Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GalacticFever.exe

Overview

General Information

Sample Name:GalacticFever.exe
Analysis ID:677792
MD5:33c8ea1dd93deaaede1f0bd3e0a42063
SHA1:4ed5fcbd7b9daeaa5c0efd0779c2eab2e2961052
SHA256:25430e59e4fe75f23e8f1f5a11b7b104eaa045db2494122383746fbcdb374cdf
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (overwrites its own PE header)
May check the online IP address of the machine
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Searches for user specific document files
Contains long sleeps (>= 3 min)
Drops files with a non-matching file extension (content does not match file extension)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Queries keyboard layouts
Enables security privileges
PE file contains more sections than normal
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64native
  • GalacticFever.exe (PID: 4560 cmdline: "C:\Users\user\Desktop\GalacticFever.exe" MD5: 33C8EA1DD93DEAAEDE1F0BD3E0A42063)
    • GalacticFever.exe (PID: 3484 cmdline: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe MD5: 7E0C6A869431C00542C18DF9C3105672)
      • GalacticFever.exe (PID: 4452 cmdline: "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 7E0C6A869431C00542C18DF9C3105672)
      • explorer.exe (PID: 5012 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
      • cmd.exe (PID: 5348 cmdline: C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • screenCapture_1.3.2.exe (PID: 8180 cmdline: screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" MD5: BEFA2810B15D065C0095292F1DD4734B)
      • cscript.exe (PID: 7004 cmdline: cscript.exe MD5: B8454647EFC71192BF7B1572D18F7BD8)
        • conhost.exe (PID: 5668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • cscript.exe (PID: 3004 cmdline: cscript.exe MD5: B8454647EFC71192BF7B1572D18F7BD8)
        • conhost.exe (PID: 4576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • cscript.exe (PID: 4932 cmdline: cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions" MD5: B8454647EFC71192BF7B1572D18F7BD8)
        • conhost.exe (PID: 2284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • cscript.exe (PID: 5648 cmdline: cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A HKCU\SOFTWARE\Valve\Steam MD5: B8454647EFC71192BF7B1572D18F7BD8)
        • conhost.exe (PID: 3312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • GalacticFever.exe (PID: 7660 cmdline: "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --mojo-platform-channel-handle=2036 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 7E0C6A869431C00542C18DF9C3105672)
      • GalacticFever.exe (PID: 4088 cmdline: "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --app-path="C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=8531136591 --mojo-platform-channel-handle=2320 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1 MD5: 7E0C6A869431C00542C18DF9C3105672)
      • GalacticFever.exe (PID: 548 cmdline: "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 7E0C6A869431C00542C18DF9C3105672)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeUnpacked PE file: 18.2.screenCapture_1.3.2.exe.640000.0.unpack
Source: GalacticFever.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\LICENSE.electron.txtJump to behavior
Source: GalacticFever.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\Desktop\GalacticFever.exeJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\app-64.7zJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\localesJump to behavior

Networking

barindex
May check the online IP address of the machine
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: Joe Sandbox ViewIP Address: 9.9.9.9 9.9.9.9
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: global trafficHTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: ajax.googleapis.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) GalacticFever/1.0.0 Chrome/100.0.4896.143 Electron/18.2.3 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownTCP traffic detected without corresponding DNS query: 216.58.212.170
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/1085
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/1452
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/1512
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/1637
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/1936
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2046
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2152
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2162
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2273
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2517
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2727
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2894
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2970
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/2978
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3027
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3045
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3078
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3153
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3205
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3206
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3243
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3246
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3452
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3498
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3502
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3577
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3584
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3623
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3624
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3625
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3682
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3682allowES3OnFL10_0Allow
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3729
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3965
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3970
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/3997
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4214
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4267
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4324
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4339
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4384
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4405
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4428
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4551
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4633
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4646
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4722
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4722forceRobustResourceInitForce-enable
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/482
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4836
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4889
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4901
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/4937
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5007
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5007disable_anisotropic_filteringDisable
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5055
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5061
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5281
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5371
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5375
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5421
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5430
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5469
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5535
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5577
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5658
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5658GPU.ANGLE.DisplayInitializeMSFrontend
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5750
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5750enableCompressingPipelineCacheInThreadPoolEnable
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/5901
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6041
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6048
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6141
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6248
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6439
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6651
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6692
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6755
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6878
Source: libGLESv2.dll2.1.drString found in binary or memory: http://anglebug.com/6929
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/1094869
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/110263
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/1144207
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/1165751
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/1165751Disable
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/1171371
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/1181068
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/1181193
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/308366
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/403957
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/565179
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/642227
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/642605
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/644669
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/650547
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/672380
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/709351
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/797243
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/809422
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/830046
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/849576
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/883276
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/927470
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/941620
Source: libGLESv2.dll2.1.drString found in binary or memory: http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere
Source: explorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85016232529.00000000109A9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89206288165.000000000DAEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: libGLESv2.dll2.1.drString found in binary or memory: http://issuetracker.google.com/173636783
Source: libGLESv2.dll2.1.drString found in binary or memory: http://issuetracker.google.com/200067929
Source: screenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.a.0/sTy
Source: screenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c.0/ti
Source: screenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.hotosh
Source: screenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adoraw-se
Source: screenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.photo/
Source: GalacticFever.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 0000000F.00000000.84998865324.000000000D9F0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89204191249.000000000D9F0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%
Source: explorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85016232529.00000000109A9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89206288165.000000000DAEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: explorer.exe, 0000000F.00000002.89216649423.00000000109AE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85016232529.00000000109A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/Omniroot2025.crlsJ
Source: explorer.exe, 0000000F.00000002.89216474419.00000000109A9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85016232529.00000000109A9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
Source: explorer.exe, 0000000F.00000000.84966770680.0000000009E80000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.84925733778.0000000003380000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000002.89183924711.000000000AE80000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: explorer.exe, 0000000F.00000002.89191617477.000000000D462000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84981202666.000000000D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.c
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
Source: explorer.exe, 0000000F.00000002.89205592740.000000000DAAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexeP
Source: explorer.exe, 0000000F.00000002.89205592740.000000000DAAF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppgHe
Source: explorer.exe, 0000000F.00000000.84952853422.00000000098A4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89171444518.00000000098A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm32.dll
Source: explorer.exe, 0000000F.00000002.89211998321.0000000010761000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: libGLESv2.dll2.1.drString found in binary or memory: https://anglebug.com/4674
Source: libGLESv2.dll2.1.drString found in binary or memory: https://anglebug.com/4849
Source: libGLESv2.dll2.1.drString found in binary or memory: https://anglebug.com/5140
Source: explorer.exe, 0000000F.00000002.89213023123.00000000108F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85012702447.00000000108F3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000000F.00000002.89213023123.00000000108F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85012702447.00000000108F3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/m
Source: explorer.exe, 0000000F.00000000.85012702447.00000000108F3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84915177879.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000000F.00000000.84925815846.0000000003390000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89153126882.0000000003390000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&o
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84925815846.0000000003390000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89153126882.0000000003390000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000000F.00000002.89175835745.00000000099CC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84958002290.00000000099CC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comj
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svg
Source: libGLESv2.dll2.1.drString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/1042393
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/1046462
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/1060012
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/1091824
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/1137851
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/593024
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/650547
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/655534
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/705865
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/710443
Source: libGLESv2.dll2.1.drString found in binary or memory: https://crbug.com/811661
Source: explorer.exe, 0000000F.00000000.85015836556.0000000010996000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85012702447.00000000108F3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: explorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89206288165.000000000DAEC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.coma
Source: libGLESv2.dll2.1.drString found in binary or memory: https://issuetracker.google.com/161903006
Source: libGLESv2.dll2.1.drString found in binary or memory: https://issuetracker.google.com/166809097
Source: libGLESv2.dll2.1.drString found in binary or memory: https://issuetracker.google.com/184850002
Source: libGLESv2.dll2.1.drString found in binary or memory: https://issuetracker.google.com/187425444
Source: libGLESv2.dll2.1.drString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: explorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89206288165.000000000DAEC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89188863283.000000000D3A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84978229230.000000000D3A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: explorer.exe, 0000000F.00000002.89191617477.000000000D462000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84981202666.000000000D446000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.come;
Source: ja.pak.1.dr, th.pak.1.dr, hr.pak0.1.dr, nl.pak0.1.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: explorer.exe, 0000000F.00000000.84928448687.000000000342A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.cn/shellRESP
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell
Source: explorer.exe, 0000000F.00000002.89211998321.0000000010761000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/h
Source: explorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89206288165.000000000DAEC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89188863283.000000000D3A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84978229230.000000000D3A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: explorer.exe, 0000000F.00000000.84925815846.0000000003390000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89153126882.0000000003390000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84929999186.0000000003484000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/charges-man-snapped-killed-4-then-left-bodies-in-field/ar-AAOGa
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/stunning-image-shows-moon-crater-caused-by-asteroid-impact
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrant
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filmin
Source: explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: dns.quad9.netConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: unknownDNS traffic detected: queries for: ipinfo.io
Source: global trafficHTTP traffic detected: GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1Host: ajax.googleapis.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) GalacticFever/1.0.0 Chrome/100.0.4896.143 Electron/18.2.3 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US
Source: GalacticFever.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\GalacticFever.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeSection loaded: windows.media.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\cscript.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\cscript.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\cscript.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\System32\cscript.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeProcess token adjusted: SecurityJump to behavior
Source: GalacticFever.exe.1.drStatic PE information: Number of sections : 13 > 10
Source: GalacticFever.exe0.1.drStatic PE information: Number of sections : 13 > 10
Source: C:\Users\user\Desktop\GalacticFever.exeFile read: C:\Users\user\Desktop\GalacticFever.exeJump to behavior
Source: GalacticFever.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\GalacticFever.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\GalacticFever.exe "C:\Users\user\Desktop\GalacticFever.exe"
Source: C:\Users\user\Desktop\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png"
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe
Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A HKCU\SOFTWARE\Valve\Steam
Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --mojo-platform-channel-handle=2036 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --app-path="C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=8531136591 --mojo-platform-channel-handle=2320 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\Desktop\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" "Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A HKCU\SOFTWARE\Valve\SteamJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --mojo-platform-channel-handle=2036 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --app-path="C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=8531136591 --mojo-platform-channel-handle=2320 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png"Jump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile created: C:\Users\user\AppData\Roaming\GalacticFeverJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A58.tmpJump to behavior
Source: classification engineClassification label: mal56.troj.spyw.evad.winEXE@28/235@4/6
Source: C:\Users\user\Desktop\GalacticFever.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\97c421700557a331a31041b81ac3b698\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5668:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4576:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1896:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1896:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3312:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4576:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5668:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2284:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2284:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3312:304:WilStaging_02
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" "
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: GalacticFever.exeStatic file information: File size 63310848 > 1048576
Source: GalacticFever.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

barindex
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeUnpacked PE file: 18.2.screenCapture_1.3.2.exe.640000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeCode function: 18_2_00007FF9597A00BD pushad ; iretd 18_2_00007FF9597A00C1
Source: libEGL.dll.1.drStatic PE information: section name: .00cfg
Source: libEGL.dll.1.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.1.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.1.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll.1.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.1.drStatic PE information: section name: _RDATA
Source: GalacticFever.exe.1.drStatic PE information: section name: .00cfg
Source: GalacticFever.exe.1.drStatic PE information: section name: .retplne
Source: GalacticFever.exe.1.drStatic PE information: section name: .rodata
Source: GalacticFever.exe.1.drStatic PE information: section name: CPADinfo
Source: GalacticFever.exe.1.drStatic PE information: section name: _RDATA
Source: GalacticFever.exe.1.drStatic PE information: section name: malloc_h
Source: libEGL.dll0.1.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.1.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.1.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.1.drStatic PE information: section name: _RDATA
Source: libEGL.dll1.1.drStatic PE information: section name: .00cfg
Source: libEGL.dll1.1.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll1.1.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll1.1.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.1.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.1.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.1.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.1.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.1.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.1.drStatic PE information: section name: _RDATA
Source: GalacticFever.exe0.1.drStatic PE information: section name: .00cfg
Source: GalacticFever.exe0.1.drStatic PE information: section name: .retplne
Source: GalacticFever.exe0.1.drStatic PE information: section name: .rodata
Source: GalacticFever.exe0.1.drStatic PE information: section name: CPADinfo
Source: GalacticFever.exe0.1.drStatic PE information: section name: _RDATA
Source: GalacticFever.exe0.1.drStatic PE information: section name: malloc_h
Source: libEGL.dll2.1.drStatic PE information: section name: .00cfg
Source: libEGL.dll2.1.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll2.1.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll2.1.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll0.1.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll0.1.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll0.1.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.1.drStatic PE information: section name: _RDATA
Source: 70141593-64e7-4416-9423-9417705bd356.tmp.node.12.drStatic PE information: section name: _RDATA
Source: 337648c0-e5e8-4a07-8dbc-cc53519a8930.tmp.node.12.drStatic PE information: section name: .didat
Source: 337648c0-e5e8-4a07-8dbc-cc53519a8930.tmp.node.12.drStatic PE information: section name: .00cfg
Source: 337648c0-e5e8-4a07-8dbc-cc53519a8930.tmp.node.12.drStatic PE information: section name: _RDATA
Source: d3dcompiler_47.dll.1.drStatic PE information: 0xF3329C94 [Sat Apr 18 07:26:12 2099 UTC]
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\70141593-64e7-4416-9423-9417705bd356.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\337648c0-e5e8-4a07-8dbc-cc53519a8930.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\GalacticFever.exeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\70141593-64e7-4416-9423-9417705bd356.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\337648c0-e5e8-4a07-8dbc-cc53519a8930.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe TID: 1872Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\GalacticFever.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\00000409Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\wasm FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Roaming\GalacticFever\blob_storage\ff8e9f85-52e9-4401-9d8c-6b285dd1b6c5 FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Roaming\GalacticFever\Cache\Cache_Data FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile Volume queried: C:\Users\user FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\Desktop\GalacticFever.exeJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\app-64.7zJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\localesJump to behavior
Source: explorer.exe, 0000000F.00000000.85015836556.0000000010996000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89216180528.0000000010996000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpe
Source: explorer.exe, 0000000F.00000002.89215650402.000000001096E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85015836556.0000000010996000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89216180528.0000000010996000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85015091271.000000001096E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: libGLESv2.dll2.1.drBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))
Source: libGLESv2.dll2.1.drBinary or memory string: Adreno (TM) 418Adreno (TM) 530Adreno (TM) 540GL_EXT_texture_lod_biasARB_draw_buffersGL_ARB_texture_swizzleGL_EXT_texture_swizzleGL_ARB_shader_bit_encodingGL_ARB_shading_language_packingGL_ARB_explicit_attrib_locationGL_ARB_explicit_uniform_locationGL_ARB_texture_gatherGL_ARB_texture_cube_map_arrayGL_ARB_pixel_buffer_objectGL_EXT_pixel_buffer_objectGL_EXT_draw_buffers2GL_ARB_fragment_shaderGL_ARB_shader_texture_lodGL_ARB_shader_viewport_layer_arrayGL_NV_viewport_array2GL_NV_texture_border_clampGL_ARB_robust_buffer_access_behaviorGL_EXT_framebuffer_sRGBGL_ARB_framebuffer_sRGBGL_ARB_gpu_shader5functions->standard == STANDARD_GL_DESKTOP && isAMDfunctions->standard == STANDARD_GL_DESKTOP && isIntelisIntel && !IsSandyBridge(device) && !IsIvyBridge(device) && !IsHaswell(device)IsApple() && isIntelisIntel && IsApple() && IsSkylake(device) && GetMacOSVersion() < OSVersion(10, 13, 2)isIntel || isAMDIsLinux() && functions->standard == STANDARD_GL_DESKTOP && isAMD(IsApple() && functions->standard == STANDARD_GL_DESKTOP) || (IsLinux() && isAMD)IsApple() && functions->standard == STANDARD_GL_DESKTOP && GetMacOSVersion() < OSVersion(10, 11, 0)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 0)IsApple() && isAMDIsAndroid() && isQualcommfunctions->standard == STANDARD_GL_DESKTOP && isNvidiaIsApple() || isNvidiafunctions->isAtMostGL(gl::Version(4, 1)) || (functions->standard == STANDARD_GL_DESKTOP && isAMD)isAMD || IsAndroid()IsAndroid() || isNvidia(IsAndroid() && isQualcomm) || (isIntel && IsApple())isAMD || isIntelIsNexus5X(vendor, device)IsAndroid() || (IsWindows() && isIntel)(IsWindows() && (isIntel || isAMD)) || (IsLinux() && isNvidia) || IsIOS() || IsAndroid() || IsAndroidEmulator(functions)IsAndroid() || limitMaxTextureSizeIsAndroid() || (IsApple() && (isIntel || isAMD || isNvidia))limitMaxTextureSizeIsApple()IsAndroid() || isAMD || !functions->hasExtension("GL_KHR_robust_buffer_access_behavior")IsApple() && isIntel && GetMacOSVersion() >= OSVersion(10, 12, 4)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 6)IsLinux() || (IsAndroid() && isNvidia) || (IsWindows() && isNvidia) || (IsApple() && functions->standard == STANDARD_GL_ES)IsApple() || (IsLinux() && isAMD)functions->standard == STANDARD_GL_DESKTOP && functions->isAtLeastGL(gl::Version(3, 1)) && !functions->isAtLeastGL(gl::Version(4, 3))features->emulatePrimitiveRestartFixedIndex.enabled && IsApple() && isIntelIsApple() || IsAndroid() || IsWindows()!isIntel && functions->standard == STANDARD_GL_ES && functions->isAtLeastGLES(gl::Version(3, 1)) && functions->hasGLESExtension("GL_EXT_texture_norm16")IsWindows() && isAMDIsLinux() && isAMD && isMesa && mesaVersion < (std::array<int, 3>{19, 3, 5})(IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))IsApple() && functions->standard == STANDARD_GL_ES && !(isAMD
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" "
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --mojo-platform-channel-handle=2036 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --app-path="C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=8531136591 --mojo-platform-channel-handle=2320 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" "Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --mojo-platform-channel-handle=2036 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --app-path="C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=8531136591 --mojo-platform-channel-handle=2320 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" "Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Windows\System32\cscript.exe cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A HKCU\SOFTWARE\Valve\SteamJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --mojo-platform-channel-handle=2036 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --app-path="C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=8531136591 --mojo-platform-channel-handle=2320 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe "C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png"Jump to behavior
Source: explorer.exe, 0000000F.00000000.84921684223.0000000001611000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000002.89150955369.0000000001611000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
Source: explorer.exe, 0000000F.00000000.84984875686.000000000D518000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89194212721.000000000D518000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84921684223.0000000001611000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000000F.00000000.84921684223.0000000001611000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000002.89150955369.0000000001611000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 0000000F.00000000.84921684223.0000000001611000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000002.89150955369.0000000001611000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 0000000F.00000002.89142213500.0000000000DC9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84915177879.0000000000DC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanK
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\utils.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kzpbmws1.default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\epsilon-user\Autofill Data.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\epsilon-user\Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\epsilon-user\Downloads.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\epsilon-user\History.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\epsilon-user\Passwords.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Epsilon-user.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqliteJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kzpbmws1.defaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-releaseJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exeDirectory queried: C:\Users\user\DocumentsJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Command and Scripting Interpreter		1
DLL Side-Loading		12
Process Injection		11
Masquerading		1
OS Credential Dumping		1
Security Software Discovery		Remote Services11
Data from Local System		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Scripting		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
Virtualization/Sandbox Evasion		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)12
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer14
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Scripting		LSA Secrets1
System Network Configuration Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Obfuscated Files or Information		Cached Domain Credentials12
File and Directory Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Software Packing		DCSync23
System Information Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Timestomp		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
DLL Side-Loading		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 677792 Sample: GalacticFever.exe Startdate: 03/08/2022 Architecture: WINDOWS Score: 56 51 ipinfo.io 2->51 53 dns.quad9.net 2->53 55 2 other IPs or domains 2->55 69 May check the online IP address of the machine 2->69 9 GalacticFever.exe 253 2->9         started        signatures3 process4 file5 39 C:\Users\user\...\screenCapture_1.3.2.exe, PE32 9->39 dropped 41 C:\Users\user\AppData\...behaviorgraphalacticFever.exe, PE32+ 9->41 dropped 43 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 9->43 dropped 45 22 other files (none is malicious) 9->45 dropped 12 GalacticFever.exe 51 9->12         started        process6 dnsIp7 63 api.anonfile.com 45.154.253.153, 443, 49804 SVEASE Sweden 12->63 65 ipinfo.io 34.117.59.81, 443, 49803 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 12->65 67 192.168.11.1 unknown unknown 12->67 47 70141593-64e7-4416...17705bd356.tmp.node, PE32+ 12->47 dropped 49 337648c0-e5e8-4a07...53519a8930.tmp.node, PE32+ 12->49 dropped 73 Tries to harvest and steal browser information (history, passwords, etc) 12->73 17 cmd.exe 1 12->17         started        19 GalacticFever.exe 13 12->19         started        22 cscript.exe 1 12->22         started        24 7 other processes 12->24 file8 signatures9 process10 dnsIp11 26 screenCapture_1.3.2.exe 3 17->26         started        29 conhost.exe 17->29         started        57 dns.quad9.net 9.9.9.9, 443, 49809, 49810 QUAD9-AS-1US United States 19->57 59 216.58.212.170, 443, 49813 GOOGLEUS United States 19->59 61 chrome.cloudflare-dns.com 172.64.145.85, 443, 49808, 49811 CLOUDFLARENETUS United States 19->61 31 conhost.exe 22->31         started        33 conhost.exe 24->33         started        35 conhost.exe 24->35         started        37 conhost.exe 24->37         started        process12 signatures13 71 Detected unpacking (overwrites its own PE header) 26->71

