c5ffa67d268d7ff6730eefcb92da17234d3b48f495285522497827866eb8bb7c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 15:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

GOG_Galaxy_2.0.exe
Size

960KB
MD5

4e310b3c8eb5fbf369859134863a5cdf
SHA1

4fed7e59415195fc0a2d1a88e8e80e65ed0a7127
SHA256

c5ffa67d268d7ff6730eefcb92da17234d3b48f495285522497827866eb8bb7c
SHA512

33f1a1c62d7d81e4ccad811f2dd90b064236dd2e5bce9e0f5f5d8b3d912c7738e716dfba0484b353a921d7d62e56a8f4b45eafc358c3579c96057c295b0d050b
SSDEEP

12288:T27p5j8DPeuUSFHqLV+JjY4UW61O4RAxDleFbWQCQTFgSYyAzB+Q/uLnK3:T27EDFHqLy826My+QiyGJyAV+muLK3

Score

8^/10

discovery evasion persistence trojan upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	GOG_Galaxy_2.0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	GalaxyInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	GalaxySetup.tmp

Executes dropped EXE 13 IoCs

pid	Process
5012	GalaxyInstaller.exe
564	GalaxySetup.exe
2632	GalaxySetup.tmp
4368	VC_redist.x86.exe
3948	VC_redist.x86.exe
4536	VC_redist.x64.exe
2692	VC_redist.x64.exe
4872	GalaxyClient.exe
4796	GalaxyClientService.exe
1672	GalaxyClient.exe
3408	GalaxyClientService.exe
3816	GalaxyClient.exe
4804	GalaxyClientService.exe

Loads dropped DLL 64 IoCs

pid	Process
2632	GalaxySetup.tmp
2632	GalaxySetup.tmp
3948	VC_redist.x86.exe
2692	VC_redist.x64.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4872	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
3408	GalaxyClientService.exe
3408	GalaxyClientService.exe
3408	GalaxyClientService.exe
3408	GalaxyClientService.exe
3408	GalaxyClientService.exe
3408	GalaxyClientService.exe
3408	GalaxyClientService.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3960-0-0x0000000000400000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/3960-33-0x0000000000400000-0x0000000000641000-memory.dmp	upx
behavioral2/memory/3960-2689-0x0000000000400000-0x0000000000641000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GalaxyClient	GalaxySetup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GogGalaxy = "C:\\Program Files (x86)\\GOG Galaxy\\GalaxyClient.exe /launchViaAutoStart"	GalaxyClient.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	GalaxyClient.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	GalaxyClient.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	GalaxyClient.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\.hash\is-0JPGP.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\yarl\is-8RG9S.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-FGIKJ.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-KIGRD.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\is-0R23R.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-S95DJ.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\is-AQNEL.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-UEPG7.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-MMUJ6.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-F6OU5.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\src\images\circleIcon\is-8P5N2.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-TRJER.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\yarl\is-AO6QT.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\python\is-DD4NU.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\locales\fr-FR\is-AV2AL.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\psutil\is-VKTSG.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\dateutil\tz\is-ANN7B.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\multidict\is-LNMOE.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\images\gameImgPlaceholders\is-0OJG6.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-O0G7K.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\images\gameImgPlaceholders\is-V35M0.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-OQ8PH.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\is-UA47S.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\galaxy\api\is-LC7PP.tmp	GalaxySetup.tmp
File opened for modification	C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\locales\is-68O9J.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\images\discover\is-S8BTS.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-9VAHS.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-MCP3K.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\is-BA8B5.tmp	GalaxySetup.tmp
File opened for modification	C:\Program Files (x86)\GOG Galaxy\libssl-1_1.dll	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\locales\de-DE\is-73096.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\whatsNew\is-4U866.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\is-7OL6U.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-3BTPM.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-RR5SC.tmp	GalaxySetup.tmp
File opened for modification	C:\Program Files (x86)\GOG Galaxy\exe\GalaxyClient.pdb	GalaxyClient.exe
File created	C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-QJ2OR.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\src\images\is-4TEDO.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-37OUH.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\chardet\is-32585.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\galaxy\is-J3ONE.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\locales\is-INADV.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\is-8QEL4.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-N9O5T.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\idna\is-0EECE.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\aiohttp\is-ISQ1F.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\dateutil\is-G4VDN.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\multidict\is-TP49E.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\is-92K1S.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\multidict\is-U6TM7.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\styles\is-8AM8E.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-GIKQS.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\multidict\_multilib\is-RG7M0.tmp	GalaxySetup.tmp
File opened for modification	C:\Program Files (x86)\GOG Galaxy\imageformats\qico.dll	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\angularLocales\is-TJV86.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\images\cp2077\is-J5MCM.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\web\src\images\circleIcon\is-C8GM2.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\attr\is-A5N3T.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\chardet\is-VIUK7.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\locales\is-ECD42.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\python\is-S2UUV.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\idna\is-98JN2.tmp	GalaxySetup.tmp
File created	C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginXbox\attr\is-ANER9.tmp	GalaxySetup.tmp

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\is-J0R33.tmp	GalaxySetup.tmp
File created	C:\Windows\Fonts\is-TREAL.tmp	GalaxySetup.tmp
File created	C:\Windows\Fonts\is-JJV40.tmp	GalaxySetup.tmp
File created	C:\Windows\Fonts\is-D0D5U.tmp	GalaxySetup.tmp
File created	C:\Windows\Fonts\is-S2TVU.tmp	GalaxySetup.tmp
File created	C:\Windows\Fonts\is-MTEJ2.tmp	GalaxySetup.tmp
File created	C:\Windows\Fonts\is-C0O90.tmp	GalaxySetup.tmp
File created	C:\Windows\Fonts\is-H925V.tmp	GalaxySetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1316	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
692	vlc.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2632	GalaxySetup.tmp
2632	GalaxySetup.tmp
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
4796	GalaxyClientService.exe
1672	GalaxyClient.exe
1672	GalaxyClient.exe
3408	GalaxyClientService.exe
3408	GalaxyClientService.exe
3816	GalaxyClient.exe
3816	GalaxyClient.exe
4804	GalaxyClientService.exe
4804	GalaxyClientService.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
692	vlc.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

description	pid	Process
Token: SeDebugPrivilege	5012	GalaxyInstaller.exe
Token: SeTcbPrivilege	396	svchost.exe
Token: SeRestorePrivilege	396	svchost.exe
Token: SeTakeOwnershipPrivilege	4872	GalaxyClient.exe
Token: SeRestorePrivilege	4872	GalaxyClient.exe
Token: SeTakeOwnershipPrivilege	4872	GalaxyClient.exe
Token: SeRestorePrivilege	4872	GalaxyClient.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe
Token: SeTakeOwnershipPrivilege	4796	GalaxyClientService.exe
Token: SeRestorePrivilege	4796	GalaxyClientService.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
5012	GalaxyInstaller.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
692	vlc.exe
2632	GalaxySetup.tmp

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
692	vlc.exe
692	vlc.exe
692	vlc.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
692	vlc.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
5080	OpenWith.exe
4872	GalaxyClient.exe
4796	GalaxyClientService.exe
4872	GalaxyClient.exe
4872	GalaxyClient.exe
1672	GalaxyClient.exe
3408	GalaxyClientService.exe
3816	GalaxyClient.exe
4804	GalaxyClientService.exe

