hxxps://galaxyswapperv2[.]com

Analysis

max time kernel
677s
max time network
686s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://galaxyswapperv2.com

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000\Control Panel\International\Geo\Nation	windowsdesktop-runtime-7.0.0-win-x64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000\Control Panel\International\Geo\Nation	windowsdesktop-runtime-7.0.0-win-x64 (1).exe

Executes dropped EXE 13 IoCs

pid	Process
1248	windowsdesktop-runtime-7.0.0-win-x64.exe
2244	windowsdesktop-runtime-7.0.0-win-x64.exe
2100	windowsdesktop-runtime-7.0.0-win-x64.exe
1916	Galaxy Swapper v2.exe
2952	Galaxy Swapper v2.exe
3560	windowsdesktop-runtime-7.0.0-win-x64.exe
3816	windowsdesktop-runtime-7.0.0-win-x64.exe
4720	windowsdesktop-runtime-7.0.0-win-x64 (1).exe
2796	windowsdesktop-runtime-7.0.0-win-x64 (1).exe
336	windowsdesktop-runtime-7.0.0-win-x64.exe
4848	Galaxy Swapper v2.exe
5960	Galaxy Swapper v2.exe
4916	Galaxy Swapper v2.exe

Loads dropped DLL 64 IoCs

pid	Process
2244	windowsdesktop-runtime-7.0.0-win-x64.exe
4832	MsiExec.exe
4832	MsiExec.exe
2796	MsiExec.exe
2796	MsiExec.exe
4236	MsiExec.exe
4236	MsiExec.exe
3868	chrome.exe
3868	chrome.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
1916	Galaxy Swapper v2.exe
4668	Process not Found
4668	Process not Found
4668	Process not Found
4668	Process not Found
4668	Process not Found
4668	Process not Found
2952	Galaxy Swapper v2.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{01b47e23-4226-4094-9c19-400f12efee57} = "\"C:\\ProgramData\\Package Cache\\{01b47e23-4226-4094-9c19-400f12efee57}\\windowsdesktop-runtime-7.0.0-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{01b47e23-4226-4094-9c19-400f12efee57} = "\"C:\\ProgramData\\Package Cache\\{01b47e23-4226-4094-9c19-400f12efee57}\\windowsdesktop-runtime-7.0.0-win-x64.exe\" /burn.runonce"	windowsdesktop-runtime-7.0.0-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
343	discord.com
344	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\es\ReachFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\System.Security.Cryptography.Pkcs.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ja\PresentationFramework.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Xml.XPath.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\System.CodeDom.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Threading.Timer.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Formats.Asn1.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Runtime.Serialization.Xml.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\zh-Hant\System.Xaml.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\de\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Xml.XPath.XDocument.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\it\System.Windows.Forms.Design.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ru\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ko\System.Windows.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\de\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\de\PresentationCore.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\cs\System.Windows.Controls.Ribbon.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Net.HttpListener.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\System.Security.Cryptography.ProtectedData.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\mscorlib.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Net.Ping.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\PresentationFramework-SystemXmlLinq.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\es\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\zh-Hans\WindowsFormsIntegration.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\pt-BR\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Threading.Overlapped.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\es\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Security.Cryptography.Cng.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\es\System.Xaml.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ja\WindowsFormsIntegration.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.IO.Compression.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\es\System.Windows.Forms.Primitives.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ko\PresentationFramework.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ru\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ru\UIAutomationClient.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\WindowsFormsIntegration.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ko\UIAutomationTypes.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ru\UIAutomationProvider.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\cs\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\WindowsBase.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\tr\System.Windows.Forms.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Text.Encoding.CodePages.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Configuration.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\cs\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Net.Http.Json.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Runtime.Numerics.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ko\System.Windows.Input.Manipulations.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\clretwrc.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Runtime.Loader.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Security.Cryptography.Csp.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\System.Windows.Input.Manipulations.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\zh-Hant\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\de\WindowsBase.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\it\UIAutomationTypes.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\System.Drawing.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\hostpolicy.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\D3DCompiler_47_cor3.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\es\Microsoft.VisualBasic.Forms.resources.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.Numerics.dll	msiexec.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\ko\PresentationFramework.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\System.ComponentModel.TypeConverter.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\wpfgfx_cor3.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.0\cs\UIAutomationClientSideProviders.resources.dll	msiexec.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\Microsoft.Win32.Primitives.dll	msiexec.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIACF9.tmp	msiexec.exe
File created	C:\Windows\Installer\e587932.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB828.tmp	msiexec.exe
File created	C:\Windows\Installer\e587937.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEB8F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF98B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI44D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e58792d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\DF8346EBECD8FC64698728A560D4AAAA\56.3.50341	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID536.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e587923.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA96E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e587933.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8008.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB48D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBE34.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\e587927.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F8BC94FF-FF0C-4226-AE0A-811960F93DF7}	msiexec.exe
File created	C:\Windows\Installer\e58792c.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\DF8346EBECD8FC64698728A560D4AAAA\56.3.50341\fileCoreHostExe	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC6D0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF32F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1FA.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB259.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8876.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e587928.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC9FA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF776.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFCD7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3503.tmp	msiexec.exe
File created	C:\Windows\Installer\e587923.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\DF8346EBECD8FC64698728A560D4AAAA\56.3.50341\fileCoreHostExe	msiexec.exe
File created	C:\Windows\Installer\e587933.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A17DDA5A-F944-4E22-B578-FB860C604D21}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA5F2.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{BE6438FD-8DCE-46CF-9678-825A064DAAAA}	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\DF8346EBECD8FC64698728A560D4AAAA	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF543.tmp	msiexec.exe
File created	C:\Windows\Installer\e587928.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{192E20E1-D873-40DC-9D0B-0E46E651C583}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA277.tmp	msiexec.exe
File created	C:\Windows\Installer\e58792d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFE8E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEAE.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DF8346EBECD8FC64698728A560D4AAAA	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\PackageCode = "486C499DEA6C92843BE88680FF51E108"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\SourceList\PackageName = "windowsdesktop-runtime-7.0.0-win-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.3.50353_x64\Dependents	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\SourceList\PackageName = "dotnet-runtime-7.0.0-win-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\ProductName = "Microsoft .NET Host - 7.0.0 (x64)"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5D94C9C29EE5D1E732694BB0C34FAD25	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DF8346EBECD8FC64698728A560D4AAAA\MainFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{01b47e23-4226-4094-9c19-400f12efee57}\Version = "7.0.0.31819"	windowsdesktop-runtime-7.0.0-win-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\FF49CB8FC0FF6224EAA01891069FD37F	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\ProductName = "Microsoft .NET Host FX Resolver - 7.0.0 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.3.50341_x64\DisplayName = "Microsoft .NET Host FX Resolver - 7.0.0 (x64)"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{01b47e23-4226-4094-9c19-400f12efee57}	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\SourceList\PackageName = "dotnet-host-7.0.0-win-x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1E02E291378DCD04D9B0E0646E155C38	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1E02E291378DCD04D9B0E0646E155C38	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\Version = "939771057"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\BD5A978AE6A585D43068C1C91FEC95A7	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{BE6438FD-8DCE-46CF-9678-825A064DAAAA}v56.3.50341\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1E02E291378DCD04D9B0E0646E155C38\MainFeature	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{01b47e23-4226-4094-9c19-400f12efee57}\Dependents\{01b47e23-4226-4094-9c19-400f12efee57}	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\Version = "939771045"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\PackageCode = "F42CA9F75EA7FB049877DC9EFC57BF02"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.3.50341_x64	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1E02E291378DCD04D9B0E0646E155C38\Provider	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Dependents\{01b47e23-4226-4094-9c19-400f12efee57}	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.3.50353_x64\ = "{192E20E1-D873-40DC-9D0B-0E46E651C583}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.3.50353_x64\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.0 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.3.50341_x64\Dependents\{01b47e23-4226-4094-9c19-400f12efee57}	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\DisplayName = "Microsoft .NET Host - 7.0.0 (x64)"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F8BC94FF-FF0C-4226-AE0A-811960F93DF7}v56.3.50341\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_56.3.50353_x64	windowsdesktop-runtime-7.0.0-win-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DF8346EBECD8FC64698728A560D4AAAA\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{BE6438FD-8DCE-46CF-9678-825A064DAAAA}v56.3.50341\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{192E20E1-D873-40DC-9D0B-0E46E651C583}v56.3.50353\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A5ADD71A449F22E45B87BF68C006D412\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1E02E291378DCD04D9B0E0646E155C38\MainFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{192E20E1-D873-40DC-9D0B-0E46E651C583}v56.3.50353\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\FF49CB8FC0FF6224EAA01891069FD37F\MainFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{F8BC94FF-FF0C-4226-AE0A-811960F93DF7}v56.3.50341\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.3.50341_x64\ = "{A17DDA5A-F944-4E22-B578-FB860C604D21}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E02E291378DCD04D9B0E0646E155C38\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\FF49CB8FC0FF6224EAA01891069FD37F\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{01b47e23-4226-4094-9c19-400f12efee57}\ = "{01b47e23-4226-4094-9c19-400f12efee57}"	windowsdesktop-runtime-7.0.0-win-x64.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
4444	msiexec.exe
3868	chrome.exe
3868	chrome.exe
1916	Galaxy Swapper v2.exe
2952	Galaxy Swapper v2.exe
3536	chrome.exe
3536	chrome.exe
3168	msiexec.exe
3168	msiexec.exe
3168	msiexec.exe
3168	msiexec.exe
3168	msiexec.exe
3168	msiexec.exe
3168	msiexec.exe
3168	msiexec.exe
4848	Galaxy Swapper v2.exe
3004	msedge.exe
3004	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2200	msedge.exe
2200	msedge.exe
4792	identity_helper.exe
4792	identity_helper.exe
5960	Galaxy Swapper v2.exe
4916	Galaxy Swapper v2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3536	chrome.exe
3408	msedge.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: 33	4504	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4504	AUDIODG.EXE
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4112	4944	chrome.exe	61
PID 4944 wrote to memory of 4112	4944	chrome.exe	61
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3432	4944	chrome.exe	89
PID 4944 wrote to memory of 3140	4944	chrome.exe	90
PID 4944 wrote to memory of 3140	4944	chrome.exe	90
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91
PID 4944 wrote to memory of 1968	4944	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://galaxyswapperv2.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac6a99758,0x7ffac6a99768,0x7ffac6a99778
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:2
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4888 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5388 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5344 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5524 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5772 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6284 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5828 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5516 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6616 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6600 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6464 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4616 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2964 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:696
- C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe"
  2⤵
  - Executes dropped EXE
  PID:1248
- - C:\Windows\Temp\{0EE3668E-5A20-4FBA-8B49-0703AB96B98C}\.cr\windowsdesktop-runtime-7.0.0-win-x64.exe
    "C:\Windows\Temp\{0EE3668E-5A20-4FBA-8B49-0703AB96B98C}\.cr\windowsdesktop-runtime-7.0.0-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2244
  - - C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\.be\windowsdesktop-runtime-7.0.0-win-x64.exe
      "C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\.be\windowsdesktop-runtime-7.0.0-win-x64.exe" -q -burn.elevated BurnPipe.{91832E62-FEFD-4087-A67D-93753235AF24} {129922DB-A782-45C3-BC8A-EB101D4B596B} 2244
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1828 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6360 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7080 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3024 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6980 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5116 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6448 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5880 --field-trial-handle=1876,i,1457465268354452419,2881286396477465552,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
  "C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4504

