCUzQitXaW42NCUzQit4NjQlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStDaHJvbWUlMkYxMTEuMC4wLjArU2FmYXJpJTJGNTM3LjM2K09QUiUyRjk3LjAuMC4wJnVuaXF1ZV9pZD0xNjgyODg4MDk3LTgzZURnSWwlMkZKZW1oeW1QZ1l4SDBEQSUzRCUzRCJ9"
C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp" /SL5="$1016C,272048901,1268224,C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxySetup.exe" /lang=en_US /campaign="eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJodHRwOi8vZ2FsYXh5Mi1zaWdudXAuZ29nLnByb2QvZW4vP2VtYmVkZGFibGU9dHJ1ZSIsIm9yaWdpbl91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi85Ny4wLjAuMCIsInVuaXF1ZV9pZCI6IjE2ODI4ODgwOTctODNlRGdJbC9KZW1oeW1QZ1l4SDBEQT09In0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49aHR0cCUzQSUyRiUyRmdhbGF4eTItc2lnbnVwLmdvZy5wcm9kJTJGZW4lMkYlM0ZlbWJlZGRhYmxlJTNEdHJ1ZSZvcmlnaW5fdXNlcl9hZ2VudD1Nb3ppbGxhJTJGNS4wKyUyOFdpbmRvd3MrTlQrMTAuMCUzQitXaW42NCUzQit4NjQlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStDaHJvbWUlMkYxMTEuMC4wLjArU2FmYXJpJTJGNTM3LjM2K09QUiUyRjk3LjAuMC4wJnVuaXF1ZV9pZD0xNjgyODg4MDk3LTgzZURnSWwlMkZKZW1oeW1QZ1l4SDBEQSUzRCUzRCJ9"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RemoveUnlock.TTS"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RemoveUnlock.TTS"
C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x86.exe" /install /quiet /norestart
C:\Windows\Temp\{36796B17-F1A6-4C9B-88BC-471F1782FE8C}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{36796B17-F1A6-4C9B-88BC-471F1782FE8C}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x86.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x64.exe" /install /quiet /norestart
C:\Windows\Temp\{9667C29B-97F6-4202-89E5-2BD1D2048E19}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{9667C29B-97F6-4202-89E5-2BD1D2048E19}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
"C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe" /firstRun /installationSource=usedefault /payload=eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJodHRwOi8vZ2FsYXh5Mi1zaWdudXAuZ29nLnByb2QvZW4vP2VtYmVkZGFibGU9dHJ1ZSIsIm9yaWdpbl91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi85Ny4wLjAuMCIsInVuaXF1ZV9pZCI6IjE2ODI4ODgwOTctODNlRGdJbC9KZW1oeW1QZ1l4SDBEQT09In0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49aHR0cCUzQSUyRiUyRmdhbGF4eTItc2lnbnVwLmdvZy5wcm9kJTJGZW4lMkYlM0ZlbWJlZGRhYmxlJTNEdHJ1ZSZvcmlnaW5fdXNlcl9hZ2VudD1Nb3ppbGxhJTJGNS4wKyUyOFdpbmRvd3MrTlQrMTAuMCUzQitXaW42NCUzQit4NjQlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStDaHJvbWUlMkYxMTEuMC4wLjArU2FmYXJpJTJGNTM3LjM2K09QUiUyRjk3LjAuMC4wJnVuaXF1ZV9pZD0xNjgyODg4MDk3LTgzZURnSWwlMkZKZW1oeW1QZ1l4SDBEQSUzRCUzRCJ9
C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
"C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 584
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | remote-config.gog.com | udp |
| NL | 23.72.252.176:443 | remote-config.gog.com | tcp |
| US | 8.8.8.8:53 | insights-collector.gog.com | udp |
| NL | 23.72.252.122:443 | insights-collector.gog.com | tcp |
| US | 8.8.8.8:53 | content-system.gog.com | udp |
| NL | 23.72.252.168:443 | content-system.gog.com | tcp |
| US | 8.8.8.8:53 | gog-cdn-lumen.secure2.footprint.net | udp |
| SG | 8.241.159.140:443 | gog-cdn-lumen.secure2.footprint.net | tcp |
| US | 8.8.8.8:53 | insights-collector.gog.com | udp |
| NL | 23.72.252.129:443 | insights-collector.gog.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| N/A | 127.0.0.1:9978 | tcp | |
| N/A | 127.0.0.1:51677 | tcp |
Files
memory/1740-54-0x0000000000400000-0x0000000000641000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\remoteconfig.json
| MD5 | 77f0ebc2ec5ecd47916207bf510904e2 |
| SHA1 | 514dd58f5379932360f32dfa41d5706c0bf56076 |
| SHA256 | c6a6618fa0bb69a977b8e5e6985fed76575e8671015f53f6bf3c21e2707917c1 |
| SHA512 | 0d3fedfc364961872e605dcab3865172636a4fa9b6b5e4897c11dc342cff108551589eb2f88f2653ac0e1d4306600642217ccb0b6ed0cbaa6d147d264aacadb5 |
\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe
| MD5 | 26d02cc778b804689bda1aafa9a76fb1 |
| SHA1 | 5452c96593478f59471730366c682da19881051d |
| SHA256 | 61eadf4a0bb3710671f5b6f1db10c522a2d0a07177d3b79eb844d7f69d8f8635 |
| SHA512 | 047ecfb6df19e39579dd2a7359fec312f4dcf2293e9e4f232a22acd37a3c22707ecbf53d6ed0fe44989b8a52502fd43f525e20b85b83f29223205ade6a7aee90 |
\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe
| MD5 | 26d02cc778b804689bda1aafa9a76fb1 |
| SHA1 | 5452c96593478f59471730366c682da19881051d |
| SHA256 | 61eadf4a0bb3710671f5b6f1db10c522a2d0a07177d3b79eb844d7f69d8f8635 |
| SHA512 | 047ecfb6df19e39579dd2a7359fec312f4dcf2293e9e4f232a22acd37a3c22707ecbf53d6ed0fe44989b8a52502fd43f525e20b85b83f29223205ade6a7aee90 |
\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe
| MD5 | 26d02cc778b804689bda1aafa9a76fb1 |
| SHA1 | 5452c96593478f59471730366c682da19881051d |
| SHA256 | 61eadf4a0bb3710671f5b6f1db10c522a2d0a07177d3b79eb844d7f69d8f8635 |
| SHA512 | 047ecfb6df19e39579dd2a7359fec312f4dcf2293e9e4f232a22acd37a3c22707ecbf53d6ed0fe44989b8a52502fd43f525e20b85b83f29223205ade6a7aee90 |
\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe
| MD5 | 26d02cc778b804689bda1aafa9a76fb1 |
| SHA1 | 5452c96593478f59471730366c682da19881051d |
| SHA256 | 61eadf4a0bb3710671f5b6f1db10c522a2d0a07177d3b79eb844d7f69d8f8635 |
| SHA512 | 047ecfb6df19e39579dd2a7359fec312f4dcf2293e9e4f232a22acd37a3c22707ecbf53d6ed0fe44989b8a52502fd43f525e20b85b83f29223205ade6a7aee90 |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxyInstaller.exe
| MD5 | 26d02cc778b804689bda1aafa9a76fb1 |