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 5012	3960	GOG_Galaxy_2.0.exe	90
PID 3960 wrote to memory of 5012	3960	GOG_Galaxy_2.0.exe	90
PID 396 wrote to memory of 2760	396	svchost.exe	105
PID 396 wrote to memory of 2760	396	svchost.exe	105
PID 5080 wrote to memory of 1316	5080	OpenWith.exe	110
PID 5080 wrote to memory of 1316	5080	OpenWith.exe	110
PID 5012 wrote to memory of 564	5012	GalaxyInstaller.exe	109
PID 5012 wrote to memory of 564	5012	GalaxyInstaller.exe	109
PID 5012 wrote to memory of 564	5012	GalaxyInstaller.exe	109
PID 564 wrote to memory of 2632	564	GalaxySetup.exe	112
PID 564 wrote to memory of 2632	564	GalaxySetup.exe	112
PID 564 wrote to memory of 2632	564	GalaxySetup.exe	112
PID 2632 wrote to memory of 4368	2632	GalaxySetup.tmp	120
PID 2632 wrote to memory of 4368	2632	GalaxySetup.tmp	120
PID 2632 wrote to memory of 4368	2632	GalaxySetup.tmp	120
PID 4368 wrote to memory of 3948	4368	VC_redist.x86.exe	121
PID 4368 wrote to memory of 3948	4368	VC_redist.x86.exe	121
PID 4368 wrote to memory of 3948	4368	VC_redist.x86.exe	121
PID 2632 wrote to memory of 4536	2632	GalaxySetup.tmp	122
PID 2632 wrote to memory of 4536	2632	GalaxySetup.tmp	122
PID 2632 wrote to memory of 4536	2632	GalaxySetup.tmp	122
PID 4536 wrote to memory of 2692	4536	VC_redist.x64.exe	123
PID 4536 wrote to memory of 2692	4536	VC_redist.x64.exe	123
PID 4536 wrote to memory of 2692	4536	VC_redist.x64.exe	123
PID 2632 wrote to memory of 4872	2632	GalaxySetup.tmp	125
PID 2632 wrote to memory of 4872	2632	GalaxySetup.tmp	125
PID 2632 wrote to memory of 4872	2632	GalaxySetup.tmp	125
PID 2632 wrote to memory of 1672	2632	GalaxySetup.tmp	127
PID 2632 wrote to memory of 1672	2632	GalaxySetup.tmp	127
PID 2632 wrote to memory of 1672	2632	GalaxySetup.tmp	127
PID 2632 wrote to memory of 3816	2632	GalaxySetup.tmp	129
PID 2632 wrote to memory of 3816	2632	GalaxySetup.tmp	129
PID 2632 wrote to memory of 3816	2632	GalaxySetup.tmp	129

C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe
"C:\Users\Admin\AppData\Local\Temp\GOG_Galaxy_2.0.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxyInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxyInstaller.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxySetup.exe
    "C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxySetup.exe" /lang=en_US /campaign="eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJnb2cuY29tIn0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49Z29nLmNvbSJ9"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:564
  - - C:\Users\Admin\AppData\Local\Temp\is-OR0QH.tmp\GalaxySetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-OR0QH.tmp\GalaxySetup.tmp" /SL5="$140064,273092195,1268224,C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxySetup.exe" /lang=en_US /campaign="eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJnb2cuY29tIn0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49Z29nLmNvbSJ9"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Drops file in Program Files directory
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x86.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x86.exe" /install /quiet /norestart
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4368
      - C:\Windows\Temp\{8674A330-73FD-4E8E-845F-34C40D29DDB3}\.cr\VC_redist.x86.exe
        
        "C:\Windows\Temp\{8674A330-73FD-4E8E-845F-34C40D29DDB3}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x86.exe" -burn.filehandle.attached=540 -burn.filehandle.self=648 /install /quiet /norestart
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x64.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x64.exe" /install /quiet /norestart
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4536
      - C:\Windows\Temp\{861D1F3A-CA92-431F-8C73-082A7B260CCA}\.cr\VC_redist.x64.exe
        
        "C:\Windows\Temp\{861D1F3A-CA92-431F-8C73-082A7B260CCA}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x64.exe" -burn.filehandle.attached=516 -burn.filehandle.self=536 /install /quiet /norestart
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2692
    - - C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
        
        "C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe" /firstRun /installationSource=usedefault /payload=eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJnb2cuY29tIn0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49Z29nLmNvbSJ9
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:4872
    - - C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
        
        "C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe" /clientLanguage=en-US
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:1672
    - - C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
        
        "C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe" /installerLaunch /payload=eyJjYW1wYWlnbiI6eyJvcmlnaW4iOiJnb2cuY29tIn0sImxvZ2luX3BhcmFtZXRlcnMiOiJvcmlnaW49Z29nLmNvbSJ9
        5⤵
        Executes dropped EXE
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:3816

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SelectPing.TS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\system32\dashost.exe
  dashost.exe {c8263c19-3c24-4c5a-93e8d44d83884ed1}
  2⤵
  PID:2760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\SelectPing.TS
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1316

C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
"C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4796

C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
"C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3408

C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe
"C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

Filesize
13.3MB

MD5
f995a32c8796695befa400199888ffa4

SHA1
28a59b0ecfff7f3ad7d13f18c324d62e3c637021

SHA256
dca4627c31d683fca04199526728705221797a647be6fb83d9ac36ad0bfc0984

SHA512
7c5601a30a39dcb8cb12afc74567e0d9c6375cb84f446af6d95a1506f80bbafbf43843738ab810c74848f350b2e74696c35acc310ed1ab51d86fb9b6de93ede0

Download Submit
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

Filesize
13.3MB

MD5
f995a32c8796695befa400199888ffa4

SHA1
28a59b0ecfff7f3ad7d13f18c324d62e3c637021

SHA256
dca4627c31d683fca04199526728705221797a647be6fb83d9ac36ad0bfc0984

SHA512
7c5601a30a39dcb8cb12afc74567e0d9c6375cb84f446af6d95a1506f80bbafbf43843738ab810c74848f350b2e74696c35acc310ed1ab51d86fb9b6de93ede0

Download Submit
C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

Filesize
13.3MB

MD5
f995a32c8796695befa400199888ffa4

SHA1
28a59b0ecfff7f3ad7d13f18c324d62e3c637021

SHA256
dca4627c31d683fca04199526728705221797a647be6fb83d9ac36ad0bfc0984

SHA512
7c5601a30a39dcb8cb12afc74567e0d9c6375cb84f446af6d95a1506f80bbafbf43843738ab810c74848f350b2e74696c35acc310ed1ab51d86fb9b6de93ede0

Download Submit
C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe

Filesize
2.2MB

MD5
d76f18a0b02f53bc5c171615f3da80ff

SHA1
4ff3a7714ad6720374ecc35384a13aa735423169

SHA256
279145b01583d7e4717d64a5fb06b9ee8f665cd971d7fd5d96cf84d21d178aaa

SHA512
74f27c4ee754d53a20f1a676a593da084691d2a7cf04dd235cb925c587e230829d5ad144df0d73ff68b324b6ab630c4c9ddb2dff377a9c8505d525ed1630ac5d