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4444
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DD4D61E10F1081EC13D02A8BBCF52E25
  2⤵
  - Loads dropped DLL
  PID:4832
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 15D72A3F3D604FE57B15922FFD393C9F
  2⤵
  - Loads dropped DLL
  PID:2796
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 484C7FA54F36D0831EB5A49AC7E85FED
  2⤵
  - Loads dropped DLL
  PID:4236
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 260621DA09ED5E5F51E36622AA01BA5D
  2⤵
  PID:3868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2296

C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
"C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2952

C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe
"C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe"
1⤵
- Executes dropped EXE
PID:3560
- C:\Windows\Temp\{A5AE2C83-26AC-4244-94C2-14642AA135BE}\.cr\windowsdesktop-runtime-7.0.0-win-x64.exe
  "C:\Windows\Temp\{A5AE2C83-26AC-4244-94C2-14642AA135BE}\.cr\windowsdesktop-runtime-7.0.0-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe" -burn.filehandle.attached=648 -burn.filehandle.self=540
  2⤵
  - Executes dropped EXE
  PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffac6a99758,0x7ffac6a99768,0x7ffac6a99778
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:2
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4728 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5452 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4704 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3540 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5316 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3804 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5204 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3196 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4140 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3268 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3804 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5820 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3092 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64 (1).exe
  "C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64 (1).exe"
  2⤵
  - Executes dropped EXE
  PID:4720
- - C:\Windows\Temp\{7B702771-0624-4771-B3F5-6984AADF72D0}\.cr\windowsdesktop-runtime-7.0.0-win-x64 (1).exe
    "C:\Windows\Temp\{7B702771-0624-4771-B3F5-6984AADF72D0}\.cr\windowsdesktop-runtime-7.0.0-win-x64 (1).exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64 (1).exe" -burn.filehandle.attached=568 -burn.filehandle.self=676
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2796
  - - C:\Windows\Temp\{90BA839E-AF04-4A61-8A77-A15B884E3D09}\.be\windowsdesktop-runtime-7.0.0-win-x64.exe
      "C:\Windows\Temp\{90BA839E-AF04-4A61-8A77-A15B884E3D09}\.be\windowsdesktop-runtime-7.0.0-win-x64.exe" -q -burn.elevated BurnPipe.{E0645474-FFAE-433A-8878-03392BC2F4B9} {9DFF9D75-65E1-4B96-B139-145ADD4E6913} 2796
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Modifies registry class
      PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3232 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4160 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2608 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5384 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5268 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4796 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5268 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1284 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6448 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2688 --field-trial-handle=1892,i,16270578635901207815,1275327618541249353,131072 /prefetch:8
  2⤵
  PID:5660
- C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
  "C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1580

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3168
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 806CBA4D056335CA85455726855E7DA8
  2⤵
  PID:3816
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 79D22DAEFAF49F9244543719A88C132E
  2⤵
  PID:3044
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E487086E3EA959BF4D449B3367667DB7
  2⤵
  PID:464
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding AA718CFA40AD8FBCE8C46439E0A0541E
  2⤵
  PID:4024

C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
"C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4848
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C start https://galaxyswapperv2.com/Discord.php
  2⤵
  PID:1132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://galaxyswapperv2.com/Discord.php
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:3408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffaaca346f8,0x7ffaaca34708,0x7ffaaca34718
      4⤵
      PID:3044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
      4⤵
      PID:4364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
      4⤵
      PID:4560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
      4⤵
      PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
      4⤵
      PID:3768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
      4⤵
      PID:2252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
      4⤵
      PID:2580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2132 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3284 /prefetch:8
      4⤵
      PID:4680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
      4⤵
      PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
      4⤵
      PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
      4⤵
      PID:5304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
      4⤵
      PID:5472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
      4⤵
      PID:5480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
      4⤵
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
      4⤵
      PID:5220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7871400938337604898,7665087221456570081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
      4⤵
      PID:5492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
"C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e587926.rbs

Filesize
47KB

MD5
6644358b826985c1f788cfd605a56139

SHA1
7d1fb23a8fb97e2e99dba308383afbb8286555a8

SHA256
bfc72fa3148e6af6257d5797719ab7ac1b619d7aac589653544db25f5b14f04f

SHA512
70a1c0484d48e22ba73c6f3041514afc8e92b5e8c3147cd01f1c895409b8258d7fae27e7b00785aa081eaf0817fcaf651cfc3075b99b3688a677cacc3f22c289

Download Submit
C:\Config.Msi\e58792b.rbs

Filesize
9KB

MD5
b31de26c524f508315343e3614cff4dd

SHA1
54df27bf7d32f2bb40c899793c6ab35de8ed8ccc

SHA256
da687172c14f88f898978d06ac6bf9be33835c553ad7be09709635313bbae998

SHA512
84bca8453af607707224189e384bbb6ac4b4a7c322e7e88e396b5929e35c3d2ced84632536bc739ed42791533c075f670c02a4c1c66e57bfacc84352ecd012e5

Download Submit
C:\Config.Msi\e587930.rbs

Filesize
10KB

MD5
e60f5089f1f98e751ff3fe205195cb30

SHA1
0aba77ad63acf5bb034b94f41cc2b6b3a4d2b2af

SHA256
2f711eb652ebf32ddc682bcff77f4b556001b66c54babd63501fc35e6a596dfa

SHA512
0bed34c24ccb1b0ed107edae713913acff9fe115931bffee30026c5677955d29d53f2e7fcefad4f92f20afcc5cfc01f80fb0b5dc2afe993aa2ef01802abec944

Download Submit
C:\Config.Msi\e587936.rbs

Filesize
87KB

MD5
b9fc4ba43017058aa7ab1f918b41f8b8

SHA1
8fe7dc6463537a7d11b6e6aa5ff9315560d8d92b

SHA256
f69e65159c1236df88f78408062f473a83c76cea573d6e3c35d8d7fad4af7935

SHA512
746a7bb07cbb50c89a4b74ef4b853dbe106352e5fa53bff0a743eec5b1b28e510736ac47bd057622042cba59a47af1578e191dc87170c75619b586226f0ce4e4

Download Submit
C:\Config.Msi\e5dcb44.rbs

Filesize
102KB

MD5
4acc98a73c5913894c665cba433330b4

SHA1
235c23a74ddb35a60c64879a6feb7c8173c77511

SHA256
9c08ce0505888497ae1014b92d1f30ca629cd512b91dd605658c07d74752b0a3

SHA512
8cb6181693c46c897ae70b52bda6bae72749cf7280f20ef3e15f04b3c54721a0e57a3a177c66deb0e0be9c4997923d9cf636599ab54dc31c2be445735bb53a5d

Download Submit
C:\Config.Msi\e5dcbff.rbs

Filesize
6KB

MD5
982045efaa77b7f2968ee34156f26045

SHA1
fdf5b684e83e51c00df41f726b6ffbccac5f6270

SHA256
47f3648ac00d607ea309c59fcf4ccf41a578f9d4999997fd0b9cf979ac61422c

SHA512
f110e718b373e8ddbc0bb43f3189184860c3f1802a8d9d51a296c48d3ca134ba6a8600e6ec20a0f0ed4604ed8525e20a41c5cb8d368c55dc0f5b10a56ab2b601