| SHA1 | 5452c96593478f59471730366c682da19881051d |
| SHA256 | 61eadf4a0bb3710671f5b6f1db10c522a2d0a07177d3b79eb844d7f69d8f8635 |
| SHA512 | 047ecfb6df19e39579dd2a7359fec312f4dcf2293e9e4f232a22acd37a3c22707ecbf53d6ed0fe44989b8a52502fd43f525e20b85b83f29223205ade6a7aee90 |
memory/736-80-0x0000000000B50000-0x0000000000BE0000-memory.dmp
memory/736-81-0x000000001A8E0000-0x000000001A960000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\icon.ico
| MD5 | 391cf634b3ccf3971811be5ef016fe32 |
| SHA1 | 8e3023466d02dfb8f2e1b48555b998532dc9a377 |
| SHA256 | de9a2072df66c11af8cc255788c4c572f7b45ba7ab19524ad2e01a23f55e9ca8 |
| SHA512 | c1594a33efcfac7c6e6935e76ed030855886453b6397ba53a63225efbeb513a1ccb39ea7d528cc43bb1e2b56fd0e02b306e0e65dc6896613c2b4ca6c4a165d9a |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\payload.campaign
| MD5 | 0069f49d053b0b56ef449c4cc8b861f9 |
| SHA1 | fdbe0f50827c022017f17be3db3afd986228e266 |
| SHA256 | 72211501de8490d22aa4ec45710737ca980624fd31563b400b497534e3a36599 |
| SHA512 | 7b35f3ae4505e10fc554e063d3220493d657aea511bd632465db9d344e4ddffaaef0fe13c802c892fcf7e3df1281a11d6f369de9ba5787e84292de3ecd3208fb |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\remoteconfig.json
| MD5 | 77f0ebc2ec5ecd47916207bf510904e2 |
| SHA1 | 514dd58f5379932360f32dfa41d5706c0bf56076 |
| SHA256 | c6a6618fa0bb69a977b8e5e6985fed76575e8671015f53f6bf3c21e2707917c1 |
| SHA512 | 0d3fedfc364961872e605dcab3865172636a4fa9b6b5e4897c11dc342cff108551589eb2f88f2653ac0e1d4306600642217ccb0b6ed0cbaa6d147d264aacadb5 |
memory/736-97-0x000000001A8E0000-0x000000001A960000-memory.dmp
memory/736-99-0x000000001A8E0000-0x000000001A960000-memory.dmp
memory/736-100-0x000000001A8E0000-0x000000001A960000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxySetup.exe
| MD5 | b60970dfb43bbee8f7dd8f785b06e513 |
| SHA1 | ff3f3ef0c44ffa4120b2f30023573c57dec4d71e |
| SHA256 | 793227a3a9a7e30a80d7d2f623ffa0d68c63c9ea2fd0f0e8fbe1d9adbbbae0d6 |
| SHA512 | 98601a93b6df844a315c2d45429aef54640948ceafa75e3e19d46aa490aa4bac5fb07d3974840e929f256f25b86c9e751546a7ac4c11e09c36516d7f42a555af |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxySetup.exe
| MD5 | b60970dfb43bbee8f7dd8f785b06e513 |
| SHA1 | ff3f3ef0c44ffa4120b2f30023573c57dec4d71e |
| SHA256 | 793227a3a9a7e30a80d7d2f623ffa0d68c63c9ea2fd0f0e8fbe1d9adbbbae0d6 |
| SHA512 | 98601a93b6df844a315c2d45429aef54640948ceafa75e3e19d46aa490aa4bac5fb07d3974840e929f256f25b86c9e751546a7ac4c11e09c36516d7f42a555af |
memory/824-113-0x0000000000400000-0x0000000000543000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_VQXNW\GalaxySetup.exe
| MD5 | b60970dfb43bbee8f7dd8f785b06e513 |
| SHA1 | ff3f3ef0c44ffa4120b2f30023573c57dec4d71e |
| SHA256 | 793227a3a9a7e30a80d7d2f623ffa0d68c63c9ea2fd0f0e8fbe1d9adbbbae0d6 |
| SHA512 | 98601a93b6df844a315c2d45429aef54640948ceafa75e3e19d46aa490aa4bac5fb07d3974840e929f256f25b86c9e751546a7ac4c11e09c36516d7f42a555af |
\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp
| MD5 | ebda4a669acd86def15d9389e3c408ff |
| SHA1 | 88c7f3cdccb377397fa295efd5dbf5af3c5d1bdd |
| SHA256 | 399092911144baf021d14ccd882ad8ab8d312e579b8e11fbac1dfb16e72c5740 |
| SHA512 | 9a406d7fb6827bd992baf4c1c26a84187dafa89dd1afce51f97953c5f4f29319021043f860ddd1d94346265fcec8663581112af9455b0da1dd3a75da6102105a |
C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp
| MD5 | ebda4a669acd86def15d9389e3c408ff |
| SHA1 | 88c7f3cdccb377397fa295efd5dbf5af3c5d1bdd |
| SHA256 | 399092911144baf021d14ccd882ad8ab8d312e579b8e11fbac1dfb16e72c5740 |
| SHA512 | 9a406d7fb6827bd992baf4c1c26a84187dafa89dd1afce51f97953c5f4f29319021043f860ddd1d94346265fcec8663581112af9455b0da1dd3a75da6102105a |
memory/1416-124-0x0000000000240000-0x0000000000241000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\_isetup\_isdecmp.dll
| MD5 | 077cb4461a2767383b317eb0c50f5f13 |
| SHA1 | 584e64f1d162398b7f377ce55a6b5740379c4282 |
| SHA256 | 8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64 |
| SHA512 | b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547 |
memory/824-130-0x0000000000400000-0x0000000000543000-memory.dmp
memory/1416-131-0x0000000000400000-0x0000000000765000-memory.dmp
memory/1416-134-0x0000000000400000-0x0000000000765000-memory.dmp
memory/1416-135-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1416-138-0x0000000000400000-0x0000000000765000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-V8DIT.tmp\GalaxySetup.tmp
| MD5 | ebda4a669acd86def15d9389e3c408ff |
| SHA1 | 88c7f3cdccb377397fa295efd5dbf5af3c5d1bdd |
| SHA256 | 399092911144baf021d14ccd882ad8ab8d312e579b8e11fbac1dfb16e72c5740 |
| SHA512 | 9a406d7fb6827bd992baf4c1c26a84187dafa89dd1afce51f97953c5f4f29319021043f860ddd1d94346265fcec8663581112af9455b0da1dd3a75da6102105a |
C:\Program Files (x86)\GOG Galaxy\unins000.exe
| MD5 | ebda4a669acd86def15d9389e3c408ff |
| SHA1 | 88c7f3cdccb377397fa295efd5dbf5af3c5d1bdd |
| SHA256 | 399092911144baf021d14ccd882ad8ab8d312e579b8e11fbac1dfb16e72c5740 |
| SHA512 | 9a406d7fb6827bd992baf4c1c26a84187dafa89dd1afce51f97953c5f4f29319021043f860ddd1d94346265fcec8663581112af9455b0da1dd3a75da6102105a |
memory/1416-200-0x0000000000400000-0x0000000000765000-memory.dmp
memory/1524-206-0x000000013F160000-0x000000013F258000-memory.dmp
memory/1736-209-0x000000013F160000-0x000000013F258000-memory.dmp
memory/1524-216-0x000007FEF6320000-0x000007FEF6354000-memory.dmp
memory/1736-224-0x000007FEF6320000-0x000007FEF6354000-memory.dmp
C:\Program Files (x86)\GOG Galaxy\web\is-S9HM2.tmp
| MD5 | 633860092d5763dbb1b4ed0837429ab0 |
