98c1317f6127fc0a8fff2a10598ca9a7c809f5b19bdea6d471c2281e3c56f305

Analysis

max time kernel
171s
max time network
172s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
25/05/2024, 23:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

InGame.html
Size

6KB
MD5

1370c1625a987b24890df62aadf70f60
SHA1

226caa9a0e8d2c66b36de0e982826cdd358ff9c5
SHA256

98c1317f6127fc0a8fff2a10598ca9a7c809f5b19bdea6d471c2281e3c56f305
SHA512

52db677121d00ebe207756158c660f1a8db6402c6ed781347046e384281ea348100379cf10a86343d146054bc709b6f7796d2463e7c20a94a9f1f7a5225f2f9f
SSDEEP

96:ye/q2EumgQ19SW2nG/fndFABqIPTqPFRVHua9q0yTMQr+C2:ym6umV9SW2nWnjIbqPfAa9q0yThr+C2

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

.NET Reactor proctector 63 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x000500000002a559-278.dat	net_reactor
behavioral1/memory/2936-295-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-298-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-299-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-303-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-300-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-302-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-305-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-308-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-310-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-311-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-312-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-309-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-306-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-304-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-307-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-301-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-313-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-315-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-314-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-316-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-318-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-322-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-317-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-321-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-320-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-319-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-324-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-323-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-325-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-326-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-329-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-328-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-327-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-330-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-341-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-340-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-343-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-342-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-347-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-348-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-345-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-344-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-346-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-350-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-349-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-353-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-351-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-352-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-355-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-356-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-354-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-367-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-368-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-357-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-369-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-370-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-374-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-375-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-373-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-376-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-372-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor
behavioral1/memory/2936-371-0x00000279C3140000-0x00000279C3870000-memory.dmp	net_reactor

Executes dropped EXE 1 IoCs

pid	Process
2936	Galaxy Swapper v2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611527019173307"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Galaxy Swapper v2.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
2936	Galaxy Swapper v2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: 33	1908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1908	AUDIODG.EXE
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 1188	3408	chrome.exe	77
PID 3408 wrote to memory of 1188	3408	chrome.exe	77
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 3892	3408	chrome.exe	78
PID 3408 wrote to memory of 4688	3408	chrome.exe	79
PID 3408 wrote to memory of 4688	3408	chrome.exe	79
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80
PID 3408 wrote to memory of 4908	3408	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\InGame.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdecc2ab58,0x7ffdecc2ab68,0x7ffdecc2ab78
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4492 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4848 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3228 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2308 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3120 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4904 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3176 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1808,i,4954363495471276765,18442041251965136304,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Users\Admin\Downloads\Galaxy Swapper v2.exe
  "C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2936

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1544

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x0000000000000480
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d84e07c0ca4b80fecd252d16758126da

SHA1
355bd5482759aa3d36db2a1a6c2be16bbd582157

SHA256
a1673be034dfffbd8f133cdcf34180f01c8455cee52e428d9ba8c01082146cd6

SHA512
133cfeaca0f9cc7fddd9ac2dfe71c4d79e68a8932067719d3d25429e5022bb2bbe64a31ea07e7e787bcda3193a698241c9b309fbf1953b1ecd4530733c8593ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
1024KB

MD5
1de2a1140e43a91f60765595c5727427

SHA1
07bd8455d3d476ed9c5c1d457802c9fe91c6561d

SHA256
7b12efac81dc59df0ec046f82480cef66b12b13c772afb3fb03502fa7045d581

SHA512
e1955f5c9e16011dc88f0cbfd3765e9314988783507bb55c7fd5b48864c0255a45e0086b62f66558f737fc9f8d98c1330665270164ffc10ac63ab244c0780420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
1024KB

MD5
88ae376349a1a947e8d5c0639248cb8d

SHA1
51fea68e0a4b26d93c37d1b58ecf4db157f25172

SHA256
6d047bce433a95b01771aeceebed8838bc310622b558a011885b9412601e3750

SHA512
94d8ac823c623dba15ae1df4ea299e456a0dd9617d52e8735a6a1605b641f44d7b5357e7f24c80986bd5af42547d3e31eb39c8d2613f92886673818b3c154cd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
734KB