Download Submit
C:\Config.Msi\e5dcc03.rbs

Filesize
8KB

MD5
3e63231772c0e03f1f96e50610033bb4

SHA1
6a04336a4613fcaac7ab144a91a36286b0614537

SHA256
2bbf396bab6f355641297eaf9058d36616b0048e673785fcde01fb12afe8049b

SHA512
ff5ccbab58c77fde1bbbab59299bf512c1d74d1c0bcd5882eb89419967d6165d97394f0efd0ef2bc770b59c326f5d84cda0e41a0ceb914da14b3b1c48af57b65

Download Submit
C:\Config.Msi\e5dcc08.rbs

Filesize
174KB

MD5
497eca6fc6423b0f897b0907c6988db5

SHA1
6c7115fae9ba1502e2818c0b45d8670bda67df30

SHA256
2dbb32e9b72e4b247bce712fc61ac638f3a64da4acd3af82cbe04b3e3db73d9c

SHA512
cfe9e26931fd4ca75b59e1b4b25ebc37ee2eb0155c3d89ac0406e497efd67470e8cdf3a6ec694e4f8e2f52a5bcfbe273d9a01b8712b898184378762a60d40836

Download Submit
C:\Program Files\dotnet\LICENSE.txt

Filesize
9KB

MD5
31c5a77b3c57c8c2e82b9541b00bcd5a

SHA1
153d4bc14e3a2c1485006f1752e797ca8684d06d

SHA256
7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

SHA512
ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

Download Submit
C:\Program Files\dotnet\ThirdPartyNotices.txt

Filesize
85KB

MD5
481ad608d2c3b3a5a0a3a529f2b2569e

SHA1
e271613b837d2cda290808af2bbd104a8c104a10

SHA256
29aec309fa6f036be931222385612088a3d98aa07ac2356243028a3072d0ce86

SHA512
93dde6782e14ac259b8655a89b31f7efe6990f27bc560f90200f3c967645d20fc54510e8fb0346732ea54707728a7075c9b566a936e76586c50681de65c83afb

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.0\Microsoft.NETCore.App.runtimeconfig.json

Filesize
159B

MD5
01da0d56ab33c0ed0e7ac85e5244190f

SHA1
9e1e4b59e590038f769e5fa01fb326109a7f38e5

SHA256
7133274dc5efab688a6efe2f43ca33e78a2498ef39efcad231b0e07ad2c26d17

SHA512
e11967ba33c719da1681a7f98056d40f450788d9b7c8b2f580d8bc7998fc35a78c53fc970301b097c527fab79fd477adad4eafcd75b4bb376d33c3fece9e8926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1a7d9b40bc5378f98e9543dee8f6a474

SHA1
e8ad2230949bd8bd02cbd9cb0643b823991b05a9

SHA256
16909d92d99a9c6bf41034a970be34d087cb9c432e528c501fbf0ed3e7ebcb00

SHA512
5fa10565b8718ab34fad27d0a2ae83c0e250812b6f90f58d8dfc9711111ebc99188bd41427d98a96446339cc01fd794acde1978946b26ba269a6e8aadb05d93b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

Filesize
19KB

MD5
962629890da06ebc219ff259943ed681

SHA1
e2948c0ff3c5bac522f722858add140846a40e28

SHA256
5d95ffa8c4176e5fa20958b1b0065ce30fa27a28706c734c48a25537b65c696e

SHA512
4e0dab47e6a64b392c022dce293c9e5880e298056f4dbb25ad7d3677a5a891b343fe1b2e4b0051c0060c0f0fbbabffab2c2fcdb0671aa0765ae1399f191ebe62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
797KB

MD5
c094c3a422370310e163973958492968

SHA1
9ee1c7b71039f3f51ca5b83f7fea3ff32427af7a

SHA256
7070fb99484eea364eaf41b22541bbaf4dfac879419577ba220bc6439cc0d770

SHA512
0d5a4575243cbf6af6e11f3c218d7be9d0bffc294d308dfeab0ad8326c66a046068c740ed120d87f8f0ed17e156108d3bc8314a11ca03f54c251c11bcae229e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
4941a8660a68e7e742240b2c275a5d07

SHA1
244260ddcc9a44108b5e2d99a0470b69704295b4

SHA256
97450cf9ddb2d15f9043457969d323c87f258fed5ee107d71197016b57598cff

SHA512
441ac676be10af73104abce1974e4537d0677764dd814a4135f47d813cd72193415a78dc95f88c69de0b2bc9fe6ff2dca9f88263cb08a6dc2a6479870f6a3d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
57ce9d99e39cdf36180f65b19cd8970e

SHA1
da5aab76ad3cf991d76a4108de40b2cb936353e2

SHA256
d0b6cb2ac532fb3cd21c49250e574937ae95388121462e74ee34b90d7561ceea

SHA512
0f2ba59207efd075de19e3c66db2738695b8358af1a105dbfa2b03513a187dee6c3004b414094c2bf03e3f515831a5e9aa3133bc0e53944277fdec2346a2c946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
52b94cba9e6671254aa0088025d753a9

SHA1
88331f81f1e82c130798ee18f9e69353a357090a

SHA256
26b6b1dffc178ddd0056e3eb2b44947a7075fc6d04609f922c48643af4a8a36c

SHA512
b8f604bb414e4d10cb41034274adbefd96e44e80b55f876614ba0a5c6d52d8a3124ff8c22a4b5ef9d50e591d8484fd270bd13944c3662aec46260b66518d336a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
a44d43250810f293e646293b725e7be6

SHA1
e7e8e7ccd2583e57237e7a6da8663898238a88ca

SHA256
697999f00bef39f513db463409385589aa213fa058be34570ecc6a1814397c79

SHA512
57a40ab1e3637d47a268eae19104d7d6b7493e4e096ec1bfe7d541b89204c7b5f954adf946725adbd85cc3773d5a78fe7377a3ce88d8417fc9c486625a59574a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
b09dab8c5858d9836e461f16938daec1

SHA1
a4a82ec8470eb4bd2fab463cce972ac2c69fc21a

SHA256
39ae8169646fdafe5b103d004a430fc415721cc4e742868cba17d669b6296fdb

SHA512
63fc7baca4b8105d528273c6b4ada34114c9b459cae806e8acae0cd6c694214788b5b0f3f0a61eb141cc9c51383c28745d94ee93d398eb66609da17568695fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_bclfo.wedonhisdhiltew.info_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
03d6976f3b066c6a65b59986f4b00be5

SHA1
071a78db4fe58beb38ede0d6f6e1fc6bbdcc63e4

SHA256
1dd81b3bdebac8a672666d50c7117f150b485838468c0bb33e70a797758ed00e

SHA512
328cb4a9e49dbe444cda3f050da1089aa4ae0d28137a3a29060b583749fa83eea1f5d94fd5a7728bec3755fea0001fb803616da7e95cf716e2895cf8397f60ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
94a1da4bf5fae859bdf5b97be7945bc8

SHA1
fa63af6d3937ab9153479dd49a6c77b0dc54e13a

SHA256
d3ba6561a63d91d4c1bd9eed096f06ff6c5832566ee3c50f815f9157ca6db839

SHA512
6d03fdd8b750202ceb1e5033732db188d3e02272903d2937365af2e34368bc7704ca691843f681c90239e0da8a13e1b2d3595e78eff0eec811576754e267eeb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e2ec70d56b471fae207434a6d328e6fa

SHA1
d7f2f0ab69266a9e460a68713b1ad76a9d1183c2

SHA256
93cb775185baf3534282ae773f726b45f97bf36f141701a5803449ff61a3b87c

SHA512
01563c333ab97daf3a0e3e2a773aa7b57c83e77b0076ccade2fbda9839fd204aa1a4167e35fdc3e8b27fc62451d4708aca7c47547fb4f96059db95be6e7a9a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ce8bace7f3a0e47def15603e1db13064

SHA1
cb16846456419b5905ee12ba8ec6ded4d8afe3b5

SHA256
4cfd872d5df304ce6643d65ec37194900d2c8cd3410e7e982c2855d3ef5e791f

SHA512
ef7e94c1832677151b92ef12fb0fd786df8dd184f095e6ae93c5bc4583b7367f9e2f11ccb2eda16fc37270c7e295b4b5129b471c3cf6de6d4417dbece47ca110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
bcc40ead0515cee1ea664f4285a36ee0

SHA1
af7a10f63cc1180b281682fdd04e109ed1b21809

SHA256
5d74a1763334513a3ba834be8bf233b2303674e566e355fcb2fdffa317ca4f9a

SHA512
3195d8485f89d7b6bb33a72b7f3f400a8a2195bff2aac6df53b2b978446d9b05b8c24ae5c7e65880eed88843bddbb8f406c931b27b95d29d79b3824e403ebb0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7d41d9df6a01c0df48a45bb69cf125c4

SHA1
787c9edb787a2f7313f46b31999c924ed44bc61b

SHA256
0db334fe93c1372a1c85d30c4f0798e072705960093b4358eeb09fffaf417aba

SHA512
56be7e9e75015de440dfbe24ff98e3cf6890fedd64c16e6b147b28b698d713cfb1ad08ffab9751ee53b46e66dcbe2c1b6fc8172def7d99d7d3f40bf489d1ccf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4d63393c83b1b91229eb4fa275f0cb2