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
GalacticFever.exe2%VirustotalBrowse
GalacticFever.exe2%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\d3dcompiler_47.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\ffmpeg.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libEGL.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libGLESv2.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\elevate.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libEGL.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libGLESv2.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libGLESv2.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
chrome.cloudflare-dns.com0%VirustotalBrowse
dns.quad9.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://anglebug.com/46740%VirustotalBrowse
https://anglebug.com/46740%Avira URL Cloudsafe
https://crbug.com/10918240%VirustotalBrowse
https://crbug.com/10918240%Avira URL Cloudsafe
http://anglebug.com/10850%VirustotalBrowse
http://anglebug.com/10850%Avira URL Cloudsafe
http://ns.adobe.hotosh0%Avira URL Cloudsafe
http://anglebug.com/66510%Avira URL Cloudsafe
http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere0%Avira URL Cloudsafe
http://ns.adobe.c.0/ti0%Avira URL Cloudsafe
https://crbug.com/650547call_clear_twiceUsing0%Avira URL Cloudsafe
http://anglebug.com/29700%Avira URL Cloudsafe
http://anglebug.com/30270%Avira URL Cloudsafe
http://anglebug.com/46330%Avira URL Cloudsafe
http://anglebug.com/3246allow_clear_for_robust_resource_initSome0%Avira URL Cloudsafe
http://schemas.microsoft.c0%Avira URL Cloudsafe
http://anglebug.com/29780%Avira URL Cloudsafe
https://deff.nelreports.net/api/report?cat=msn0%Avira URL Cloudsafe
http://crbug.com/8832760%Avira URL Cloudsafe
http://anglebug.com/21620%Avira URL Cloudsafe
http://anglebug.com/54300%Avira URL Cloudsafe
http://crbug.com/11657510%Avira URL Cloudsafe
http://anglebug.com/15120%Avira URL Cloudsafe
http://anglebug.com/49010%Avira URL Cloudsafe
http://anglebug.com/34980%Avira URL Cloudsafe
https://crbug.com/7058650%Avira URL Cloudsafe
http://anglebug.com/20460%Avira URL Cloudsafe
http://crbug.com/1102630%Avira URL Cloudsafe
http://anglebug.com/62480%Avira URL Cloudsafe
https://crbug.com/6505470%Avira URL Cloudsafe
https://crbug.com/10464620%Avira URL Cloudsafe
http://anglebug.com/4722forceRobustResourceInitForce-enable0%Avira URL Cloudsafe
http://anglebug.com/69290%Avira URL Cloudsafe
http://anglebug.com/16370%Avira URL Cloudsafe
http://anglebug.com/27270%Avira URL Cloudsafe
http://anglebug.com/52810%Avira URL Cloudsafe
https://crbug.com/593024select_view_in_geometry_shaderThe0%Avira URL Cloudsafe
https://anglebug.com/48490%Avira URL Cloudsafe
http://anglebug.com/21520%Avira URL Cloudsafe
http://anglebug.com/22730%Avira URL Cloudsafe
http://anglebug.com/54210%Avira URL Cloudsafe
http://anglebug.com/32430%Avira URL Cloudsafe
http://ns.adoraw-se0%Avira URL Cloudsafe
https://crbug.com/5930240%Avira URL Cloudsafe
https://powerpoint.office.come;0%Avira URL Cloudsafe
http://crbug.com/5651790%Avira URL Cloudsafe
http://anglebug.com/68780%Avira URL Cloudsafe
https://crbug.com/11378510%Avira URL Cloudsafe
https://crbug.com/655534use_system_memory_for_constant_buffersCopying0%Avira URL Cloudsafe
http://anglebug.com/43390%Avira URL Cloudsafe
http://anglebug.com/67550%Avira URL Cloudsafe
http://anglebug.com/32460%Avira URL Cloudsafe
http://anglebug.com/42140%Avira URL Cloudsafe
http://crbug.com/9416200%Avira URL Cloudsafe
https://dns.quad9.net/dns-query0%Avira URL Cloudsafe
https://crbug.com/7104430%Avira URL Cloudsafe
http://anglebug.com/5658GPU.ANGLE.DisplayInitializeMSFrontend0%Avira URL Cloudsafe
https://crbug.com/10423930%Avira URL Cloudsafe
http://crbug.com/7093510%Avira URL Cloudsafe
https://crbug.com/10600120%Avira URL Cloudsafe
http://anglebug.com/30780%Avira URL Cloudsafe
http://anglebug.com/53750%Avira URL Cloudsafe
http://crbug.com/11713710%Avira URL Cloudsafe
http://crbug.com/9274700%Avira URL Cloudsafe
http://anglebug.com/53710%Avira URL Cloudsafe
http://anglebug.com/39970%Avira URL Cloudsafe
http://anglebug.com/47220%Avira URL Cloudsafe
http://crbug.com/6426050%Avira URL Cloudsafe
http://anglebug.com/56580%Avira URL Cloudsafe
http://anglebug.com/14520%Avira URL Cloudsafe
http://anglebug.com/55350%Avira URL Cloudsafe
http://anglebug.com/43240%Avira URL Cloudsafe
http://crbug.com/1165751Disable0%Avira URL Cloudsafe
http://anglebug.com/35840%Avira URL Cloudsafe
http://anglebug.com/45510%Avira URL Cloudsafe
http://anglebug.com/66920%Avira URL Cloudsafe
http://ns.photo/0%Avira URL Cloudsafe
http://ns.a.0/sTy0%Avira URL Cloudsafe
http://anglebug.com/35020%Avira URL Cloudsafe
http://anglebug.com/36230%Avira URL Cloudsafe
http://anglebug.com/6041forceInitShaderVariablesForce-enable0%Avira URL Cloudsafe
http://anglebug.com/36250%Avira URL Cloudsafe
http://anglebug.com/36240%Avira URL Cloudsafe
http://anglebug.com/50070%Avira URL Cloudsafe
http://crbug.com/11810680%Avira URL Cloudsafe
http://anglebug.com/28940%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.145.85
truefalseunknown
ipinfo.io
34.117.59.81
truefalse
    		high
    dns.quad9.net
    		9.9.9.9
    		truefalseunknown
    api.anonfile.com
    		45.154.253.153
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://dns.quad9.net/dns-queryfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://anglebug.com/4674libGLESv2.dll2.1.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://crbug.com/1091824libGLESv2.dll2.1.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://anglebug.com/1085libGLESv2.dll2.1.drfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://ns.adobe.hotoshscreenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://anglebug.com/6651libGLESv2.dll2.1.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferTherelibGLESv2.dll2.1.drfalse
      • Avira URL Cloud: safe
      		unknown
      http://ns.adobe.c.0/tiscreenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		low
      https://crbug.com/650547call_clear_twiceUsinglibGLESv2.dll2.1.drfalse
      • Avira URL Cloud: safe
      		unknown
      https://support.google.com/chrome/answer/6098869ja.pak.1.dr, th.pak.1.dr, hr.pak0.1.dr, nl.pak0.1.drfalse
        		high
        http://anglebug.com/2970libGLESv2.dll2.1.drfalse
        • Avira URL Cloud: safe
        		unknown
        https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84925815846.0000000003390000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89153126882.0000000003390000.00000004.00000001.00020000.00000000.sdmpfalse
          		high
          http://anglebug.com/3027libGLESv2.dll2.1.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://anglebug.com/4633libGLESv2.dll2.1.drfalse
          • Avira URL Cloud: safe
          		unknown
          http://anglebug.com/3246allow_clear_for_robust_resource_initSomelibGLESv2.dll2.1.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://chromium.googlesource.com/angle/angle/libGLESv2.dll2.1.drfalse
            		high
            http://schemas.microsoft.cexplorer.exe, 0000000F.00000002.89191617477.000000000D462000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84981202666.000000000D446000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://anglebug.com/2978libGLESv2.dll2.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://deff.nelreports.net/api/report?cat=msnexplorer.exe, 0000000F.00000000.85015836556.0000000010996000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.85012702447.00000000108F3000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://crbug.com/883276libGLESv2.dll2.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://anglebug.com/2162libGLESv2.dll2.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://anglebug.com/5430libGLESv2.dll2.1.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.msn.com/en-us/news/us/texas-gov-abbott-sends-miles-of-cars-along-border-to-deter-migrantexplorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpfalse
              		high
              http://crbug.com/1165751libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/1512libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/4901libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/3498libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://crbug.com/705865libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/2046libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://crbug.com/110263libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/6248libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://crbug.com/650547libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://crbug.com/1046462libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/4722forceRobustResourceInitForce-enablelibGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/6929libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/1637libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/2727libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://anglebug.com/5281libGLESv2.dll2.1.drfalse
              • Avira URL Cloud: safe
              		unknown
              https://assets.msn.com/weathermapdata/1/static/svg/72/MostlySunnyDay.svgexplorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://crbug.com/593024select_view_in_geometry_shaderThelibGLESv2.dll2.1.drfalse
                • Avira URL Cloud: safe
                		unknown
                https://wns.windows.com/hexplorer.exe, 0000000F.00000002.89211998321.0000000010761000.00000004.00000001.00020000.00000000.sdmpfalse
                  		high
                  https://anglebug.com/4849libGLESv2.dll2.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://anglebug.com/2152libGLESv2.dll2.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://anglebug.com/2273libGLESv2.dll2.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://anglebug.com/5421libGLESv2.dll2.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://anglebug.com/3243libGLESv2.dll2.1.drfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://word.office.comexplorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89206288165.000000000DAEC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89188863283.000000000D3A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84978229230.000000000D3A0000.00000004.00000001.00020000.00000000.sdmpfalse
                    		high
                    https://www.msn.com/en-us/tv/celebrity/tarek-el-moussa-tests-positive-for-covid-19-shuts-down-filminexplorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      http://ns.adoraw-sescreenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://crbug.com/593024libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://powerpoint.office.come;explorer.exe, 0000000F.00000002.89191617477.000000000D462000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84981202666.000000000D446000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      http://crbug.com/565179libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://anglebug.com/6878libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://crbug.com/1137851libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://crbug.com/655534use_system_memory_for_constant_buffersCopyinglibGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://anglebug.com/4339libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://anglebug.com/6755libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://anglebug.com/3246libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://anglebug.com/4214libGLESv2.dll2.1.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.msn.com/en-us/news/technology/facebook-oversight-board-reviewing-xcheck-system-for-vips/explorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        http://crbug.com/941620libGLESv2.dll2.1.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://nsis.sf.net/NSIS_ErrorErrorGalacticFever.exefalse
                          		high
                          https://issuetracker.google.com/161903006libGLESv2.dll2.1.drfalse
                            		high
                            https://crbug.com/710443libGLESv2.dll2.1.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://outlook.comexplorer.exe, 0000000F.00000000.85000649541.000000000DA99000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89206288165.000000000DAEC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89188863283.000000000D3A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.84978229230.000000000D3A0000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              http://anglebug.com/5658GPU.ANGLE.DisplayInitializeMSFrontendlibGLESv2.dll2.1.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://crbug.com/1042393libGLESv2.dll2.1.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://crbug.com/709351libGLESv2.dll2.1.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://crbug.com/1060012libGLESv2.dll2.1.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.msn.com/v1/news/Feed/Windows?activityId=5696A836803C42E0B53F7BB2770E5342&timeOut=10000&oexplorer.exe, 0000000F.00000000.84947899900.0000000009790000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89167319487.0000000009796000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                http://anglebug.com/3078libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://anglebug.com/5375libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crbug.com/1171371libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crbug.com/927470libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://anglebug.com/5371libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://anglebug.com/3997libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://anglebug.com/4722libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crbug.com/642605libGLESv2.dll2.1.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://issuetracker.google.com/173636783libGLESv2.dll2.1.drfalse
                                  		high
                                  http://anglebug.com/5658libGLESv2.dll2.1.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://android.notify.windows.com/iOSexplorer.exe, 0000000F.00000002.89211998321.0000000010761000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    http://anglebug.com/1452libGLESv2.dll2.1.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://anglebug.com/5535libGLESv2.dll2.1.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://anglebug.com/4324libGLESv2.dll2.1.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crbug.com/1165751DisablelibGLESv2.dll2.1.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://issuetracker.google.com/187425444libGLESv2.dll2.1.drfalse
                                      		high
                                      https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 0000000F.00000000.84925815846.0000000003390000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.89153126882.0000000003390000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		high
                                        http://anglebug.com/3584libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/4551libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/6692libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://ns.photo/screenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://ns.a.0/sTyscreenCapture_1.3.2.exe, 00000012.00000003.85126462163.0000000001077000.00000004.00000020.00020000.00000000.sdmp, screenCapture_1.3.2.exe, 00000012.00000002.85132929362.0000000001078000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://anglebug.com/3502libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/3623libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/6041forceInitShaderVariablesForce-enablelibGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/3625libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/3624libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/5007libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://crbug.com/1181068libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://anglebug.com/2894libGLESv2.dll2.1.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        9.9.9.9
                                        		dns.quad9.netUnited States
                                        		19281QUAD9-AS-1USfalse
                                        34.117.59.81
                                        		ipinfo.ioUnited States
                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                        45.154.253.153
                                        		api.anonfile.comSweden
                                        		41634SVEASEfalse
                                        172.64.145.85
                                        		chrome.cloudflare-dns.comUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        216.58.212.170
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse

                                        Private

                                        IP
                                        192.168.11.1

                                        General Information

                                        Joe Sandbox Version:35.0.0 Citrine
                                        Analysis ID:677792
                                        Start date and time: 03/08/202202:05:392022-08-03 02:05:39 +02:00
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 18m 22s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:GalacticFever.exe
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                        Run name:Suspected Instruction Hammering
                                        Number of analysed new started processes analysed:38
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal56.troj.spyw.evad.winEXE@28/235@4/6
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HDC Information:
                                        • Successful, ratio: 3.1% (good quality ratio 3.1%)
                                        • Quality average: 90%
                                        • Quality standard deviation: 2%
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 2
                                        • Number of non-executed functions: 0
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Adjust boot time
                                        • Enable AMSI

                                        Warnings

                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, CompPkgSrv.exe, backgroundTaskHost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 20.82.207.122, 51.105.236.244
                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, wdcpalt.microsoft.com, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                        Simulations

                                        Behavior and APIs

                                        No simulations

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        9.9.9.9https://tielearnnot.top:443Get hashmaliciousBrowse
                                          L1ld - Linkvertise Downloader_PE2-ku1.exeGet hashmaliciousBrowse
                                            https://aeindo.co.id/cvt/Get hashmaliciousBrowse
                                              http://dzh.ylfjso.topGet hashmaliciousBrowse
                                                Proforma invoice 702401.urlGet hashmaliciousBrowse
                                                  mdx - Linkvertise Downloader_Ou-Vm51.exeGet hashmaliciousBrowse
                                                    http://info.ysedm.com.cn/Admin/UrlCallbacks/commonLink/u/4053/urlId/69/rcpt/r_bHVjYS5nZXJhY2lAc3VlZHRpcm9sZXJlaW56dWdzZGllbnN0ZS5pdA==/subject/0Get hashmaliciousBrowse
                                                      http://files.ausgamers.com/downloads/1658366602/ShipSimulatorExtremesDemo.exeGet hashmaliciousBrowse
                                                        changiairport_Report_450887232.pdf.htmlGet hashmaliciousBrowse
                                                          https://deshitouch.in/maildoc/overall-plan/Proposal.Bid/insights/on/index.phpGet hashmaliciousBrowse
                                                            RAMCO SPECIALTIES WIRE REMITTANCE.xlsxGet hashmaliciousBrowse
                                                              https://portfolio-lxujpgh.format.com/Get hashmaliciousBrowse
                                                                j_37501116.zipGet hashmaliciousBrowse
                                                                  https://app.box.com/s/vd9i5soq6fwt44m7oakxblduhi79oxmzGet hashmaliciousBrowse
                                                                    Fwd More or less what do you choose this summer.msgGet hashmaliciousBrowse
                                                                      MES_0707.zipGet hashmaliciousBrowse
                                                                        test.htmlGet hashmaliciousBrowse
                                                                          https://krytoninternationalinc-my.sharepoint.com/:f:/g/personal/bnami_kryton_com/EhDLdLgQrLxCn66if43sGLsBf6Ij5ihiOcxREvaqxt_nug?e=jVDghvGet hashmaliciousBrowse
                                                                            financials.exce.htmlGet hashmaliciousBrowse
                                                                              Transaction.zipGet hashmaliciousBrowse
                                                                                34.117.59.81uNtQjX264N.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/ip
                                                                                MnERtZQrQ5.msiGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                Token Grab Link.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                TheOpen_140722.cps.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                Universal Steam Software by Amfi - [Cracked by 03 & iVally].exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/ip
                                                                                EELnfJrdiG.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                fortnite loader .exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                XxOTmNv6Mv.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                VimeWorld.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/102.129.143.92
                                                                                8810671860649139101.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/102.129.143.92
                                                                                build.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/102.129.143.92
                                                                                Factura-62bb20bb96ce8.batGet hashmaliciousBrowse
                                                                                • ifconfig.me/ip
                                                                                551e87.msiGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                Factura-62bc81753cce4.batGet hashmaliciousBrowse
                                                                                • ifconfig.me/ip
                                                                                RQR59GnemD.msiGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                4zUp29xeab.msiGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                iDNC7oXHm9.exeGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                EK8AHBvLxV.msiGet hashmaliciousBrowse
                                                                                • ipinfo.io/json
                                                                                XLBLGSif2Y.exeGet hashmaliciousBrowse
                                                                                • ifconfig.me/
                                                                                R346ltaP9w.rtfGet hashmaliciousBrowse
                                                                                • ifconfig.me/

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                ipinfo.iouNtQjX264N.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                MnERtZQrQ5.msiGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                Token Grab Link.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                e733cbcaee33c4e99d99f2a3b82e2530e10dac7106edf.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                aTlGCwT504.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                a880ebe9be4e9888ac2faa331c390b5d477fc828bf2e6.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                https://connecteam.sharedfileonline.com/78378378378387se7stss78941e789as8a8a78378387se7stss78941e789as8a8a88d66aa78378387se7stss78941e789as8a8a88d66aa678378387se7stss78941e789as8a8a88d66aa678378387se7stss78941e789as8a8a88d678378387se7stss78941e789as8a8a88d66aa66aa6688d66aa687se7stss78941e789as8a8a88d66a78378387se7stss78941e789as8a8a88d66aa678378387se7stss78978378387se7stss78941e789as8a8a88d66aa641e789as8a8a88d66aa6a6/?auth=helpdesk@rsccd.eduGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                bZRL42bYlO.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                5E440E04F382464DB10245C9F730D64D839368EF763BB.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                1FJJsXMkfH.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                7rvEyxAqOc.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                loader.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                https://7chix.app.link/e/yfIBCd7YWrbGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                5UwJ3Z2531.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                B8IaeNLwXU.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                AA79B859945459FD6D1363C35E68C9D2674A78F1FDEE0.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                https://locksmithelpasotexas.com/wp-content/plugins/mqdrxkc/2Factor.html#YnJpYW4ud2lsbGlhbXNAa3JhZnRtYWlkLmNvbQ==&target=_blankGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                TheOpen_140722.cps.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                ZErNFYRzCC.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                513xWPtIbI.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                chrome.cloudflare-dns.comhttps://nhs-sharepoint.simplesite.com/Get hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                https://theproduct-4you.com/us/sgaq/goketogum-onl1?bhu=spkfL6hnkZo2Z5xGxgK1Hn2fuSAE7PhhBjqZs4Get hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                #U043e#U0440#U043a#U043e#U0441#U0442#U0430#U043d#U0432#U0440#U0430#U0431#U043e#U0442#U0435.xlsxGet hashmaliciousBrowse
                                                                                • 104.18.42.171
                                                                                orkostansocialclubfrom09.06.xlsxGet hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                Paid EFT Invoices.xlsxGet hashmaliciousBrowse
                                                                                • 104.18.42.171
                                                                                http://timetogof.at/vento/6523.exeGet hashmaliciousBrowse
                                                                                • 104.18.42.171
                                                                                https://esca4.app.goo.gl/xdBo2PZ5GZufaehJ6Get hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                https://raptorcapr.site/Alarm-Com-Api-DocumentationGet hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                Allegato documento d'ordine.htmlGet hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                badstuff.ps1Get hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                https://quick-adviser.com/how-do-i-turn-off-alt-shortcuts-in-excel/Get hashmaliciousBrowse
                                                                                • 172.64.145.85
                                                                                https://rosywhitecleaningsolution.com/wp-admin/PqMw6fND8Bb1I4VPR10Get hashmaliciousBrowse
                                                                                • 104.18.26.211
                                                                                EncryptedContract__401145_.htmlGet hashmaliciousBrowse
                                                                                • 104.18.26.211