MD5
b103889a67c4ba503e2c05a10ae1136c

SHA1
4948072b33a506ae703545eb296b70e080cf495b

SHA256
68275ff0e9b5007ecf6d8ea3a9e16b9e9fb5d0fda7bc2bb99801539a2c81dbca

SHA512
f10acb2e46f657bfb9861f7fe7a8d10722003ade02495b5f44cbde4374cbf415d0b3c854a64898da2c213402861d09e0af31ca3e047ac0607b79d2a968e1f83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
35KB

MD5
eb42fab220ee0bb799e3041f27685f10

SHA1
0e63ed156308a7182805ef5a9f4ad7749a389734

SHA256
6cd59cf0c52de671413de9a306b2fe80087bd59d93dd648b887d7e360656e999

SHA512
018037ebe028fbafe6eb6959116f20811a5d6db379413f057a27979b6fc74cadbdd54be93e967349b90ed808fe9b027f775d38aceb0e3924377a78d09aefbdd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
437bb5f605769fdfac2e00448ed9154b

SHA1
be00ba02605c5bc8a06786db33e796663ac3696f

SHA256
538f2568fdbfacba72a0985db43edb2231f92084008569f53227122bc9362dde

SHA512
c7239c62f0f7e1f792d6f33d117e9410d03b38bc98e0ce854f08a28589f4c7f3edafdbca4b81509e89cc226150aa271481f4ebaa61457d5bec7146989bb86789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6b1db23e84e486ad9b2bcca26abcd102

SHA1
79189e07e230eb0b0ba4ee23a356a41f0afe116f

SHA256
01f7582eb6560a88dab3314d7fc2decbb5298ccd8058c3006247f7ff842dac67

SHA512
d3220d7b555714d8044304bac7928c7a921facd9524621d61458fec40569f8d96bb8a31b93ff84f9fcc99602b8502b794896e2d2906a051a4c62f7ef9d2f1e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
73eb4625a2f2899d6b8f50afaac4f4a5

SHA1
a950c1f04a7321721653545d8ebb8b564452fbb3

SHA256
44ef11e6ab07660e4c9cbd161207b35f1cd1c791a07bec22d493751e1a4c2c4b

SHA512
0ebca7cdb697d6aebe679a1f75fdd8f3a5ba295fe5ff56558a8a797ae524ecb5896ed1ed9acc4b12390c7bf6e553091072673ebf0a449283c727a30d7ccdf2c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09e57e42108d97f7a0c76c3d73c9690b

SHA1
de94a292cc6e0baba40aa31752529107097d7bed

SHA256
15efb19e3b814cac7b748f824bae2f18d93cf0febc6a145075c0d85c9a25b82c

SHA512
0d505ce0698bed44bf1df2deeadb16a26915baa24e2d76effce56d85d0d4878020deb79ece3039dd5445993781e55b9e3c70c41b4542012f493eea7fdfef8cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a95779d86e9c27dfa6fbde8eed85e7b6

SHA1
8306afcf49f2af02d540292c7dbf7dda6357acd6

SHA256
335534a52be47cacfde40bcaacdf3ea20abef1fa719be102ae7ac93b9ce6cab6

SHA512
39e3dfb0f95b04ccae678572c092099994b71d3ba79b6eaa118016f8cfeae1216affa706212b700eeacc7a85be885a76c78aeb23de2b9f9ec49ff2a0bb6ec08c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c7798f9de4837d935bfe2317456292d3

SHA1
0a0b750bf985e1ac4ebcfd18d1c6d5c9288725c1

SHA256
6db692664951871de2cebb9ef81acb1ed23c60e3341f670983f8730c90d28df7

SHA512
8858d5678112624beaea4a4c5d06bc2be2c0dd612ad7605705d7833c31c504dd97cbd230e0a993d990295ec4be69ab199db2903b5be0c7e7a2362ef0e22dbdd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4b84552b5eb43efeae3a2a9614d250f1

SHA1
d183f79b770108629f4ba20c11425387a569db11

SHA256
4ab427e57fdcd22ed64329830f581ee10ccb6fc7c648a928311b885869b7f640

SHA512
b393c17af77d5e53ed0731da5a050356e2baa7a9b0bcb447624767bc26a04271d7fa5190d12ce4969478d2628e52ad511014a67f0a50aaf35d6c4238fd03e65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
00b8dcddf42909d0ecfaf53d8e4a2eb8

SHA1
8c9ccb638db340af28e669ea28d009a9276142b9

SHA256
b0b785da6399fdcfd3f5cdbe17f361ec52cb2515bc626ed7eef9b17da42e1d15

SHA512
12835117a846662bc24d48a524127784c2ea482ddb440a35580321d0b32b50fb659709482f1a00d74df18265af576111ae10d95197f1a5f233033955bac9ea4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
74bdec2737fa39c3a0a298e1cd135924