SHA1
213273d37015a3baf98b9e4d23110156d1bb16d1

SHA256
055fd80b85e847e57083fafc14e18e1c43bd29c61e82b6817a823d0da333553d

SHA512
2fae8d6cbd143247b78f4c3c3b7679256e179c7d1afb42f66fa281b0f9d24cca3e2fbe0136a472e860712c5b1d2efcedb57bf9eb5b4b1f20ba571dec8c18e50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2c67779020754a5597ff6d9486ab6d11

SHA1
464a85f1415fa1ec897651a1d35006807a994e39

SHA256
c3ecf027b01c1fce4083bdb2fe7fda7e4eb846f40532746d29ecdd4724c8e74b

SHA512
bb54e18c97092bde48926cd2beedc66e1e69fe3f64ed980865f69c12e0fdb9a5b7a098819fd422e689ab8a93c46f41a0bd872f0fa2365d8d568e7ac2227c2b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dc0a6650a560a79439938f2ee62f6bf6

SHA1
8ea83c25fa01987abf0e8675357b7b0a5535cc95

SHA256
bf48cad308f8b3ffda5438cd6615bf559e292a9e6fa02f2737d7a9229c23a23b

SHA512
e01709e3a7f2a09e01c000909b5ee3c5a04d012b885815ec309d2605f13bb475a82225d82cc0ecdc151cafd17d63c35173e370ad51f8ee05441df7c3dec316a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
68333998acc125c059b7e87a233be053

SHA1
8b48f56f88f098bf0fa2e3211a8ca25bfb6e3126

SHA256
bda3e24d3edd0b6dc9dab458d4cdc15fdaa8753305c1cdc96e986396a8e38c06

SHA512
ca93c12a0dde810585f1bf6ab7e421a4ed86bc54d9003ae758309fb9fed8b2b2e69265f7d7594ee44ae7190077ae9ffb7c74b40bbbf8c761180ee44c1e641417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab8362fede5d432dc8452745ab921e4a

SHA1
2f6e33a444d2e557d0b20d18a23c56ecb4303b42

SHA256
1ffeede05730d7a9b070f76828ec66b4601c88f6cfc5bce85bd3f08cf9e7d1d2

SHA512
9636aba2200103d9aec17a472644e0ff2107794cbbaa4a1dcc7a51fa30e8a6b753c60092d6651e7e1262e9951f374a41c7f4bf242e483a7f29d97ece328e7bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb9e5cbd558737d6a962f898a5757449

SHA1
b85b342a12382bfccd298695997c70c39412ec4d

SHA256
34e53e25c2ca06a69eba128cbebda91366d7948d6021e35795ff4fec2b0486cb

SHA512
21a2f05aa229e54467fe2372e672689c95d20114eba0bdae72f2b16f296ea623686a3e6c8138e7387b1a7d4fa06aff569e5538215384f74afe31576f3620a255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
349f4ae3db18b4a0e02e86b768740d71

SHA1
984d9d6f78a723b91858bb8be0224c07437cf9ca

SHA256
2cc0666b2cbc6b6d16007e4ae1ef7f0e3fc246ff27591499d3d438db99ec85c5

SHA512
6a102237fa43e24ae85b02acd0cea136ec99e687b249931a2917ca51c913338c2bc921995620026e5c39f635d0003faea9b57f1d8c2fd68f75b85b2d982fddd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48ea3c526b7d4e3e78724b929fdd1b20

SHA1
97190ad87a055fea1f3b029bab5c64c066d5060e

SHA256
6281539439c7c0977e4658c3e3d35aecfaed832c781ffee6299f2cc7b84ba858

SHA512
6cbe510ec84e13f39d215b08147fc6041ad835d274e6092bccff74af5ccb5576dee7a9a7609eb9392e0acb01ed6174a0b78c08275be88ccb3174880e8671db93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
95f018201a01a2d088809d2c249f6007

SHA1
3c0a98b73e9b77db05054d510eacf4f5a9e11ec7

SHA256
f8f4eb043aef3077a35699a555aac07708edde4150bbb1cf7bf103445062753d

SHA512
a8d8e9c84c44a2fd1ce5c1d6235fc93687aa006d135914c3e71405b25f27623a31ea3b8c8556b34fd1e74e29e0122f0e6c13d52d521c0b0f936e2fc267024b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f18f1caade80b812a6b638866c0b45f

SHA1
782b789f48a404820e0304d39eb9b1d78ea803a6

SHA256
48fe966a65378f2c018ed01d797aa7784a79aae5a8d2ba439395c7c3fac00a02

SHA512
f521937ce013bf82abc418b982b0ac415c4695eebf68dc2f3760c301d3c0c67754f36dfdeb08a3277fb34391702952f27bd33c1a674d6d4f3681f98a07a1f5e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
951f49fe3f752348e5f434109ad84b75

SHA1
caf7f988ad01190ab143f51d1e3ecd91187e2e44

SHA256
accc1778c480264a934d85dbc65dacf454e280d68971b6d7b8fff0e2d36a8346

SHA512
6dc1b4cfb73484c52074866205b4641b31723e857b0670af1736f3eafa96b0869a411c5fce5cf6dc03bc3017ff980513f9be583522a619079ccfdf425e80a818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a5fd765b81832a0eed691f1ad181868e

SHA1
c2a7f79ad3acb40d6204fd5b84e68c0f968072ae

SHA256
9ef9fd27b3b59671e25c5e63ff91589ce2882ff84a99f76a21dbd8e2f16e7190

SHA512
d558d88b5c55c2ca15094f145bd4dce685b33a4b017bf8cd5aae87f415a74aaa4dfe3e45486ffbb9d22077a73f4afec297dc554edb04c1fe0ed74abaed7cadf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c9691321f058a62bcdb6466985b59883

SHA1
33158b1b825d3f0c1a66c221a0e9096730579d83

SHA256
d75e64adae6b0ed5f787c5f8421a026bbfd20233a66e83fad7a9af81bb4d2fc8

SHA512
6b8ed79307c5dfa8f0060930fe918df7008b87a4713bf537afc32b91c2869f1c2e4bc8d8ca955abf2e5c87c59b19130880f2029a1156670a13c76a5e47a34f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
624461d4cb70401a17e0dc055c9def0c

SHA1
6ec8d878c2aca3a463dabed140c0d9d8e2720eb5

SHA256
c69a03cd221c327829ffcf5758dd6a61e7fe204190064e552ff6ca3483425eb1

SHA512
29c0e2c7d7f8ce8a2d9ebfd488caf503abd399a235e0a2ad80974df8feefa3773319fbcac8c20b4a3d29f52399f27648d77822a499862bc4e9ec2eced570f602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
367701e2afc67f0786257aca64357c2c

SHA1
c2ca073703ae314961a5559bc142b0105dc02f1d

SHA256
140fdf525a4e6992b279404abf4f5a076db1d2491654deaa2a7afb9a8041f4a7

SHA512
da4ef50e2638eb316f541ed6e47184e379336729ce42fd41f71067e25760742a4c3a4205d685bf58ba1455aff108ce6af1df041f2e29479429ce296392b4b3be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
05db29a0fbcbb7f3b8d856caa31c5c08

SHA1
89df7d09c4473f38dd17c6bf755da29ca5e2fb82

SHA256
399c236a96b277a870b8c937d022325464e9996787dc76d6d09b29e91e0baa10

SHA512
a79171902723212cf82134f16ad38ebfd2e05b8829ba4e93514fca313b5aa636b5ce9e18ed9f603fd97b6171ee5af5af1749299caf2d10120d2fd85289fc6c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
542adf09ddeec5430c8a9c0ac61c8bdf

SHA1
03824041b713771f06e52592578ed10142666535

SHA256
e0cbc6e3a5cec063743f7e5dff3e16757cee6be1b87ec5d9a5f1fb5356626674

SHA512
fd40d352e292f4b4100a80492e89ba16ec90ea9fd75bb6e4880a5caea98b9bd8faca05af708262d71ecdb86b599a4a421f82d8f570993c804dfe860c921c922c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4a73a8b78e3494bc4fd258cfda77f965

SHA1
4f14bfcd8d56977cb1092a6df8d38e9360249b34

SHA256
d1de64f630fffdbf1e7cac7228035e2800cddb5c85dea7c34cfb4b9fb817ca6f

SHA512
b548589af574d6e9088c6f563fa952a3f0300aa704195bd4bbf42bd1809ee995086a9c26cb9c6b1a20c200a919a374203265d52c31f2f6ba10fe9f7b1be00a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04eebcede3059f4ff4bd67e9555b5a01

SHA1
cac507000393e481439571a7254650783e82a6e0

SHA256
7eafe9f9e720c70855e6ed1aa09217a24bfa83d9f2e687b60e1628915a54b3d0

SHA512
54fe19fd7b0fc7c7bd9278ec9c21f2926bb93fe5c56f8cb08a11eea3573a442016385399276ce94cd708866265859245b27cb1772148cc465a3923833277554b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0cfab66f5826416ed6909c80a3f398da

SHA1
34b0425b5d63a1d47fae0180a1819cc95987919a

SHA256
6f03646e15f4b4cf2e7122a38d2070cb02d39b131155d1d7715efab614103193

SHA512
99c0c250ffbfa0ed756e3108a69a20da8385bfdf3154fe83af4a690734e097e06409fdf53ee99d82f507947a21ae791cbd48cb5d61986de04dca145bf4f0dc93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
92f7efa83c9d7d6bdb384b6b22e5a9af