| SHA1 | adfa76664ec6be58629ca8d58c73ae80277cf076 |
| SHA256 | 272ca2a34d1a03ee9b22f78c8f101daa5aee84bf8851956380f7c31b04e7ffab |
| SHA512 | 78312f12cf247190fb3f2ada10bc7c74ab0b2aacb73236431a29ead85ecafb7b1e0a66ef859c3492880624cc70d6c647e8b883a445c1591042dc3729b178fd2a |
memory/1524-240-0x000007FEEEBC0000-0x000007FEEEE74000-memory.dmp
memory/1736-249-0x000007FEEEBC0000-0x000007FEEEE74000-memory.dmp
memory/1524-589-0x000007FEFA990000-0x000007FEFA9A8000-memory.dmp
memory/1736-598-0x000007FEFA990000-0x000007FEFA9A8000-memory.dmp
memory/1524-621-0x000007FEF6FE0000-0x000007FEF6FF7000-memory.dmp
memory/1736-624-0x000007FEF6FE0000-0x000007FEF6FF7000-memory.dmp
memory/1524-643-0x000007FEF66E0000-0x000007FEF66F1000-memory.dmp
memory/1736-646-0x000007FEF66E0000-0x000007FEF66F1000-memory.dmp
memory/1524-659-0x000007FEF62C0000-0x000007FEF62D7000-memory.dmp
memory/1416-706-0x0000000000400000-0x0000000000765000-memory.dmp
memory/1524-709-0x000007FEEEBC0000-0x000007FEEEE74000-memory.dmp
C:\Program Files (x86)\GOG Galaxy\web\locales\pt-PT\is-MF4GD.tmp
| MD5 | bf804964f529597485b5aa66f76656d8 |
| SHA1 | 1625addc939cf41ad6677ed2330da32d656d3496 |
| SHA256 | 4b09dfb390e8e522d12861d0f5e22462658bdacaceaee67bc5132228f9e802d0 |
| SHA512 | 6c9009c448830cd678be6d6edc28ee5e936ce25ff100c93df66ad24a8f93fc21739ffe80e27d94f400736cf76ae7735ddb7568ffa68ae23a0f566396eb6c4413 |
memory/1524-730-0x000007FEEF410000-0x000007FEEF421000-memory.dmp
memory/1524-735-0x000007FEEF3F0000-0x000007FEEF40D000-memory.dmp
memory/1524-738-0x000007FEEF3D0000-0x000007FEEF3E1000-memory.dmp
memory/1524-739-0x000007FEECF10000-0x000007FEED110000-memory.dmp
memory/1524-820-0x000007FEEF350000-0x000007FEEF38F000-memory.dmp
memory/1524-823-0x000007FEECEE0000-0x000007FEECF01000-memory.dmp
memory/1524-838-0x000007FEEEBA0000-0x000007FEEEBB8000-memory.dmp
memory/1524-843-0x000007FEECEC0000-0x000007FEECED1000-memory.dmp
memory/1524-860-0x000007FEECEA0000-0x000007FEECEB1000-memory.dmp
memory/1524-885-0x000007FEECE40000-0x000007FEECE51000-memory.dmp
memory/1524-894-0x000007FEECE20000-0x000007FEECE3B000-memory.dmp
memory/1524-923-0x000007FEECE00000-0x000007FEECE11000-memory.dmp
memory/1524-940-0x000007FEECDE0000-0x000007FEECDF8000-memory.dmp
memory/1524-941-0x000007FEECDB0000-0x000007FEECDE0000-memory.dmp
memory/1524-944-0x000007FEECD40000-0x000007FEECDA7000-memory.dmp
C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-VHEDI.tmp
| MD5 | 562e8efa4422fdab66fd48ae64dfc7a5 |
| SHA1 | 22d7f566adfd42c6c18c5a2e2ccd5d5a3bd49706 |
| SHA256 | 73185706c9d2aa093c5e0511cee6ff5c52db25228924edb8f3edaf5af913d303 |
| SHA512 | b513c177f8dc6edd26391af045bbbd57fc31c3346cc78ae1083373247e08405416198682e773a33991b6f311cd4f65fd2656cb55c63668499494eb7454852f0a |
C:\ProgramData\GOG.com\Galaxy\changelogs\is-FD0T2.tmp
| MD5 | c1f15ad6155a74d5983e43f3015682c5 |
| SHA1 | 43aae9a8776dec93c992a21c14a27c8af5b9e2f7 |
| SHA256 | eabd436dbe6bc4de1416971dfb0060696e2f0aeb15d87c50496137a0e7140e13 |
| SHA512 | cc032541a189b4dda78ecbd57d0375a43d86e45a8e0ee92a22878f3b5208e7e3a6527103bc2150143a9e82e1cf6c558d5f3f67070bd98d7318933b77fe95be89 |
memory/1524-953-0x000007FEEBC90000-0x000007FEECD3B000-memory.dmp
memory/1524-1794-0x000007FEEBC20000-0x000007FEEBC8F000-memory.dmp
memory/1524-1819-0x000007FEEBC00000-0x000007FEEBC11000-memory.dmp
memory/1524-1820-0x000007FEEBBA0000-0x000007FEEBBF6000-memory.dmp
memory/1524-1827-0x000007FEEBB70000-0x000007FEEBB98000-memory.dmp
memory/1524-1830-0x000007FEEBB40000-0x000007FEEBB64000-memory.dmp
memory/1524-1833-0x000007FEEBB20000-0x000007FEEBB37000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x86.exe
| MD5 | 3aa2d769397da14166eacdb3640458ee |
| SHA1 | b38b7fc28c5e2ef157f93297036202911d2fc2bf |
| SHA256 | b4d433e2f66b30b478c0d080ccd5217ca2a963c16e90caf10b1e0592b7d8d519 |
| SHA512 | 404d2301c4719b8791639e8100eff6df7cd9c3ca62ad0a5c7ac8252f8adc2601aeefe83da982a409b9e3d901f74518ff98d2af5ebdd8cc77067be39c20eb1c56 |
C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x86.exe
| MD5 | 3aa2d769397da14166eacdb3640458ee |
| SHA1 | b38b7fc28c5e2ef157f93297036202911d2fc2bf |
| SHA256 | b4d433e2f66b30b478c0d080ccd5217ca2a963c16e90caf10b1e0592b7d8d519 |
| SHA512 | 404d2301c4719b8791639e8100eff6df7cd9c3ca62ad0a5c7ac8252f8adc2601aeefe83da982a409b9e3d901f74518ff98d2af5ebdd8cc77067be39c20eb1c56 |
C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x86.exe
| MD5 | 3aa2d769397da14166eacdb3640458ee |
| SHA1 | b38b7fc28c5e2ef157f93297036202911d2fc2bf |
| SHA256 | b4d433e2f66b30b478c0d080ccd5217ca2a963c16e90caf10b1e0592b7d8d519 |
| SHA512 | 404d2301c4719b8791639e8100eff6df7cd9c3ca62ad0a5c7ac8252f8adc2601aeefe83da982a409b9e3d901f74518ff98d2af5ebdd8cc77067be39c20eb1c56 |
\Windows\Temp\{36796B17-F1A6-4C9B-88BC-471F1782FE8C}\.cr\VC_redist.x86.exe
| MD5 | 68f7654abfd77baade7a36e1d718ebc4 |
| SHA1 | eabba5cb899aee962f85b52e359c9f85d83771b6 |
| SHA256 | 5b60b35079913ba1e00cddf762c1759650de8a3c2b76e373b996ced4843becdb |
| SHA512 | b48c4ba6112e7ac1dae5846eb41812d265a72fc13966c8f8bdf7099fec88d27b414fe566905a6eea4e2f574c379fe87059018c8a365bed55a46eea9a42b38889 |
C:\Windows\Temp\{36796B17-F1A6-4C9B-88BC-471F1782FE8C}\.cr\VC_redist.x86.exe
| MD5 | 68f7654abfd77baade7a36e1d718ebc4 |
| SHA1 | eabba5cb899aee962f85b52e359c9f85d83771b6 |
| SHA256 | 5b60b35079913ba1e00cddf762c1759650de8a3c2b76e373b996ced4843becdb |
| SHA512 | b48c4ba6112e7ac1dae5846eb41812d265a72fc13966c8f8bdf7099fec88d27b414fe566905a6eea4e2f574c379fe87059018c8a365bed55a46eea9a42b38889 |
C:\Windows\Temp\{36796B17-F1A6-4C9B-88BC-471F1782FE8C}\.cr\VC_redist.x86.exe