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                QUAD9-AS-1UShttps://tielearnnot.top:443Get hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                L1ld - Linkvertise Downloader_PE2-ku1.exeGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                https://aeindo.co.id/cvt/Get hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                http://dzh.ylfjso.topGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                Proforma invoice 702401.urlGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                mdx - Linkvertise Downloader_Ou-Vm51.exeGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                http://info.ysedm.com.cn/Admin/UrlCallbacks/commonLink/u/4053/urlId/69/rcpt/r_bHVjYS5nZXJhY2lAc3VlZHRpcm9sZXJlaW56dWdzZGllbnN0ZS5pdA==/subject/0Get hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                http://files.ausgamers.com/downloads/1658366602/ShipSimulatorExtremesDemo.exeGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                changiairport_Report_450887232.pdf.htmlGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                https://deshitouch.in/maildoc/overall-plan/Proposal.Bid/insights/on/index.phpGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                RAMCO SPECIALTIES WIRE REMITTANCE.xlsxGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                https://portfolio-lxujpgh.format.com/Get hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                j_37501116.zipGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                https://app.box.com/s/vd9i5soq6fwt44m7oakxblduhi79oxmzGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                Fwd More or less what do you choose this summer.msgGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                MES_0707.zipGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                test.htmlGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                https://krytoninternationalinc-my.sharepoint.com/:f:/g/personal/bnami_kryton_com/EhDLdLgQrLxCn66if43sGLsBf6Ij5ihiOcxREvaqxt_nug?e=jVDghvGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                financials.exce.htmlGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                Transaction.zipGet hashmaliciousBrowse
                                                                                • 9.9.9.9
                                                                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGuNtQjX264N.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                kArTtIpAD6.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                vbc.exeGet hashmaliciousBrowse
                                                                                • 34.117.168.233
                                                                                MnERtZQrQ5.msiGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                Token Grab Link.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                e733cbcaee33c4e99d99f2a3b82e2530e10dac7106edf.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                aTlGCwT504.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                a880ebe9be4e9888ac2faa331c390b5d477fc828bf2e6.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                https://connecteam.sharedfileonline.com/78378378378387se7stss78941e789as8a8a78378387se7stss78941e789as8a8a88d66aa78378387se7stss78941e789as8a8a88d66aa678378387se7stss78941e789as8a8a88d66aa678378387se7stss78941e789as8a8a88d678378387se7stss78941e789as8a8a88d66aa66aa6688d66aa687se7stss78941e789as8a8a88d66a78378387se7stss78941e789as8a8a88d66aa678378387se7stss78978378387se7stss78941e789as8a8a88d66aa641e789as8a8a88d66aa6a6/?auth=helpdesk@rsccd.eduGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                Nm0KQ1zXSJ.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                IMG-20022891.exeGet hashmaliciousBrowse
                                                                                • 34.117.168.233
                                                                                CFCAB36F73560B2D15B6C266FEAAF0195A6E0D18C22AA.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                bZRL42bYlO.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                5E440E04F382464DB10245C9F730D64D839368EF763BB.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                1FJJsXMkfH.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81
                                                                                cx5h0cYGVDGet hashmaliciousBrowse
                                                                                • 34.117.124.240
                                                                                http://hoyko.britishieltsacademy.in/?e=mickael.virag@ampcapital.comGet hashmaliciousBrowse
                                                                                • 34.101.254.68
                                                                                DHL_FAKTURA.vbsGet hashmaliciousBrowse
                                                                                • 34.117.168.233
                                                                                TNT_AWB_AND_INVOICE_06859.exeGet hashmaliciousBrowse
                                                                                • 34.117.168.233
                                                                                7rvEyxAqOc.exeGet hashmaliciousBrowse
                                                                                • 34.117.59.81

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\d3dcompiler_47.dllBloom.7zGet hashmaliciousBrowse
                                                                                  AsanaSetup.exeGet hashmaliciousBrowse
                                                                                    6DNTEUx66h.exeGet hashmaliciousBrowse
                                                                                      SecuriteInfo.com.Trojan.MulDropNET.43.26999.exeGet hashmaliciousBrowse
                                                                                        InstallSlack.exeGet hashmaliciousBrowse
                                                                                          YouTube To Mp4 Converter.exeGet hashmaliciousBrowse
                                                                                            YouTube To Mp4 Converter.exeGet hashmaliciousBrowse
                                                                                              Dante.7z.exeGet hashmaliciousBrowse
                                                                                                winpro.exeGet hashmaliciousBrowse

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\D3DSCache\2dd485342e7e77f1\6F75932F-7DFC-4FB0-B4B8-12DE1AC415DA_VEN_8086&DEV_3E98&SUBSYS_3E98&REV_2.idx

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):65552
                                                                                                  Entropy (8bit):0.020404040356628943
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:JyO//lGlll/l/lXp9ZjXslAyUg0PBYGGJDASilolMltL/mnlQlDNGc3X/fll:bH0NspUg0PBYGAG4k1/oq9NGcnP
                                                                                                  MD5:0E2EBA7CD8D22BBD2A1665EBCE195972
                                                                                                  SHA1:D9C4AF31909307D6F1C8E506BAA784C393348233
                                                                                                  SHA-256:0D86B312B73232CD2B30F372D3AA50D3F731801BEA4C89DF7A1CFA105C1B9ACE
                                                                                                  SHA-512:5BD0E32110E75DF01050B68A32A5510930C23D9F987A99C30F8C8D6B2600D4462AD037B0D40D64D90C798B17F390309372935A2CBB1339CDF047AA0B3C0FC15A
                                                                                                  Malicious:false
                                                                                                  Preview:..........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\D3DSCache\2dd485342e7e77f1\6F75932F-7DFC-4FB0-B4B8-12DE1AC415DA_VEN_8086&DEV_3E98&SUBSYS_3E98&REV_2.lock

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4
                                                                                                  Entropy (8bit):1.5
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:R:R
                                                                                                  MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                  SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                  SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                  SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                  Malicious:false
                                                                                                  Preview:EERF

                                                                                                  C:\Users\user\AppData\Local\D3DSCache\2dd485342e7e77f1\6F75932F-7DFC-4FB0-B4B8-12DE1AC415DA_VEN_8086&DEV_3E98&SUBSYS_3E98&REV_2.val

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):65536
                                                                                                  Entropy (8bit):0.07697026506533586
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:hVQ18qWG1Sxv824iPtkJ7RCi/lBZXt83PDOHhs:wm40v8Y4RfBZXfH
                                                                                                  MD5:FBD7B5B4969C6BBA3FA44FE3A866F904
                                                                                                  SHA1:C7032159AA24948BDEED77A99DFC287D4D6149D7
                                                                                                  SHA-256:3F256254CC8140E1BF33C113C4D9D3F31FAAFF1F662D281E79F406A6CEB86DBD
                                                                                                  SHA-512:E4A613A9F1232EEC1C5B95FED948222A4B8923E52EFA23D310391D7F278F65794AA5CB106EC5212F08CF122972B3036DE1E9EC63F5B1CF5DD52A5569DC7257D9
                                                                                                  Malicious:false
                                                                                                  Preview:....................(....x:no.&A.e.u~+..C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.2.C.i.4.5.p.z.F.G.y.t.v.5.n.z.m.9.8.w.K.C.l.0.q.m.l.s.\.G.a.l.a.c.t.i.c.F.e.v.e.r...e.x.e.............................(...p.DJ!.IL.....Z.:B-.%...................>..I....>..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\D3DSCache\2dd485342e7e77f1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):65552
                                                                                                  Entropy (8bit):0.01264908944072593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:sGOlllllGlll/l/lXp9ZjrPBY0QlWltDTP:ZOllll0dPBY0wWP
                                                                                                  MD5:3DF929493A17300C90F5EBD7A57CE07A
                                                                                                  SHA1:C77C4F2DD9BABDD636951DE599A0C66DFB94A2C1
                                                                                                  SHA-256:96B94A61131E0BAE3E3AFB7B041135681371FDD9EA525294CE2BE8F874219994
                                                                                                  SHA-512:A1BF2DD39F6BFCDA1F327367A88B6EE1A3C7B90745B92311F15A96D533FC34749D3802C45FB391CE48910E4CA9267A5D5F229339DB0FE10C9B85662FFF9AFDA5
                                                                                                  Malicious:false
                                                                                                  Preview:............................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\D3DSCache\2dd485342e7e77f1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4
                                                                                                  Entropy (8bit):1.5
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:R:R
                                                                                                  MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                  SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                  SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                  SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                  Malicious:false
                                                                                                  Preview:EERF

                                                                                                  C:\Users\user\AppData\Local\D3DSCache\2dd485342e7e77f1\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):65536
                                                                                                  Entropy (8bit):0.0321512989561928
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:Q9q0TQXUEZ+lX18XUblMGoXhUSaUvgtr2Hrn:hVQ18qWG1Sxv82L
                                                                                                  MD5:987C2301A706D17AC97E9FA412BE1C38
                                                                                                  SHA1:24D0C928F5BF60081DD0B2AA0C4ED27A7D9A47F2
                                                                                                  SHA-256:E0929CDFB15BF7B38F038F5369D1BE8139F7AF357C16E34EB779E6EBE0B79B2F
                                                                                                  SHA-512:16A7241565AB313EB7B592A00909B98DC8D2FE3F45F290B7033A99BFD419B1ED770FC021AD116711AA5145713B93350BA361A5C62C5DC20C222092CEF3B2153E
                                                                                                  Malicious:false
                                                                                                  Preview:....................(....x:no.&A.e.u~+..C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.2.C.i.4.5.p.z.F.G.y.t.v.5.n.z.m.9.8.w.K.C.l.0.q.m.l.s.\.G.a.l.a.c.t.i.c.F.e.v.e.r...e.x.e.............................(...p.DJ!.IL.....Zm.F............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\screenCapture_1.3.2.exe.log

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):862
                                                                                                  Entropy (8bit):5.401006467949104
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:ML9E4K81qE4GkVLCKDE4KGKY3RKh6+84xpKT:MxHK81qHG6LCYHKGro6+vxpKT
                                                                                                  MD5:367DA10772C194B1CD8C945C3F47B33B
                                                                                                  SHA1:6C35D9731E6360BC94B18EED136880BED4E6C5E2
                                                                                                  SHA-256:8F2BDAC06E17B49FA3947017FCB1D13851D8E4FA9FB31C809D2325741586021B
                                                                                                  SHA-512:B1C7CCA7668451AA4D558DC6C9B7D8E265211B53FD4F2B497286E600BA2E87852D332D6A581BBB2CC4AD08312459809CE7533F38D4CE10FA0EFB816F154D99E9
                                                                                                  Malicious:false
                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\372e9962a41f186f070f1cb9f93273ee\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\d4da288bf6ac86ce3921b8db5eaed5be\System.Drawing.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\dbf675a2e7564fd29ec8b82b29a1a2fe\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\f24e5957e76c321b255fa6be3b893582\Microsoft.VisualBasic.ni.dll",0..

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):146870272
                                                                                                  Entropy (8bit):6.718372413676001
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1572864:KFPFqg/QDqnOeMvLq82U/pmmKKmB7Bg2N:MQfhbbmBL
                                                                                                  MD5:7E0C6A869431C00542C18DF9C3105672
                                                                                                  SHA1:D9496CD15957A5292A8A36A5F3402379CA5204F4
                                                                                                  SHA-256:C2F0D1054307CE07531ECE51CA02EC2247F546B64A09265E8E02CAA6A0C5B5AA
                                                                                                  SHA-512:22678E7ED3CD15FDA6E41CD6DE38E20C686FBFA1603B13C4E2E1846AB4CCF2B2931C079973437C8FEB143634D3DE2396FD92A509FA27335488229E20D22FCF29
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b..........".......... .......#.........@..........................................`...........................................c.jC..r.f.h..............q:..........p.......VZ.....................`QZ.(...P...0...........8.f.X...HGc.`....................text...H........................... ..`.rdata....M.......M.................@..@.data....HB...j......dj.............@....pdata...q:.....r:..Vr.............@..@.00cfg..(....P.....................@..@.retplne`....`..........................rodata......p..................... ..`.tls....a..........................@...CPADinfo8..........................@..._RDATA.............................@..@malloc_h........................... ..`.rsrc.............................@..@.reloc.......p......................@..B................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\LICENSE.electron.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1096
                                                                                                  Entropy (8bit):5.13006727705212
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                  MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                  SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                  SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                  SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                  Malicious:false
                                                                                                  Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\LICENSES.chromium.html

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5557692
                                                                                                  Entropy (8bit):4.82586139211392
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:FetnJnVncnJnknE9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX04nNWQFna:WbXZ5IoWSL9bcwVR8mf+/cHBBaRp1
                                                                                                  MD5:DFA12F4EDCCB902D7D3B07FAE219F176
                                                                                                  SHA1:C2073440A5ADD265B4143DE05E6864FED2C3B840
                                                                                                  SHA-256:501F0B7EBF0BE7ED8702D317332A0F8820AF837C0A2A1D7645BA04352270E2B8
                                                                                                  SHA-512:EEE3A8E0EEAE139DDD9369D0869C29C91007BF6C5B0D7982918D5A013214A9E80B9233E7C1CCB43124152F684F0B782831B0A6B3D126558261DD161230004E50
                                                                                                  Malicious:false
                                                                                                  Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\chrome_100_percent.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):148598
                                                                                                  Entropy (8bit):7.923683311160288
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:GtsKzwI/bp2N3/nXCWZQCPxBVO2o418Gb0+VRLf0ld0GY3cQ3F2DExm/KLQ2I:GuKzwI/kNPyCtoK18Gb0OV8ld0GecQ3s
                                                                                                  MD5:237CA1BE894F5E09FD1CCB934229C33B
                                                                                                  SHA1:F0DFCF6DB1481315054EFB690DF282FFE53E9FA1
                                                                                                  SHA-256:F14362449E2A7C940C095EDA9C41AAD5F1E0B1A1B21D1DC911558291C0C36DD2
                                                                                                  SHA-512:1E52782DB4A397E27CE92412192E4DE6D7398EFFAF8C7ACABC9C06A317C2F69EE5C35DA1070EB94020ED89779344B957EDB6B40F871B8A15F969EF787FBB2BCA
                                                                                                  Malicious:false
                                                                                                  Preview:..................#.Z...:......k.....k.....k ....k.....k=....k.....k.....k.....l.....l.....l;....l."...l2....l.9...l.;...l.<...l.>...l'?...l.H...l.P...l.R...l{S..NziT..Oz.U..PzJW..Qz2Z..Rz+]..Sz^`..Tzod..Uz9h..Vz.k...z.o...z.p...zmr...z.s...z.t...zWu...z.u...zA....z......p.....s.....................................................=...........{.....9............"....1,....Q/.....7.....;....-E....eO.....S....3U.....]....|f....dg.....h.....j.....m.....n.....q.....s....Wu.....w.....y....2z.....{....D}................;..............................................l....N........H.............|....K....0...."...................B....0.......................Y........................o....6..............{....4....F....".........f..........L........t....>.......................:.......................:.....q.....g.....\.....T".....'....z'.....'....'(.....(.....).....*.....+....Z+.....+....+...=,...Q2...;6....6...;7....7...H8....8...a9....9

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\chrome_200_percent.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):219575
                                                                                                  Entropy (8bit):7.950067097420845
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:qDQYaRyd+9bNNPyCt9gx5GMRejnbdZnVE6Yopym74:vf53PV6edhVELo374
                                                                                                  MD5:7059AF03603F93898F66981FEB737064
                                                                                                  SHA1:668E41A728D2295A455E5E0F0A8D2FEE1781C538
                                                                                                  SHA-256:04D699CFC36565FA9C06206BA1C0C51474612C8FE481C6FD1807197DC70661E6
                                                                                                  SHA-512:435329D58B56607A2097D82644BE932C60727BE4AE95BC2BCF10B747B7658918073319DFA1386B514D84090304A95FCF19D56827C4B196E4D348745565441544
                                                                                                  Malicious:false
                                                                                                  Preview:..................#.[...:......k.....k.....ky....k>....k|....kw....k5&...kq+...l.....l.5...l.:...l.B...l.X...l\o...l.q...lBs...l.v...l<w...l.....l....l.....l...Nz....Oz...Pz....Qz....Rz....SzS...Tzp...UzF...Vz.....z.....z.....z.....z.....z.....z|....z.....zf....z.'.....*....3/....u8....~:.....=.....B.....N.....O.....X.....^....id.....i.....p.....r....#w.....{...............4.....%................\................\...../.....O.....\.....q.................q.................o.....m.....Z.....{.....l.............................d..........=....>....C....H....I....K....L...%N....N...OP....Q...BS....T....V....Y....]....b....j....r....s...Du....v....w...^y....z...}~...._.........y........8....W.............E.......................H...............U..............6.....Z.....{.....o.....e...................................I............(.....8.....9....l9.....9....y:.....;.....<.....<....==.....=....=...D>...dD...ZH....H...rI....J....J

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\d3dcompiler_47.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4524696
                                                                                                  Entropy (8bit):6.367051782021837
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
                                                                                                  MD5:7641E39B7DA4077084D2AFE7C31032E0
                                                                                                  SHA1:2256644F69435FF2FEE76DEB04D918083960D1EB
                                                                                                  SHA-256:44422E6936DC72B7AC5ED16BB8BCAE164B7554513E52EFB66A3E942CEC328A47
                                                                                                  SHA-512:8010E1CB17FA18BBF72D8344E1D63DED7CEF7BE6E7C13434FA6D8E22CE1D58A4D426959BDCB031502D4B145E29CB111AF929FCBC66001111FBC6D7A19E8800A5
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: Bloom.7z, Detection: malicious, Browse
                                                                                                  • Filename: AsanaSetup.exe, Detection: malicious, Browse
                                                                                                  • Filename: 6DNTEUx66h.exe, Detection: malicious, Browse
                                                                                                  • Filename: SecuriteInfo.com.Trojan.MulDropNET.43.26999.exe, Detection: malicious, Browse
                                                                                                  • Filename: InstallSlack.exe, Detection: malicious, Browse
                                                                                                  • Filename: YouTube To Mp4 Converter.exe, Detection: malicious, Browse
                                                                                                  • Filename: YouTube To Mp4 Converter.exe, Detection: malicious, Browse
                                                                                                  • Filename: Dante.7z.exe, Detection: malicious, Browse
                                                                                                  • Filename: winpro.exe, Detection: malicious, Browse
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S........................................a.............................................................................Rich....................PE..d.....2..........." ......3.........0.&.......................................E.....VTE...`A..........................................A.x.....A...... E.@.....B..!....D.."...0E....P.>.T....................{7.(...pz7..............{7..............................text...D.3.......3................. ..`.rdata........3.......3.............@..@.data....#....A.......A.............@....pdata...!....B.."...>B.............@..@.rsrc...@.... E......`D.............@..@.reloc......0E......fD.............@..B................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\ffmpeg.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2714112
                                                                                                  Entropy (8bit):6.6777628855193685
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:tJTlgrbjpHr7KxPTiqdU9YRDQ2K7Fz68ZxxJ0JoC3MCfuTEM+:bOx39YRikMiu4
                                                                                                  MD5:21647425561F9DFA567139D2C505F585
                                                                                                  SHA1:EFD5B3D6A21886C6467D28C73D20BE0ACB4591E9
                                                                                                  SHA-256:B827172262CEA032BE8303AAE69A947A8D867006269BB8B2BC7E77619333C1B6
                                                                                                  SHA-512:C5316A6B2D77CF2C2949698F9CBA92FE1EC57B2AC82D55FBBEFFE71B4834EC06E83728A176F5089C91CC9544DEDA0667F39338F1E9D1A37DB69BD8BAD4AF915A
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....(!..>................................................?...........`A........................................X.'.....r.'.(............p>..............P?../....'.......................'.(...`e!.0.............'.0............................text....'!......(!................. ..`.rdata...9...@!..:...,!.............@..@.data.........(.."...f(.............@....pdata.......p>.......(.............@..@.00cfg..(.... ?......4).............@..@.tls.........0?......6).............@..._RDATA.......@?......8).............@..@.reloc.../...P?..0...:).............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\icudtl.dat

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10284336
                                                                                                  Entropy (8bit):6.285840716785654
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:196608:KWzwSv9AAQlCy4liXUxCGZHa93Whlw6Zi88EIb:KnKlQlz4liXUxCGZHa93Whlw6Zf8EIb
                                                                                                  MD5:D866D68E4A3EAE8CDBFD5FC7A9967D20
                                                                                                  SHA1:42A5033597E4BE36CCFA16D19890049BA0E25A56
                                                                                                  SHA-256:C61704CC9CF5797BF32301A2B3312158AF3FE86EADC913D937031CF594760C2D
                                                                                                  SHA-512:4CC04E708B9C3D854147B097E44FF795F956B8A714AB61DDD5434119ADE768EB4DA4B28938A9477E4CB0D63106CCE09FD1EC86F33AF1C864F4EA599F8D999B97
                                                                                                  Malicious:false
                                                                                                  Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .0....A..p....A.......A..`....A.......A.......A..P....A.. &...B..p&...B...&.. B...n..4B...n..GB...o..ZB.. p..mB...p...B..0r...B...r...B...r...B..Ps...B...t...B..`u...B...v...C..Pw...C...w..+C...y..>C...y..QC...{..dC..p}..wC...}...C.......C..p....C..P....C.......C.. ....C.......C.......D.. ..."D.....5D..0...FD......ZD.....jD.. ...}D.......D.......D.......D..`....D.......D.......D..P....E.......E...../E..P...BE......YE......iE..p...|E.......E.......E..`....E.......E.......E...2...F....&..F..`.&.6F....&.MF....&.gF..@.&.~F....&..F..p.&..F.. .&..F..P.&..F..pY(..F...%)..G....).7G....).YG...K*.yG...*..G..0.+..G.. .+..G....+..G..`.+..H....+..H...e+.6H....+.TH..`.-.mH....-..H....-..H....-..H..`.-..H....-..H..P....H.......I.......I..@...-I...I..@I...J..SI..`J..fI...J..yI...K...I..`K...I...K...I...M...I...p...I...q...I..`....J.......J......4J...$/.IJ..