SHA1
0b08dd8f5205d2d2dd357d728a8c88b0c317b330

SHA256
e81dcea3356fc4e767da49b4bd3fa498254a228583c1be0950f7aa68feb5c63c

SHA512
b594b07e77edab7fafd2f0cf48b7c8204a1ad88dbe8e63fcc60e5c651335efaa606de41657172db05fbb5d90ae3e57ce37f7d75cbb1352a35504a9b2976f44f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9f04e771a78be070f0061d527fa28e91

SHA1
a15e40f439b69f1db8293305b7d7b305532eea30

SHA256
896bcf0486d2106f9cbf5f004bc4e2d4d454b22c08f3363be0c26aea47b89440

SHA512
34c8405dad2c026a286dd96c667b2f97097ff1b0b754b804ce1940cfb5deed31a056a77a7e20d4dfa10842885b687da50e1e41ad98eb4b6e29e8c1652a6d6d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e1314b7277faf496cb787443e723088f

SHA1
124f1512bea0b00870b397cd96917ee7818df638

SHA256
be434df7f749a498444b8e5510e85fced15c6e5fc9f498de75e197630c0b6916

SHA512
7b3acc788e5cc00b0d59a6b46d2464cf499c738b6d0f31bf9d528681bfbef30a4f10a00d7eaa1184d4b84ea791fb5c759951be94a88ed1591c29ac8dad6359bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
703508fa9988381fa3488bb0908d4fed

SHA1
23ef8edd880ffd423ec611001776fb0ba621d5c7

SHA256
3b224161fdebfc4d7ce4a8ec7f4629d6ff2c97803aabf492dfab232075622c21

SHA512
829c0a67e8eb23ea3eabbb40877fabace169e8b9f489bc7bfb41ce2a74ae97233d706d8c7802bb6a2b81b5171e0ada0dac36436aedfc53e05c395d9646198ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f7066edd43daa91c16d706bc54ce20a1

SHA1
5682be6d5ae93366c7fe1cc42b392b4763092488

SHA256
68ce953e8774b37e777685e58873ed4e809f0593d9207ced3cd9b4d00d2d9337

SHA512
0c80335039980585cd54eb5ccc080243087ddb1d5227fe2b6df9116472764bea4ab28b98bc57249599d9f03cb2351777f3f00b55158c42902728048695eff1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6117f166965e4df2504a509fc7b73080

SHA1
c059ca8c1304c882f87450e3748bdac93bf9c960

SHA256
966f136fa8c00eef206fc960db7bdfb0c3161791b5d10d60762c76948c654d98

SHA512
98ef566345ce3a36e6495e3b34e54b2d7af0d96f1ca86fca5cf3255689661b4f7ca73d2340c524608e9df70db29a7aa898f45ebe61f3d0e42d3606ba8754370f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a016409a391097a5db77e67d9c304b2

SHA1
d16a2259b5d6d45c419a882e9aeb7054d83d3c1a

SHA256
bf3322080e07e2e910fc0d28b659e66ab5a58174adfb65dfeeaa517fcdebafe7

SHA512
d30996f210a22a973cc02e81e4ecad6a30244b177a0f826d20eb8415cb6b42370d4bd86fcfb94f2fc7c2587b3170779f7a6ea8301ed60c75b8bce63b28fdd8e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
d9d78256f6e11e66ab3c87880a53317c

SHA1
03034aa18c0b3a1146d32b907ca7a2c1e4fce898

SHA256
321276991a8d0643f80e21a5c45ca8c81e3b6b1c7539d4a125d7423e6942886c

SHA512
bfffe202fbe71ff8b4ba57efbeece146584733a029cb33d8b8a1a4247919e1240d77ea72b0832e88da1e2f9aa9f860d9c01e7b3e2625a7fd6dbed52fa9270d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33e140b21a36d0a2c689a01e427056cb

SHA1
705a05c0f0b7d92af632f6d513d22c96c701d663

SHA256
9688a4e9fc2fa1183b6a9c5715a3f33b2bc269fa2300be73bc812561910e49d3

SHA512
a17c7b2c7931f17fab0f4e9546648dc01fdc8fdb5fddd1b94b7f48ad4204e7f1e7a7ec51b35a00f4c548ace396d56db923b3295e33bb0878c6a1eaf82702397e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
415899365eb43ab6c5232277b0032ff3

SHA1
ed74140c49b1062a60b5b9925398777171d734ba

SHA256
853db25a04b79c4cdea8e4b8fd59362aacc4c8b27538334bca48ac1b3c201802

SHA512
a8942e99e968d815363739beb3fcb4da4afb03b329f3f547a48ae15b5c6823db6fa1db022f7a38fec8eec1d109adc20fe195cb67c61928eeab27162cafed5837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
ed838edfe28041a3ef3d8c02a8da4430

SHA1
6fcfb3f086f528341c4b2d183fc1e47b99ed4714

SHA256
e8496787b833aff2a865deefb91d8bd49f1d25ce2e8beac87e1c5d0ee3917566

SHA512
1de8667548c2d06e181b7761ef453a4bb072767e55cfe11d489de65fa6aac08c1a962b5123384989d0d2aa65fff8caa99f8dd03b1b6b2f57c2d390a1b3bd513f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d49507df5f179a15d667762ce0a535b4

SHA1
1d8915105ec269840382170453ba8b67789ddeb0

SHA256
bc84efb79f448f0f80ef87e5178c193c024912a6b53168cf00e2d85fc1243e5b

SHA512
e5aa4f04f790662d2f54553706224d07f118e307722e0196a4d6aa3acaa4fe903e27216d76dac0bbe528ce493dd59396fb93140d53a122bc399e20b3f2347f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580f2e.TMP

Filesize
48B

MD5
8a847866cb7ab288b2c7b9e06d6ec205

SHA1
7d52c23edde5a733d2c4288288152debad5f1d07

SHA256
aee60e0428a4eb0a60e0876cfa1ed4bd55856dfd05d2c59be87dc22d6b2d2c32

SHA512
5cbdbbc13d49a8579ffd1ca6c50d7c17ff257f528367f5bc3d015bcccd3c270015221c30231726ca3194809fac2f566d5f057b709c5b191252e2862de65b5ce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
74d9234c934c83be51897818b648d655

SHA1
be4aa40f75ac7c3997e0be2c435cfc761737a695

SHA256
705b26e83a42730cdffe50e22623f964c642eaf4a7b177f5a2ce62e427bfe9fa

SHA512
9d3bcfddad64505b1897b8cb39a94d01b80aec673c9204318903e0f8be460dfc6ad114a4a08563fd44cb8527f64c7baaee62c8127bf4dc1299eccd922e0439ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
a8ca49a53d99e08531f76e527daafd42

SHA1
a282f0744df936e7d198db66daff4eababb7ce6f

SHA256
4173836e4f19e75d1985f4697fc85154d0c9af806e065b6e9184d0803b723acc

SHA512
0971ad133c18f3d214f9c356dcfcce5bdab9302403a7dfbeadaa15b97b8ffc2f31aa62f29386ed1c94a47440657002ebb68ee0c74cb5ee2c6b153520ff6ff1af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
278afc77e9d95968656e59e0b0156682

SHA1
14cc31f8a3bdfa7eb4e31ee4bb2aa17efcd25b87

SHA256
705ec7d56bd56406aa0b10ce2557d156b71c6941d6943644b3cd1376659c5fb1

SHA512
3fa43e07c882da408187b980d74731429e3f9014fc6cef321a124246e84ccb622731242cecbea12b6bd475b697dd612935ec596c7f023b84e708182c20da1208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
d28e8edfb229bc8853629f56a7691d92

SHA1
aae6c341f081a707cbfb10a42fab0807c8a9b653

SHA256
eb4ff92bc6be2ff00f8ecf6970d5a5ca194e7dbf611d0308b5fda83bc85e041a

SHA512
7373282b77e3ccc19343291bc08b2d25c1a489867d874053153d03f0a97a49f192f880f009eb73a95981279b6e638db5b97ed0b7c72dd7f3eb3c327a39bb159f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6424cdb24d5fef71a951a7076e71a74e

SHA1
b1c43168c444d02c2c4275e24cec5c862d0a177e

SHA256
679ef5813c5fe72a00c6dafec6b3bc39852fa8faad8eb0c094449862d58eab8a

SHA512
61ca94506a610b2ea8bfcf85e05ebd860eda649a629b61bd28dda5d438ae1397d8530b3855de54ad7ac28982a5468b4a7dec422e2504eb265e1269db966211da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b38d4d9f108a09b7f398b98d8f595731

SHA1
0af9da26bd61480fafed7b31eb282a5567633fbd

SHA256
872a98986b34c5442287e6a0737d33885c9e5ec38f641a54a46232620aee0f29

SHA512
e852d6ef8003e97377ccd0c6021ec7f7f94eeba2892007482d279de3d67875a3c3b62f20d782ec990ed03283eb864810e75d20e2b3e7e4c8781a361ab45b64db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
7673328537693ff399614b950393960b

SHA1
c454b60153587d88087253e0cc87a324eb8999f3

SHA256
7122d743ff82dfd61bc80e5708701d5690c5d28c2f6acc6d9bd5a65a49ae08dd

SHA512
3a4b2a597af56f49a40bc66fb1024bbcd98c35df3dbf6af5862fac332413c059febda77a2660a62583b5acf29582f3eba0ddd393c0af5c417731ea9cf10c5154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
9b9e6254bdcba504388976d798adb6a8