Download Submit
C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe

Filesize
2.2MB

MD5
d76f18a0b02f53bc5c171615f3da80ff

SHA1
4ff3a7714ad6720374ecc35384a13aa735423169

SHA256
279145b01583d7e4717d64a5fb06b9ee8f665cd971d7fd5d96cf84d21d178aaa

SHA512
74f27c4ee754d53a20f1a676a593da084691d2a7cf04dd235cb925c587e230829d5ad144df0d73ff68b324b6ab630c4c9ddb2dff377a9c8505d525ed1630ac5d

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoData.dll

Filesize
1.7MB

MD5
7818a804fa9fd0f9a09263b6b35325fc

SHA1
590971157aa72d48f7939556a7554bc9d8975cd5

SHA256
f2fd84a60790d043b531ec8eef9ad2cc961270e5f34096db1331388f1fa80416

SHA512
63a9821c2a23f2f91ef1893e69a902065596e138850b825df8fb54ceed5ff551cde623049521a78821dce48720a8ae2ed53a8927ae0f404a905a24243fece561

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoData.dll

Filesize
1.7MB

MD5
7818a804fa9fd0f9a09263b6b35325fc

SHA1
590971157aa72d48f7939556a7554bc9d8975cd5

SHA256
f2fd84a60790d043b531ec8eef9ad2cc961270e5f34096db1331388f1fa80416

SHA512
63a9821c2a23f2f91ef1893e69a902065596e138850b825df8fb54ceed5ff551cde623049521a78821dce48720a8ae2ed53a8927ae0f404a905a24243fece561

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll

Filesize
372KB

MD5
dd7065f6e3bd80c6e7e6419e2475c8a8

SHA1
f01ce83abf97c075fdad042cf6e3f994110ceb78

SHA256
0c1b8043c56a29366da4e7065060201b9f82beba9d1c3c6c393f1a04dc2b136c

SHA512
00656505b68db7bad3a78e283517fb1b2a21217245317334eb6457466564e04ef85a454adbbc97927430da6a6654a66bfaa756808e22dc394413b7bdf434a6c5

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll

Filesize
372KB

MD5
dd7065f6e3bd80c6e7e6419e2475c8a8

SHA1
f01ce83abf97c075fdad042cf6e3f994110ceb78

SHA256
0c1b8043c56a29366da4e7065060201b9f82beba9d1c3c6c393f1a04dc2b136c

SHA512
00656505b68db7bad3a78e283517fb1b2a21217245317334eb6457466564e04ef85a454adbbc97927430da6a6654a66bfaa756808e22dc394413b7bdf434a6c5

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll

Filesize
1.7MB

MD5
3e72226a19d731e0d0baa1e9a2017dd7

SHA1
d1ea639b8a0532f9ce092861016f79d672dcef25

SHA256
97190cd46762d1947922ff330a406a2bc74c5bcd8e29b937be6ebddbfa3a43c8

SHA512
eedc3c54196c37c08d9c9651b378db8f431c76fce206801ae1f29f0fac8a3b37a076d8610070ff5ac1b90866517b09beaa447018155b53350d8fdabdca44f541

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll

Filesize
1.7MB

MD5
3e72226a19d731e0d0baa1e9a2017dd7

SHA1
d1ea639b8a0532f9ce092861016f79d672dcef25

SHA256
97190cd46762d1947922ff330a406a2bc74c5bcd8e29b937be6ebddbfa3a43c8

SHA512
eedc3c54196c37c08d9c9651b378db8f431c76fce206801ae1f29f0fac8a3b37a076d8610070ff5ac1b90866517b09beaa447018155b53350d8fdabdca44f541

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll

Filesize
1.7MB

MD5
3e72226a19d731e0d0baa1e9a2017dd7

SHA1
d1ea639b8a0532f9ce092861016f79d672dcef25

SHA256
97190cd46762d1947922ff330a406a2bc74c5bcd8e29b937be6ebddbfa3a43c8

SHA512
eedc3c54196c37c08d9c9651b378db8f431c76fce206801ae1f29f0fac8a3b37a076d8610070ff5ac1b90866517b09beaa447018155b53350d8fdabdca44f541

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll

Filesize
338KB

MD5
c645048dcbff4fd35d51a254c18dc131

SHA1
a3c9b97073d69318979a4d1bb66f02edc7ccdd88

SHA256
ea3fb61653067989f3c95126cb6b470057f3f281fda7152f0940af8677e87a53

SHA512
421f45e6f501aeca01ecfe876d0406404eacc13f4bdc8931e9ef46cf6487e3593394042c29169a6af0a8961f95aaa1ff06576da7b495e6fa039568d24723e6ca

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoJSON.dll

Filesize
338KB

MD5
c645048dcbff4fd35d51a254c18dc131

SHA1
a3c9b97073d69318979a4d1bb66f02edc7ccdd88

SHA256
ea3fb61653067989f3c95126cb6b470057f3f281fda7152f0940af8677e87a53

SHA512
421f45e6f501aeca01ecfe876d0406404eacc13f4bdc8931e9ef46cf6487e3593394042c29169a6af0a8961f95aaa1ff06576da7b495e6fa039568d24723e6ca

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoNet.dll

Filesize
1.3MB

MD5
8fbf4845c06da70e17e40376244b97ba

SHA1
488bb2cfc96dbe103425b9657ddfd646aae4388c

SHA256
fef566ecb133f2d13d18980b8ad667ed202957be7d8716721e9da83f5bb1e04b

SHA512
c1eafd234fe4b5aad87759931edd9c0f8bd902f35b78bbec699b5a5d882011ad7c0a780b781518f4d98c7c880115e1aa57795d5fe138001a7184114d6880c5c1

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoNet.dll

Filesize
1.3MB

MD5
8fbf4845c06da70e17e40376244b97ba

SHA1
488bb2cfc96dbe103425b9657ddfd646aae4388c

SHA256
fef566ecb133f2d13d18980b8ad667ed202957be7d8716721e9da83f5bb1e04b

SHA512
c1eafd234fe4b5aad87759931edd9c0f8bd902f35b78bbec699b5a5d882011ad7c0a780b781518f4d98c7c880115e1aa57795d5fe138001a7184114d6880c5c1

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll

Filesize
526KB

MD5
9cb7c18b68e61c0eac049a3d7d0b970c

SHA1
83f17545fc35c2e1a0b627236309d8c0933a67d3

SHA256
0d0a7c34d2b972fad2a1ec4df2ef604b55742b5e43f42d254851ad6bb5ffe609

SHA512
9bc86e1199540e5299e61d7b873d70d3668f1e281b9dff2fba555d45cab99e23263d49ce50a4d217e0dcf3e3090a5af0e9dd64b32aec14b5ef6edaaec6e29aa4

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoUtil.dll

Filesize
526KB

MD5
9cb7c18b68e61c0eac049a3d7d0b970c

SHA1
83f17545fc35c2e1a0b627236309d8c0933a67d3

SHA256
0d0a7c34d2b972fad2a1ec4df2ef604b55742b5e43f42d254851ad6bb5ffe609

SHA512
9bc86e1199540e5299e61d7b873d70d3668f1e281b9dff2fba555d45cab99e23263d49ce50a4d217e0dcf3e3090a5af0e9dd64b32aec14b5ef6edaaec6e29aa4