| MD5 | 68f7654abfd77baade7a36e1d718ebc4 |
| SHA1 | eabba5cb899aee962f85b52e359c9f85d83771b6 |
| SHA256 | 5b60b35079913ba1e00cddf762c1759650de8a3c2b76e373b996ced4843becdb |
| SHA512 | b48c4ba6112e7ac1dae5846eb41812d265a72fc13966c8f8bdf7099fec88d27b414fe566905a6eea4e2f574c379fe87059018c8a365bed55a46eea9a42b38889 |
\Windows\Temp\{9B569FC9-BAE5-4FAD-9237-E1FD67E6956E}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{9B569FC9-BAE5-4FAD-9237-E1FD67E6956E}\.ba\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x64.exe
| MD5 | 1e7bd6790391b5b710c6372ab2042351 |
| SHA1 | 75f1aee6dccf3d6e6ac49926563737005b93ba13 |
| SHA256 | 952a0c6cb4a3dd14c3666ef05bb1982c5ff7f87b7103c2ba896354f00651e358 |
| SHA512 | ae3860a060be483c9fcbcf6a41f561faf2cd681f39138dd13a563e3f39cf4b4f41e7c0f7b58bc8b585b2728245025be4b198f06634a97fa98847258272f9f59b |
C:\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x64.exe
| MD5 | 1e7bd6790391b5b710c6372ab2042351 |
| SHA1 | 75f1aee6dccf3d6e6ac49926563737005b93ba13 |
| SHA256 | 952a0c6cb4a3dd14c3666ef05bb1982c5ff7f87b7103c2ba896354f00651e358 |
| SHA512 | ae3860a060be483c9fcbcf6a41f561faf2cd681f39138dd13a563e3f39cf4b4f41e7c0f7b58bc8b585b2728245025be4b198f06634a97fa98847258272f9f59b |
\Users\Admin\AppData\Local\Temp\is-8BF6K.tmp\VC_redist.x64.exe
| MD5 | 1e7bd6790391b5b710c6372ab2042351 |
| SHA1 | 75f1aee6dccf3d6e6ac49926563737005b93ba13 |
| SHA256 | 952a0c6cb4a3dd14c3666ef05bb1982c5ff7f87b7103c2ba896354f00651e358 |
| SHA512 | ae3860a060be483c9fcbcf6a41f561faf2cd681f39138dd13a563e3f39cf4b4f41e7c0f7b58bc8b585b2728245025be4b198f06634a97fa98847258272f9f59b |
C:\Windows\Temp\{9667C29B-97F6-4202-89E5-2BD1D2048E19}\.cr\VC_redist.x64.exe
| MD5 | 1d7599c4a31b82e70308c022e9494011 |
| SHA1 | 7d04a03d5502df2838d40dd131b1cae226cb5205 |
| SHA256 | 21d2935d29c807a3a56c406849b97dbc7f720822920930d0e2b13a44203c107c |
| SHA512 | 080ff020e0d2d9c0ce6beee8143c0f49e1b4450baa08072a8662f4b25ad6b034ee0ad174f2d4acd5b011cb8fb140656755007e245673f7677964b9e99555ab08 |
\Windows\Temp\{9667C29B-97F6-4202-89E5-2BD1D2048E19}\.cr\VC_redist.x64.exe
| MD5 | 1d7599c4a31b82e70308c022e9494011 |
| SHA1 | 7d04a03d5502df2838d40dd131b1cae226cb5205 |
| SHA256 | 21d2935d29c807a3a56c406849b97dbc7f720822920930d0e2b13a44203c107c |
| SHA512 | 080ff020e0d2d9c0ce6beee8143c0f49e1b4450baa08072a8662f4b25ad6b034ee0ad174f2d4acd5b011cb8fb140656755007e245673f7677964b9e99555ab08 |
C:\Windows\Temp\{9667C29B-97F6-4202-89E5-2BD1D2048E19}\.cr\VC_redist.x64.exe
| MD5 | 1d7599c4a31b82e70308c022e9494011 |
| SHA1 | 7d04a03d5502df2838d40dd131b1cae226cb5205 |
| SHA256 | 21d2935d29c807a3a56c406849b97dbc7f720822920930d0e2b13a44203c107c |
| SHA512 | 080ff020e0d2d9c0ce6beee8143c0f49e1b4450baa08072a8662f4b25ad6b034ee0ad174f2d4acd5b011cb8fb140656755007e245673f7677964b9e99555ab08 |
C:\Windows\Temp\{9BD957F2-62C9-46E7-AF58-FF5B2047164B}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
\Windows\Temp\{9BD957F2-62C9-46E7-AF58-FF5B2047164B}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\ProgramData\GOG.com\Galaxy\redists\web\locales\en-US\is-BRDFH.tmp
| MD5 | de7b60f5a2dbd33ed7a6f8593f704c11 |
| SHA1 | 7f04fa834a457f321ef1b645ab2076d2b9178a0f |
| SHA256 | 7cf7bd09531fc5750e5e28686356df4fa9c42621cf647600fead70e5184973d3 |
| SHA512 | 534574b0e5047b4d4b7bb6d668eef622372dba5a0157eb441f166aed92daf9ce8a7334b607a756e35088b3593379566baad1f8e872946adfd84e233fdbe98d79 |
\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
| MD5 | 44f107864b3a967bb1b3e9da47ad8e90 |
| SHA1 | 8331f0a5dda5f8cc489653ad8672f731e35fedb7 |
| SHA256 | 7cfa689f13c1b123069047affc9e89b0bf21d51ee0dfdafde18565cb73efde94 |
| SHA512 | 5e3373bc546b41ecf58f42308a1d05c47dcde36e964d679145670fe3477630bddd98b862e3a0c09a9c29b4fa350eb408732028fd4a06163b026a70eaf22db1cd |
\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
| MD5 | 44f107864b3a967bb1b3e9da47ad8e90 |
| SHA1 | 8331f0a5dda5f8cc489653ad8672f731e35fedb7 |
| SHA256 | 7cfa689f13c1b123069047affc9e89b0bf21d51ee0dfdafde18565cb73efde94 |
| SHA512 | 5e3373bc546b41ecf58f42308a1d05c47dcde36e964d679145670fe3477630bddd98b862e3a0c09a9c29b4fa350eb408732028fd4a06163b026a70eaf22db1cd |
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
| MD5 | 44f107864b3a967bb1b3e9da47ad8e90 |
| SHA1 | 8331f0a5dda5f8cc489653ad8672f731e35fedb7 |
| SHA256 | 7cfa689f13c1b123069047affc9e89b0bf21d51ee0dfdafde18565cb73efde94 |
| SHA512 | 5e3373bc546b41ecf58f42308a1d05c47dcde36e964d679145670fe3477630bddd98b862e3a0c09a9c29b4fa350eb408732028fd4a06163b026a70eaf22db1cd |
\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
| MD5 | 44f107864b3a967bb1b3e9da47ad8e90 |
| SHA1 | 8331f0a5dda5f8cc489653ad8672f731e35fedb7 |
| SHA256 | 7cfa689f13c1b123069047affc9e89b0bf21d51ee0dfdafde18565cb73efde94 |
| SHA512 | 5e3373bc546b41ecf58f42308a1d05c47dcde36e964d679145670fe3477630bddd98b862e3a0c09a9c29b4fa350eb408732028fd4a06163b026a70eaf22db1cd |
\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
| MD5 | 44f107864b3a967bb1b3e9da47ad8e90 |
| SHA1 | 8331f0a5dda5f8cc489653ad8672f731e35fedb7 |
| SHA256 | 7cfa689f13c1b123069047affc9e89b0bf21d51ee0dfdafde18565cb73efde94 |
| SHA512 | 5e3373bc546b41ecf58f42308a1d05c47dcde36e964d679145670fe3477630bddd98b862e3a0c09a9c29b4fa350eb408732028fd4a06163b026a70eaf22db1cd |
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
| MD5 | 44f107864b3a967bb1b3e9da47ad8e90 |
| SHA1 | 8331f0a5dda5f8cc489653ad8672f731e35fedb7 |
| SHA256 | 7cfa689f13c1b123069047affc9e89b0bf21d51ee0dfdafde18565cb73efde94 |