SHA1
203e1b51ffbd2522d475fcd7eb7d0ae0595875bd

SHA256
4e187e0c527c146b57ec1e69424edffce60dfc60aa411cda33e1cf026f3f707b

SHA512
95e7c33bd7cd7c3d6b3b61c7cce215b3f0239dc7febbd6dc25b5449929f147c840cb561668512937eb24fcee8e104cb91a46368ab97d6ee2b71e9a5f96e507ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
9f8117562f3fbe1042191ea490c4e676

SHA1
924787be9e8eda97e7074c07a86a047104be3207

SHA256
ec144249427eb2ff3677bc9d3e2f5df6b152168b6d2ffd1398ccceaefc423d6b

SHA512
5a0b5d2767b98f15fd6d1909a3d39ab425f640d5568d4b11648f23cf0eb77b12c00c4a3129dff59b30dfbf3ed56643e83876b7dff21081595846ff362284db4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
09ea49bbb28b2f5826ce93e761d9b7ee

SHA1
19801413ba35be4317daed78edce864725ec23f4

SHA256
fac69588ec8931ab64c46dd7f264ffa83d0663e1066e945c2fef994f92f767ca

SHA512
aea48a25063135b9ef4e99d03a7b88ea0996414c25fa9f1fcf241a64c904f256d51ea3b0411a5a230ac6aa96d3b7516367f1316726983ac57b7714939f8cebfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
f76974e17470107ddff1a697d79fe2b2

SHA1
317fe098979084b3ec618d35a736f81d8627ea96

SHA256
d358fef25362885dcf57010604fb83456414258e2d501bb278db5a54954c7ef6

SHA512
9123ac67d855b91a27e373bc64e8d7a8d12b8957efd50e8ed7eeaa3254641a5ea5546756cc4ab6b07ce917d449fae4c80d2b7f9fa545ec09f84af80889cb85ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
123KB

MD5
ea186c902f2535a1e6a94661c18b8a6a

SHA1
f52a60c50ed789716dc21a5e220d5ef9a042a684

SHA256
32c3a190042c2cc1795466514d30e95708775684dd735a2fa1fbb96258756ebe

SHA512
ab9407b48e115e237e6a1270010518af22f67667b386d732a6c730800c25ee3c81707163a4e1a74d7a23e8cde3ba81ec28e45434d4761007d297b2af3357caaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
9a05fcd121a9174ff22dbbaca2ce5093

SHA1
76fa1b259072b6b836565b63e49a829d778af8b4

SHA256
ca6fd71b0e8066b05e5a1ad6550ad9d9d26d230c59e363c6c374fb241cbe1b2f

SHA512
53dd5159aedec536a782938ba0fbd1dca46eaa1a4be4c937b8b12f18dcca0d378c71eaddfbe7d87572668d4a84a73a68afd0cfa3f6de8c75a037f95d192e651f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
f7f85848a7b521bfbde8a934718fd036

SHA1
979b29d7b7a37907f1847a1bf7d8e5afbf6b6a4c

SHA256
d1b6927198f0f4f7a2d8f9e43075001fb94d09392ea4e45e8db5fe96ad999429

SHA512
54c986c2d97d4611df883f06b77ed1169aa2a61326fe9cd5b35408f5f236ec0995e9060d3b6f4a078b2f92181df9f01004172905441d0c913c6b5e4cd8857bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5882e7.TMP

Filesize
110KB

MD5
fbcc2cf7e788ca8b143b958d3956ecbf

SHA1
6892818f75c0386e607bb0ae5c88b79a3107692b

SHA256
95d76e8106e7a8baed2f7301fa1b996249b8e8c2f9aeca818eb544e3a19b76ba

SHA512
35783e4cddb0467de340de401212d1f4054e12b5ccae6b67c2a7f030f867b59304fdb308e228df78fcdbce6b1a974ca6a501e561db3c76ce8038ed47ba6181e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
80fdaff1cf5a33a47ef0046135d8a43e

SHA1
c853899338c01d9d0f4c38db05677871b6f9f72d

SHA256
ca2c289b38b3b705081c53f6fa124cb492acb8aa92b8d0659e8f1942aed06d20

SHA512
3f5605ede8e3152146a9f470ca23feba95fa7307d88285b8f69e5751b19b9c2cf123a7057ab24061c3bc11a23bbd9efb8625bdb8e1cacb3ef83c2279b761c942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e65ef9df267af7afb08e158863f9a042

SHA1
c4e04776bb771fa3547729284367413dbce7bf9c

SHA256
a2012b73c18c7045d6db74093fcec145a5da9ca99ff8cfa7654c3a39fb10f44f

SHA512
1f0657f118d1d056dfa816c1c302ff4da6baa213196dbb4fa7abc75b5df78b504310bbc6bbff5dcbd9d5002921cb5586d9e684c2e16c2b8bd3c9a4d640e0a37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
690B

MD5
fdfe4d299fa73dc0b8605e18e350a063

SHA1
bb2bec5d1600db0f563c9f9b75c04232a030f732

SHA256
0e398c9c3929833b6ef407d2176075bba076d942593db77ff2ae1b8e64db97da

SHA512
00c2f96e9bf2bc30623181d7d51a4ed9fc7add7663c19babd886aa61545ce3f5be9e9776343ff348cb6b1a2acc67042a177fa22ab93c723a3eaec9f5c7373cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
690B

MD5
f7b2b195d907644661026f77dea0f9bb

SHA1
a6bd768c05f63881bc002237e00f130ba859ce92

SHA256
174df400ad418b00947ae60a570512a42dda0332a5cac5e343fb18b2392fbe5e

SHA512
f2d335047c265a5c79809d0c5509050938acc171fafab64aa4d032e68074a695019fb22e1ec86d1492faffa13882d7dfbcf4b1630de09c73a64c71af2124f2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c61c5c49e94aa777c4e0982107049e2

SHA1
3a411ae88f79b366d61a876f62e690a9cdc7b731

SHA256
2af05cf2e5398cb110b3a02e3aadfaafc9deab7369a58908527e48bc3fbf5f2b

SHA512
7ec3a4a2b813deed430db9372b09d98603b4b15774e50be22b5c2512bbe48860059f07f6cc9fe6fbdbaa35716303ac56e2c1efa18f987a919ce7c248135aba9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d46d7dda6894b8b4d1fe50f2a094196

SHA1
fa34b51be43a945d294e2abeecc6b2c8e83ba3bf

SHA256
f94299c579e3bddee2a1754285da2930d1e55e8ae838c11d6f54c5f78f1386bd

SHA512
e8d53de3543186ea891cf99f7cedb459f5a54750ec21c42e50ffe71aa1b807d7088bc7a9e579b7cd3279300f9f7fd7e15bd6e646cfce3065adffced373755745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d879756f428ada48241ee46083f33931

SHA1
68859b1de6e2473a33347a4944ce147a794c7512

SHA256
254028102229a35da5090194705b276f71d38d36613f7138c63e7fc6940d3967

SHA512
ee1ccd990d27d624a615e1d82dd9449f97507cb58200735c74a6f0ec49d0b9516adde0591941db9561fe32fd139ab5f7d2df146864d4a20eccf9374462865f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e963fd8465b3ca4a3faf94adc4b2db0

SHA1
22a9456edf91238a48c152a657d343ba9c6ec1cb

SHA256
a3a4ec9277ea716a5df1c09632f63a4f47657dd6e34be1d37b5f9e1d974bc47c

SHA512
18270d2eba21120d324232c157f78f04390b9890f162266fbe0cf17250124301edc4eea3c79dfea9bcc80b5cb5bfc37c6630281ef7951cc1f124463ad079a6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
13e2e178425bb7e8a628ee0d0d7e8a25

SHA1
baa998383cc551ec395600e280fd366ade640fa5

SHA256
f183c60ee7a2dca18e6edca8dbfb66a83a209702864c44277ef999d91232a8f1

SHA512
770ec39ba53e42f17ad6fe30dedf4105bf153e6bcc7282c79875d67c12c56c82933d670569831d36fa3b9e78678c6c7661ae8b96aeea84322676d0b1a4112678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
e0d0918e4176ba25e6318d0c401d56e0

SHA1
be122f95f9d31a996b3286527178639bd189a2fd

SHA256
f2bbb8602b68e0f78f3295715c13e4b3c2e4f294c9bbc4e7842b2907621f6964

SHA512
f4db39bfb046040076273e3c15b06f4aa1b497c09c8cf4453b4a8638ddd192f2c057fafea94981f4bde37bd7eb1e5b86506a63c33cde93cd0946cea9b0c0b98e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5edb6a.TMP

Filesize
366B

MD5
f2f3597906997d50ed911e59bff2e0b0

SHA1
c81cb4c52b576f0e617c8e74929cf37b6035b555

SHA256
6ba469545127f04617493fe35714301d36fda47a5faa7a28d3dc08bedccc5a64

SHA512
141ffe897e4445e65cae19bbcd6970eeb884f2b2827c36795f4eb29ad7d0760e4a08f7e2965dc6859c4e8d25cae4adb2dc1f9e816727dc61f30774270941f30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e0e8be3b-0128-4353-917f-091a120bb536.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cbd103c1f8f681da0985bbd76062f68f

SHA1
00a5ac59fef25c9fed13e07945b9a8ef9496fbc7

SHA256
3ea2d7f4f767bc22db9bc1311888d76b937e7dd83c16e5b18f4cf424f560ffb6

SHA512
88a474b9d4002659046bbe5effe024e73335d105f27834144f76d037b9fc8daf46a64353a619c058a7a65e6c933c089ff6d516bfe283327b807f047fb6eae637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb310087337c8f5be8a1ba200d5faa0e