SHA1
0ab5286d613349b4977b10d414c92926f2b2ee0c

SHA256
6ed4d13461de38ae902ff97af2ef9a29d3e33270ebb1e959de4ce4be394bdbf0

SHA512
b3e225c3cc1c9d9d718d5504172f38506320d8f0b8ee45f74d5815bb72a5acc63e7ae14707fa7c9c6254a680d2595cbca736ae396170d23a7c2c061629a6948a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
afb0dcb15146cda6c6fc243a32ef7d02

SHA1
5c3edd847c6ab01584478a26c7b7de85702486a0

SHA256
b6d8d43e6abc3d11be288196e0853a134b35048e89c32463c982dbc8a42901f5

SHA512
4c868ec973e885ecbd8001fd5b9a7cee8f5f8e7a233c6273156acf431521604dbc854e9d75ef49b54f2fb0aa83f9bc8072815d91d8862460b17a7c264381e7ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
78f66662a96bd69687b63227398fcbd3

SHA1
fd3fbb997cfdaf37b0778c0c05f2a8e5f901bf73

SHA256
3f0958ab46a950c8aadeddc999b095d381d42dd0bebda107e68c39e019fcf822

SHA512
66125741b5bc02f34419768580c2a9d8179cf2cdfb206382a0aedf2dea42b78fa1dfd8ec8f18018754b5944f23b5f5c81fe9531930dffa7ae216192a5e9e09ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cc6c49c1f321f0d717974988980361c2

SHA1
a0f5797d69fb24ee72fefcdc86e3a4686232220b

SHA256
46897bf99bd65bf14a258d21cfd4982d8fc5ae48d39d336ee70d9ab1ad9091f2

SHA512
fa0545014e4a05c0464ca1b25b5f013d6e592c267b3cd41f7555767d7cf2d3d0b8a879baa601b56f80ff36a2b5a20135a89830d9f53c3bcf179aec14695c720c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2ab49fa3c9df39b50a0e332968f237c9

SHA1
1a67d3f7c19e0dd0fa9fabfc04a4558839c60681

SHA256
1b1f576012eb76dbbf3298349e6aeeeb293f4e4afea52129072b049cccc6f9cc

SHA512
1a4d9fa61ee9698e6cd642360ad47cd60bf80e7e4b799c19f115d0526cbbd7c0a421a4ebeb8bca6f024cf10df3d5688e377721dd92749e32427c1f2986075626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8f4cc22af4ac76cedf8d5d9d1d28a86e

SHA1
b44bb8e068d11c9a43bd7283cf29b4c43d35266c

SHA256
ae2d78119a0c3b80cbae1a92fb1c8cf3daec0c315bf93478661ade5626bddd07

SHA512
fb9dc8ec1baf90745c98508cfdea79494212c4c6a980b9961dc1fca53428955d573846499f568843d6daa3739ac11905058c142ff6dcd81df020273ba76bf36c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5dd3e6d5b3794432b52cb1108448b431

SHA1
fb2a131427eff51bf6c34161a59e38e7d43e57c1

SHA256
acb4a9ba237b1f3fedbe547fdab724316b4218cdfd635e59cb395e6130fcc460

SHA512
069fd4828e53362a3a63323b2057121ecfa321ecbdb792d60e7c0758e77b73357f24871a5d66d0985512281e48801d1f768738eac9d01ab0d2630488c4d48e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
cc1cec6fb9f3a93effe174b5accadcb6

SHA1
d3c8c3436ca8b14f648aeaf7af4f06a3fe70224c

SHA256
5307cf8371ca8e7072fc83d33a2485d0812aee550ec4823723acbea0654e8f36

SHA512
53940e678383c2986b4750a16cf4839b0476ee146814f0f011fd3a315fe205b7572365102f4d53509bb979cb81bb9c2ff0ea5cfb22b02e7785f8b372562fc6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b15960ec5486a989e11403ebf043f7e2

SHA1
6004f2967fd49e22c25361c056b055863e266baa

SHA256
f9321f31658c98ae736417b697c9b49329821d3a001f6604818555b1b546469a

SHA512
fad363f9eb02046bc96673fa047c083669ad212f1703bbb9ecfa5ee2a83b3c8a40042227f9b666d95cec8bb3f0e69d68432d5cf85507f8c8c1667f3d6ff528e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
1745945369dbe015ee99587e2c58cb0d