| SHA512 | 5e3373bc546b41ecf58f42308a1d05c47dcde36e964d679145670fe3477630bddd98b862e3a0c09a9c29b4fa350eb408732028fd4a06163b026a70eaf22db1cd |
C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
| MD5 | 9cb7c18b68e61c0eac049a3d7d0b970c |
| SHA1 | 83f17545fc35c2e1a0b627236309d8c0933a67d3 |
| SHA256 | 0d0a7c34d2b972fad2a1ec4df2ef604b55742b5e43f42d254851ad6bb5ffe609 |
| SHA512 | 9bc86e1199540e5299e61d7b873d70d3668f1e281b9dff2fba555d45cab99e23263d49ce50a4d217e0dcf3e3090a5af0e9dd64b32aec14b5ef6edaaec6e29aa4 |
\Program Files (x86)\GOG Galaxy\PocoUtil.dll
| MD5 | 9cb7c18b68e61c0eac049a3d7d0b970c |
| SHA1 | 83f17545fc35c2e1a0b627236309d8c0933a67d3 |
| SHA256 | 0d0a7c34d2b972fad2a1ec4df2ef604b55742b5e43f42d254851ad6bb5ffe609 |
| SHA512 | 9bc86e1199540e5299e61d7b873d70d3668f1e281b9dff2fba555d45cab99e23263d49ce50a4d217e0dcf3e3090a5af0e9dd64b32aec14b5ef6edaaec6e29aa4 |
C:\Program Files (x86)\GOG Galaxy\PocoXML.dll
| MD5 | ed29d945a6e4ab83974d783e5a910d20 |
| SHA1 | 4a008b7dcd527fd2ad6b0e4211f431a983104605 |
| SHA256 | c12cc8c1f3202c19729538fd3b38b7627cdc122bdad7efdfd37bfac236d7839e |
| SHA512 | 8d6eb5ed8ac4b1f95f2f10d0241e130a60540a10b48bb7bb5ced23c6847d333e7818145cfeb93073b2370c216f627f0d7d0a0844e036e9b726a56a4a06409f2f |
\Program Files (x86)\GOG Galaxy\PocoXml.dll
| MD5 | ed29d945a6e4ab83974d783e5a910d20 |
| SHA1 | 4a008b7dcd527fd2ad6b0e4211f431a983104605 |
| SHA256 | c12cc8c1f3202c19729538fd3b38b7627cdc122bdad7efdfd37bfac236d7839e |
| SHA512 | 8d6eb5ed8ac4b1f95f2f10d0241e130a60540a10b48bb7bb5ced23c6847d333e7818145cfeb93073b2370c216f627f0d7d0a0844e036e9b726a56a4a06409f2f |
C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
| MD5 | 3e72226a19d731e0d0baa1e9a2017dd7 |
| SHA1 | d1ea639b8a0532f9ce092861016f79d672dcef25 |
| SHA256 | 97190cd46762d1947922ff330a406a2bc74c5bcd8e29b937be6ebddbfa3a43c8 |
| SHA512 | eedc3c54196c37c08d9c9651b378db8f431c76fce206801ae1f29f0fac8a3b37a076d8610070ff5ac1b90866517b09beaa447018155b53350d8fdabdca44f541 |
\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
| MD5 | 3e72226a19d731e0d0baa1e9a2017dd7 |
| SHA1 | d1ea639b8a0532f9ce092861016f79d672dcef25 |
| SHA256 | 97190cd46762d1947922ff330a406a2bc74c5bcd8e29b937be6ebddbfa3a43c8 |
| SHA512 | eedc3c54196c37c08d9c9651b378db8f431c76fce206801ae1f29f0fac8a3b37a076d8610070ff5ac1b90866517b09beaa447018155b53350d8fdabdca44f541 |
C:\Program Files (x86)\GOG Galaxy\pcre2-8.dll
| MD5 | 6ff65827e6191c4aebe6d611341ae02e |
| SHA1 | 41ecaa87dcc727340e6358251a08d3bab240b58e |
| SHA256 | a149b0e6087f27928cd44ecaf6702399745ceda59001f3918d08f4baacaa7544 |
| SHA512 | 85d34e0562a72c783ec2ddf2ded5c12ada293032451e4a73b530fffddaca73bbc921d5442b2b18780ae66e41d2c2441a775bbd9b14ddefba2a89984ec282df33 |
\Program Files (x86)\GOG Galaxy\pcre2-8.dll
| MD5 | 6ff65827e6191c4aebe6d611341ae02e |
| SHA1 | 41ecaa87dcc727340e6358251a08d3bab240b58e |
| SHA256 | a149b0e6087f27928cd44ecaf6702399745ceda59001f3918d08f4baacaa7544 |
| SHA512 | 85d34e0562a72c783ec2ddf2ded5c12ada293032451e4a73b530fffddaca73bbc921d5442b2b18780ae66e41d2c2441a775bbd9b14ddefba2a89984ec282df33 |
C:\Program Files (x86)\GOG Galaxy\libexpat.dll
| MD5 | 657d32eec34d3225b38262a5878e9474 |
| SHA1 | 22daaca36c1d49bdb8b2851f40596d4cd025dcb0 |
| SHA256 | ec4f39fe48a83d113191402d33420728f571df81b46e41e5c37a46845b4d2f62 |
| SHA512 | d4889aff3da2fe9d9cbe175b18793af7e82f0fd6e1fb72ec8aeaf0c8e0872f008beb54a2d44f6fd7f389d0ee104c93ecd1998ddbf4f1d0c7be38e802f5c96895 |
C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
| MD5 | c645048dcbff4fd35d51a254c18dc131 |
| SHA1 | a3c9b97073d69318979a4d1bb66f02edc7ccdd88 |
| SHA256 | ea3fb61653067989f3c95126cb6b470057f3f281fda7152f0940af8677e87a53 |
| SHA512 | 421f45e6f501aeca01ecfe876d0406404eacc13f4bdc8931e9ef46cf6487e3593394042c29169a6af0a8961f95aaa1ff06576da7b495e6fa039568d24723e6ca |
\Program Files (x86)\GOG Galaxy\PocoJSON.dll
| MD5 | c645048dcbff4fd35d51a254c18dc131 |
| SHA1 | a3c9b97073d69318979a4d1bb66f02edc7ccdd88 |
| SHA256 | ea3fb61653067989f3c95126cb6b470057f3f281fda7152f0940af8677e87a53 |
| SHA512 | 421f45e6f501aeca01ecfe876d0406404eacc13f4bdc8931e9ef46cf6487e3593394042c29169a6af0a8961f95aaa1ff06576da7b495e6fa039568d24723e6ca |
\Program Files (x86)\GOG Galaxy\libexpat.dll
| MD5 | 657d32eec34d3225b38262a5878e9474 |
| SHA1 | 22daaca36c1d49bdb8b2851f40596d4cd025dcb0 |
| SHA256 | ec4f39fe48a83d113191402d33420728f571df81b46e41e5c37a46845b4d2f62 |
| SHA512 | d4889aff3da2fe9d9cbe175b18793af7e82f0fd6e1fb72ec8aeaf0c8e0872f008beb54a2d44f6fd7f389d0ee104c93ecd1998ddbf4f1d0c7be38e802f5c96895 |
\Program Files (x86)\GOG Galaxy\zlib1.dll
| MD5 | 2a92f0dc6dac8545718ee475b7b961ed |
| SHA1 | c154cdcf10e411f1622e29a7f019ae610f35ddf1 |
| SHA256 | 3c53b164dfaa56213b081c97d388082a3731f064b44bd5cbcf0876b075a3b890 |
| SHA512 | 190ef026570129f8a9f03e22866fc8b49597644a53d06bb9c1e0cf37edbf689df86de928fb9bf782797262b1fcf85c52e212156eae94af2cd1ae4b25b3298234 |
C:\Program Files (x86)\GOG Galaxy\zlib1.dll
| MD5 | 2a92f0dc6dac8545718ee475b7b961ed |
| SHA1 | c154cdcf10e411f1622e29a7f019ae610f35ddf1 |
| SHA256 | 3c53b164dfaa56213b081c97d388082a3731f064b44bd5cbcf0876b075a3b890 |
| SHA512 | 190ef026570129f8a9f03e22866fc8b49597644a53d06bb9c1e0cf37edbf689df86de928fb9bf782797262b1fcf85c52e212156eae94af2cd1ae4b25b3298234 |
C:\Program Files (x86)\GOG Galaxy\PocoNet.dll
| MD5 | 8fbf4845c06da70e17e40376244b97ba |
| SHA1 | 488bb2cfc96dbe103425b9657ddfd646aae4388c |
| SHA256 | fef566ecb133f2d13d18980b8ad667ed202957be7d8716721e9da83f5bb1e04b |
| SHA512 | c1eafd234fe4b5aad87759931edd9c0f8bd902f35b78bbec699b5a5d882011ad7c0a780b781518f4d98c7c880115e1aa57795d5fe138001a7184114d6880c5c1 |