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libEGL.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):447488
                                                                                                  Entropy (8bit):6.309802860311442
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:CMgpxyZ5V8fTykwI08pCYixK53Ypm8I/yaNrm44tnePe/FkUCd:C1pxy+TyRd80YYDIn4NQvU
                                                                                                  MD5:91F11A9181583F75E2B29FCD9050C7F5
                                                                                                  SHA1:FD90ABC3048F3347435DFBD1075B8051AC6FFABC
                                                                                                  SHA-256:43A549FF51CE4EE20074999527B19FBF280A8CAA7DB0BDE957704033B6F5B330
                                                                                                  SHA-512:925AC2A87E436219E22A924F615669CB166E8183D6E4DD0F00ED68C16FAA3FFA10AB410106A7F81320F10205415BFF9D10976F1DC0BB695B9293B80101E4CE8A
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." ................0........................................`............`A............................................a...I...(....@..x........=...........P..................................(.......0...........X................................text............................... ..`.rdata..D...........................@..@.data...|L....... ...\..............@....pdata...=.......>...|..............@..@.00cfg..(...........................@..@.tls....!.... ......................@..._RDATA.......0......................@..@.rsrc...x....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\libGLESv2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7040512
                                                                                                  Entropy (8bit):6.411129914957704
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:UYwyKtMlbopeVIFTp22asNOy4vvzlqaip5QAW3JsGVi2W2/pU/vIx4LwlcwsSV/r:seVIFN2pnypWPFQq0yTdhVOrH7O5pm
                                                                                                  MD5:16DEB84C2DD1D55ED938A112B6CE92D4
                                                                                                  SHA1:15ED353F418030E2A3D94C2C77D45605EA9CB3C2
                                                                                                  SHA-256:B49922F98946952E96C03C468A4812E0B1E7A090F4E1F96489F48ACC07EBA1F8
                                                                                                  SHA-512:BB9EA90E01AC7E633D3E27054206C6070B352CCE196B7B70B989AF2B718DEC3506D3AAF62E3074FDC93E7E23839ED15CCB8A508305170E7BA38920CA21F4047B
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....VQ...........F......................................Pl...........`A..........................................b. ...-.c.d....Pk.......i.,............`k......jb......................ib.(... .Q.0........... .c.....0.b.@....................text...UUQ......VQ................. ..`.rdata..|....pQ......ZQ.............@..@.data........pd......Vd.............@....pdata..,.....i......`h.............@..@.00cfg..(.... k......rj.............@..@.tls....1....0k......tj.............@..._RDATA.......@k......vj.............@..@.rsrc........Pk......xj.............@..@.reloc.......`k......~j.............@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\am.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):192492
                                                                                                  Entropy (8bit):5.056947701287817
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:wPa9g6JOjV/E92t7Rq4rgEkDvuh7gb8oeyHXkiqpVGMqyZJjhEb2WAbTMb0kew9C:wu0gSZtutQPOx30jH8+D
                                                                                                  MD5:C0490D3C4FF1EE8614225043654AAF0C
                                                                                                  SHA1:B044484CED372B5817285B67EBA59F0AF40CB639
                                                                                                  SHA-256:E98F3437F6D451FB9FEC33473ABC9F07ABF0794CD45D02AE1DE48CCB9FC5C8B6
                                                                                                  SHA-512:3D66B9A2AA4B08B19C635D350342A162879042E926FA41E059E3C62FC68BDD73A91D6A9A41E409EEEE7338DAF0A931F178E9D151B4B9EE9EF6545F8957CCEFB4
                                                                                                  Malicious:false
                                                                                                  Preview:..........6.j.`F..k.oF..l.zF..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..G..}..G.....G.....G....'G..../G....7G....>G....EG....LG....MG....NG....zG.....G.....G.....G.....G.....G.....H.....H.....H....8H....jH.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I....%I....<I....HI....UI.....I.....I..*..I..+..I..,..I../..J..0."J..1.~J..2..J..3..J..4..J..5..K..6.|K..7..K..>..K..?..K..N..L..g..L..i..L..j..L..k..L..l.$L...])L...]}L...].L...].M...].M...].M...].M...].N...]hN...]~N...]FP...]hP...]qP...]zP...^.P...^.P...^.P...^"Q...^.Q...^>R...^GR...^.R...^.R...^.R...^.R...^.S...^@S...^_S...^.S...^.S...^.T..%^.T..&^)T..'^BT..)^.T..*^.T..+^.U..,^&U..-^8U...^dU../^.U..0^{V..2^,W..3^FW..4^.W..5^.W..8^.W..9^.X..:^.Y..;^.Y..<^.Y..>^gZ..?^%[..@^.\..A^.\..B^H\..C^|\..D^.^..E^._..F^.`..G^.a..I^Ha..K^Qa..L^pa..M^.a..N^.a..O^.a..T^nb..U^.b..V^fc..W^.c..X^.c..Y^.c..Z^id..[^.d..\^We..]^.e..b^Lf..d^[f..e^af..f^jf..g^.f..h^.f..i^.f..j^.f..k^.g..l^.g..o^8g..p^gg..q^.g..r^.h..s^6h

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ar.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):198772
                                                                                                  Entropy (8bit):5.130198020742576
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:eVsHgKH2KNRpqhXdJcFxu3PzGF+hF2MMCS2xHMuZtE9P6NsV0ejKK1U/e1asMgSf:eVsHg+NRu3PzjiHMgSENnuI1LCx3
                                                                                                  MD5:9B610C0107724603B19893C4CCC551A0
                                                                                                  SHA1:37D987196C640861B336628D67E22EF283115E7D
                                                                                                  SHA-256:F9D96AF7D5EF9E0B4F4EF133A98A64B4398C7AEF04E20688B523E6EA27C61F15
                                                                                                  SHA-512:E99C07E474278990027E560D0F0464ED0D59C485226B56C8318470C41B5976602B1D52659996EBEECECC3D59927577202AB6312E07F40F71EB39972AE5296BC6
                                                                                                  Malicious:false
                                                                                                  Preview:..........>.j.PF..k._F..l.jF..n.rF..o.wF..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..G.....G.....G.....G.....G....'G.....G....5G....<G....>G....~G.....G.....G.....G.....H.... H....$H.....H....NH....nH.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I.....I....'I..../I....BI.....I.....I..*..I..+..I..,..I../..I..0..I..1.8J..2.MJ..3.fJ..4..J..5..J..6..K..7.<K..>.mK..?.xK..N..K..g..K..i..K..j..K..k..K..l..K...].K...].L...]6L...]9M...]AM...].M...].M...].M...] N...]@N...]/R...]SR...][R...]lR...^.R...^.R...^.R...^.S...^.S...^/T...^3T...^hT...^}T...^.T...^.T...^.T...^.U...^.U...^uU...^.U...^.U..%^.U..&^.U..'^.U..)^TV..*^.V..+^.V..-^.V...^.V../^.W..0^.W..1^bX..2^.Y..3^8Y..4^jY..5^.Y..8^.Y..9^dZ..:^c[..;^y[..<^.[..>^.[..?^.\..@^.]..A^'^..B^L^..C^.^..D^.b..E^zd..F^.f..G^.f..I^.f..K^.f..L^.f..M^.f..N^.g..O^dg..T^.h..U^Qh..V^.h..W^.i..X^/i..Y^.i..Z^,j..[^.j..\^'k..]^wk..b^.l..c^.l..d^.l..e^.l..f^.l..g^.l..h^.l..i^.m..j^.m..k^8m..l^hm..o^.m..p^.n..q^+n..r^.n..s^.n..t^.o

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\bg.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):214333
                                                                                                  Entropy (8bit):4.866044052884893
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:tuOXNa4V175RToR0NZzrmLy8AOWa2ReKsUVT:Z9a4V175RTk0CLy8AOWa2Rek
                                                                                                  MD5:7F3FE009D84DDDF6A509AE33D95A7E7B
                                                                                                  SHA1:667D804C714FEAB9D104DB211A981357B2B8124F
                                                                                                  SHA-256:58BEC94801D09157C852CFBC3CCD9916FAFD1947FDC61C1453456BCE5B054C4E
                                                                                                  SHA-512:92151D7589682C7078D9F9915EB6D14D350A13A126A000E4DA29228649926282CAF03CD996E68704F9E5DD0FAF11750F7C4EE105E1655F9BECBE0E267F7FC614
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.'G..y.-G..z.<G..|.BG..}.TG....\G....aG....iG....qG....yG.....G.....G.....G.....G.....G.....G.....G.....H....4H....YH....[H...._H....kH....~H.....H.....H.....H....&I....WI....^I....aI....bI....vI.....I.....I.....I.....I.....I.....I.....J....cJ.....J..*..J..+..J..,..J../..K..0.&K..1..K..2..K..3..K..4..L..5.@L..6..L..7..L..>..M..?..M..N.>M..g.LM..i.OM..j.SM..k.ZM..l.hM...]mM...].M...].M...].O...]+O...]rO...].O...].O...]%P...]OP...].Q...].Q...].R...].R...^;R...^MR...^.R...^.R...^9T...^.T...^.T...^.T...^.U...^WU...^xU...^.U...^.U...^)V...^AV...^gV..%^yV..&^.V..'^.V..)^IW..*^.W..+^.W..,^.W..-^.W...^#X../^uX..0^QY..1^.Z..2^.Z..3^.Z..4^.[..5^X[..8^.[..9^t\..:^.]..;^.]..<^.]..>^X^..?^5_..@^._..A^._..B^.`..C^B`..D^.b..E^.b..F^yc..G^.c..I^#d..K^-d..L^Od..M^ad..N^.d..O^.d..T^~e..U^.e..V^.f..W^.f..X^.f..Y^Rg..Z^.h..[^.h..\^#i..]^.i..b^.j..d^.j..e^.j..f^.j..g^.k..h^.k..i^dk..j^ek..k^.k..l^.k..o^.k..p^:l..q^pl..r^.l..s^!m

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\bn.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):274613
                                                                                                  Entropy (8bit):4.47502496975818
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:L4+ROskKw6rEr2Rp9KJ3bEr98JMg/xCpwuDuLAJ/fvuhIbzo:0KjYSfy3bE8AJ/o
                                                                                                  MD5:ECFF6F8DC301B6B435DF5E44C2AE8A2A
                                                                                                  SHA1:6FDFA4136F3BB5CCD9E4E7B4706DB98F17F85C1B
                                                                                                  SHA-256:3250ADECE302934B9A78569D72CA70E596D91865455D5274CCF8D651CCAC5350
                                                                                                  SHA-512:C9E22FF9FEF3C2EEF6B25886E32A27FD19D56C1085C993AEA1D5A1528D65735B0628B825A2834A1B8B2512D8ABF59CABB3B35044484F566057826EAA3CFA682D
                                                                                                  Malicious:false
                                                                                                  Preview:..........4.j.dF..k.sF..l.~F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..G..}..G.....G....$G....,G....4G....9G....AG....HG....OG....VG....WG....XG.....G.....H....7H....bH.....H.....H.....H.....H.....H.....I....;I....iI.....I.....I.....I.....I.....I.....I.....J.....J....,J....MJ....\J....tJ.....J....&K..*.DK..,.GK../.~K..0..K..1..L..2.,L..3.HL..4..L..5..L..6.}M..7..M..>..N..?. N..N.UN..g.nN..i.qN..j.uN..k.zN..l..N...].N...].N...].O...].P...].P...]9Q...]xQ...].Q...]0R...]\R...].U...]WU...]`U...]xU...^.U...^.U...^ V...^.V...^.W...^.W...^.X...^hX...^.X...^.X...^.X...^.Y...^@Y...^UY...^.Y...^.Y...^.Z..%^+Z..&^UZ..'^{Z..)^'[..*^z[..+^.[..,^.[..-^.[...^H\../^.\..0^.]..1^.^..2^.`..3^/`..4^.`..5^.`..8^.a..9^eb..:^od..;^.d..<^.d..>^4e..?^.f..@^.g..A^.g..B^.g..C^Hh..D^.k..E^Xm..F^.n..G^Po..I^.o..K^.o..L^.o..M^.o..N^.p..O^yp..T^.q..U^.q..V^.r..W^.s..X^Us..Y^}s..Z^Zt..[^.u..\^.u..]^+v..b^.w..c^.w..d^.w..e^.w..f^.w..g^/x..h^.x..i^.x..j^.x..k^.x..l^.x..o^dy..p^.y..q^.z..r^.z

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ca.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136216
                                                                                                  Entropy (8bit):5.401900922137372
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:RnSJS9mJSpAaCcg4H65rKoMVhoVFBL8lmoT69Q1HyO/RjiNO5ufzwXiqCUXBlHPE:RnyS9mJpZcgNoF2O5hXiqCUXBdFtXfQv
                                                                                                  MD5:65C1F1FAEE2EDBE7D7B6709D7E6B6EF7
                                                                                                  SHA1:A81848018BC9978EDB9E764474CF9C9B297BB91C
                                                                                                  SHA-256:D8A83A19F8C66742226538AF9489B70C1439F6133591E29A353ADDD9089F67C6
                                                                                                  SHA-512:590587A66BF03C2CC61C49CB9452220B3697AD4A00ABC0056017FD0203EBC2980EC8F59337FCD1FF90EEDFA8F8171ACEF5818B1DA856EC78C352498002679FBD
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.+G..y.1G..z.@G..|.FG..}.XG....`G....eG....mG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....0H....4H....;H....HH....XH....nH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I..../I....KI..*.WI..+.ZI..,.xI../..I..0..I..1..I..2..I..3..I..4..J..5.9J..6.vJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...])K...].K...].K...].K...].L...]1L...]hL...]vL...]=M...]XM...]`M...]gM...^}M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^.O...^"O...^3O...^JO...^^O...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^0P..*^ZP..+^oP..,^.P..-^.P...^.P../^.P..0^GQ..1^.Q..2^?R..3^\R..4^.R..5^.R..8^.R..9^HS..:^.T..;^+T..<^IT..>^}T..?^.U..@^cU..A^tU..B^.U..C^.U..D^.V..E^AW..F^.W..G^.X..I^:X..K^DX..L^WX..M^bX..N^vX..O^.X..T^.X..U^.Y..V^yY..W^.Y..X^.Y..Y^.Y..Z^OZ..[^.Z..\^.Z..]^*[..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^/\..j^0\..k^E\..l^H\..o^i\..p^.\..q^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\cs.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):139589
                                                                                                  Entropy (8bit):5.805335191018667
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:m4bfDngdBcePzo3zO1J+17NPR12lygg+5XWAJ/e/Y8QG1A:mkfcdBczzOyL2lyb/Y8Qx
                                                                                                  MD5:C64366988F8D46B6912F2D6BE0120B1A
                                                                                                  SHA1:3A33FE58CA30F41EA341CC9B9413A6CBDD6A1E4B
                                                                                                  SHA-256:30FD14794EE1088D37387F42E5D366F962FA9273EBA8CCDD9B950646D2DD6172
                                                                                                  SHA-512:8990D212AFF170A547733B0CD54055ECF6D30319189A7D88CDA149B8994986C9CCC899D203FA4CEDCDACB3217B2B72E2A9E69AA195B285AA388BF2AF125158FE
                                                                                                  Malicious:false
                                                                                                  Preview:..........!.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.$G..|.*G..}.<G....DG....IG....QG....YG....aG....hG....oG....vG....wG....xG.....G.....G.....G.....G.....G.....G.....H.....H.....H....+H....9H....IH....XH....iH....pH....sH....tH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I..*..I..+..I..,.<I../.YI..0.cI..1..I..2..I..3..I..4..I..5..I..6.4J..7.HJ..>.^J..?.fJ..N.xJ..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...]{K...].K...].K...].K...].K...].L...].L...].M...].N...].N...].N...^"N...^,N...^EN...^hN...^.N...^.O...^.O...^>O...^LO...^wO...^.O...^.O...^.O...^.O...^.O...^.P...^.P..%^ P..&^.P..'^;P..)^.P..*^.P..+^.P..-^.P...^.P../^.P..0^gQ..1^.Q..2^7R..3^MR..4^{R..5^.R..8^.R..9^.S..:^.S..;^.S..<^.T..>^CT..?^.T..@^lU..A^~U..B^.U..C^.U..D^.W..E^.X..F^lY..G^.Y..I^.Y..K^.Y..L^.Y..M^.Y..N^.Y..O^ Z..T^pZ..U^.Z..V^.Z..W^.[..X^([..Y^`[..Z^.[..[^.[..\^B\..]^m\..b^.\..c^.]..d^.]..e^.]..f^.]..g^*]..h^B]..i^Q]..j^T]..k^e]..l^h]..o^.]..p^.]..q^.]..r^.^

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\da.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):127576
                                                                                                  Entropy (8bit):5.4328055342090105
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:UpDv+bjCEOCjaMRZszOfb+5VeWAJ/twbPeu:cv9EONMRazOfb+vowbj
                                                                                                  MD5:9FB8A421CAF18588B494C3F34D8764C6
                                                                                                  SHA1:201AC33074C76830893197AB9382EC84553F1794
                                                                                                  SHA-256:0997BE868557F97F013242C066B192E574B4FA553D13F37F97A1DE714B95A858
                                                                                                  SHA-512:59B2FD820F9BD45015444C85FCB55E04027836E62C6A9187E8CE0C2A9AEA6E5E626B76627C9601F69E769D4DDD09F6A8CCC2DFDDA6835E261B94A5AF91D8BBF9
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....%H....2H....=H....QH....cH....jH....mH....nH....uH....~H.....H.....H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../.&I..0.0I..1.^I..2.jI..3.tI..4..I..5..I..6..I..7..I..>..I..?..J..N..J..g..J..i.!J..j.%J..k.*J..l./J...]4J...]]J...].J...]6K...]<K...]ZK...]hK...]xK...].K...].K...].M...](M...]/M...]5M...^BM...^OM...^.M...^.M...^4N...^`N...^iN...^.N...^.N...^.N...^.N...^.N...^.N...^.N...^,O...^3O...^FO..%^IO..&^]O..'^eO..)^.O..*^.O..+^.O..,^.O..-^.O...^.P../^(P..0^.P..1^.P..2^UQ..3^gQ..4^.Q..5^.Q..8^.Q..9^.R..:^.R..;^.R..<^.R..>^.S..?^fS..@^.S..A^.S..B^.T..C^.T..D^CU..E^.U..F^YV..G^.V..I^.V..K^.V..L^.V..M^.V..N^.V..O^.W..T^IW..U^oW..V^.W..W^.X..X^.X..Y^<X..Z^.X..[^.X..\^.Y..]^JY..b^.Y..d^.Y..e^.Y..f^.Y..g^.Y..h^.Z..i^!Z..j^"Z..k^0Z..l^3Z..o^HZ..p^}Z..q^.Z..r^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\de.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136414
                                                                                                  Entropy (8bit):5.486129891558703
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:rbCAFix2ob23Yp8tMoAq/AJ/vN5N4ygxjl+:ruAFiUtMBB4ygVg
                                                                                                  MD5:A4D8EECEC2747FFB12551AB8E93FAFDF
                                                                                                  SHA1:59AA4C3A7179C46C7699D0D918DD92722A614DEF
                                                                                                  SHA-256:D67F95E2982E7DEBF67741B88CE054F5BB8356021A280E092227B77EC82E298F
                                                                                                  SHA-512:1DE20FA8798D050966C99AA0590C7460A40B6FF41AFC36645C1F4655A09F6070530ADBD1D6FB5937D1FC9965C7AAC932DBB06A0FF47F31BCB6D4717EAA81613E
                                                                                                  Malicious:false
                                                                                                  Preview:..........F.j.@F..k.OF..l.ZF..n.bF..o.gF..p.tF..q.zF..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....F.....G.....G.....G.....G....%G....,G....-G.....G....gG....xG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....-H....FH....MH....PH....QH....[H....eH....yH.....H.....H.....H.....H.....H.....H.....H..*..H..+..I..,..I.././I..0.7I..1.\I..2.jI..3.sI..4..I..5..I..6..J..7..J..>.*J..?.2J..N.GJ..g.RJ..i.UJ..j.YJ..k.bJ..l.hJ...]uJ...].J...].J...]{K...].K...].K...].K...].K...].L...],L...]%M...]<M...]CM...]IM...^fM...^sM...^.M...^.M...^VN...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^.O...^2O...^mO...^{O...^.O..%^.O..&^.O..'^.O..)^.P..*^#P..+^4P..,^DP..-^JP...^mP../^.P..0^.Q..1^.Q..2^TR..3^kR..4^.R..5^.R..8^.R..9^SS..:^!T..;^0T..<^LT..>^tT..?^.T..@^ZU..A^aU..B^lU..C^.U..D^.V..E^.W..F^.W..G^.X..I^)X..K^2X..L^@X..M^IX..N^XX..O^.X..T^.X..U^.Y..V^.Y..W^.Y..X^.Y..Y^.Y..Z^2Z..[^.Z..\^.Z..]^.[..b^.[..d^.[..e^.[..f^.[..g^.[..h^.[..i^.\..j^.\..k^#\..l^&\..o^>\..p^h\..q^.\..r^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\el.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):235472
                                                                                                  Entropy (8bit):4.928800315357694
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:7zUGI8nOCi+hF/kDuKx3xqt5ImROl3ppSZ3/7zFMeF+fY2hl76Hi5YlXSRzG:7zUGIiOCi+hF/kDuKx3xqt5ImROl3ppe
                                                                                                  MD5:DC334C39FA35F04D554FD6BF4D6301BE
                                                                                                  SHA1:8F83F39B41447E479E1DE761721FC35B22A1F227
                                                                                                  SHA-256:168FDC777570FA85C16EE7A701BEF28FE6D7EB943A674AD8681A2F9FCEDD2635
                                                                                                  SHA-512:E4F0FE4AC83DF9F106D60DE2D4563519512D1B088ABB0FD52D4D459CCF093397C5F56E41958111AD67AB9A19DC2A9DD6870356BE2E344559DEAF757D3B96B7A1
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.*G..|.0G..}.BG....JG....OG....WG...._G....gG....nG....uG....|G....}G....~G.....G.....H....+H....eH.....H.....H.....H.....H.....H.....H.....I....2I...._I.....I.....I.....I.....I.....I.....I.....I.....I.....J.....J...."J....2J.....J.....J..*..J..+..K..,. K../.pK..0..K..1..L..2.2L..3.JL..4..L..5..L..6.TM..7.|M..>..M..?..M..N..M..g..M..i..N..j..N..k..N..l..N...].N...]tN...].N...].O...].O...]CP...]jP...].P...].Q...]0Q...].R...].S...].S...]#S...^WS...^iS...^.S...^.S...^/U...^.U...^.U...^.V...^)V...^]V...^mV...^.V...^.V...^.V...^oW...^.W...^.W..%^.W..&^.W..'^.X..)^.X..*^.X..+^.Y..,^.Y..-^FY...^.Y../^.Y..0^.Z..1^.[..2^.\..3^.\..4^:]..5^a]..8^.]..9^.^..:^;`..;^V`..<^z`..>^.`..?^.a..@^sb..A^.b..B^.b..C^.b..D^.d..E^.e..F^.f..G^Qg..I^.g..K^.g..L^.g..M^.g..N^.g..O^8h..T^.h..U^.i..V^.i..W^Wj..X^xj..Y^.j..Z^.k..[^Ll..\^.m..]^jm..b^.n..c^.n..d^.n..e^.n..f^.n..g^.n..h^.o..i^3o..j^4o..k^So..l^Vo..o^.o..p^.o..q^.o