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoXML.dll

Filesize
539KB

MD5
ed29d945a6e4ab83974d783e5a910d20

SHA1
4a008b7dcd527fd2ad6b0e4211f431a983104605

SHA256
c12cc8c1f3202c19729538fd3b38b7627cdc122bdad7efdfd37bfac236d7839e

SHA512
8d6eb5ed8ac4b1f95f2f10d0241e130a60540a10b48bb7bb5ced23c6847d333e7818145cfeb93073b2370c216f627f0d7d0a0844e036e9b726a56a4a06409f2f

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoXml.dll

Filesize
539KB

MD5
ed29d945a6e4ab83974d783e5a910d20

SHA1
4a008b7dcd527fd2ad6b0e4211f431a983104605

SHA256
c12cc8c1f3202c19729538fd3b38b7627cdc122bdad7efdfd37bfac236d7839e

SHA512
8d6eb5ed8ac4b1f95f2f10d0241e130a60540a10b48bb7bb5ced23c6847d333e7818145cfeb93073b2370c216f627f0d7d0a0844e036e9b726a56a4a06409f2f

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoZip.dll

Filesize
287KB

MD5
fe8390a1579b4d0ac0f168bc59a70ae0

SHA1
927f98a0c58e96de4886bb5253b538627de9e823

SHA256
feb6006bd1fa6224313fc02d70c38da1c95827152452370c8aa2087e122b02ce

SHA512
d924a509933dcfe97b79ef4f715107c55f931058391f7a782cf496a84dfe42656e5f7a523dbbc7b21cf51cbea8aa02b43a5392e2b0e6a4f06a97d504eebb1f7d

Download Submit
C:\Program Files (x86)\GOG Galaxy\PocoZip.dll

Filesize
287KB

MD5
fe8390a1579b4d0ac0f168bc59a70ae0

SHA1
927f98a0c58e96de4886bb5253b538627de9e823

SHA256
feb6006bd1fa6224313fc02d70c38da1c95827152452370c8aa2087e122b02ce

SHA512
d924a509933dcfe97b79ef4f715107c55f931058391f7a782cf496a84dfe42656e5f7a523dbbc7b21cf51cbea8aa02b43a5392e2b0e6a4f06a97d504eebb1f7d

Download Submit
C:\Program Files (x86)\GOG Galaxy\Qt5Core.dll

Filesize
5.1MB

MD5
ecd2fed8765416bf429f32f14cc5c747

SHA1
00f09763508c58be76a0ef0b348358a0802d4745

SHA256
e9087632fe379f46fc8d6b4f9dfe6b167640c914873ef033d4bfe9138614d7e8

SHA512
77d38303cb59cdcf68cc779d2c40fad0a327d0258802749aeb5b5b25647bc6c687e5b5a10ce8448dc7c6083267a3a86da747540b2eb15e03fd169478851a2057

Download Submit
C:\Program Files (x86)\GOG Galaxy\Qt5Core.dll

Filesize
5.1MB

MD5
ecd2fed8765416bf429f32f14cc5c747

SHA1
00f09763508c58be76a0ef0b348358a0802d4745

SHA256
e9087632fe379f46fc8d6b4f9dfe6b167640c914873ef033d4bfe9138614d7e8

SHA512
77d38303cb59cdcf68cc779d2c40fad0a327d0258802749aeb5b5b25647bc6c687e5b5a10ce8448dc7c6083267a3a86da747540b2eb15e03fd169478851a2057

Download Submit
C:\Program Files (x86)\GOG Galaxy\Qt5Gui.dll

Filesize
5.6MB

MD5
68c19f9f45a98734a6e42745a75ff2d3

SHA1
1f39560b10ab2bf6f3fab76a3be5f305b169fcaa

SHA256
1233ea25703cc1830f658f379bc3e2e4486ea08b9beb356b5d0e4e0a1d4a3329

SHA512
df7e50d8b17f415c9e2ae33851294370a72ab2368b4cf0cc6c5883740ddd7daa02ecd918440c21c5421bc149c0d611220aab4e51f3fd674b9adf167a79f95e41

Download Submit
C:\Program Files (x86)\GOG Galaxy\Qt5Gui.dll

Filesize
5.6MB

MD5
68c19f9f45a98734a6e42745a75ff2d3

SHA1
1f39560b10ab2bf6f3fab76a3be5f305b169fcaa

SHA256
1233ea25703cc1830f658f379bc3e2e4486ea08b9beb356b5d0e4e0a1d4a3329

SHA512
df7e50d8b17f415c9e2ae33851294370a72ab2368b4cf0cc6c5883740ddd7daa02ecd918440c21c5421bc149c0d611220aab4e51f3fd674b9adf167a79f95e41

Download Submit
C:\Program Files (x86)\GOG Galaxy\Qt5Network.dll

Filesize
1.0MB

MD5
9dcd0f88d822d9e8f5d72dc15f53fb71

SHA1
5e06d4ec06f720a06320bf660fe5f34a460af200

SHA256
99dd9ff6dda27004de1b43e01cf9d5e415c45fd9bfc05e6293ba87a8109e86c5

SHA512
cc39d393ff5f31827bb92a2c30736575b8464f9ccdc14493785d77bcc7cea8125ee9124b09465619cd9dc73e971a3f480c5ed4f64adf62133c3b86032d328b5a

Download Submit
C:\Program Files (x86)\GOG Galaxy\Qt5Network.dll

Filesize
1.0MB

MD5
9dcd0f88d822d9e8f5d72dc15f53fb71

SHA1
5e06d4ec06f720a06320bf660fe5f34a460af200

SHA256
99dd9ff6dda27004de1b43e01cf9d5e415c45fd9bfc05e6293ba87a8109e86c5

SHA512
cc39d393ff5f31827bb92a2c30736575b8464f9ccdc14493785d77bcc7cea8125ee9124b09465619cd9dc73e971a3f480c5ed4f64adf62133c3b86032d328b5a

Download Submit
C:\Program Files (x86)\GOG Galaxy\chrome_elf.dll

Filesize
703KB

MD5
884537665618e90e195912a01fc0b007

SHA1
0dfb2689ed2b37260392776a6aa4025b31c5025f

SHA256
98a132ff75b044ce9a666148cce3742214a8525f3c839f4c2a47356aeb93e652

SHA512
02eb60c9e42d1477aa5c27e0c38af1757b09738c2e287964fa5aa510547abf0cef6050f9ae64442250634a8fd21ad345c3fd3432466cecffad384805ed3d6461

Download Submit
C:\Program Files (x86)\GOG Galaxy\chrome_elf.dll

Filesize
703KB

MD5
884537665618e90e195912a01fc0b007

SHA1
0dfb2689ed2b37260392776a6aa4025b31c5025f

SHA256
98a132ff75b044ce9a666148cce3742214a8525f3c839f4c2a47356aeb93e652

SHA512
02eb60c9e42d1477aa5c27e0c38af1757b09738c2e287964fa5aa510547abf0cef6050f9ae64442250634a8fd21ad345c3fd3432466cecffad384805ed3d6461

Download Submit
C:\Program Files (x86)\GOG Galaxy\libcef.dll

Filesize
90.3MB

MD5
f380b5b90187ad35f34d3ca0c3051948

SHA1
2bd45db66c4b64b3fda98d841598274c4ac21f29

SHA256
fe0b72b8372d60da2d7ed73451d59720d49a54ee71274a8a9e678b4e9c1fbbc0

SHA512
c92a7bdfd76ceb2ee8088b2d4f3ce738b43448a96a97360b520594620ee6014c7a8643780b0ab0c9da8f6587508311e508690b7523136c133580bc7d2b73d85a