SHA1
02ae3b007b8e55067ad42f53f8c716f59a67b868

SHA256
68fcf3d391bf32e4999d533c55de98e93a6bed7880777281a607ffe0b7011dde

SHA512
26b0cde07ab76e4e44a934e409511b9c053bdef46130e9779742150ff6c6948d3cf0cdf231c1989c28166827947eb2d8a2753a299ef4b6647a8c3554a82466cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d130fd7181ebcb23e9622ecb781990a3

SHA1
f8f750e0966f752b24782fc45a9c87f1440d338d

SHA256
e4cf42e5c674da0b688355a06ccd11ee1573d2b2147ca75233f2a8ad7eee5d26

SHA512
70187b858f7f1ecccad821a29196779bef37446ca4e61c205d341c80c2ee096fb51d73257ca2b0e0da0d3e7f52800120da7c61d2540317177d3cb9e9dfac0d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0ba06eae9c833366d9bc9c4f73b33030

SHA1
6cfd24be6f0f11501058d183f864e12955875a06

SHA256
d34ed9008fe5a2c88750cb9246075144848b72de5a07048ce688bc44e709dda2

SHA512
d1275cf942971cca11de999e264989d22bbfa61c53692d502e83eb032f56295e638388ccdf5e87687345dc88f209645ab0fb331893175ea1c23d37ceb455fa0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.0_(x64)_20240221213557_000_dotnet_runtime_7.0.0_win_x64.msi.log

Filesize
3KB

MD5
44da25fdaeb9aaaac35a1a8acca9d7dc

SHA1
22a1a254b74401c9329e0acb88355e9e7d63787d

SHA256
28795263d47f9c5397a946f40996e9db7d8d6bb07b9f715e09608c08bba3304b

SHA512
197f04fa1d92f055d9ab1e86cc53f416737f388c113cd85e5f9aa795dadfa59ecacf84afe86f845cacb6a5ca415e0a9b927fcf53327b4239a17a1fdcf7cf7034

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.0_(x64)_20240221213557_001_dotnet_hostfxr_7.0.0_win_x64.msi.log

Filesize
15KB

MD5
5f77db95de54ec3f6e30dccea36f9c0e

SHA1
b33d99a18892a6723d2880da3e260681d301a115

SHA256
7c4b4ef9fcb30fcd2b1c63d86b4bd53ab91e138d193ccfb35ca2bdf0b6ba336b

SHA512
b085875d607f65d7445f37f7f6847ef6fbb2876d414a4aca2a6e8cdde3303718cc12b064de9923662297b9c0b1d13f7e17746d1d792d89a254ebff64049600ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.0_(x64)_20240221213557_002_dotnet_host_7.0.0_win_x64.msi.log

Filesize
70KB

MD5
c61894d90215ae083bff53ae1d6cd958

SHA1
68d82d542ece262b84cc69dad4a2fe52aa4d35cb

SHA256
f7289efcac426710cb121897b4ff365992959a5f63a41e0702f3f5486996b45d

SHA512
f231851ec6ce722d0b01a02be87b87aa25803b4334a97a709b39c0173ced2a30e9825a8bec25031bcedbbba978122952c4a6ea1b269f9b768efecfe05e630634

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.0_(x64)_20240221213557_003_windowsdesktop_runtime_7.0.0_win_x64.msi.log

Filesize
4KB

MD5
bb70cdd9c5d926c86d542ce9e47a2339

SHA1
d49eaab4fcbf242aa981cec805be9762aa8d5b1c

SHA256
036b49085726832cd674c2e4e8b8048511349db810b56b82946fb21bd128edd2

SHA512
596cea78ec9ca52107b74b4de274f4c3aa6c3594991e5418a931e84fd53d1d4010407e28184e88e4b2efbb4c298914de5caf9dd70d916172b410c66eb70a44de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
57c097218a31bc6f550a14220ed61e33

SHA1
1bcdd8999b2b1194dbf455d9ab8ce1fbca48582b

SHA256
d111cefbb88c8720d72a9c1d94daf47823340cb26f2d5618051fb327991a6169

SHA512
5544a29e3e91e08b6183f960e9162a2c3da9ffef974be8bcb0e0e1c18be0b9c7e67f64e9521c245bcb4de534fa1dfda9e553a1b2df98c8d4026fa77c6bfabcc1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
c95796750c17573481c6e0417c48a5db

SHA1
859c60448b98e300fe289f82cdec4a2276e607c7

SHA256
b9edc6c8cb8c7da9245e6e2ec82c441bcae580eb2089a219197fdd8046ac526a

SHA512
fe005cfe7f79417edb74d8dae5bb642c0d935609f6ed8a439644521b79067454b4e32b9b904a542b9587ed00e3d6d5e7a13d130cc97b53d36419bbe6bcb7d891

Download Submit
C:\Users\Admin\Downloads\Galaxy Swapper v2.exe

Filesize
4.7MB

MD5
3b342bccddd3b9e2444a643bd42ebc71

SHA1
e9aa3efd4d3f0a135cb5c304e9edd0555f539c1f

SHA256
28102319adcc684a1f3c85fd4953b21b8b0b0433e35a4f01feea01d6379506d5

SHA512
f925db08cab152d841c9601b900b2804d489b254f574c6f0124e4f41d7f26f209c7b103f2606710370a0af89e94aaf421c96aa31bf1ae552146abf0ccdf58d2e

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe

Filesize
5.4MB

MD5
c3b04ec94613caa4166c8115d805b717

SHA1
146aa91fe285c290bc5463faca5e3743fd118816

SHA256
13b100248bd42fcb0a39a3f1964006e2fa49eab232249dc26e7e6f2002e4ce2b

SHA512
564fce5369ca018cb339b511ed640941afc21fe51a40864ab915400b0d2bc41ff4612e6e811729783bfa35ec8aebf43a5c0331445d22c3bfcc19df6d33979c13

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe

Filesize
2.7MB

MD5
35aa0a6fc37397a4d51dcc913f226565

SHA1
4ea8f9a677204fcbbb43a2c5ba9f7bde2a17f67d

SHA256
2b5ae824a0b734b731c4cafc64097316cf033decb40fd117cce87946b44452e7

SHA512
4105a73078173845005c9ba6b75a9f4983901053735abf94e097833ce15f233be17b07443d2e87f09f945001018c8a33968538e7ca4ba32b5d606a0bbd7c14e7

Download Submit
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.0-win-x64.exe

Filesize
2.4MB

MD5
0b3ca512477c6eeb3e3654eb06dc5bcc

SHA1
47b548f59c568e9391de7e9ee4dfdc80587d30b9

SHA256
f028fe2a14014838bc0f3271584a73f88001dd48c9bf3ff0fe815df1d7d5ed54

SHA512
d6b15cccd16517244b25a6d6b9d8974122066e672e59bbf25fc92c0ffb642743de67cb5f8378890048f001168bdae2654262220f36b7c6246f8091831f230326

Download Submit
C:\Windows\Installer\MSI8008.tmp

Filesize
85KB

MD5
7260402976b281b3c62c2af4387eb73e

SHA1
693f78bc61f53988a94a88d52848d8af8f36d8ee

SHA256
6223029eb4efdbb26e7f97fa3e912aa9d06520d634859bc2ce6db8efa7747689

SHA512
0e4de5ae1f21e9090e6f790eef3573631e4920e8accba6f70f12024761d3cff6a1844010079eae844622cab15522695fecd33566b0dfa6425da1ced0f519ce4f

Download Submit
C:\Windows\Installer\MSI8008.tmp

Filesize
64KB

MD5
5e5f30c4244bd6a8bf242437a0b3a0c6

SHA1
58b6f74b1d1ffe0df58e8fbfaae25730d614462a

SHA256
7d79434c03e79123f2ac2a69f78df46e3da53bcc84ac10c43ea8eb9a7278b613

SHA512
a2e41e3def916ccc6f82c6cbf8d50e2cdd0026a168b91d3d383f5620d3bb139b1eec26fee88fa068deeaf404bcdf0897a067328607158b6425af8c01f5cf203e

Download Submit
C:\Windows\Installer\MSIA277.tmp

Filesize
225KB

MD5
d711da8a6487aea301e05003f327879f

SHA1
548d3779ed3ab7309328f174bfb18d7768d27747

SHA256
3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

SHA512
c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

Download Submit
C:\Windows\Installer\MSIA5F2.tmp

Filesize
192KB

MD5
6a89bd3fd5d0607a232e89b533b982c8

SHA1
25ab32e2c8665de44af4047bcc512b2233b45a7e

SHA256
7dbafd10b4aeec7787feccce5e7fb3881199d3f3ca1f6184af446f2f38f69535

SHA512
928a655f93a0026d968fd06a9d93163990bddf38af12a5828ab1127497e8b8878d95ebfd62b6fff828d62a6baacf67047452cc72b6b4208369b9a7bbfb9d4288

Download Submit
C:\Windows\Installer\MSIBE34.tmp

Filesize
14KB

MD5
eb43d90fcc848a65da42af7fca17fe8f

SHA1
f782eb1bc98ed6a3dd3042f8a54b61b84d745d36

SHA256
ea08d44d2a37cdc7eca631bafea0114ce3fbdfb18d46440202aa007d8e2fc552

SHA512
8cf05359d4192cfece2b497162beb330326c6a0598425e5511acd15d831531e42d28cdbd9d1ad76995756e3fe159dbf5f019ae5d8b6d1bbb1e8ae0dc643311ff