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\en-GB.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):112584
                                                                                                  Entropy (8bit):5.476085642762499
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:uXfjHeQnROOpWIWGmjXD0K6rcK4Rr3fSr5iBNgqkAJXuSOiJedMJrV9FDVfm3ggt:uC1OpTmjQK6ruzBNgBAJX9b63ggl+1w
                                                                                                  MD5:998947B55A25776181CC11110902F6D7
                                                                                                  SHA1:A93272EB26EB9977833FB809DF593759F2533570
                                                                                                  SHA-256:FCBCDFB71363750A9E404A365A00F196C9ED4FE149532580F149811475B45636
                                                                                                  SHA-512:A58B9B8BF6C2C2B14F870FDD3557B18AA002F5CC8C270EB0D35A1AAB3CB864CF472328F0515039515879C9B355569B7D049CA1A1569304CF347B40B5815B726F
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v."G..w./G..y.5G..z.DG..|.JG..}.\G....dG....iG....qG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....(H....8H....MH....bH....iH....lH....mH....uH....}H.....H.....H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../..I..0.!I..1.UI..2.cI..3.iI..4.}I..5..I..6..I..7..I..>..I..?..I..N..J..g..J..i..J..j..J..k..J..l..J...]#J...]DJ...]SJ...].J...].J...].J...].J...].J...]"K...]/K...].K...].K...].K...].K...^.L...^.L...^.L...^=L...^.L...^.L...^.L...^.L...^.L...^.L...^.L...^.M...^(M...^5M...^mM...^wM...^.M..%^.M..&^.M..'^.M..)^.M..*^.N..+^.N..,^.N..-^.N...^*N../^PN..0^.N..1^.N..2^UO..3^dO..4^.O..5^.O..8^.O..9^(P..:^.P..;^.P..<^.P..>^.Q..?^{Q..@^.Q..A^.Q..B^.Q..C^.R..D^.R..E^wS..F^.S..G^.T..I^8T..K^>T..L^HT..M^OT..N^ZT..O^vT..T^.T..U^.T..V^,U..W^@U..X^PU..Y^tU..Z^.U..[^.V..\^OV..]^sV..b^.V..c^.V..d^.W..e^.W..f^.W..g^.W..h^2W..i^EW..j^FW..k^QW..l^TW..o^kW..p^.W..q^.W

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\en-US.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):113481
                                                                                                  Entropy (8bit):5.470392531977106
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:b2jJT3eY9DS2harnCBNg2AJXZfh3ggl+S7wh:ajd3ezrVDwh
                                                                                                  MD5:5CC884BF0EC1C702240173B35A421D1B
                                                                                                  SHA1:19BDFB0B31DC4A75E7C135D1A8EF76F5F6CC3A31
                                                                                                  SHA-256:9F0C75C84381360677055D6197812C7A6C42DBFC6134EB8212D8A60ED1CA1601
                                                                                                  SHA-512:48772F50F6B0D846084A0CFB0D6433F2FBF73677B557B022D0D73D04790636C0C40ED873C32FD037013E943FB7C24816EFDCDE38429520895C00C2D85A17EA5C
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..G..r..G..s."G..t.+G..v.@G..w.MG..y.SG..z.bG..|.hG..}.zG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....!H....%H....,H....6H....FH....VH....kH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H..*..I..+..I..,.%I../.6I..0.?I..1.rI..2..I..3..I..4..I..5..I..6..I..7..I..>..J..?..J..N..J..g.(J..i.+J..j./J..k.4J..l.;J...]@J...]aJ...]pJ...].J...].J...].J...].K...].K...]?K...]LK...].L...].L...]"L...](L...^1L...^9L...^KL...^jL...^.L...^.L...^.L...^.M...^.M...^.M...^&M...^9M...^UM...^bM...^.M...^.M...^.M..%^.M..&^.M..'^.M..)^.N..*^-N..+^7N..,^CN..-^GN...^VN../^xN..0^.N..1^.O..2^yO..3^.O..4^.O..5^.O..8^.O..9^OP..:^.P..;^.Q..<^.Q..>^>Q..?^.Q..@^.R..A^.R..B^'R..C^@R..D^5S..E^.S..F^:T..G^kT..I^.T..K^.T..L^.T..M^.T..N^.T..O^.T..T^.U..U^+U..V^.U..W^.U..X^.U..Y^.U..Z^%V..[^gV..\^.V..]^.V..b^PW..c^WW..d^]W..e^bW..f^fW..g^xW..h^.W..i^.W..j^.W..k^.W..l^.W..o^.W..p^.W..q^.X

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\es-419.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):135123
                                                                                                  Entropy (8bit):5.373057629573399
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:JuYwPdcKTJ5z4FjRbeZrphXu6TxaXGQa7+4VdMBPcHYKCRKfKTAJ/c0JWFsMH5B1:J5Wb5ElulhXu4FVKAJ/0u4
                                                                                                  MD5:10B1D1097987EA050A5791ECEB5EABDA
                                                                                                  SHA1:C0812FBC16592A39CD1600196E62D0000B22BD73
                                                                                                  SHA-256:04B24396CC017E1DBB0BCA7371D7CAE10CAD2350DA661A8A035B572AA76CBD49
                                                                                                  SHA-512:F2A6767EAE2D5EEBFF35F6B7D3A932FFD797FDFB48023C75B3C98B1CED5B3695EC12E642D68582DA1AACAC1C59B0D3A2F029C702D0DF02D7B08430384D40E178
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.)G..y./G..z.>G..|.DG..}.VG....^G....cG....kG....sG....{G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....!H....2H....EH....XH....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....5I..*.@I..+.CI..,.aI../..I..0..I..1..I..2..I..3..I..4..J..5.*J..6.qJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]3K...].K...].K...].L...]!L...]4L...]hL...]wL...]TM...]uM...]~M...].M...^.M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^&O...^/O...^AO...^UO...^cO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^4P..*^hP..+^xP..,^.P..-^.P...^.P../^.P..0^EQ..1^.Q..2^SR..3^sR..4^.R..5^.R..8^.R..9^_S..:^)T..;^@T..<^UT..>^.T..?^.U..@^yU..A^.U..B^.U..C^.U..D^.V..E^.W..F^.W..G^.W..I^.X..K^.X..L^)X..M^4X..N^BX..O^hX..T^.X..U^.X..V^JY..W^jY..X^}Y..Y^.Y..Z^.Z..[^jZ..\^.Z..]^.Z..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^.\..j^.\..k^*\..l^-\..o^T\..p^.\..q^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\es.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136317
                                                                                                  Entropy (8bit):5.340572969000703
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:WTfkQC57IJHy5p1i1wwZ7+R5E7rAJ/kU8Cx6PZ410:sTC5KHypiT7q5E7E8I6PZ00
                                                                                                  MD5:460ED6807D7A0E5DDE909D706B4F267C
                                                                                                  SHA1:D4948B217B8A2E620E7AAC7A04C2E8483AA84B3C
                                                                                                  SHA-256:665E93CA25DE6050A4FBC1F343D67496D6E1E296DBBCC9EDF3DAB7BBCF1035DB
                                                                                                  SHA-512:FA6C57DCFDB6E53FA13FBB353C3C581C3DFBD4D34AE7612B1F780F4DA944DA253767FE86AB3C5A3EAE918A339649828643FD50B9F66BB943F29924E713891D98
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.+G..y.1G..z.@G..|.FG..}.XG....`G....eG....mG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....!H..../H....@H....SH....fH....~H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....>I..*.II..+.LI..,.jI../..I..0..I..1..I..2..I..3..I..4..J..5. J..6.lJ..7.}J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]"K...].K...].K...].K...].L...].L...]?L...]NL...]%M...]@M...]IM...]OM...^`M...^nM...^.M...^.M...^YN...^.N...^.N...^.N...^.N...^.O...^.O...^!O...^:O...^HO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^)P..*^]P..+^mP..,^.P..-^.P...^.P../^.P..0^GQ..1^.Q..2^6R..3^VR..4^.R..5^.R..8^.R..9^5S..:^.S..;^.S..<^.T..>^HT..?^.T..@^.U..A^$U..B^6U..C^[U..D^VV..E^.V..F^JW..G^.W..I^.W..K^.W..L^.W..M^.W..N^.W..O^'X..T^yX..U^.X..V^.Y..W^?Y..X^RY..Y^.Y..Z^.Z..[^eZ..\^.Z..]^.Z..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.[..i^.\..j^.\..k^.\..l^.\..o^1\..p^V\..q^y\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\et.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):123538
                                                                                                  Entropy (8bit):5.464890802945206
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:MbW3XIGQTW9ls9DymW643RAyN1zyg9jX0AJ/TuLECs6WrsPQ05u:Mb4M6ls4mW643GAjEAJ/SLE6pPQ00
                                                                                                  MD5:9EB930ED036C2828877BBEAED94071B2
                                                                                                  SHA1:B410F1CBD1774FD2036C5E8424022554B1FC61F9
                                                                                                  SHA-256:502AB41D852C69EA961DF20B79480FD9D38F99BBAD07A4D1B5E7143BA1F7BDC3
                                                                                                  SHA-512:86A0C8C6ED19C801705D0CD07A5634C6D234329D4A3AFC10F2E221ABE6A21DEA0F3CB808E2DAF94BDF113B64B7ACDE6AC836BA238D9F8B5F7BB355DA1346E402
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.;G..y.AG..z.PG..|.VG..}.hG....pG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....#H....%H....)H....5H....AH....JH....ZH....iH....~H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.'I..+.*I..,.HI../.bI..0.oI..1..I..2..I..3..I..4..I..5..I..6..J..7.5J..>.NJ..?.VJ..N.eJ..g.oJ..i.rJ..j.vJ..k.}J..l..J...].J...].J...].J...]}K...].K...].K...].K...].K...].L...] L...].L...].M...].M...].M...^-M...^3M...^MM...^tM...^.M...^ N...^%N...^UN...^dN...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^.O..%^.O..&^1O..'^?O..)^.O..*^.O..+^.O..,^.O..-^.O...^.O../^.P..0^tP..1^.P..2^LQ..3^^Q..4^.Q..5^.Q..8^.Q..9^(R..:^.R..;^.R..<^.R..>^$S..?^.S..@^.T..A^.T..B^.T..C^FT..D^>U..E^.U..F^.V..G^RV..I^lV..K^tV..L^.V..M^.V..N^.V..O^.V..T^.W..U^+W..V^.W..W^.W..X^.W..Y^.W..Z^AX..[^.X..\^.X..]^.X..b^gY..d^nY..e^qY..f^vY..g^.Y..h^.Y..i^.Y..j^.Y..k^.Y..l^.Y..o^.Y..p^.Z..q^DZ..r^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\fa.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):190789
                                                                                                  Entropy (8bit):5.232451563180468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:feMIukF6X+94Raw9a8V+6NS9/W2ESEmSzR2XhmN4o6XsumhdBfOpfVKb8YIO/ECs:uvkXw4Raw9a8V+6NS9/W2ESEmSV2Xhm0
                                                                                                  MD5:993FFA47D0354C2A9B9B4D378026E653
                                                                                                  SHA1:416EF059058FAE7E91D79E94C0AE4CC56D604F3B
                                                                                                  SHA-256:309CEC5292EE0361D45796C2234CF40A064249DA09108B1DA75BF570963941A2
                                                                                                  SHA-512:D1ED53F52858090641058AD924E42BAD29610E8E7546279325335C4D8EB9F5830FFE32FA35DACB18040090078A4466199A586D3EA4E82247B73BAB02ECEB17C7
                                                                                                  Malicious:false
                                                                                                  Preview:..........P.j.,F..k.;F..l.FF..n.NF..o.SF..p.`F..q.fF..r.uF..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....F.....G.....G.....G.....G.....G....bG....|G.....G.....G.....G.....G.....G.....G.....H....$H....JH....gH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I....oI.....I..*..I..+..I..,..I../..I..0..J..1.GJ..2.VJ..3.iJ..4..J..5..J..6.,K..7.dK..>..K..?..K..N..K..g..K..i..K..j..K..k..K..l..K...].K...]CL...]nL...]lM...].M...].M...].M...].N...]lN...].N...]YP...].P...].P...].P...^.P...^.P...^"Q...^kQ...^GR...^.R...^.R...^.R...^.S...^>S...^HS...^pS...^.S...^.S...^.T...^)T...^GT..%^QT..&^mT..'^.T..)^.T..*^(U..+^CU..,^_U..-^gU...^.U../^.U..0^.V..1^.W..2^.X..3^.X..4^.X..5^.Y..8^)Y..9^.Z..:^K[..;^l[..<^.[..>^.[..?^.\..@^.]..A^.]..B^.]..C^.]..D^_`..E^Ua..F^Kb..G^.b..K^.b..L^.c..M^.c..N^)c..O^nc..T^.c..U^Kd..V^.d..W^.e..X^*e..Y^he..Z^.e..[^rf..\^.f..]^'g..b^.g..d^.g..e^.h..f^.h..g^3h..h^Qh..i^rh..j^sh..k^.h..l^.h..o^.h..p^.h..q^-i..r^.i..s^.i..t^.j..v^!j

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\fi.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):125760
                                                                                                  Entropy (8bit):5.447273613792246
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:12KehY+NQoWmiTUqyUEvU2yjZEE218YWUzl3HRFj8mlQAJ/rjNM177Apf:1rehHugj+2lE218YWUzZ3jhXf
                                                                                                  MD5:DD7E21B02BDCED910A171D592FAE0B18
                                                                                                  SHA1:CC28F1B8F0B06E71DAC3802EE26F644837982FA5
                                                                                                  SHA-256:9E1C20ECDBE9D15386ED493D0AC839612CC91A2284D5A97D9DC38EA2C90A3DC1
                                                                                                  SHA-512:12B3FD4BA110087074D5BEF6237EEBA96EDEFBCC31BB701142DA058034AF591A627B7B07550670689733A32C747991AE4555884796D29631B7865D06B13E90F7
                                                                                                  Malicious:false
                                                                                                  Preview:..........#.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z. G..|.&G..}.8G....@G....EG....MG....UG....]G....dG....kG....rG....sG....tG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....%H....7H....FH....UH....\H...._H....`H....iH....qH....xH....}H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../.)I..0.7I..1.oI..2.}I..3..I..4..I..5..I..6..I..7..J..>.;J..?.DJ..N.cJ..g.nJ..i.qJ..j.uJ..k.zJ..l..J...].J...].J...].J...]gK...]lK...].K...].K...].K...].K...].L...].L...].M...].M...].M...^!M...^*M...^=M...^mM...^.M...^.N...^.N...^2N...^@N...^_N...^dN...^sN...^.N...^.N...^.N...^.N...^.N..%^.N..&^.O..'^.O..)^VO..*^{O..+^.O..,^.O..-^.O...^.O../^.O..0^VP..1^.P..2^.Q..3^+Q..4^UQ..5^bQ..8^.Q..9^.R..:^.R..;^.R..<^.R..>^"S..?^.S..@^.S..A^.S..B^.T..C^*T..D^.U..E^.U..F^.V..G^5V..I^UV..K^YV..L^gV..M^sV..N^.V..O^.V..T^.V..U^.W..V^`W..W^rW..X^.W..Y^.W..Z^.W..[^>X..\^.X..]^.X..b^.Y..d^ Y..e^(Y..f^-Y..g^DY..h^[Y..i^qY..j^rY..k^.Y..l^.Y..o^.Y..p^.Y..q^.Y..r^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\fil.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):140356
                                                                                                  Entropy (8bit):5.190245344679947
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:zm5fD0udgYRiHX9ooz8p9wYgEAJX0AaCz36/6pS55:oDoYAyoopbA7s5
                                                                                                  MD5:9F3A970C8FED49AC50BDDBF09DD9A950
                                                                                                  SHA1:E8B986D42D4A79C513BF2DA3D3314FBF55A2A960
                                                                                                  SHA-256:7A4C4822516F47CDBABC4B9EF45B710B057A056BC29D3A4A270A22E963E257D3
                                                                                                  SHA-512:4533A05B38E45F8CEDFFDECEFB77ED9AF44ABA799F030A770B616EC7867FD0D7893DE67528A611D1002D18E3EE7F8799944804E008EC8217CBF59E03A19139B5
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..G..s..G..t..G..v.0G..w.=G..y.CG..z.RG..|.XG..}.jG....rG....wG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....!H....#H....'H....-H....7H....@H....WH....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H....2I....YI..*.gI..+.jI..,..I../..I..0..I..1..I..2..I..3..I..4..J..5.5J..6.nJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]0K...].K...].K...].K...].K...].L...]EL...]ZL...].M...].M...].M...].M...^.M...^.M...^.M...^&N...^.N...^.N...^.N...^.O...^.O...^)O...^3O...^MO...^fO...^zO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^EP..*^gP..+^wP..,^.P..-^.P...^.P../^.P..0^>Q..1^.Q..2^.R..3^5R..4^fR..5^~R..8^.R..9^,S..:^.S..;^.T..<^.T..>^JT..?^.T..@^YU..A^eU..B^yU..C^.U..D^.W..E^.W..F^vX..G^.X..I^.X..K^.X..L^.X..M^.Y..N^.Y..O^;Y..T^.Y..U^.Y..V^.Z..W^2Z..X^IZ..Y^yZ..Z^.Z..[^1[..\^.[..]^.[..b^X\..c^c\..d^k\..e^p\..f^t\..g^.\..h^.\..i^.\..j^.\..k^.\..l^.\..o^.\..p^ ]..q^?]