Download Submit
C:\Program Files (x86)\GOG Galaxy\libcef.dll

Filesize
90.3MB

MD5
f380b5b90187ad35f34d3ca0c3051948

SHA1
2bd45db66c4b64b3fda98d841598274c4ac21f29

SHA256
fe0b72b8372d60da2d7ed73451d59720d49a54ee71274a8a9e678b4e9c1fbbc0

SHA512
c92a7bdfd76ceb2ee8088b2d4f3ce738b43448a96a97360b520594620ee6014c7a8643780b0ab0c9da8f6587508311e508690b7523136c133580bc7d2b73d85a

Download Submit
C:\Program Files (x86)\GOG Galaxy\libcrypto-1_1.dll

Filesize
2.4MB

MD5
e863188d86f3291d101d3165a57f42c1

SHA1
d22b38ef7fb33203506a997114ec1bbf54df8a35

SHA256
ef31c88b93350311ec3b55d8a6a1279bf919196ae268254a51e698a049045321

SHA512
18d84e4ab9012d20b041cb4409486c41267e141196c4bc249bb7b1f3b5ca6c4641f4664a510c81d2f4ffcaac3af149035f2ec1699ffbe61a15ab7b7d651d39e5

Download Submit
C:\Program Files (x86)\GOG Galaxy\libcrypto-1_1.dll

Filesize
2.4MB

MD5
e863188d86f3291d101d3165a57f42c1

SHA1
d22b38ef7fb33203506a997114ec1bbf54df8a35

SHA256
ef31c88b93350311ec3b55d8a6a1279bf919196ae268254a51e698a049045321

SHA512
18d84e4ab9012d20b041cb4409486c41267e141196c4bc249bb7b1f3b5ca6c4641f4664a510c81d2f4ffcaac3af149035f2ec1699ffbe61a15ab7b7d651d39e5

Download Submit
C:\Program Files (x86)\GOG Galaxy\libexpat.dll

Filesize
173KB

MD5
657d32eec34d3225b38262a5878e9474

SHA1
22daaca36c1d49bdb8b2851f40596d4cd025dcb0

SHA256
ec4f39fe48a83d113191402d33420728f571df81b46e41e5c37a46845b4d2f62

SHA512
d4889aff3da2fe9d9cbe175b18793af7e82f0fd6e1fb72ec8aeaf0c8e0872f008beb54a2d44f6fd7f389d0ee104c93ecd1998ddbf4f1d0c7be38e802f5c96895

Download Submit
C:\Program Files (x86)\GOG Galaxy\libexpat.dll

Filesize
173KB

MD5
657d32eec34d3225b38262a5878e9474

SHA1
22daaca36c1d49bdb8b2851f40596d4cd025dcb0

SHA256
ec4f39fe48a83d113191402d33420728f571df81b46e41e5c37a46845b4d2f62

SHA512
d4889aff3da2fe9d9cbe175b18793af7e82f0fd6e1fb72ec8aeaf0c8e0872f008beb54a2d44f6fd7f389d0ee104c93ecd1998ddbf4f1d0c7be38e802f5c96895

Download Submit
C:\Program Files (x86)\GOG Galaxy\pcre2-8.dll

Filesize
576KB

MD5
6ff65827e6191c4aebe6d611341ae02e

SHA1
41ecaa87dcc727340e6358251a08d3bab240b58e

SHA256
a149b0e6087f27928cd44ecaf6702399745ceda59001f3918d08f4baacaa7544

SHA512
85d34e0562a72c783ec2ddf2ded5c12ada293032451e4a73b530fffddaca73bbc921d5442b2b18780ae66e41d2c2441a775bbd9b14ddefba2a89984ec282df33

Download Submit
C:\Program Files (x86)\GOG Galaxy\pcre2-8.dll

Filesize
576KB

MD5
6ff65827e6191c4aebe6d611341ae02e

SHA1
41ecaa87dcc727340e6358251a08d3bab240b58e

SHA256
a149b0e6087f27928cd44ecaf6702399745ceda59001f3918d08f4baacaa7544

SHA512
85d34e0562a72c783ec2ddf2ded5c12ada293032451e4a73b530fffddaca73bbc921d5442b2b18780ae66e41d2c2441a775bbd9b14ddefba2a89984ec282df33

Download Submit
C:\Program Files (x86)\GOG Galaxy\plugins\GalaxyPluginEpic\aiohttp\is-UHNHS.tmp

Filesize
987KB

MD5
562e8efa4422fdab66fd48ae64dfc7a5

SHA1
22d7f566adfd42c6c18c5a2e2ccd5d5a3bd49706

SHA256
73185706c9d2aa093c5e0511cee6ff5c52db25228924edb8f3edaf5af913d303

SHA512
b513c177f8dc6edd26391af045bbbd57fc31c3346cc78ae1083373247e08405416198682e773a33991b6f311cd4f65fd2656cb55c63668499494eb7454852f0a

Download Submit
C:\Program Files (x86)\GOG Galaxy\sqlite.dll

Filesize
802KB

MD5
570163e4b53390b17bf78af85e8af01d

SHA1
e642d74d485c4a3ed3a339ff3f2497b06033ccf2

SHA256
dd57aabccc4193e57140f7df1ef9e4e03ff06239a9061ba9760a9a799fa4ba9a

SHA512
6ca6f066ca9ede06947a52b519ffa37570f31add071545ff07a3c19227642cbfc9441805ad9635e6a75be54adbc272283074c0fd347acd99a4924dcbb9d4cecc

Download Submit
C:\Program Files (x86)\GOG Galaxy\sqlite.dll

Filesize
802KB

MD5
570163e4b53390b17bf78af85e8af01d

SHA1
e642d74d485c4a3ed3a339ff3f2497b06033ccf2

SHA256
dd57aabccc4193e57140f7df1ef9e4e03ff06239a9061ba9760a9a799fa4ba9a

SHA512
6ca6f066ca9ede06947a52b519ffa37570f31add071545ff07a3c19227642cbfc9441805ad9635e6a75be54adbc272283074c0fd347acd99a4924dcbb9d4cecc

Download Submit
C:\Program Files (x86)\GOG Galaxy\web\is-7CG4N.tmp

Filesize
27KB

MD5
240a27d574f21e6dbe82ccfed9d11916

SHA1
bc22e5eb3e1b8c330b667d956118ac3ef1472923

SHA256
e5434b7722d33b1dd24a53bca66e7a746739f5801956fb1ce1ace7b2a1771327

SHA512
071fc1843a8911da9d6d354cec06605feb6a56eb7627f69e2338a57ea7fc3522caf0549c284a8b7f68f18fa284bc3bc51f13dcf6d192b1738d07dcc042b5d8c4

Download Submit
C:\Program Files (x86)\GOG Galaxy\web\locales\pt-PT\is-U611S.tmp

Filesize
1KB

MD5
bf804964f529597485b5aa66f76656d8

SHA1
1625addc939cf41ad6677ed2330da32d656d3496

SHA256
4b09dfb390e8e522d12861d0f5e22462658bdacaceaee67bc5132228f9e802d0

SHA512
6c9009c448830cd678be6d6edc28ee5e936ce25ff100c93df66ad24a8f93fc21739ffe80e27d94f400736cf76ae7735ddb7568ffa68ae23a0f566396eb6c4413