\Program Files (x86)\GOG Galaxy\PocoNet.dll
| MD5 | 8fbf4845c06da70e17e40376244b97ba |
| SHA1 | 488bb2cfc96dbe103425b9657ddfd646aae4388c |
| SHA256 | fef566ecb133f2d13d18980b8ad667ed202957be7d8716721e9da83f5bb1e04b |
| SHA512 | c1eafd234fe4b5aad87759931edd9c0f8bd902f35b78bbec699b5a5d882011ad7c0a780b781518f4d98c7c880115e1aa57795d5fe138001a7184114d6880c5c1 |
C:\Program Files (x86)\GOG Galaxy\PocoData.dll
| MD5 | 7818a804fa9fd0f9a09263b6b35325fc |
| SHA1 | 590971157aa72d48f7939556a7554bc9d8975cd5 |
| SHA256 | f2fd84a60790d043b531ec8eef9ad2cc961270e5f34096db1331388f1fa80416 |
| SHA512 | 63a9821c2a23f2f91ef1893e69a902065596e138850b825df8fb54ceed5ff551cde623049521a78821dce48720a8ae2ed53a8927ae0f404a905a24243fece561 |
\Program Files (x86)\GOG Galaxy\PocoData.dll
| MD5 | 7818a804fa9fd0f9a09263b6b35325fc |
| SHA1 | 590971157aa72d48f7939556a7554bc9d8975cd5 |
| SHA256 | f2fd84a60790d043b531ec8eef9ad2cc961270e5f34096db1331388f1fa80416 |
| SHA512 | 63a9821c2a23f2f91ef1893e69a902065596e138850b825df8fb54ceed5ff551cde623049521a78821dce48720a8ae2ed53a8927ae0f404a905a24243fece561 |
C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
| MD5 | dd7065f6e3bd80c6e7e6419e2475c8a8 |
| SHA1 | f01ce83abf97c075fdad042cf6e3f994110ceb78 |
| SHA256 | 0c1b8043c56a29366da4e7065060201b9f82beba9d1c3c6c393f1a04dc2b136c |
| SHA512 | 00656505b68db7bad3a78e283517fb1b2a21217245317334eb6457466564e04ef85a454adbbc97927430da6a6654a66bfaa756808e22dc394413b7bdf434a6c5 |
\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
| MD5 | dd7065f6e3bd80c6e7e6419e2475c8a8 |
| SHA1 | f01ce83abf97c075fdad042cf6e3f994110ceb78 |
| SHA256 | 0c1b8043c56a29366da4e7065060201b9f82beba9d1c3c6c393f1a04dc2b136c |
| SHA512 | 00656505b68db7bad3a78e283517fb1b2a21217245317334eb6457466564e04ef85a454adbbc97927430da6a6654a66bfaa756808e22dc394413b7bdf434a6c5 |
C:\Program Files (x86)\GOG Galaxy\sqlite.dll
| MD5 | 570163e4b53390b17bf78af85e8af01d |
| SHA1 | e642d74d485c4a3ed3a339ff3f2497b06033ccf2 |
| SHA256 | dd57aabccc4193e57140f7df1ef9e4e03ff06239a9061ba9760a9a799fa4ba9a |
| SHA512 | 6ca6f066ca9ede06947a52b519ffa37570f31add071545ff07a3c19227642cbfc9441805ad9635e6a75be54adbc272283074c0fd347acd99a4924dcbb9d4cecc |
\Program Files (x86)\GOG Galaxy\sqlite.dll
| MD5 | 570163e4b53390b17bf78af85e8af01d |
| SHA1 | e642d74d485c4a3ed3a339ff3f2497b06033ccf2 |
| SHA256 | dd57aabccc4193e57140f7df1ef9e4e03ff06239a9061ba9760a9a799fa4ba9a |
| SHA512 | 6ca6f066ca9ede06947a52b519ffa37570f31add071545ff07a3c19227642cbfc9441805ad9635e6a75be54adbc272283074c0fd347acd99a4924dcbb9d4cecc |
C:\Program Files (x86)\GOG Galaxy\Qt5Gui.dll
| MD5 | 68c19f9f45a98734a6e42745a75ff2d3 |
| SHA1 | 1f39560b10ab2bf6f3fab76a3be5f305b169fcaa |
| SHA256 | 1233ea25703cc1830f658f379bc3e2e4486ea08b9beb356b5d0e4e0a1d4a3329 |
| SHA512 | df7e50d8b17f415c9e2ae33851294370a72ab2368b4cf0cc6c5883740ddd7daa02ecd918440c21c5421bc149c0d611220aab4e51f3fd674b9adf167a79f95e41 |
\Program Files (x86)\GOG Galaxy\Qt5Gui.dll
| MD5 | 68c19f9f45a98734a6e42745a75ff2d3 |
| SHA1 | 1f39560b10ab2bf6f3fab76a3be5f305b169fcaa |
| SHA256 | 1233ea25703cc1830f658f379bc3e2e4486ea08b9beb356b5d0e4e0a1d4a3329 |
| SHA512 | df7e50d8b17f415c9e2ae33851294370a72ab2368b4cf0cc6c5883740ddd7daa02ecd918440c21c5421bc149c0d611220aab4e51f3fd674b9adf167a79f95e41 |
C:\Program Files (x86)\GOG Galaxy\Qt5Core.dll
| MD5 | ecd2fed8765416bf429f32f14cc5c747 |
| SHA1 | 00f09763508c58be76a0ef0b348358a0802d4745 |
| SHA256 | e9087632fe379f46fc8d6b4f9dfe6b167640c914873ef033d4bfe9138614d7e8 |
| SHA512 | 77d38303cb59cdcf68cc779d2c40fad0a327d0258802749aeb5b5b25647bc6c687e5b5a10ce8448dc7c6083267a3a86da747540b2eb15e03fd169478851a2057 |
\Program Files (x86)\GOG Galaxy\Qt5Core.dll
| MD5 | ecd2fed8765416bf429f32f14cc5c747 |
| SHA1 | 00f09763508c58be76a0ef0b348358a0802d4745 |
| SHA256 | e9087632fe379f46fc8d6b4f9dfe6b167640c914873ef033d4bfe9138614d7e8 |
| SHA512 | 77d38303cb59cdcf68cc779d2c40fad0a327d0258802749aeb5b5b25647bc6c687e5b5a10ce8448dc7c6083267a3a86da747540b2eb15e03fd169478851a2057 |
\Program Files (x86)\GOG Galaxy\xdelta3.dll
| MD5 | 9cfacd6bb21d545f154a3ec82aaf9d93 |
| SHA1 | 1bbee4abe68031b38256c0f4584adb6aed95ce7b |
| SHA256 | 57f498d7770150c5516cccff38dabeb90f54647d8e73a2cd45044155d86ff953 |
| SHA512 | 71f7d498c4442a6f0956cc030e459c8e53d041ae4e4ab1fe6b4a56d141ae6cee95ef26c10722e11923b9c65a2f90efed94da925095c19b9ec911ca499d84856a |
C:\Program Files (x86)\GOG Galaxy\Qt5Network.dll
| MD5 | 9dcd0f88d822d9e8f5d72dc15f53fb71 |
| SHA1 | 5e06d4ec06f720a06320bf660fe5f34a460af200 |
| SHA256 | 99dd9ff6dda27004de1b43e01cf9d5e415c45fd9bfc05e6293ba87a8109e86c5 |
| SHA512 | cc39d393ff5f31827bb92a2c30736575b8464f9ccdc14493785d77bcc7cea8125ee9124b09465619cd9dc73e971a3f480c5ed4f64adf62133c3b86032d328b5a |
C:\Program Files (x86)\GOG Galaxy\xdelta3.dll
| MD5 | 9cfacd6bb21d545f154a3ec82aaf9d93 |
| SHA1 | 1bbee4abe68031b38256c0f4584adb6aed95ce7b |
| SHA256 | 57f498d7770150c5516cccff38dabeb90f54647d8e73a2cd45044155d86ff953 |
| SHA512 | 71f7d498c4442a6f0956cc030e459c8e53d041ae4e4ab1fe6b4a56d141ae6cee95ef26c10722e11923b9c65a2f90efed94da925095c19b9ec911ca499d84856a |
\Program Files (x86)\GOG Galaxy\Qt5Network.dll
| MD5 | 9dcd0f88d822d9e8f5d72dc15f53fb71 |
| SHA1 | 5e06d4ec06f720a06320bf660fe5f34a460af200 |
| SHA256 | 99dd9ff6dda27004de1b43e01cf9d5e415c45fd9bfc05e6293ba87a8109e86c5 |
| SHA512 | cc39d393ff5f31827bb92a2c30736575b8464f9ccdc14493785d77bcc7cea8125ee9124b09465619cd9dc73e971a3f480c5ed4f64adf62133c3b86032d328b5a |