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\fr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):145490
                                                                                                  Entropy (8bit):5.383401113888468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:jAJQbq5J3EqQRLbEKdG2Hr+6y9Z85Nt3lsnEpS0NRHD7AJ/dIzKByroFDuFcVRSh:0J4q5REqQRLgEG2Hr+6y9Z85Nt3mnEpL
                                                                                                  MD5:B7AD524464A61CFE4A5BE1D41C069D4B
                                                                                                  SHA1:9EB5C98999D5EA3B0BE56DDEC39BAF58BA5EB078
                                                                                                  SHA-256:5B9951426B8783B203B8ED44EBAB916CA8AF020B9E0A32F7249ED9021CCE1C3C
                                                                                                  SHA-512:9B6B3274A98097E79DA946B90DA8B0A50575D202A8D76A07868CE03BCAC69C1B848A9A28A55814683E44C8760E5D7A0F25CFF18C974349FB393B9BDAAAADA8E4
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.(G..|..G..}.@G....HG....MG....UG....]G....eG....lG....sG....zG....{G....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....7H....NH....fH....mH....pH....qH....yH.....H.....H.....H.....H.....H.....H.....H.....H.....I..*..I..+..I..,.9I../.PI..0.^I..1..I..2..I..3..I..4..I..5..I..6.BJ..7.SJ..>.kJ..?.vJ..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].K...]4L...]HL...]jM...]}M...].M...].M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^.O...^%O...^.O...^EO...^hO...^.O...^.O...^.O...^.O..%^.O..&^.P..'^ P..)^sP..*^.P..+^.P..-^.P...^.P../^.Q..0^.Q..1^2R..2^.R..3^.R..4^.S..5^.S..8^6S..9^.S..:^.T..;^.T..<^.T..>^.T..?^.U..@^?V..A^RV..B^oV..C^.V..D^SX..E^$Y..F^.Y..G^)Z..K^UZ..L^hZ..M^rZ..N^.Z..O^.Z..T^.[..U^2[..V^.[..W^.[..X^.[..Y^.\..Z^.\..[^.\..\^Z]..]^.]..b^H^..c^Q^..d^X^..e^\^..f^b^..g^{^..h^.^..i^.^..j^.^..k^.^..l^.^..o^.^..p^._..q^0_..r^s_..s^._

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\gu.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):265683
                                                                                                  Entropy (8bit):4.514931934952092
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:/Ufs9FfYNDx39v+1lT1A626EysP8n3M8IrU35YdO3C36SoYimPVOyVWcTPgrmd/U:XXfsLPVTAf
                                                                                                  MD5:45943AE45049D9B7D76068D3721D6C8F
                                                                                                  SHA1:0BC3F9B24F0C8CA0078AC7780A21F623B8D7F9E6
                                                                                                  SHA-256:AA885CBBF8A13FB95405CC3DCA6677545FD51E303A65897D14ED019955C040DA
                                                                                                  SHA-512:7CD2BEC685CE103DCB0900BE832C472BCD1619F549FFC2864A2AE61B60B06565ACC95DC25222521E192362F8D3C4F8816BD1C3438AF7BAD826561247326CBA99
                                                                                                  Malicious:false
                                                                                                  Preview:..........2.j.hF..k.wF..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}..G...."G....'G..../G....7G....?G....FG....MG....TG....UG....VG.....G.....G.....H....BH....zH....|H.....H.....H.....H.....H.....I....+I....XI....|I.....I.....I.....I.....I.....I.....I.....I.....J....$J....0J....RJ.....J.....J..*..K..+..K..,.-K../.aK..0..K..1..K..2..L..3.$L..4.XL..5..L..6..L..7.%M..>..M..?..M..N..M..g..M..i..M..j..M..k..M..l..M...].M...]FN...].N...].O...].O...]&P...]iP...].P...]>Q...]dQ...]4T...]\T...]eT...]zT...^.T...^.T...^/U...^.U...^.V...^.V...^.W...^^W...^zW...^.W...^.W...^.W...^4X...^`X...^.Y...^0Y...^aY..%^pY..&^.Y..'^.Y..)^\Z..*^.Z..+^.Z..,^.Z..-^.[...^E[../^.[..0^.\..1^.]..2^.^..3^.^..4^%_..5^N_..8^._..9^.`..:^.b..;^.b..<^.b..>^ic..?^.d..@^.e..A^.e..B^.f..C^.f..D^&j..E^.k..F^.l..G^em..I^.m..K^.m..L^.m..M^.n..N^+n..O^.n..T^6o..U^.o..V^.p..W^.p..X^.p..Y^Vq..Z^?r..[^.s..\^.s..]^.t..b^Vu..c^ru..d^.u..e^.u..f^.u..g^.u..h^]v..i^.v..j^.v..k^.v..l^.v..o^Bw..p^.w..q^.w

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\he.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):167370
                                                                                                  Entropy (8bit):4.897123170448971
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:04dRCZfyn1pNz+WxgbllqMPnXQ5r1GAJ/m3XTnw6jCPQt:FRqK1pNzwbllqMPnXQ5r1UXTnw6jCPQt
                                                                                                  MD5:3716C23FA0D68B698F5FD41153757622
                                                                                                  SHA1:800CC99237FD8C2151C90E01D6C78978617C0F27
                                                                                                  SHA-256:45E428FE527BCC746039A9822DB7F5DF12FD651452209A8746182383C2C004EC
                                                                                                  SHA-512:D738DA7FBB6BDA597F2C381C533BA70B8E0A8417E943A17FC91AF455492B04E7607CDD89EB3CB6D2D70F0B87BF89BFBD6FD96DF18603F0FAE485FEE9C7FFFD70
                                                                                                  Malicious:false
                                                                                                  Preview:..........=.j.RF..k.aF..l.lF..n.tF..o.yF..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..G.....G.....G.....G....!G....)G....0G....7G....>G....?G....@G.....G.....G.....G.....G.....G.....G.....G.....H....,H....?H....VH....iH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....TI....{I..*..I..+..I..,..I../..I..0..I..1..J..2..J..3.*J..4.NJ..5.}J..6..J..7..J..>..J..?..K..N..K..g.&K..i.)K..j.-K..k.2K..l.:K...]?K...]tK...].K...]cL...]pL...].L...].L...].L...]GM...]cM...].O...].O...].O...].P...^$P...^0P...^[P...^.P...^[Q...^.Q...^.Q...^.Q...^.R...^:R...^BR...^QR...^uR...^.R...^.R...^.R...^.R..%^.S..&^$S..'^;S..)^.S..*^.S..+^.S..,^.S..-^.T...^-T../^iT..0^.T..1^.U..2^/V..3^GV..4^yV..5^.V..8^.V..9^`W..:^OX..;^lX..<^.X..>^.X..?^xY..@^fZ..A^xZ..B^.Z..C^.Z..D^T]..E^~^..F^._..G^.`..I^5`..K^?`..L^V`..M^c`..N^x`..O^.`..T^.a..U^Aa..V^.a..W^.a..X^.b..Y^Zb..Z^.b..[^%c..\^.c..]^.c..b^od..c^yd..d^.d..e^.d..f^.d..g^.d..h^.d..i^.d..j^.d..k^.e..l^.e..o^6e..p^pe..q^.e

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\hi.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):273942
                                                                                                  Entropy (8bit):4.493588587563909
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:RIfyKM/nqz5cwfKSIvYh0b3cvEVhYWVLAogCO/S/Ffm9NLmILORvTHIf+ovahgBD:RxKqLCFP
                                                                                                  MD5:0CE87D6655517DCB4D74E5130F235C89
                                                                                                  SHA1:0A61C0E385523BC55B3AB2435E7D1231548D3BD2
                                                                                                  SHA-256:79FC8A24C93E19ED052DDC0F158E516198A10DF7280265CCB769EE196A438CD7
                                                                                                  SHA-512:18ED9D0D354CD8DE96A54A6F793E6C59FF476F02106F7C3CA309175DFBDB00271AA3290BA9805F1B9484E7FAF2CC44E3AC93AA69B7D30C8E99EE31E29D7E4808
                                                                                                  Malicious:false
                                                                                                  Preview:..........A.j.JF..k.YF..l.dF..n.lF..o.qF..p.~F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....G.....G.....G.....G....!G....(G..../G....6G....7G....8G.....G.....G.....H....<H....mH....oH....sH.....H.....H.....H.....H.....I....FI....pI....wI....zI....|I.....I.....I.....I.....I.....J....*J....CJ....YJ.....J.....J..*..K..+..K..,.-K../.mK..0..K..1..L..2.#L..3.CL..4..L..5..L..6..M..7.YM..>..M..?..M..N..M..g..N..i..N..j..N..k. N..l..N...]3N...].N...]SO...].Q...].Q...].R...]FR...].R...]2S...]^S...].V...].V...].V...].V...^TW...^fW...^.W...^!X...^.Y...^8Z...^NZ...^.[...^:[...^.[...^.[...^.\...^c\...^.\...^:]...^^]...^z]..%^.]..&^.]..'^.]..)^.^..*^.^..+^._..,^G_..-^W_...^._../^.`..0^.a..1^.a..2^.b..3^.c..4^^c..5^.c..8^.c..9^.e..:^.f..;^.f..<^.g..>^.g..?^.h..@^.i..A^$j..B^Uj..C^.j..D^.m..E^.o..F^Ap..G^.p..I^.q..K^.q..L^;q..M^Mq..N^lq..O^.r..T^?s..U^.s..V^.t..W^.t..X^.t..Y^2u..Z^.v..[^.v..\^.w..]^Dx..b^xy..d^.y..e^.y..f^.y..g^.y..h^Bz..i^.z..j^.z..k^.z..l^.z..o^#{..p^.{..q^I|..r^.|

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\hr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133955
                                                                                                  Entropy (8bit):5.502579129345829
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:3EFk7trSBVqKRgAGCv1ljWNqcUlEdp9qLnMUpE+ugAJ/IMMoqa721Ox9s:UFPBVb6q3
                                                                                                  MD5:B8A77FDFDF62A844C90FE62DE0B6858A
                                                                                                  SHA1:B601AB105FCB328AF4B17B3E1DBEBF94ECDDAB33
                                                                                                  SHA-256:AD13BAB195D7619C58494D592CB11C22DDDCF3B2735804BE60F951F87DDD734B
                                                                                                  SHA-512:164122955B11EAF5E88BC61366C473B7A67C12B858BDAB407C189DC74ACA75C406075BFC0BD5877FA0B3857BA5DAD81C9795EB55D3DBE7EADA67B03D1BFAA442
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....%H....8H....NH....dH....kH....nH....oH....zH.....H.....H.....H.....H.....H.....H.....H.....H.....I..*..I..+..I..,.4I../.MI..0.SI..1..I..2..I..3..I..4..I..5..I..6.%J..7.>J..>.XJ..?.aJ..N.rJ..g.{J..i.~J..j..J..k..J..l..J...].J...].J...].J...]xK...].K...].K...].K...].K...].K...].L...].M...].M...].M...].M...^.M...^.M...^.N...^>N...^.N...^.N...^.O...^,O...^<O...^oO...^vO...^.O...^.O...^.O...^.O...^.O...^.O..%^.P..&^ P..'^1P..)^yP..*^.P..+^.P..,^.P..-^.P...^.P../^.Q..0^.Q..1^.Q..2^LR..3^`R..4^.R..5^.R..8^.R..9^%S..:^.S..;^.S..<^.T..>^BT..?^.T..@^zU..A^.U..B^.U..C^.U..D^.W..E^.X..F^yY..G^.Y..I^.Y..K^.Y..L^.Y..M^.Y..N^.Z..O^1Z..T^pZ..U^.Z..V^.Z..W^.[..X^-[..Y^U[..Z^.[..[^.\..\^Z\..]^.\..b^.]..d^.]..e^"]..f^(]..g^@]..h^U]..i^g]..j^h]..k^{]..l^~]..o^.]..p^.]..q^.^..r^H^

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\hu.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):144547
                                                                                                  Entropy (8bit):5.634145281802686
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:BfOMF2+rAIR7rjgIHmMRHiGhj8oAJ/kgCdAtRdpEsLK5M3ICm:BfnQ+rxRDjxiGhgjRdpEB63ICm
                                                                                                  MD5:873CA729BBFEAB336795E1696289B191
                                                                                                  SHA1:BEF9CC201BCA2D433E2DC183C96425A542BC3F01
                                                                                                  SHA-256:D7C29C66D265129EDE1019C708BD0A358D6B820366509845834752EC2EF705DA
                                                                                                  SHA-512:2973C94779893C1F4D8725677355D71EDEA2599077EEFE7DAD6D4E4392AB036C0633440D2578A2D51947007ADF9DFE859F9B50E39CE7D7482992D5A3790CFDC4
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z..G..|.4G..}.FG....NG....SG....[G....cG....kG....rG....yG.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H...."H....)H....>H....SH....mH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I.....I....QI....sI..*.|I..+..I..,..I../..I..0..I..1..I..2..I..3..J..4.%J..5.GJ..6..J..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].K...]2K...]TK...].L...]"L...]TL...]vL...].L...].L...].L...].M...].N...].N...].N...^+N...^9N...^LN...^yN...^.O...^DO...^MO...^xO...^.O...^.O...^.O...^.O...^.O...^.O...^)P...^9P...^KP..%^RP..&^dP..'^tP..)^.P..*^.P..+^.P..,^.P..-^.Q...^ Q../^@Q..0^.Q..1^$R..2^.R..3^.R..4^.R..5^.R..8^.S..9^.S..:^sT..;^.T..<^.T..>^.T..?^dU..@^.U..A^.U..B^.U..C^.V..D^.W..E^.W..F^.X..G^XX..I^.X..K^.X..L^.X..M^.X..N^.X..O^.X..T^CY..U^lY..V^.Y..W^.Y..X^.Z..Y^UZ..Z^.Z..[^ [..\^.[..]^.[..b^o\..c^}\..d^.\..e^.\..f^.\..g^.\..h^.\..i^.\..j^.\..k^.\..l^.\..o^.]..p^P]..q^.]

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\id.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):121818
                                                                                                  Entropy (8bit):5.360373815575629
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:3ZKQj9ZZpz495KWVce03AJX/8WsAzaZ6N3cCEL:JKQjxpMvtRsEaR
                                                                                                  MD5:E61A4D062CD61972A534A5E86E49C34D
                                                                                                  SHA1:C19BE8F744B956753CE40D91A34F0DA02F699FFA
                                                                                                  SHA-256:D00C7EE5EDEB1BD1493C49CF2D124FFDF47405D21D8D43C1A41C8749CE5C86A3
                                                                                                  SHA-512:7DE4453B0793DDE96503E762D4E9A77835DDBB1D75D35F012D24E8453A90AC85F87B0A62D95AD68393901A8AC3FCB147CF2B7BD468DFFA62D959133528AF15F9
                                                                                                  Malicious:false
                                                                                                  Preview:..........$.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z..G..|.$G..}.6G....>G....CG....KG....SG....[G....bG....iG....pG....qG....rG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....4H....IH....PH....SH....TH....\H....dH....lH....qH....wH.....H.....H.....H.....H.....H..*..H..+..H..,..I../..I..0..I..1.II..2.[I..3.eI..4..I..5..I..6..I..7..I..>..I..?..I..N..J..g..J..i..J..j..J..k.!J..l.)J...].J...]VJ...]pJ...].K...].K...],K...];K...]jK...]yK...]hL...].L...].L...].L...^.L...^.L...^.L...^.L...^^M...^.M...^.M...^.M...^.M...^.M...^.M...^.N...^.N...^*N...^iN...^rN...^.N..%^.N..&^.N..'^.N..)^.N..*^.N..+^.O..,^.O..-^.O...^4O../^fO..0^.O..1^;P..2^.P..3^.P..4^.P..5^.P..8^.Q..9^.Q..:^SR..;^bR..<^tR..>^.R..?^.S..@^qS..A^.S..B^.S..C^.S..D^.T..E^.U..F^{U..G^.U..I^.U..K^.U..L^.U..M^.U..N^.V..O^.V..T^^V..U^.V..V^.V..W^.V..X^.W..Y^+W..Z^.W..[^.W..\^.X..]^=X..b^.X..c^.X..d^.X..e^.X..f^.X..g^.X..h^.Y..i^&Y..j^'Y..k^5Y..l^8Y..o^QY..p^uY..q^.Y..r^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\it.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):134374
                                                                                                  Entropy (8bit):5.276015939200961
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:UbhWa92N5TAgX3OEKDoLx1NyN4tA7kxAjidqoxAJXsPdo80Juz:khWdN5TAgX3OBcLx7yN4tA7kxAjiJlow
                                                                                                  MD5:A2E2D2B990CFFD395772D2F146084775
                                                                                                  SHA1:30EB2B67223104E72FD4CBD3448B01442928FC56
                                                                                                  SHA-256:27C74ECE0AA92E15D2F26628C4E132AF03A6DB5384E24504932C45912ABA7268
                                                                                                  SHA-512:8D874A43DC7FD2933CE4B81C8CB8D17C709E1947CCA8867614F726A34600F8B59689FB7DF50C7502FC21CC99785074723E4502622C677E5239D598CAC8962E00
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y.%G..z.4G..|.:G..}.LG....TG....YG....aG....iG....qG....xG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....CH....VH....nH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....+I..*.7I..+.:I..,.XI../.iI..0.nI..1..I..2..I..3..I..4..I..5..J..6.`J..7.pJ..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].K...].K...].L...]ZL...]gL...]NM...]tM...]|M...].M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^.O...^.O...^%O...^9O...^VO...^gO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^)P..*^SP..+^`P..,^qP..-^uP...^.P../^.P..0^.Q..1^.Q..2^.R..3^#R..4^NR..5^`R..8^zR..9^.S..:^.S..;^.S..<^.T..>^BT..?^.T..@^%U..A^0U..B^AU..C^rU..D^.V..E^.W..F^.W..G^.W..K^.X..L^"X..M^,X..N^9X..O^^X..T^.X..U^.X..V^@Y..W^fY..X^wY..Y^.Y..Z^.Z..[^pZ..\^.Z..]^.Z..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.[..i^.[..j^.[..k^.\..l^.\..o^0\..p^Q\..q^p\..r^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ja.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):159139
                                                                                                  Entropy (8bit):5.873398037642396
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:oItCbyjIPthibF3MkCRAJ/2ijt+FC1yNLAVv:tLyAVv
                                                                                                  MD5:0553C4D65C38A5AFB98A0EE8F420A207
                                                                                                  SHA1:C6011AB07BC0B1E036BF564BE6F4D65C24E7D3E4
                                                                                                  SHA-256:C2BAD3C397CC41210E1D5D1D04A7185F9287C670E285D30C66235F5807B39FCF
                                                                                                  SHA-512:F3B9636A93BA77C1BD00D491710ADB221F570A30D1B5ADC50B8E263165B81A17C062ACA1CB656314140A512CD7E69F583DA781EE4C8929A1305E743361A3B030
                                                                                                  Malicious:false
                                                                                                  Preview:..........h.j..E..k..F..l..F..m..F..o.3F..p.@F..q.FF..v.UF..w.bF..y.hF..z.wF..|.}F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F....&G....?G....]G....~G.....G.....G.....G.....G.....G.....G.....G.....G...."H....KH....RH....UH....^H....gH....mH....vH.....H.....H.....H.....H.....H.....I..*. I..+.#I..,.EI../.aI..0.jI..1..I..2..I..3..I..4..I..5..J..6.oJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...];K...]bK...]:L...]@L...]pL...].L...].L...].L...]<N...]QN...]WN...]fN...^{N...^.N...^.N...^.N...^.O...^.O...^)P...^AP...^\P...^bP...^.P...^.P...^.P...^.Q...^.Q...^(Q..%^.Q..&^OQ..'^aQ..)^.Q..*^.Q..+^.R..,^%R..-^+R...^LR../^vR..0^.S..1^.S..2^.T..3^.T..4^VT..5^eT..8^zT..9^.U..:^.U..;^.U..<^.V..>^oV..?^.W..@^~W..A^.W..B^.W..C^.W..D^.X..E^sY..F^.Y..G^LZ..I^sZ..K^.Z..L^.Z..M^.Z..N^.Z..O^.Z..T^>[..U^n[..V^.[..W^.\..X^.\..Y^;\..Z^.\..[^.\..\^W]..]^.]..b^)^..d^/^..e^2^..f^5^..g^Y^..h^w^..i^.^..j^.^..k^.^..l^.^..o^.^..p^*_..q^Y_..r^._..s^._..t^._..v^._..x^.`

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\kn.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):299517
                                                                                                  Entropy (8bit):4.421440980554494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:dR3ENI+2gRlXEgkndwm+PDu6h1TS/Z7JQO6aym:dR3EhRl07+VBm
                                                                                                  MD5:33BC5AC34A95379D58F9C42CB21A92E4
                                                                                                  SHA1:0F4EF0A9A40E9042F3B744B5B87FCF00C08FD7E1
                                                                                                  SHA-256:99C8C57A808C63088D3E7B83DCF7CF80FB2A648D678A7C9473F2B5CC0BEF8152
                                                                                                  SHA-512:62DB9B5781B6C218E39BF7D4E47614FAF2EDB496A51E0B4E802047D57639890F13A4B4F84B6326FBDF6218B8991A0456DC5BB1473436CC74AF4E54283BB3BF13
                                                                                                  Malicious:false
                                                                                                  Preview:........../.j.nF..k.}F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}. G....(G....-G....5G....=G....EG....LG....SG....ZG....[G....\G.....G....%H....\H.....H.....H.....H.....H.....I....-I....^I.....I.....I.....J....@J....GJ....JJ....LJ....dJ.....J.....J.....J.....J.....J.....K....%K.....K.....K..*..K..+..L..,. L../.QL..0.oL..1..M..2..M..3.4M..4..M..5..M..6.RN..7..N..>..N..?..N..N.1O..g.MO..i.PO..j.TO..k.YO..l.gO...]lO...].O...]=P...].Q...].Q...]5R...]xR...].R...]%S...]qS...]WV...].V...].V...].V...^.V...^.W...^hW...^.W...^2Y...^.Y...^.Y...^+Z...^JZ...^.Z...^.Z...^.Z...^.[...^D[...^!\...^J\...^u\..%^.\..&^.\..'^.\..)^.]..*^.]..+^.^..,^X^..-^p^...^.^../^?_..0^z`..1^~a..2^.b..3^.b..4^ c..5^Tc..8^.c..9^Ce..:^Tg..;^kg..<^.g..>^Sh..?^.i..@^.j..A^Wk..B^.k..C^.k..D^.o..E^kq..F^.r..G^.s..K^.s..L^.t..M^@t..N^qt..O^.t..T^.u..U^Av..V^fw..W^.w..X^.w..Y^bx..Z^_y..[^?z..\^#{..]^.{..b^.|..c^.}..d^$}..e^6}..f^B}..g^.}..h^.}..i^/~..j^0~..k^h~..l^k~..o^.~..p^....q^m...r^1.