Download Submit
C:\Windows\Installer\MSIEB8F.tmp

Filesize
128KB

MD5
98002cf66554383f6755d900d1f503e5

SHA1
2496be56eb0b7ae5d815af81b3e7ecebf81d465e

SHA256
c9368c54d7bc5c5bb7953fe853fde2bae0b48382454aaa53f8dbcb80a909612e

SHA512
cde6f886323ca52b4bff5859264f11461263d61fbeff0f688b695943b975a940ad1764abcf53220520f2f3479ca9cb24d06a408ae36c49bfc074d633aa933e5b

Download Submit
C:\Windows\Installer\MSIEB8F.tmp

Filesize
115KB

MD5
98ba4ccf32051c44ebe337a1f3cb5c2a

SHA1
f5cc2ad5405db1c00d0f81ca03f36f03df36eda0

SHA256
7700d9a9732f746e04e545eac08a50f26e5c4a7a8c62f53ba36b48d25a68edbd

SHA512
4a7f06a4998be77e27ae997b3581c39af68264540e6ee829415fcaeb08408147805b1d0d9dbb07eaa6341385c6e24672efbe16de6243dc62ffbdf29f3f5593ee

Download Submit
C:\Windows\Installer\e587927.msi

Filesize
1.6MB

MD5
5eacacf3864368c04c7ad707aed7f50d

SHA1
d789a5f656f8e722f9daa9f3a5919a612274743b

SHA256
d2057755a33b333f3bf0e35f643d6cf4d7569b4ffef4ff12dd4ba18f3d4cbea3

SHA512
40369f3f4f18d2a7742d13d71819f32154aaae7a9d7b561a75bf8093e83bbe75f3a5ae71afbb56b24ca550edf9b9ffea118f4998c102497a57acd2ff4cd1fb9f

Download Submit
C:\Windows\Installer\e587928.msi

Filesize
704KB

MD5
b06b265416d9f1a0642f58298d64e63f

SHA1
74324fec92a2d4e3a3be7f787a2fa589715a21c2

SHA256
25bd22584882147c2d38800c36d241d6b7e744fc24253c8243f49a33bf77a0c0

SHA512
02a6b43b9c83dbeb49b2bd179ba1ab5273af0f653107bb7c4f033a33f1aae6217d512e45db0a880e5b9ac2f87d64e80b0d1e836d35b267476feac2c1c328b31f

Download Submit
C:\Windows\Installer\e587937.msi

Filesize
1024KB

MD5
64b8abacca31276101ef4cccd3dc30c0

SHA1
162af9cfad82eff61d58024ffa966e30471f82e9

SHA256
b417a490c925ccbf0e39054ef884624b0007e1e13e9f42d276f914e7ef5aaff3

SHA512
5a2741a52f1b1cc387f990c2b92df571c0746941e501b10f1c19dfb422453f3f41ab4476c7926649f3b50c268d4acc88d0296eb4f246c9548b6af013f5b45fc7

Download Submit
C:\Windows\Temp\{0EE3668E-5A20-4FBA-8B49-0703AB96B98C}\.cr\windowsdesktop-runtime-7.0.0-win-x64.exe

Filesize
128KB

MD5
8b891a2612664b5c80cc15974dc46ddd

SHA1
ad6b1661a8b7f7a7584a308e3ef5169fb085cfe0

SHA256
67ef99077e82f0f957db7caaa484b058a1cd1e0d627d601105c76a4586c6aba2

SHA512
daaea7f8a79fe92a2f91d04ea3092924a6ae560504fc179981a12cffd77634cc50609ddb1d44a97debb0543703d7e516664cdf6bc6fb8454fa056914cd00efbb

Download Submit
C:\Windows\Temp\{90BA839E-AF04-4A61-8A77-A15B884E3D09}\.ba\BootstrapperApplicationData.xml

Filesize
7KB

MD5
5f0c54eaad41a1f74f482244af69ae84

SHA1
9f1758ca69721f7866e4c9eb8b5b6e814d706cf0

SHA256
16e15cd2bdec6f6f25cada77b28e9d1c28a7eaead9ba741e323bb552b6da02a8

SHA512
b953f1ef0f73cd6c7f656ac982326d0b7067d21d1105015724a319ecf69f68ff9323a901d7ab1940cca756f82006e3a8ac18152bb8bfaf7e042d20cd0164ae9f

Download Submit
C:\Windows\Temp\{90BA839E-AF04-4A61-8A77-A15B884E3D09}\.ba\thm.xml

Filesize
11KB

MD5
302563a713b142ee41b59e3eeac53a90

SHA1
1340e90cc3c6c5fc19a7feb61d7779f4a4f0fdb5

SHA256
83ca096f7ba2c83fc3b3aeb697b8139a788fa35eb8632943e26bb9fff7c78e63

SHA512
c9d4dfc20802bb542178300d1044bb94b35593b834ab0b50875a32953f890e48da456199128500e2c1fee26eaaf8c2c4fcaffb308b37914215f900cdd5c4cbc8

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\.be\windowsdesktop-runtime-7.0.0-win-x64.exe

Filesize
576KB

MD5
91900e2732317c4e7608c9e047b56cc6

SHA1
788684de7c12ec350d14aa14f1d46044bff3e1a0

SHA256
be0eb4ec7015073d53db8eb4330775f609ceb65a84dbc13872cad77e959a317d

SHA512
c146d8d4b3af2fff0d4d65b93f08a84a1fb459db349961d883d5db010be00fa47ec929f3dcdf09d827eb8f28f46e43f3145be2ab7abf43529288cf1144cc0d6f

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\.be\windowsdesktop-runtime-7.0.0-win-x64.exe

Filesize
610KB

MD5
2f3c0c475e5482f29856b4581cc0aec0

SHA1
0993859b58412d869d3698fe5d71efb401466901

SHA256
21629bb67fc580f38b2a139489e347ba53674b08cf6d16052a832396ed1a1ca4

SHA512
2d6bbbbf7322a04f729edcfc2831e5b78a5f3b89590476f4a439ee5f4e47ff0efeaaaf02a678b0c78824c218d12ed4f83c5f7ba43b61bb6a5395dbba8b31aee9

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\dotnet_host_7.0.0_win_x64.msi

Filesize
512KB

MD5
385a8d863f90cfd7102cdef7422fb3c7

SHA1
4c5efb56e9a2be329b9837c28b3673e080716649

SHA256
9307145a768e5cbe8ebc8d6be85e98571e3b82d118d0d1a7a8fdc521ff243102

SHA512
7be9b52545259e78ad7882521adf831593ae1d0d77b7073dadc502b79914ba2aa631ad0477f797a6a5b6a16db1d11f7557588fab3f7da9fe362a77b61a65e474

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\dotnet_hostfxr_7.0.0_win_x64.msi

Filesize
640KB

MD5
28bc92e1a20b4c03becbf6517dbbeb86

SHA1
65dc90a6a83f2875a4bf7a953a93894c8d4843b8

SHA256
f5860707f1f1029bf279c70a46a5520daf9e59f760b79b126158051da0918154

SHA512
06a028357b9ca0ea21eaf17a58389aa59a86e4533fe0919e43a4df1c230a93d029cdd8609d7d80209978ba97b44d1ff57e30397e476d2dd7a93a153bf3151aed

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\dotnet_runtime_7.0.0_win_x64.msi

Filesize
832KB

MD5
48971105d5304567d7906eed011f8f91

SHA1
a2e90c2e1f29761c01b10a3dc1c8e19bda29f632

SHA256
8ce7f0a834937665f282ef63c44d89c4ecdeae06687a5f8b92dc67c83ad1ccf6

SHA512
ead13cabdcd17c7219883d418f0d9e1e28f1952357663346e1827682fde7038abea0a9744d096e3a2817cafdd78a38c5f1fc251e009ecaa4f9bdc298f451f308

Download Submit
C:\Windows\Temp\{96F65AAD-2334-46FF-84FC-3549C922A993}\windowsdesktop_runtime_7.0.0_win_x64.msi

Filesize
512KB

MD5
c86a03b70c0729dee58f271c393d590c

SHA1
ca19ab62bdde188a2e823d7171d9f361164916d5

SHA256
519df5fc2a39f42efae00c8de3377ac8fefdc4e4a01d52b58b14b50457f106d0

SHA512
19e7579c4abe5396ec519d0df1dbc7edcf5fe0b40d9a28113e71b3cdd5d101b2da8feb1e1c0b2f79d12bd9e3a41418380961f6c0824897e753a1c0237835fd2b

Download Submit
C:\Windows\Temp\{B94F559C-5FD2-4C0C-ABFD-E6D3F991A5C7}\.ba\1033\thm.wxl

Filesize
5KB

MD5
d5070cb3387a0a22b7046ae5ab53f371

SHA1
bc9da146a42bbf9496de059ac576869004702a97

SHA256
81a68046b06e09385be8449373e7ceb9e79f7724c3cf11f0b18a4489a8d4926a

SHA512
8fcf621fb9ce74725c3712e06e5b37b619145078491e828c6069e153359de3bd5486663b1fa6f3bcf1c994d5c556b9964ea1a1355100a634a6c700ef37d381e3

Download Submit