Download Submit
C:\Program Files (x86)\GOG Galaxy\xdelta3.dll

Filesize
131KB

MD5
9cfacd6bb21d545f154a3ec82aaf9d93

SHA1
1bbee4abe68031b38256c0f4584adb6aed95ce7b

SHA256
57f498d7770150c5516cccff38dabeb90f54647d8e73a2cd45044155d86ff953

SHA512
71f7d498c4442a6f0956cc030e459c8e53d041ae4e4ab1fe6b4a56d141ae6cee95ef26c10722e11923b9c65a2f90efed94da925095c19b9ec911ca499d84856a

Download Submit
C:\Program Files (x86)\GOG Galaxy\xdelta3.dll

Filesize
131KB

MD5
9cfacd6bb21d545f154a3ec82aaf9d93

SHA1
1bbee4abe68031b38256c0f4584adb6aed95ce7b

SHA256
57f498d7770150c5516cccff38dabeb90f54647d8e73a2cd45044155d86ff953

SHA512
71f7d498c4442a6f0956cc030e459c8e53d041ae4e4ab1fe6b4a56d141ae6cee95ef26c10722e11923b9c65a2f90efed94da925095c19b9ec911ca499d84856a

Download Submit
C:\Program Files (x86)\GOG Galaxy\zlib1.dll

Filesize
104KB

MD5
2a92f0dc6dac8545718ee475b7b961ed

SHA1
c154cdcf10e411f1622e29a7f019ae610f35ddf1

SHA256
3c53b164dfaa56213b081c97d388082a3731f064b44bd5cbcf0876b075a3b890

SHA512
190ef026570129f8a9f03e22866fc8b49597644a53d06bb9c1e0cf37edbf689df86de928fb9bf782797262b1fcf85c52e212156eae94af2cd1ae4b25b3298234

Download Submit
C:\Program Files (x86)\GOG Galaxy\zlib1.dll

Filesize
104KB

MD5
2a92f0dc6dac8545718ee475b7b961ed

SHA1
c154cdcf10e411f1622e29a7f019ae610f35ddf1

SHA256
3c53b164dfaa56213b081c97d388082a3731f064b44bd5cbcf0876b075a3b890

SHA512
190ef026570129f8a9f03e22866fc8b49597644a53d06bb9c1e0cf37edbf689df86de928fb9bf782797262b1fcf85c52e212156eae94af2cd1ae4b25b3298234

Download Submit
C:\ProgramData\GOG.com\Galaxy\changelogs\is-ETTGE.tmp

Filesize
40KB

MD5
22619c0453959bfe2c93fd86f78168e9

SHA1
a91b4d02d25d7125389cc48475e73f23ff0fe441

SHA256
d0074899fd0ae09d26f565764318be29523fb011ff9377b6032d2a13cae26827

SHA512
ee40a3f8075e6ab5473263480a5a4e171a7a3e466db14abc1d82b45f90b430000ecf72bc1474eba1a7c8198ead3e9228257c55c807ec32b86c1512bf0d90415f

Download Submit
C:\ProgramData\GOG.com\Galaxy\config.json

Filesize
268B

MD5
0983ab2871e1f03d0d78954b0e78ded8

SHA1
c15910cdc2a98840d4731cb477d497dfea23387c

SHA256
375a77b239a3564ed9b2c2ebd3607d9faf3d4fddb0db517ba25942e57629f093

SHA512
87a497a9f216fd7dddaa2ef7e0a9ed930ca5634811de5da124b4444b9aea9e755b434770cd6a1921b5f3b7e10fbafab0f442946122765b016f0a28e38e623f3a

Download Submit
C:\ProgramData\GOG.com\Galaxy\config.json

Filesize
333B

MD5
9cec0b5b9bd2cb99a5f41f91ef8916a0

SHA1
0c54b03e05e95599dcd3b05df5b3c10ce1f7f819

SHA256
aeccf3f1885395de61c1eced431bb93a5421724e35921a12b72df5031ca93710

SHA512
3761b008d672e10a301a0aa40edd14e26545820b85ed8c48c2e74a4ce2b1a9f3b8c78a5fd52d4f9ef2ff544e240ab75de1c3085d9b2b8c7ff2abc8bb2a29cc3d

Download Submit
C:\ProgramData\GOG.com\Galaxy\logs\GalaxyClientService.log

Filesize
14KB

MD5
31c366ab6b2b5429a065a46b5dbe1a07

SHA1
895a1fc9cb49d4a75fae312efa0bf564532db529

SHA256
5b02794dfd7278f3280f1611f3f87878c61b8a0a1743826e87ce648050e51fa8

SHA512
fd44cb3a8272695a3533f4429703d4745616b3f0a75f953bd9498997c77a8915daa1eff0b0a942b7f974c98ff4ec68efdbafd47076386f5ae710aadb778f75cf

Download Submit
C:\ProgramData\GOG.com\Galaxy\logs\InstallerWebinstaller.log

Filesize
696B

MD5
8b6616ad4ddad8d00139bd46fa2c0923

SHA1
24192d1f6471150f7a401c288af5ef7b7a482e72

SHA256
e579f9b18dd01a636b2e865a32ad9483144ec59ae56c142028d66e443d65eb0a

SHA512
7b80e18f8dc091b04c33a9cbbad8298608c0623e5729a27d3809dcd80e065bd7bab784241d6853bf35e9e2f0f251a82c97a76c49c7586171379f8d9a248f7566

Download Submit
C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe

Filesize
6.8MB

MD5
e424558e967e42846199dfe36e2afe7f

SHA1
185ee6acc30cc27d9920581366a1dfc7d4ab4ecc

SHA256
b893c0583b627aba4e85abaec96f37e690d05b3e7d499f899fbe246c9fa1f2ec

SHA512
aa4d4adf899cb8097dc6948cb9159bf96d9b803c4879cfbba744f811cfe31acff2105d0a15f35f2ee8f2fd1de1d96b81de419e3524bea59b5e714ad6a9a03ec2

Download Submit
C:\ProgramData\GOG.com\Galaxy\redists\web\locales\en-US\is-Q4RNO.tmp

Filesize
135KB

MD5
35a480f9b79fefcc52fbeb9f407b9ddb

SHA1
71b93366f61ab551728b19839e88307b5ad5660d

SHA256
696168032cb8e76bfeb70892bb7a027e66d9284dd5ee839852f964eed0e5441d

SHA512
2a0972476ee922e80a5303ecec277d57fde355beb2fa6313d4304e63448f9acc46cb36782983e67875fb8bcb1c211ddfa6bc104ee7101d9546ba5d95589d7f0e

Download Submit
C:\Users\Admin\AppData\Local\GOG.com\Galaxy\Configuration\config.json

Filesize
2KB

MD5
b9458ee7df2e344cfb7ebca63abce667

SHA1
f14b31b480a196c1b072455a61ef4bd316c0deb9

SHA256
d78056318678cad58d996b46f016dc172e9fcc4eacee69ef4d5417cf115d98c7

SHA512
af03bf595e635cb0b99cf2a23a96de8e343779d797e00054974ab6c3d49421386c16db65a84f63548d76329c52b49ea7a555d6c3627700e90115c7cb2644ec28