C:\Program Files (x86)\GOG Galaxy\libcef.dll
| MD5 | f380b5b90187ad35f34d3ca0c3051948 |
| SHA1 | 2bd45db66c4b64b3fda98d841598274c4ac21f29 |
| SHA256 | fe0b72b8372d60da2d7ed73451d59720d49a54ee71274a8a9e678b4e9c1fbbc0 |
| SHA512 | c92a7bdfd76ceb2ee8088b2d4f3ce738b43448a96a97360b520594620ee6014c7a8643780b0ab0c9da8f6587508311e508690b7523136c133580bc7d2b73d85a |
C:\Users\Admin\AppData\Local\GOG.com\Galaxy\Configuration\config.json
| MD5 | b9458ee7df2e344cfb7ebca63abce667 |
| SHA1 | f14b31b480a196c1b072455a61ef4bd316c0deb9 |
| SHA256 | d78056318678cad58d996b46f016dc172e9fcc4eacee69ef4d5417cf115d98c7 |
| SHA512 | af03bf595e635cb0b99cf2a23a96de8e343779d797e00054974ab6c3d49421386c16db65a84f63548d76329c52b49ea7a555d6c3627700e90115c7cb2644ec28 |
C:\Users\Admin\AppData\Local\GOG.com\Galaxy\Configuration\config.json
| MD5 | b9458ee7df2e344cfb7ebca63abce667 |
| SHA1 | f14b31b480a196c1b072455a61ef4bd316c0deb9 |
| SHA256 | d78056318678cad58d996b46f016dc172e9fcc4eacee69ef4d5417cf115d98c7 |
| SHA512 | af03bf595e635cb0b99cf2a23a96de8e343779d797e00054974ab6c3d49421386c16db65a84f63548d76329c52b49ea7a555d6c3627700e90115c7cb2644ec28 |
C:\ProgramData\GOG.com\Galaxy\config.json
| MD5 | 0983ab2871e1f03d0d78954b0e78ded8 |
| SHA1 | c15910cdc2a98840d4731cb477d497dfea23387c |
| SHA256 | 375a77b239a3564ed9b2c2ebd3607d9faf3d4fddb0db517ba25942e57629f093 |
| SHA512 | 87a497a9f216fd7dddaa2ef7e0a9ed930ca5634811de5da124b4444b9aea9e755b434770cd6a1921b5f3b7e10fbafab0f442946122765b016f0a28e38e623f3a |
C:\Users\Admin\AppData\Local\Temp\Cab4A0C.tmp
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
memory/268-2739-0x0000000000670000-0x0000000000680000-memory.dmp
memory/2824-2812-0x0000000000580000-0x0000000000590000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-30 21:01
Reported
2023-04-30 21:07
Platform
win10v2004-20230220-en
Max time kernel
219s
Max time network
181s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxyInstaller.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxyInstaller.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxySetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-RKH34.tmp\GalaxySetup.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-RKH34.tmp\GalaxySetup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-RKH34.tmp\GalaxySetup.tmp | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxyInstaller.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe
"C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe"
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxyInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxyInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxySetup.exe
"C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxySetup.exe" /lang=en_US /campaign="eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJodHRwOi8vZ2FsYXh5Mi1zaWdudXAuZ29nLnByb2QvZW4vP2VtYmVkZGFibGU9dHJ1ZSIsIm9yaWdpbl91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi85Ny4wLjAuMCIsInVuaXF1ZV9pZCI6IjE2ODI4ODgwOTctODNlRGdJbC9KZW1oeW1QZ1l4SDBEQT09In0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49aHR0cCUzQSUyRiUyRmdhbGF4eTItc2lnbnVwLmdvZy5wcm9kJTJGZW4lMkYlM0ZlbWJlZGRhYmxlJTNEdHJ1ZSZvcmlnaW5fdXNlcl9hZ2VudD1Nb3ppbGxhJTJGNS4wKyUyOFdpbmRvd3MrTlQrMTAuMCUzQitXaW42NCUzQit4NjQlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStDaHJvbWUlMkYxMTEuMC4wLjArU2FmYXJpJTJGNTM3LjM2K09QUiUyRjk3LjAuMC4wJnVuaXF1ZV9pZD0xNjgyODg4MDk3LTgzZURnSWwlMkZKZW1oeW1QZ1l4SDBEQSUzRCUzRCJ9"
C:\Users\Admin\AppData\Local\Temp\is-RKH34.tmp\GalaxySetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-RKH34.tmp\GalaxySetup.tmp" /SL5="$8003E,272048901,1268224,C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxySetup.exe" /lang=en_US /campaign="eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJodHRwOi8vZ2FsYXh5Mi1zaWdudXAuZ29nLnByb2QvZW4vP2VtYmVkZGFibGU9dHJ1ZSIsIm9yaWdpbl91c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMS4wLjAuMCBTYWZhcmkvNTM3LjM2IE9QUi85Ny4wLjAuMCIsInVuaXF1ZV9pZCI6IjE2ODI4ODgwOTctODNlRGdJbC9KZW1oeW1QZ1l4SDBEQT09In0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49aHR0cCUzQSUyRiUyRmdhbGF4eTItc2lnbnVwLmdvZy5wcm9kJTJGZW4lMkYlM0ZlbWJlZGRhYmxlJTNEdHJ1ZSZvcmlnaW5fdXNlcl9hZ2VudD1Nb3ppbGxhJTJGNS4wKyUyOFdpbmRvd3MrTlQrMTAuMCUzQitXaW42NCUzQit4NjQlMjkrQXBwbGVXZWJLaXQlMkY1MzcuMzYrJTI4S0hUTUwlMkMrbGlrZStHZWNrbyUyOStDaHJvbWUlMkYxMTEuMC4wLjArU2FmYXJpJTJGNTM3LjM2K09QUiUyRjk3LjAuMC4wJnVuaXF1ZV9pZD0xNjgyODg4MDk3LTgzZURnSWwlMkZKZW1oeW1QZ1l4SDBEQSUzRCUzRCJ9"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remote-config.gog.com | udp |
| NL | 23.72.252.136:443 | remote-config.gog.com | tcp |
| US | 8.8.8.8:53 | 136.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.18.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | insights-collector.gog.com | udp |
| NL | 23.72.252.129:443 | insights-collector.gog.com | tcp |
| US | 8.8.8.8:53 | content-system.gog.com | udp |
| NL | 23.72.252.152:443 | content-system.gog.com | tcp |
| US | 8.8.8.8:53 | gog-cdn-lumen.secure2.footprint.net | udp |
| SG | 8.241.143.140:443 | gog-cdn-lumen.secure2.footprint.net | tcp |
| US | 8.8.8.8:53 | 129.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.143.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 40.77.2.164:443 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | api.msn.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.77.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 67.24.33.254:80 | tcp | |
| US | 67.24.33.254:80 | tcp | |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
Files