SHA1
de344bddffc750d3d6ab1e1df8da54562d0dd1f3

SHA256
6c6dd840e412b2d34c9c09dea070496e536f632e37ecc93ac7f6a738da99b94c

SHA512
91094778c333c409e1a544dd8e72b1e395091f8ccf5b9186d06968b1dbe7724c12d09ceb6a1e1c456f97507da69708c2cd8f8cbaca3b6c7daba33c62e1525551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
2dfabd52e235cbd5c0a2bbdacdb5e928

SHA1
13116e8fe474d4e2ffc327494a3bc939e39bc12b

SHA256
81d2e34c5a22218eafdd4b1cec1c32769e033dac3fd2e4ef3f5fce33facfddba

SHA512
f74eb5cb0178ca705b77ac9c84fe41272368380e3b521e1b2765fad4420de516e0549134c0f205d1fb20ada59fd937d7e348fe6ef42c9968754922aa2f31fc90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
6a606f976d6796e97d2231e8b12ce50e

SHA1
cc9625238938a36e2e3343b4421a9d10acc07fdf

SHA256
58a135f46711aaf1079997cc3540709ae4b3895d9edde2c313a7c27449261e17

SHA512
1d0f45fc7482a99a2e1da958929ff77f614080a5edd621667a8a1262e435d45c2316fd80ac51994bb74753aa079ea15c5c520c7a8e3cba6d227183417e2612a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
ca041a49f701c2ab05ac3973f20885bd

SHA1
efaeb87837671274d65d6314ed291c4c3c6bc064

SHA256
0c7c342e3b265290e192c91b6b2d50cce61edb0350a4f723f9a8451d0487473a

SHA512
6e1a7b2c22aefa19d9615edf5e03f8a48f21315fab384af5ba0e9b91535b1298830d2b059ed3c746cbd9f61f468fca077aae777d7511b5468dd5e02056d18655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5868c7.TMP

Filesize
82KB

MD5
23e70adcd79d0f58ab409f3a91f6b24c

SHA1
f0acbf02075b50d120184cf9aee9bb473bd68439

SHA256
65e2b192a14b40da53bf0444a96b1de9de7537a54779766dd5088a1a9647ebff

SHA512
e872e4b6108874423b32879cda7c74a7c705ae4f7e9a26839c0d53f60c02bd185cb46b6f13fe39b7ee92e574ae49772a34631331f834703acaa554861f02f2cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2c1f9de273b6af1a2721314a3ba1be2e

SHA1
9e9aa42ab45b949fe0ed6d3552d5e91de5c17444

SHA256
c5203e4ee0cef1e6fdff3d2847514c6dbc3f94aafa0e703111d141666dd99f3c

SHA512
9a623c4d232689fe2dfbfa6056e6ea8638e6c27f647c9452a90b0b6eb4fb6e0fd3afc89ba0349ea0d671433be650ad20cd3b85ec76959cc211eceb213c985e5e

Download Submit
C:\Users\Admin\Downloads\Galaxy Swapper v2.exe

Filesize
10.7MB

MD5
3cf7f11e3da78eeb96c558bee781298d

SHA1
f7adb2a33d3697da995f23cad6351434508bac3d

SHA256
87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf

SHA512
3684763cd3351c324474d5b081fa791ae5eb29b3d8fa22bc5b1e929617d4badcd563ed620eb1ac1f2265c571660d3bae8eb3caf120cb1d276a3b4c9c0f274661

Download Submit
C:\Users\Admin\Downloads\Galaxy Swapper v2.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2936-322-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-342-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-311-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-312-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-309-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-306-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-304-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-307-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-301-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-313-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-315-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-314-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-316-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-318-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-308-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-317-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-321-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-320-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-319-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-324-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-323-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-325-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-326-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-329-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-328-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-327-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-330-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-341-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-340-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-305-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-343-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-310-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-347-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-348-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-345-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-344-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-346-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-350-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-349-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-353-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-351-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-352-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-355-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-356-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-354-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-302-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-367-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-368-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-357-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-369-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-370-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-374-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-375-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-373-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-376-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-372-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-371-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-300-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-303-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-299-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-298-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download
memory/2936-295-0x00000279C3140000-0x00000279C3870000-memory.dmp

Filesize
7.2MB

Download