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxyInstaller.exe

Filesize
566KB

MD5
26d02cc778b804689bda1aafa9a76fb1

SHA1
5452c96593478f59471730366c682da19881051d

SHA256
61eadf4a0bb3710671f5b6f1db10c522a2d0a07177d3b79eb844d7f69d8f8635

SHA512
047ecfb6df19e39579dd2a7359fec312f4dcf2293e9e4f232a22acd37a3c22707ecbf53d6ed0fe44989b8a52502fd43f525e20b85b83f29223205ade6a7aee90

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxySetup.exe

Filesize
264.1MB

MD5
1d6d6b76a8ed0d41a06771097a862e42

SHA1
4ab8db7c0ed55a7178b5396a3a192b40d302d6a8

SHA256
612c3d962935b9b206b7619867355625f475abcf052f9dee7ac4521e235eaacf

SHA512
e1fb7d8a9f26da1e95cfadd904b26b0cca778def3ea28f096d6cbf2abcba469bc2298ebbc441dd175b02dedb4be03ad3945d2d8e026c6c9226772dc1b9d3ee8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxySetup.exe

Filesize
264.1MB

MD5
1d6d6b76a8ed0d41a06771097a862e42

SHA1
4ab8db7c0ed55a7178b5396a3a192b40d302d6a8

SHA256
612c3d962935b9b206b7619867355625f475abcf052f9dee7ac4521e235eaacf

SHA512
e1fb7d8a9f26da1e95cfadd904b26b0cca778def3ea28f096d6cbf2abcba469bc2298ebbc441dd175b02dedb4be03ad3945d2d8e026c6c9226772dc1b9d3ee8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\GalaxySetup.exe

Filesize
264.1MB

MD5
1d6d6b76a8ed0d41a06771097a862e42

SHA1
4ab8db7c0ed55a7178b5396a3a192b40d302d6a8

SHA256
612c3d962935b9b206b7619867355625f475abcf052f9dee7ac4521e235eaacf

SHA512
e1fb7d8a9f26da1e95cfadd904b26b0cca778def3ea28f096d6cbf2abcba469bc2298ebbc441dd175b02dedb4be03ad3945d2d8e026c6c9226772dc1b9d3ee8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\icon.ico

Filesize
480KB

MD5
391cf634b3ccf3971811be5ef016fe32

SHA1
8e3023466d02dfb8f2e1b48555b998532dc9a377

SHA256
de9a2072df66c11af8cc255788c4c572f7b45ba7ab19524ad2e01a23f55e9ca8

SHA512
c1594a33efcfac7c6e6935e76ed030855886453b6397ba53a63225efbeb513a1ccb39ea7d528cc43bb1e2b56fd0e02b306e0e65dc6896613c2b4ca6c4a165d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\payload.campaign

Filesize
69B

MD5
18079c706761781140d58080359630ff

SHA1
b414ce00c3b7bd52aa50a7e208e2c4111e65d75e

SHA256
d51c3f241a2bfdbabb48aef02098843cbd01b073cda789c3ee5035047314981a

SHA512
2d4b636938cc1a778723b23ca7bf5725d4da5ad5fff2beb30193c75bf97c46b1c24ce640324bce5f823bd4c2f554e3f92f71dc62124046d3efb000e391f967b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\remoteconfig.json

Filesize
555B

MD5
6f5b2b274c12f821f619837cca4abf0d

SHA1
8bb07d862ad75c98a1ca21b356b6c7570fd3d5c8

SHA256
0431b43af8dc5c5d60d2f5d53aaf2f2303df6244a91308269194091afcf9e35a

SHA512
53d2964fc16d34a0fce5d049eb137dc8fbc21bf821bbf7a2ee4ba902407be57ec3c405bf077d0c2d4500c6600c64dcc826f8a247439ea6ceb3d254937e83a0ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\GalaxyInstaller_dRaCl\remoteconfig.json

Filesize
555B

MD5
6f5b2b274c12f821f619837cca4abf0d

SHA1
8bb07d862ad75c98a1ca21b356b6c7570fd3d5c8

SHA256
0431b43af8dc5c5d60d2f5d53aaf2f2303df6244a91308269194091afcf9e35a

SHA512
53d2964fc16d34a0fce5d049eb137dc8fbc21bf821bbf7a2ee4ba902407be57ec3c405bf077d0c2d4500c6600c64dcc826f8a247439ea6ceb3d254937e83a0ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x64.exe

Filesize
14.3MB

MD5
1e7bd6790391b5b710c6372ab2042351

SHA1
75f1aee6dccf3d6e6ac49926563737005b93ba13

SHA256
952a0c6cb4a3dd14c3666ef05bb1982c5ff7f87b7103c2ba896354f00651e358

SHA512
ae3860a060be483c9fcbcf6a41f561faf2cd681f39138dd13a563e3f39cf4b4f41e7c0f7b58bc8b585b2728245025be4b198f06634a97fa98847258272f9f59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x64.exe

Filesize
14.3MB

MD5
1e7bd6790391b5b710c6372ab2042351

SHA1
75f1aee6dccf3d6e6ac49926563737005b93ba13

SHA256
952a0c6cb4a3dd14c3666ef05bb1982c5ff7f87b7103c2ba896354f00651e358

SHA512
ae3860a060be483c9fcbcf6a41f561faf2cd681f39138dd13a563e3f39cf4b4f41e7c0f7b58bc8b585b2728245025be4b198f06634a97fa98847258272f9f59b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x86.exe

Filesize
13.8MB

MD5
3aa2d769397da14166eacdb3640458ee

SHA1
b38b7fc28c5e2ef157f93297036202911d2fc2bf

SHA256
b4d433e2f66b30b478c0d080ccd5217ca2a963c16e90caf10b1e0592b7d8d519

SHA512
404d2301c4719b8791639e8100eff6df7cd9c3ca62ad0a5c7ac8252f8adc2601aeefe83da982a409b9e3d901f74518ff98d2af5ebdd8cc77067be39c20eb1c56

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\VC_redist.x86.exe

Filesize
13.8MB

MD5
3aa2d769397da14166eacdb3640458ee

SHA1
b38b7fc28c5e2ef157f93297036202911d2fc2bf

SHA256
b4d433e2f66b30b478c0d080ccd5217ca2a963c16e90caf10b1e0592b7d8d519

SHA512
404d2301c4719b8791639e8100eff6df7cd9c3ca62ad0a5c7ac8252f8adc2601aeefe83da982a409b9e3d901f74518ff98d2af5ebdd8cc77067be39c20eb1c56

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LNUEG.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OR0QH.tmp\GalaxySetup.tmp

Filesize
3.3MB

MD5
3f91b13761b07e6767b575e244bd3243

SHA1
503dc37f819580e860eccf5b5e2284747f9952f2

SHA256
5f29f602d77d7ddfde25594c8ede7999f71e251fab7e9f1e106b29f54eacef74

SHA512
4267bbadd338e9955038e7acd1a5915dc636b78d2f506cc7a9085e64b7c70287047fadaa53f0828973894321db9692f7f5d7279fd0b8a15583a05c713297b0de