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ko.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):134295
                                                                                                  Entropy (8bit):6.191082491321746
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:qc7oyh7cbcQ4G+othXuAgWCYeHw0pFSCukpHTezNsAJ/r/4KiWgx1D/xRAmxJT6e:JV7cQGbtd5EdSwxn
                                                                                                  MD5:7FF011AE4E5FFD05736F99888AE9A8CB
                                                                                                  SHA1:544BF65AB5FE462FAADCDA88E2E5DB0009169123
                                                                                                  SHA-256:5BA83651D941CB9F87B961F735D5BFB0E249878255129BE1D8E8D6BA5D903D76
                                                                                                  SHA-512:BAA72F1A5561FD67A047309255CA799A55365D6D755324313E86E26AE9F3A8209AF7AF24C1A9BA83FAA441CF49FB843D9AD1FAB4B76354B0800EDFD9A2AE21F7
                                                                                                  Malicious:false
                                                                                                  Preview:..........o.j..E..k..E..l..F..m..F..o..F..p..F..q..F..r.-F..s.>F..t.GF..y.\F..z.kF..|.qF..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....G.....G....'G....:G....JG....LG....PG....\G....cG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....XH....jH..*.wH..+.zH..,..H../..H..0..H..1..I..2.#I..3./I..4.NI..5.vI..6..I..7..I..>..I..?..I..N..I..g..J..i..J..j..J..k..J..l."J...]'J...]SJ...]}J...].K...].K...]CK...]TK...].K...].K...].L...].L...].L...].L...^.L...^.L...^.L...^.M...^.M...^.M...^.M...^.N...^.N...^/N...^5N...^BN...^ON...^_N...^.N...^.N...^.N..%^.N..&^.N..'^.O..)^NO..*^.O..+^.O..,^.O..-^.O...^.O../^.O..0^tP..1^.P..2^lQ..3^.Q..4^.Q..5^.Q..8^.Q..9^yR..:^tS..;^.S..<^.S..>^.S..?^PT..@^.T..A^.T..B^.T..C^.T..D^.V..E^.V..F^.W..G^aW..K^.W..L^.W..M^.W..N^.W..O^.W..T^<X..U^oX..V^.X..W^.X..X^.Y..Y^5Y..Z^.Y..[^.Y..\^3Z..]^XZ..d^.Z..e^.Z..f^.Z..g^.[..h^,[..i^F[..j^G[..k^Z[..l^][..o^q[..p^.[..q^.[..r^.\..s^.\..t^S\..v^\\..x^p\..y^v\..z^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\lt.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):146763
                                                                                                  Entropy (8bit):5.624470493823786
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:lD0hfQBDyyUa5I2dAJ/9bXpwh2I76S1l5nJ:edQ0Pa5IFbXpwh2I76SX
                                                                                                  MD5:90847DC4F0387C80DD00BAD7B001A879
                                                                                                  SHA1:B7543FA3A3185201EACB2CBEB1F6EF667CCA10B1
                                                                                                  SHA-256:FB5BB8AA591D3D8D7557FB296317C30DB3C4D5C9F438FE0A43A94B974B9286A1
                                                                                                  SHA-512:19ED2F2B9D71F00A81EE93C776EE9B2D4D6283CB5ADB280A30EB8ADB9BE53A2D007D267DD8143FE7EB98AB909DBC88B16BC7E4167717D3F4EEC3B1C7DCEB8B1B
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....,H....?H....QH....iH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....-I..*.:I..+.=I..,.[I../..I..0..I..1..I..2..I..3..I..4..I..5.%J..6.tJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..K...].K...];K...]OK...].K...].K...]#L...]4L...]DL...].L...].L...].O...])O...]2O...]JO...^]O...^gO...^.O...^.O...^BP...^jP...^rP...^.P...^.P...^.P...^.P...^.P...^.Q...^.Q...^TQ...^^Q...^rQ..%^|Q..&^.Q..'^.Q..)^.Q..*^.R..+^2R..,^CR..-^JR...^gR../^.R..0^.S..1^.S..2^(T..3^BT..4^rT..5^.T..8^.T..9^5U..:^.U..;^.V..<^#V..>^LV..?^.V..@^.W..A^.W..B^.W..C^.X..D^HZ..E^.[..F^.\..G^.\..I^.]..K^!]..L^7]..M^@]..N^S]..O^.]..T^.]..U^.^..V^s^..W^.^..X^.^..Y^._..Z^u_..[^._..\^&`..]^f`..b^1a..d^<a..e^Ba..f^Ga..g^_a..h^sa..i^.a..j^.a..k^.a..l^.a..o^.a..p^.a..q^.b..r^Db

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\lv.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):145384
                                                                                                  Entropy (8bit):5.624257022055004
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:EVo9zC3sdc2eT4mPGojE7+Gv9AA7dNIM8cAJ/7AMfZ1j:EV+zrdc2eT4mPG/7V9AA7dNIhjAMZ1j
                                                                                                  MD5:61EE8D708739FB4BB33F37BFFBA745AE
                                                                                                  SHA1:7173073DDDD29E4688B922297EEC471AE8B0FDF9
                                                                                                  SHA-256:F944E3DBBE9694EF7C111E1A0BF91F5B0229B7C3CA221F54C253276242C281F8
                                                                                                  SHA-512:25FDFC2EBBF7D408D9570DA3D55D9722C912B2995DE9E73449B8CDE8C0EBB3C25B38E70F66681CBF39D791F151194C85146D95EF59A7B43E7E64B0169B49E2A7
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..G..s..G..t..G..v.0G..w.=G..y.CG..z.RG..|.XG..}.jG....rG....wG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....#H....%H....)H....0H....;H....KH....^H....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....OI..*.\I..+._I..,.}I../..I..0..I..1..I..2..I..3..J..4..J..5.@J..6.{J..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]/K...].K...].K...].L...].L...]<L...]zL...].L...]eN...]{N...].N...].N...^.N...^.N...^.N...^.O...^.O...^.O...^.O...^.O...^.P...^&P...^/P...^DP...^_P...^.P...^.P...^.P...^.P..%^.P..&^.P..'^.Q..)^NQ..*^xQ..+^.Q..,^.Q..-^.Q...^.Q../^.Q..0^gR..1^.R..2^KS..3^kS..4^.S..5^.S..8^.S..9^QT..:^.U..;^/U..<^RU..>^.U..?^.U..@^.V..A^.V..B^.V..C^.W..D^.Y..E^.Z..F^.Z..G^.[..I^0[..K^6[..L^D[..M^O[..N^\[..O^.[..T^.[..U^.[..V^U\..W^r\..X^.\..Y^.\..Z^.]..[^`]..\^.]..]^.]..b^`^..c^l^..d^v^..e^~^..f^.^..g^.^..h^.^..i^.^..j^.^..k^.^..l^.^..o^._..p^L_..q^m_

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ml.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):315496
                                                                                                  Entropy (8bit):4.438433180200473
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:Jdi0gvoO1Ouu1ElYBkPQ4z6GXdubbTMAJ/I23j:virvn1OuuyPQE6GXduHTMAJ//3j
                                                                                                  MD5:6183544A4F554D40A211C8E0376C95AA
                                                                                                  SHA1:A9E855BBD03CFEB96DAE4C52E6A577B9F0374184
                                                                                                  SHA-256:2B5C12D6628B1835D5658085C04F9DCF0D792DB603A034264E70D86F8D43E044
                                                                                                  SHA-512:7C517702F24C92B708DD4EE1D6D5A911213062CFA5AE05C12DA9B2CD4DEC06ED9B218CE88A75AE9A7C9177AF100169F61056B1ECCB9AB3F10811B6E6C99CC86E
                                                                                                  Malicious:false
                                                                                                  Preview:............j.pF..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}."G....*G..../G....7G....?G....GG....NG....UG....\G....]G....^G.....G.....H....IH.....H.....H.....H.....H.....I.....I....?I.....I.....I.....I....(J..../J....2J....4J....UJ....sJ.....J.....J.....J.....K....0K....NK....)L....TL..*..L..+..L..,..L../..L..0..L..1..M..2..M..3..M..4.+N..5..N..6.%O..7.mO..>..O..?..P..N.5P..g.WP..i.ZP..j.^P..k.cP..l.wP...]|P...].Q...]NQ...]9S...]WS...].S...].S...]%T...].T...].T...].V...]0W...]9W...]ZW...^.W...^.W...^.W...^|X...^.Z...^oZ...^.Z...^.[...^1[...^y[...^.[...^.[...^&\...^M\...^.\...^.]...^A]..%^e]..&^.]..'^.]..)^x^..*^.^..+^._..,^B_..-^i_...^._../^0`..0^ga..1^.b..2^.c..3^.d..4^.d..5^.d..8^.e..9^.f..:^.h..;^.h..<^%i..>^.i..?^.k..@^%l..A^ll..B^.l..C^.m..D^.o..E^.p..F^.q..G^.r..I^.r..K^.s..L^1s..M^Ls..N^.s..O^.s..T^.u..U^.u..V^.v..W^.v..X^7w..Y^.w..Z^.x..[^cy..\^Fz..]^.z..b^e|..d^.|..e^.|..f^.|..g^.|..h^F}..i^.}..j^.}..k^.}..l^.}..o^-~..p^.~..q^.~..r^..

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\mr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):260776
                                                                                                  Entropy (8bit):4.505268866905645
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:aWiUPHuEFAbZPMD6D/Wcq02RCnXUIuc7n3SZhO93AJ/fFlWSLQMD8jB3qAyXyYHA:aWFD/Cn/5
                                                                                                  MD5:80B49D820F83133B9EFB9AC2CA102C83
                                                                                                  SHA1:6E2D370C74891BEF70768F051E4BA0483D6B5C1E
                                                                                                  SHA-256:DF72EACF4938F4912F5BAE563DBE7E81A758A7E8FFD49F14502F6D0B5DAB6F27
                                                                                                  SHA-512:AFD58A2ADA72E96423CA1F9E1869C8E1621C22E72A13B90FEC5FD2DBE662D2D9280E3277018D426196AD63CD74CE7406975BD134F577B6B3E5864DA7F0831936
                                                                                                  Malicious:false
                                                                                                  Preview:..........D.j.DF..k.SF..l.^F..n.fF..o.kF..p.xF..q.~F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....G.....G.....G.....G...."G....)G....0G....1G....2G.....G.....G.....G.....H...._H....aH....eH.....H.....H.....H.....H.....I.....I....RI....YI....\I....^I....qI.....I.....I.....I.....I.....I.....J.....J....pJ.....J..*..J..+..J..,..J../.*K..0.7K..1..K..2..K..3..K..4..L..5.TL..6..L..7..L..>.>M..?.QM..N..M..g..M..i..M..j..M..k..M..l..M...].M...].N...]yN...].O...].O...]7P...]dP...].P...].P...].R...].R...].R...].S...^@S...^XS...^.S...^.S...^.T...^QU...^`U...^.U...^.U...^.V...^.V...^FV...^.V...^.V...^2W...^IW...^kW..%^.W..&^.W..'^.W..)^.X..*^.Y..+^/Y..,^mY..-^.Y...^.Y../^3Z..0^;[..1^2\..2^,]..3^Z]..4^.]..5^.]..8^*^..9^._..:^Xa..;^oa..<^.a..>^-b..?^}c..@^od..A^.d..B^.d..C^@e..D^.g..E^.h..F^|i..G^.j..I^fj..K^|j..L^.j..M^.j..N^.j..O^6k..T^.k..U^Rl..V^Hm..W^.m..X^.m..Y^An..Z^-o..[^.o..\^.p..]^*q..b^ur..c^.r..d^.r..e^.r..f^.r..g^.s..h^[s..i^.s..j^.s..k^.s..l^.s..o^.t..p^Xt..q^.t..r^.u

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ms.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):125611
                                                                                                  Entropy (8bit):5.26463363101804
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:6CdXh6S4YO3xDEj2xjBSxAJ/YL6P8u8Jyt:Lh6S4Yg1Eje
                                                                                                  MD5:0CDA98188CCC97E932408BED970E2CE1
                                                                                                  SHA1:91595881665CC51FBC013EC0A1D212DEA9F70CB5
                                                                                                  SHA-256:18C1CD2F95F5C029F308C53774F49E4B718BC94B78FC3029F95457BCC58281D7
                                                                                                  SHA-512:4CF8A939ADF3B79537051016D52A0E2C3C10135DC2A652B68D5EA7BB338DAC422D3AD814DDA1902C393083DB55168E12822DD51151302D5770FE599C0B395AB4
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z..G..|.4G..}.FG....NG....SG....[G....cG....kG....rG....yG.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....1H....EH....WH....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.%I..+.(I..,.FI../.WI..0.aI..1..I..2..I..3..I..4..I..5..I..6..J..7.2J..>.NJ..?.VJ..N.kJ..g.tJ..i.wJ..j.{J..k..J..l..J...].J...].J...].J...]\K...]dK...].K...].K...].K...].K...].L...].L...].L...].L...^.L...^.L...^.M...^3M...^.M...^.M...^.M...^.M...^.N...^.N...^%N...^3N...^QN...^^N...^.N...^.N...^.N..%^.N..&^.N..'^.N..)^+O..*^FO..+^RO..,^ZO..-^aO...^zO../^.O..0^.P..1^lP..2^.P..3^.P..4^.Q..5^.Q..8^2Q..9^.Q..:^cR..;^rR..<^.R..>^.R..?^.S..@^tS..A^.S..B^.S..C^.S..D^.T..E^,U..F^.U..G^.U..I^.U..K^.U..L^.V..M^.V..N^.V..O^8V..T^.V..U^.V..V^.V..W^.W..X^.W..Y^KW..Z^.W..[^.W..\^DX..]^fX..b^.X..d^.Y..e^.Y..f^.Y..g^.Y..h^5Y..i^KY..j^LY..k^ZY..l^]Y..o^uY..p^.Y..q^.Y..r^.Z..s^%Z

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\nb.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):124135
                                                                                                  Entropy (8bit):5.430025230496119
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:CRF/rikZ7NPdoS2y1SubIsRWYHnfdG4I8F/iX5XzqFlAJ/hIm8VUvCATpdlR0n:+7TIKYstHnVxI8+XzqFlAJ/hIwCcpdi
                                                                                                  MD5:00F1A382F8F5E0950CB9BA4A4F3FD478
                                                                                                  SHA1:BBA2DE6051BDD9B596F66312F2E2296C370E2D93
                                                                                                  SHA-256:E42E748F28E944F9A3A7FAD19E686B856BC60B3E0128DE94E6CD7619A7D24071
                                                                                                  SHA-512:2D8F502F51FCF066BF8C420CA2C86FE4EC6274AB0DA5A5266293225910C9A0DFB6D5C529A9FD0DA6FF4952BAC385FCE2885757DE81A4DB2D7F5C10CDDD539C0E
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.(G..|..G..}.@G....HG....MG....UG....]G....eG....lG....sG....zG....{G....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....>H....EH....HH....IH....PH....XH....cH....gH....nH....yH.....H.....H.....H.....H..*..H..+..H..,..H../..I..0..I..1.6I..2.BI..3.SI..4.mI..5..I..6..I..7..I..>..I..?..I..N..I..g..J..i..J..j..J..k..J..l..J...]!J...]LJ...]pJ...].K...].K...]=K...]MK...]\K...].K...].K...]@L...]RL...]YL...]bL...^xL...^.L...^.L...^.L...^nM...^.M...^.M...^.M...^.M...^.M...^.M...^.N...^.N...^%N...^`N...^hN...^{N..%^.N..&^.N..'^.N..)^.N..*^.O..+^.O..,^)O..-^/O...^DO../^jO..0^.O..1^NP..2^.P..3^.P..4^.P..5^.P..8^.Q..9^oQ..:^.R..;^.R..<^)R..>^UR..?^.R..@^.S..A^/S..B^<S..C^XS..D^FT..E^.T..F^*U..G^oU..I^.U..K^.U..L^.U..M^.U..N^.U..O^.U..T^.V..U^EV..V^.V..W^.V..X^.V..Y^)W..Z^.W..[^.W..\^.X..]^FX..b^.X..d^.X..e^.X..f^.X..g^.Y..h^(Y..i^9Y..j^:Y..k^IY..l^LY..o^eY..p^.Y..q^.Y..r^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\nl.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128369
                                                                                                  Entropy (8bit):5.355883393524085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:/PXjFQh8YD5L3O4DjhJk8YIAJ/HgHkIINe2A4Tie1oWnV:/uhzOSYzbYOnV
                                                                                                  MD5:2D4BBBF2E9459992252D62AB1A152D30
                                                                                                  SHA1:78E696C8B30F2B4A113B72A92C0A011AA7D777BE
                                                                                                  SHA-256:4D450B5659EA7BB907728E2B8F48D77A43DC18024E2A15E749F5A760D4144571
                                                                                                  SHA-512:3325DBCF891A55E06D2D106046D0E0589DAE5E437B4437B929672150735B38DCF39AFCCF0FADB2C43DD1484F3726ECF9B0EE1641BDE7BB31A84B88790E9CAD55
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....)H....=H....PH....kH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.#I..+.&I..,.DI../.UI..0._I..1..I..2..I..3..I..4..I..5..I..6..J..7.7J..>.TJ..?.aJ..N.pJ..g.}J..i..J..j..J..k..J..l..J...].J...].J...].J...]eK...]mK...].K...].K...].K...].K...].K...].L...].L...].L...].L...^.M...^.M...^:M...^[M...^.M...^"N...^*N...^UN...^^N...^xN...^.N...^.N...^.N...^.N...^.N...^.N...^.N..%^.O..&^.O..'^.O..)^ZO..*^xO..+^.O..,^.O..-^.O...^.O../^.O..0^HP..1^.P..2^.Q..3^"Q..4^OQ..5^^Q..8^rQ..9^.Q..:^.R..;^.R..<^.R..>^.R..?^`S..@^.S..A^.S..B^.S..C^.S..D^.U..E^.U..F^.V..G^KV..I^nV..K^wV..L^.V..M^.V..N^.V..O^.V..T^.W..U^:W..V^.W..W^.W..X^.W..Y^.X..Z^lX..[^.X..\^.X..]^(Y..b^.Y..c^.Y..d^.Y..e^.Y..f^.Y..g^.Y..h^.Z..i^.Z..j^.Z..k^&Z..l^)Z..o^GZ..p^qZ..q^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\pl.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):139797
                                                                                                  Entropy (8bit):5.7397990834880295
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:J7f9ehB1p5o8mmIRMa8oc/1QatCDYezNFOOjAJ/V4KNsNYziU3YxnyL4:J7f92BL9Zh1QaSNF5AJ/V4NYziU3YZ7
                                                                                                  MD5:999ED3F4123A1479D43AB2DC9028EDE9
                                                                                                  SHA1:346A3C515D01929A4FE3B33C42A3AAD5FE731843
                                                                                                  SHA-256:4174B220824334D04BAD161309D342A647433FAE7C353432E34EAF49EC8787CB
                                                                                                  SHA-512:ABFB66F0826E88AD2E1C5850C14AD03A9DAF96239E1B675C7442659B9851F202F73B4BA98FF494719683E5C4EEA5CE8756533AF609218E83A47D61730F28E9A6
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.)G..y./G..z.>G..|.DG..}.VG....^G....cG....kG....sG....{G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....3H....AH....PH....fH....}H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....'I..*.2I..+.5I..,.SI../.|I..0..I..1..I..2..I..3..I..4..I..5..J..6.CJ..7.\J..>.uJ..?.~J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].K...].L...]=L...].M...].M...].M...].M...^.N...^.N...^0N...^eN...^.N...^.O...^.O...^FO...^UO...^{O...^.O...^.O...^.O...^.O...^.O...^.P..%^.P..&^ P..'^-P..)^yP..*^.P..+^.P..,^.P..-^.P...^.P../^.Q..0^.Q..1^.Q..2^bR..3^.R..4^.R..5^.R..8^.R..9^VS..:^.T..;^.T..<^(T..>^`T..?^.T..@^.U..A^.U..B^.U..C^.U..D^.W..E^.X..F^?Y..G^xY..I^.Y..K^.Y..L^.Y..M^.Y..N^.Y..O^.Y..T^3Z..U^WZ..V^.Z..W^.Z..X^.Z..Y^.[..Z^e[..[^.[..\^.[..]^"\..b^.\..c^.\..d^.\..e^.\..f^.\..g^.\..h^.\..i^.]..j^.]..k^%]..l^(]..o^=]..p^e]..q^.]..r^.]