memory/4544-133-0x0000000000400000-0x0000000000641000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\remoteconfig.json
| MD5 | 77f0ebc2ec5ecd47916207bf510904e2 |
| SHA1 | 514dd58f5379932360f32dfa41d5706c0bf56076 |
| SHA256 | c6a6618fa0bb69a977b8e5e6985fed76575e8671015f53f6bf3c21e2707917c1 |
| SHA512 | 0d3fedfc364961872e605dcab3865172636a4fa9b6b5e4897c11dc342cff108551589eb2f88f2653ac0e1d4306600642217ccb0b6ed0cbaa6d147d264aacadb5 |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxyInstaller.exe
| MD5 | 26d02cc778b804689bda1aafa9a76fb1 |
| SHA1 | 5452c96593478f59471730366c682da19881051d |
| SHA256 | 61eadf4a0bb3710671f5b6f1db10c522a2d0a07177d3b79eb844d7f69d8f8635 |
| SHA512 | 047ecfb6df19e39579dd2a7359fec312f4dcf2293e9e4f232a22acd37a3c22707ecbf53d6ed0fe44989b8a52502fd43f525e20b85b83f29223205ade6a7aee90 |
memory/2336-146-0x0000000000710000-0x00000000007A0000-memory.dmp
memory/2336-147-0x000000001B310000-0x000000001B320000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\icon.ico
| MD5 | 391cf634b3ccf3971811be5ef016fe32 |
| SHA1 | 8e3023466d02dfb8f2e1b48555b998532dc9a377 |
| SHA256 | de9a2072df66c11af8cc255788c4c572f7b45ba7ab19524ad2e01a23f55e9ca8 |
| SHA512 | c1594a33efcfac7c6e6935e76ed030855886453b6397ba53a63225efbeb513a1ccb39ea7d528cc43bb1e2b56fd0e02b306e0e65dc6896613c2b4ca6c4a165d9a |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\payload.campaign
| MD5 | 0069f49d053b0b56ef449c4cc8b861f9 |
| SHA1 | fdbe0f50827c022017f17be3db3afd986228e266 |
| SHA256 | 72211501de8490d22aa4ec45710737ca980624fd31563b400b497534e3a36599 |
| SHA512 | 7b35f3ae4505e10fc554e063d3220493d657aea511bd632465db9d344e4ddffaaef0fe13c802c892fcf7e3df1281a11d6f369de9ba5787e84292de3ecd3208fb |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\remoteconfig.json
| MD5 | 77f0ebc2ec5ecd47916207bf510904e2 |
| SHA1 | 514dd58f5379932360f32dfa41d5706c0bf56076 |
| SHA256 | c6a6618fa0bb69a977b8e5e6985fed76575e8671015f53f6bf3c21e2707917c1 |
| SHA512 | 0d3fedfc364961872e605dcab3865172636a4fa9b6b5e4897c11dc342cff108551589eb2f88f2653ac0e1d4306600642217ccb0b6ed0cbaa6d147d264aacadb5 |
memory/2336-159-0x000000001E7B0000-0x000000001E972000-memory.dmp
memory/2336-160-0x000000001EEB0000-0x000000001F3D8000-memory.dmp
memory/2336-164-0x000000001B310000-0x000000001B320000-memory.dmp
memory/4544-165-0x0000000000400000-0x0000000000641000-memory.dmp
memory/2336-166-0x000000001B310000-0x000000001B320000-memory.dmp
memory/2336-168-0x000000001B310000-0x000000001B320000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxySetup.exe
| MD5 | b60970dfb43bbee8f7dd8f785b06e513 |
| SHA1 | ff3f3ef0c44ffa4120b2f30023573c57dec4d71e |
| SHA256 | 793227a3a9a7e30a80d7d2f623ffa0d68c63c9ea2fd0f0e8fbe1d9adbbbae0d6 |
| SHA512 | 98601a93b6df844a315c2d45429aef54640948ceafa75e3e19d46aa490aa4bac5fb07d3974840e929f256f25b86c9e751546a7ac4c11e09c36516d7f42a555af |
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxySetup.exe
| MD5 | b60970dfb43bbee8f7dd8f785b06e513 |
| SHA1 | ff3f3ef0c44ffa4120b2f30023573c57dec4d71e |
| SHA256 | 793227a3a9a7e30a80d7d2f623ffa0d68c63c9ea2fd0f0e8fbe1d9adbbbae0d6 |
| SHA512 | 98601a93b6df844a315c2d45429aef54640948ceafa75e3e19d46aa490aa4bac5fb07d3974840e929f256f25b86c9e751546a7ac4c11e09c36516d7f42a555af |
memory/4616-189-0x0000000000400000-0x0000000000543000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_Ytztp\GalaxySetup.exe
| MD5 | b60970dfb43bbee8f7dd8f785b06e513 |
| SHA1 | ff3f3ef0c44ffa4120b2f30023573c57dec4d71e |
| SHA256 | 793227a3a9a7e30a80d7d2f623ffa0d68c63c9ea2fd0f0e8fbe1d9adbbbae0d6 |
| SHA512 | 98601a93b6df844a315c2d45429aef54640948ceafa75e3e19d46aa490aa4bac5fb07d3974840e929f256f25b86c9e751546a7ac4c11e09c36516d7f42a555af |
memory/4616-193-0x0000000000400000-0x0000000000543000-memory.dmp
memory/4616-196-0x0000000000400000-0x0000000000543000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-RKH34.tmp\GalaxySetup.tmp
| MD5 | ebda4a669acd86def15d9389e3c408ff |
| SHA1 | 88c7f3cdccb377397fa295efd5dbf5af3c5d1bdd |
| SHA256 | 399092911144baf021d14ccd882ad8ab8d312e579b8e11fbac1dfb16e72c5740 |
| SHA512 | 9a406d7fb6827bd992baf4c1c26a84187dafa89dd1afce51f97953c5f4f29319021043f860ddd1d94346265fcec8663581112af9455b0da1dd3a75da6102105a |
memory/1952-199-0x0000000000400000-0x0000000000765000-memory.dmp
memory/1952-200-0x0000000000920000-0x0000000000921000-memory.dmp
memory/4616-203-0x0000000000400000-0x0000000000543000-memory.dmp
memory/1952-204-0x0000000000400000-0x0000000000765000-memory.dmp
memory/1952-206-0x0000000000400000-0x0000000000765000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-03TVJ.tmp\_isetup\_isdecmp.dll
| MD5 | 077cb4461a2767383b317eb0c50f5f13 |
| SHA1 | 584e64f1d162398b7f377ce55a6b5740379c4282 |
| SHA256 | 8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64 |
| SHA512 | b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547 |
C:\Users\Admin\AppData\Local\Temp\is-03TVJ.tmp\_isetup\_isdecmp.dll
| MD5 | 077cb4461a2767383b317eb0c50f5f13 |
| SHA1 | 584e64f1d162398b7f377ce55a6b5740379c4282 |
| SHA256 | 8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64 |
| SHA512 | b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547 |
memory/1952-215-0x0000000000920000-0x0000000000921000-memory.dmp
memory/1952-217-0x0000000000400000-0x0000000000765000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2023-04-30 21:01
Reported
2023-04-30 21:03
Platform
win7-20230220-en
Max time kernel
0s
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-04-30 21:01
Reported
2023-04-30 21:03
Platform
win10v2004-20230220-en
Max time kernel
0s