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OR0QH.tmp\GalaxySetup.tmp

Filesize
3.3MB

MD5
3f91b13761b07e6767b575e244bd3243

SHA1
503dc37f819580e860eccf5b5e2284747f9952f2

SHA256
5f29f602d77d7ddfde25594c8ede7999f71e251fab7e9f1e106b29f54eacef74

SHA512
4267bbadd338e9955038e7acd1a5915dc636b78d2f506cc7a9085e64b7c70287047fadaa53f0828973894321db9692f7f5d7279fd0b8a15583a05c713297b0de

Download Submit
C:\Windows\Temp\{44D6E228-4E15-4F26-8675-AC88E2FE97DF}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{44D6E228-4E15-4F26-8675-AC88E2FE97DF}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{7234FBEE-BD50-41B1-9016-07931413C6A4}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{7234FBEE-BD50-41B1-9016-07931413C6A4}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{861D1F3A-CA92-431F-8C73-082A7B260CCA}\.cr\VC_redist.x64.exe

Filesize
632KB

MD5
1d7599c4a31b82e70308c022e9494011

SHA1
7d04a03d5502df2838d40dd131b1cae226cb5205

SHA256
21d2935d29c807a3a56c406849b97dbc7f720822920930d0e2b13a44203c107c

SHA512
080ff020e0d2d9c0ce6beee8143c0f49e1b4450baa08072a8662f4b25ad6b034ee0ad174f2d4acd5b011cb8fb140656755007e245673f7677964b9e99555ab08

Download Submit
C:\Windows\Temp\{861D1F3A-CA92-431F-8C73-082A7B260CCA}\.cr\VC_redist.x64.exe

Filesize
632KB

MD5
1d7599c4a31b82e70308c022e9494011

SHA1
7d04a03d5502df2838d40dd131b1cae226cb5205

SHA256
21d2935d29c807a3a56c406849b97dbc7f720822920930d0e2b13a44203c107c

SHA512
080ff020e0d2d9c0ce6beee8143c0f49e1b4450baa08072a8662f4b25ad6b034ee0ad174f2d4acd5b011cb8fb140656755007e245673f7677964b9e99555ab08

Download Submit
C:\Windows\Temp\{8674A330-73FD-4E8E-845F-34C40D29DDB3}\.cr\VC_redist.x86.exe

Filesize
632KB

MD5
68f7654abfd77baade7a36e1d718ebc4

SHA1
eabba5cb899aee962f85b52e359c9f85d83771b6

SHA256
5b60b35079913ba1e00cddf762c1759650de8a3c2b76e373b996ced4843becdb

SHA512
b48c4ba6112e7ac1dae5846eb41812d265a72fc13966c8f8bdf7099fec88d27b414fe566905a6eea4e2f574c379fe87059018c8a365bed55a46eea9a42b38889

Download Submit
C:\Windows\Temp\{8674A330-73FD-4E8E-845F-34C40D29DDB3}\.cr\VC_redist.x86.exe

Filesize
632KB

MD5
68f7654abfd77baade7a36e1d718ebc4

SHA1
eabba5cb899aee962f85b52e359c9f85d83771b6

SHA256
5b60b35079913ba1e00cddf762c1759650de8a3c2b76e373b996ced4843becdb

SHA512
b48c4ba6112e7ac1dae5846eb41812d265a72fc13966c8f8bdf7099fec88d27b414fe566905a6eea4e2f574c379fe87059018c8a365bed55a46eea9a42b38889

Download Submit
memory/564-2678-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/564-105-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/564-113-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/692-51-0x00007FFCDA240000-0x00007FFCDA352000-memory.dmp

Filesize
1.1MB

Download
memory/692-50-0x00007FFCD4990000-0x00007FFCD5A3B000-memory.dmp

Filesize
16.7MB

Download
memory/692-49-0x00007FFCD96F0000-0x00007FFCD99A4000-memory.dmp

Filesize
2.7MB

Download
memory/692-48-0x00007FFCD99B0000-0x00007FFCD99E4000-memory.dmp

Filesize
208KB

Download
memory/692-47-0x00007FF643D60000-0x00007FF643E58000-memory.dmp

Filesize
992KB

Download
memory/1672-2670-0x00000000034E0000-0x00000000034F0000-memory.dmp

Filesize
64KB

Download
memory/1672-2662-0x00000000034E0000-0x00000000034F0000-memory.dmp

Filesize
64KB

Download
memory/2632-2671-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/2632-1982-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/2632-2465-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/2632-114-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/2632-2677-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/2632-2661-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/2632-124-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/2632-1980-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/2632-133-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/2632-398-0x0000000000400000-0x0000000000765000-memory.dmp

Filesize
3.4MB

Download
memory/3408-2663-0x0000000001490000-0x00000000014A0000-memory.dmp

Filesize
64KB

Download
memory/3816-2672-0x0000000002390000-0x00000000023A0000-memory.dmp

Filesize
64KB

Download
memory/3960-33-0x0000000000400000-0x0000000000641000-memory.dmp

Filesize
2.3MB

Download
memory/3960-2689-0x0000000000400000-0x0000000000641000-memory.dmp

Filesize
2.3MB

Download
memory/3960-0-0x0000000000400000-0x0000000000641000-memory.dmp

Filesize
2.3MB

Download
memory/4796-2467-0x00000000019F0000-0x0000000001A00000-memory.dmp

Filesize
64KB

Download
memory/4804-2687-0x0000000001250000-0x0000000001260000-memory.dmp

Filesize
64KB

Download
memory/4872-2462-0x0000000002540000-0x0000000002550000-memory.dmp

Filesize
64KB

Download
memory/5012-28-0x000000001E500000-0x000000001EA28000-memory.dmp

Filesize
5.2MB

Download
memory/5012-32-0x0000000002EB0000-0x0000000002EC0000-memory.dmp

Filesize
64KB

Download
memory/5012-73-0x0000000002EB0000-0x0000000002EC0000-memory.dmp

Filesize
64KB

Download
memory/5012-27-0x000000001DE00000-0x000000001DFC2000-memory.dmp

Filesize
1.8MB

Download
memory/5012-15-0x0000000002EB0000-0x0000000002EC0000-memory.dmp

Filesize
64KB

Download
memory/5012-14-0x00007FFCE2390000-0x00007FFCE2E51000-memory.dmp

Filesize
10.8MB

Download
memory/5012-13-0x0000000000D60000-0x0000000000DF0000-memory.dmp

Filesize
576KB

Download
memory/5012-68-0x0000000002EB0000-0x0000000002EC0000-memory.dmp

Filesize
64KB

Download
memory/5012-2685-0x00007FFCE2390000-0x00007FFCE2E51000-memory.dmp

Filesize
10.8MB

Download
memory/5012-56-0x00007FFCE2390000-0x00007FFCE2E51000-memory.dmp

Filesize
10.8MB

Download
memory/5080-101-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-67-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-70-0x0000022E87630000-0x0000022E87640000-memory.dmp

Filesize
64KB

Download
memory/5080-69-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-72-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-75-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-77-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-78-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-79-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-80-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-81-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-82-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-86-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-83-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-90-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-88-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-91-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-93-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-94-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-97-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-96-0x0000022E87630000-0x0000022E87640000-memory.dmp

Filesize
64KB

Download
memory/5080-99-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-100-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-98-0x0000022E87620000-0x0000022E87630000-memory.dmp

Filesize
64KB

Download
memory/5080-95-0x0000022E88C40000-0x0000022E88C50000-memory.dmp

Filesize
64KB

Download