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\pt-BR.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133496
                                                                                                  Entropy (8bit):5.415308981100393
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:Dw3h5p48XUV79Xcg7CHFD6XDcc4jHiWXBzOAJ/S0Y0q4qc6x0xGUsTQ5iM0mR:Dw3hY3V7egs5wDccaDXBaAJ/TMzM0w
                                                                                                  MD5:31556D02BA0EE812EBDA678E3B70B1F7
                                                                                                  SHA1:A2468245936DCE8B2944A66C7562EF4745F64FF7
                                                                                                  SHA-256:9D93FDB7F9D0D7833EBEF8EA7016F952301075E714A4918C6A3D5338FEC08FFE
                                                                                                  SHA-512:3B6EF3AD2D0115E9694A879E127ECF067D8DF03F0875EBED4427BC674C0C9CC0DEB591FEDA9DF120062C3A59D65FE952727B2A59F352A096887449A0745C8FE5
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.%G..y.+G..z.:G..|.@G..}.RG....ZG...._G....gG....oG....wG....~G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....&H....0H....BH....SH....iH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.)I..+.,I..,.JI../.[I..0.dI..1..I..2..I..3..I..4..I..5..I..6.$J..7.8J..>.PJ..?.[J..N.pJ..g.|J..i..J..j..J..k..J..l..J...].J...].J...].J...]gK...]oK...].K...].K...].K...].K...].K...]UM...]mM...]uM...]{M...^.M...^.M...^.M...^.M...^LN...^rN...^yN...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^9O...^=O...^SO..%^YO..&^hO..'^vO..)^.O..*^.O..+^.O..,^.O..-^.P...^'P../^VP..0^.P..1^4Q..2^.Q..3^.Q..4^.Q..5^.Q..8^.R..9^.R..:^.S..;^.S..<^.S..>^.S..?^ST..@^.T..A^.T..B^.T..C^.U..D^.V..E^]W..F^.X..G^ZX..I^.X..K^.X..L^.X..M^.X..N^.X..O^.X..T^.Y..U^CY..V^.Y..W^.Y..X^.Y..Y^.Y..Z^`Z..[^.Z..\^.[..]^<[..b^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^&\..j^'\..k^8\..l^;\..o^]\..p^.\..q^.\..r^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\pt-PT.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133827
                                                                                                  Entropy (8bit):5.406788102503695
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:6m13PAqnyVM/oEqsQX3rdc0bvjIFQBAJXHdvxz2qKHiLXLLaH5619n:6muqnyVMUsQX3rKVFQBAJXbLnaH5619n
                                                                                                  MD5:B7456478AB25DA7A037689ECF9FC39B1
                                                                                                  SHA1:6CACB9E84AF6ADB490B92CAA6A24DEF7114266AD
                                                                                                  SHA-256:F07D58C568707C6DE882A19E260C9F97751BF750237FC0BF3556BA95995F5442
                                                                                                  SHA-512:9F71AC8F21C64E4B8C93ECDA70C47CC697395E0E67D8B4A8AB4D2C1F95F4D5644AEC87DF2E058526534BD4D65130D600443D3BAAF6AD32BCCE5BB994C506159B
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.+G..y.1G..z.@G..|.FG..}.XG....`G....eG....mG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H...."H....,H....@H....TH....kH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....'I..*./I..+.2I..,.PI../.gI..0.rI..1..I..2..I..3..I..4..I..5..J..6.MJ..7.aJ..>.wJ..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].K...].K...].K...](L...]8L...]EM...]]M...]gM...]mM...^}M...^.M...^.M...^.M...^iN...^.N...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^,O...^cO...^qO...^.O..%^.O..&^.O..'^.O..)^.P..*^+P..+^;P..,^IP..-^SP...^vP../^.P..0^.Q..1^.Q..2^.R..3^.R..4^IR..5^WR..8^sR..9^.S..:^.S..;^.T..<^!T..>^bT..?^.T..@^DU..A^`U..B^xU..C^.U..D^.V..E^5W..F^.W..G^.W..I^%X..K^-X..L^9X..M^BX..N^QX..O^.X..T^.X..U^.Y..V^tY..W^.Y..X^.Y..Y^.Y..Z^OZ..[^.Z..\^.Z..]^)[..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^.\..j^.\..k^'\..l^*\..o^@\..p^p\..q^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ro.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136702
                                                                                                  Entropy (8bit):5.445627159958296
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:WmIEoOqbh1lVpb6k3aveNmpoKyVwRHpDv2QnvAJ/KpsPlJtWCXh6YuvVBMPMs:AtVpGya2NGpr2iAJ/bPnXh6YuvfG5
                                                                                                  MD5:B665411D1B5570903F8E4C2501F977D5
                                                                                                  SHA1:CB8D98CF3E053C278F8B93D734FD2B1A42B6F322
                                                                                                  SHA-256:8DA674ABE460D1E2824A13338D29344BAE2F092FD94082D71EE91389F8822D69
                                                                                                  SHA-512:BDCB8E626DB816C1DB5C60489064D4BA4720381889A36E3D80D00E9988332EC6529107D9B3EF062B9BCC2AFDFE75EC55C8F08BA06D908B07D772D2547C7B4CF1
                                                                                                  Malicious:false
                                                                                                  Preview:..........).j.zF..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..G..z..G..|..G..}.,G....4G....9G....AG....IG....QG....XG...._G....fG....gG....hG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....,H....GH....eH....lH....oH....pH....|H.....H.....H.....H.....H.....H.....H.....H.....H.....I..*.$I..+.'I..,.EI../._I..0.pI..1..I..2..I..3..I..4..I..5..I..6.5J..7.JJ..>.aJ..?.iJ..N.xJ..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...]mK...]tK...].K...].K...].K...].L...]"L...]eM...]zM...].M...].M...^.M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^%O...^.O...^@O...^SO...^dO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^ P..*^AP..+^UP..,^kP..-^sP...^.P../^.P..0^/Q..1^.Q..2^.Q..3^.R..4^<R..5^LR..8^cR..9^.R..:^.S..;^.S..<^.S..>^.S..?^[T..@^.T..A^.T..B^.U..C^'U..D^.V..E^CW..F^.W..G^.X..K^6X..L^DX..M^LX..N^[X..O^.X..T^.X..U^.X..V^aY..W^|Y..X^.Y..Y^.Y..Z^.Z..[^\Z..\^.Z..]^.Z..b^`[..d^k[..e^p[..f^r[..g^.[..h^.[..i^.[..j^.[..k^.[..l^.[..o^.[..p^.\..q^(\..r^a\..s^y\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ru.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):213507
                                                                                                  Entropy (8bit):5.024482756621217
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:8EaX+/KuMHVOorn+T52wdOrsL489QgIv7RW9o3MfZyLv9Y+YDdVxPA:8EaX+/KuMHVOorn+T52wdOrsL489QgI9
                                                                                                  MD5:848ED63D29215F8B7D002F8D731DB13C
                                                                                                  SHA1:1A33D0ABFC5F4237E63440AB04A698AC4F230EC6
                                                                                                  SHA-256:CF4D6FA2C4A8F828FB11D464F504DDBBFF5ABAB9CC78CBA326BB8EAFCFCDF812
                                                                                                  SHA-512:2A1F75D2AAC4075DD43F816FA0B5D7949B1591E53BC711A69DD5540A3A6AD502648F7C6681DB7632B869553FF24EA43AB7CB4CE4B646C022FB88F0ACE97A3C7F
                                                                                                  Malicious:false
                                                                                                  Preview:..........J.j.8F..k.GF..l.RF..n.ZF..o._F..p.lF..q.rF..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....G.....G.....G.....G....$G....%G....&G....~G.....G.....G.....G.....G.....G.....G.....H...."H....4H....SH....vH.....H.....H.....H.....H.....H.....H.....H.....H.....I.... I....8I....BI....NI.....I.....I..*..I..+..I..,..J../.%J..0.6J..1..J..2..J..3..J..4..J..5.'K..6..K..7..K..>..K..?..K..N..L..g.'L..i.*L..j..L..k.7L..l.CL...]HL...].L...].L...].M...].M...].N...]:N...]^N...].N...].N...].R...].R...].S...].S...^-S...^?S...^iS...^.S...^.T...^.T...^.T...^.U...^OU...^.U...^.U...^.U...^.U...^.U...^\V...^yV...^.V..%^.V..&^.V..'^.V..)^OW..*^.W..+^.W..-^.W...^.W../^%X..0^.Y..1^.Y..2^.Z..3^.Z..4^.Z..5^.Z..8^D[..9^0\..:^p]..;^.]..<^.]..>^.]..?^.^..@^"`..A^/`..B^I`..C^.`..D^.d..E^.e..F^]g..G^.g..K^.g..L^.h..M^0h..N^Ih..O^.h..T^.i..U^Ui..V^.i..W^%j..X^Sj..Y^.j..Z^*k..[^.k..\^$l..]^ll..b^Am..d^Wm..e^am..f^gm..g^.m..h^.m..i^.m..j^.m..k^.n..l^!n..o^]n..p^.n..q^.n..r^,o..s^Ro..t^~o

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\sk.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):141995
                                                                                                  Entropy (8bit):5.773757591863307
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:5lfLiyHHuaQRmAJ/4ckM+zBHCYeQrGw5Pa:7TpHuaQR0Gh
                                                                                                  MD5:0B9599388DEC973FFEC68A5738A848F4
                                                                                                  SHA1:0A0AAF4F9618CF867A1BF1E5BC6B8B21B46C4870
                                                                                                  SHA-256:E7038A23BE62E4A476960B935A6C528AAEFB781B28FDB7E24B3D830B5C02F10E
                                                                                                  SHA-512:5EE7AEAAF1BE25DDC86694A16CA595872F2A9DCF1E48D0189D3A1EEF425629ABDC814FF32A8B288B468AB4F263953618C4363D033EF7AEC2BAE0072129DD1F9A
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v. G..w.-G..y.3G..z.BG..|.HG..}.ZG....bG....gG....oG....wG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....$H....8H....FH....WH....gH....zH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....'I..*.1I..+.4I..,.RI../.cI..0.mI..1..I..2..I..3..I..4..I..5..I..6.6J..7.KJ..>.bJ..?.lJ..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].L...]EL...]UL...].N...].N...].N...]%N...^=N...^GN...^iN...^.N...^&O...^RO...^WO...^.O...^.O...^.O...^.O...^.O...^.O...^.P...^BP...^OP...^bP..%^jP..&^yP..'^.P..)^.P..*^.P..+^.Q..,^.Q..-^ Q...^7Q../^fQ..0^.Q..1^LR..2^.R..3^.R..4^.R..5^.S..8^%S..9^.S..:^pT..;^.T..<^.T..>^.T..?^OU..@^.U..A^.V..B^$V..C^EV..D^.X..E^.Y..F^.Y..G^>Z..I^_Z..K^gZ..L^vZ..M^.Z..N^.Z..O^.Z..T^"[..U^J[..V^.[..W^.[..X^.[..Y^.\..Z^h\..[^.\..\^.\..]^%]..b^.]..c^.]..d^.]..e^.]..f^.]..g^.]..h^.]..i^.^..j^.^..k^,^..l^/^..o^K^..p^.^..q^.^..r^.^

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\sl.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):135567
                                                                                                  Entropy (8bit):5.468430155460571
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:hHcfu74qyRw1uW3NTDPAJ/hIqTCO5i/fzXzZQqu:hHiuyq3FgIsi/fzXNQqu
                                                                                                  MD5:3BF6C4AA2129B4B535637AA6727FB1E9
                                                                                                  SHA1:569BCFAB7176BB9833A02B5853BBBEB3165538CC
                                                                                                  SHA-256:CBFF2DBB38D4D95FE7C811E0ABDB0B92AAD621E5C2C1EEDA3C394DCE5CF1D34F
                                                                                                  SHA-512:779CED23ADC89AF08F43531056B7195D253B7EA021439F73F0C9F9B49969153A2044E90ACC0BDA3C14D3B3E68F772F5CF8611F954B5B9CB0370D252A484CA36E
                                                                                                  Malicious:false
                                                                                                  Preview:..........!.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.$G..|.*G..}.<G....DG....IG....QG....YG....aG....hG....oG....vG....wG....xG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....-H....BH....YH....`H....cH....dH....oH....wH....}H.....H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../.?I..0.II..1.zI..2..I..3..I..4..I..5..I..6..J..7..J..>.4J..?.>J..N.LJ..g.XJ..i.[J..j._J..k.fJ..l.nJ...]sJ...].J...].J...]cK...]iK...].K...].K...].K...].K...].K...].M...].M...].M...].N...^2N...^<N...^bN...^.N...^'O...^UO...^\O...^.O...^.O...^.O...^.O...^.O...^.O...^&P...^/P...^KP..%^QP..&^jP..'^xP..)^.P..*^.P..+^.P..,^.Q..-^.Q...^/Q../^SQ..0^.Q..1^/R..2^.R..3^.R..4^.R..5^.R..8^.R..9^gS..:^.T..;^.T..<^)T..>^\T..?^.T..@^.U..A^.U..B^.U..C^.U..D^.X..E^.Y..F^.Z..G^.Z..I^.Z..K^.Z..L^.[..M^.[..N^#[..O^C[..T^.[..U^.[..V^.\..W^.\..X^'\..Y^a\..Z^.\..[^.\..\^A]..]^a]..b^.]..c^.]..d^.]..e^.]..f^.]..g^.^..h^&^..i^8^..j^9^..k^K^..l^N^..o^n^..p^.^..q^.^..r^._

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\sr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):202805
                                                                                                  Entropy (8bit):4.966841321768272
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:+p95+Dq+4SjoFDq949M6oG3LFYJLajlw+f1SsSZXDn37skAJ/BBn0yh9KlQc+NAy:K95FOoDT9M6ea+sS1r37sTn59b0/k/ZN
                                                                                                  MD5:9F9570670D844A1B14B256A7584665E8
                                                                                                  SHA1:5B5CF46415662CC1CE4D93B876F4C45389AEDFC2
                                                                                                  SHA-256:ABCEE52DEB7382D84DE334C3228711A62A7D21D9A2CE506385805EEA0ED716F4
                                                                                                  SHA-512:D38FCA2D639E32F5EF90DFAAC04AEF0CCFBCC409619ACEC6535B5401502B7141F6EB24F574DB97A7ABC550B8E35E93CBC62A4A0F7494C56537FB670F19E02F8E
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v.$G..w.1G..y.7G..z.FG..|.LG..}.^G....fG....kG....sG....{G.....G.....G.....G.....G.....G.....G.....G.....H....6H....[H.....H.....H.....H.....H.....H.....H.....H.....I....8I....VI....]I....`I....aI....kI....wI.....I.....I.....I.....I.....I.....I....1J....dJ..*.yJ..+.|J..,..J../..J..0..J..1.*K..2.AK..3.ZK..4..K..5..K..6.3L..7.[L..>..L..?..L..N..L..g..L..i..L..j..L..k..L..l..L...].L...]>M...].M...].N...].N...].N...].N...].O...]wO...].O...]7R...]sR...].R...].R...^.R...^.R...^.R...^MS...^PT...^.T...^.T...^.T...^.U...^oU...^.U...^.U...^.U...^.U...^QV...^aV...^.V..%^.V..&^.V..'^.V..)^_W..*^.W..+^.W..,^.W..-^.X...^7X../^{X..0^9Y..1^.Y..2^}Z..3^.Z..4^.Z..5^.Z..8^.[..9^.[..:^.\..;^.\..<^.]..>^v]..?^L^..@^]_..A^s_..B^._..C^._..D^.b..E^,d..F^.e..G^.f..I^<f..K^Hf..L^ef..M^uf..N^.f..O^.f..T^4g..U^.g..V^&h..W^Oh..X^th..Y^.h..Z^Li..[^.i..\^Jj..]^xj..b^Mk..c^[k..d^mk..e^wk..f^.k..g^.k..h^.k..i^.k..j^.k..k^.l..l^.l..o^Il..p^.l..q^.l

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\sv.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):124359
                                                                                                  Entropy (8bit):5.508086107251322
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:UMEKocfz89KPmp1vWZtgKqrAuxHcShbWe2wAJ/0b1+rrx:UMJI9vpPbI
                                                                                                  MD5:C0EB9DC359EAD97302591D09A4D80C81
                                                                                                  SHA1:5569C326861E80DD05AA49A74D77815364915AF1
                                                                                                  SHA-256:B34E855F518A2041E4BBD7B5C269E35E7DFAA431FDD876FC0AAC38B887E65AFF
                                                                                                  SHA-512:B488831AA6219A246D0CDC370DC7B95FC07754702447964737EB53B9D5F64092E8873032BC40E8AF9270388BB1B655B4F06D6DE304B85B32FDD297959534D06D
                                                                                                  Malicious:false
                                                                                                  Preview:..........#.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z. G..|.&G..}.8G....@G....EG....MG....UG....]G....dG....kG....rG....sG....tG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....1H....BH....IH....LH....MH....UH....]H....hH....nH....vH.....H.....H.....H.....H.....H..*..H..+..H..,..H../..I..0..I..1.HI..2.RI..3.]I..4..I..5..I..6..I..7..I..>..I..?..I..N..J..g..J..i..J..j..J..k.$J..l.)J...].J...]]J...].J...].K...].K...]@K...]PK...]bK...].K...].K...]uL...].L...].L...].L...^.L...^.L...^.L...^"M...^.M...^.M...^.M...^.M...^.M...^.N...^.N...^#N...^;N...^IN...^.N...^.N...^.N..%^.N..&^.N..'^.N..)^.O..*^0O..+^BO..,^NO..-^SO...^qO../^.O..0^.P..1^eP..2^.P..3^.P..4^.Q..5^)Q..8^CQ..9^.Q..:^lR..;^~R..<^.R..>^.R..?^2S..@^.S..A^.S..B^.S..C^.S..D^.T..E^&U..F^.U..G^.U..I^.V..K^.V..L^.V..M^$V..N^0V..O^WV..T^.V..U^.V..V^%W..W^;W..X^KW..Y^qW..Z^.W..[^.X..\^RX..]^yX..b^.X..c^.X..d^.Y..e^.Y..f^.Y..g^'Y..h^=Y..i^XY..j^YY..k^iY..l^lY..o^.Y..p^.Y..q^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\sw.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128671
                                                                                                  Entropy (8bit):5.3456626209237825
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:lg2BYLIYC9tUDiGypkjnfNPXIAJ/AtVPGuLeH+hJHw2L:lg2vtUDiGLfSwH+hJHw2L
                                                                                                  MD5:9CD6230B42F2F99D9580F7EF84508F9C
                                                                                                  SHA1:4F9D82E3C39F2B0D3B0CC32733254AAF38E811B2
                                                                                                  SHA-256:FE18B3E9E275D7330706DD19F4AF603A8AD899138374BFCBA8E2C6764F94C190
                                                                                                  SHA-512:46A07A61EE7A70B4D261C16D2FEF6F0E8A35CAF371E33E05CA1DC3BDC7F3D304C1DBDB34DDBA7B6BC573A6A58E170D9250CB1B6A4AD8AE6E255704416C022607
                                                                                                  Malicious:false
                                                                                                  Preview:..........".j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z."G..|.(G..}.:G....BG....GG....OG....WG...._G....fG....mG....tG....uG....vG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....(H....;H....OH....eH....lH....oH....pH....wH....|H.....H.....H.....H.....H.....H.....H.....H.....H..*..I..+..I..,.+I../.KI..0.NI..1..I..2..I..3..I..4..I..5..I..6..J..7.,J..>.HJ..?.QJ..N.lJ..g.xJ..i.{J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].L...]*L...]LM...]_M...]cM...]qM...^.M...^.M...^.M...^.M...^aN...^.N...^.N...^.N...^.N...^.O...^.O...^#O...^FO...^UO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^-P..*^_P..+^pP..,^|P..-^.P...^.P../^.P..0^2Q..1^.Q..2^$R..3^;R..4^kR..5^zR..8^.R..9^5S..:^.S..;^.T..<^.T..>^QT..?^.T..@^$U..A^5U..B^HU..C^lU..D^zV..E^.W..F^gW..G^.W..I^.W..K^.W..L^.W..M^.W..N^.W..O^.X..T^cX..U^.X..V^.X..W^.Y..X^.Y..Y^IY..Z^.Y..[^.Y..\^>Z..]^aZ..b^.Z..d^.Z..e^.Z..f^.[..g^.[..h^/[..i^B[..j^C[..k^\[..l^_[..o^|[..p^.[..q^.[..r^.\..s^&\

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\ta.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):313562
                                                                                                  Entropy (8bit):4.239267478834166
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:SbAjkXB8AVWfEiKV2QwQw+z0vBRiE2k4ca6QVW640akLJse1oQXR2qtR+lAJ/R+i:SbAjkXBdVWDG0vCtRSAJ/v
                                                                                                  MD5:AFBB6F8A11ECB993E73A530E2682848C
                                                                                                  SHA1:950D0FA6CD4338084B5FFA72EB49F79B07830466
                                                                                                  SHA-256:3D16A99568173AD5760BF195B047C8850E39EC8D308A94F6C81CF7BA733F6F5F
                                                                                                  SHA-512:74EE545CDCE2E263BC33279325E0C72336575B36DE7DFE145897964CDE7EB57429CDFF082EC5A06E7F46F75E9BC6D5C4CC3DCA395745E990092CDAC27E56F129
                                                                                                  Malicious:false
                                                                                                  Preview:..........<.j.TF..k.cF..l.nF..n.vF..o.{F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..G.....G.....G.....G....#G....+G....2G....9G....@G....AG....BG.....G.....H....8H....xH.....H.....H.....H.....H.....I....;I....{I.....I.....I....'J.....J....1J....2J....PJ....nJ.....J.....J.....J.....J.....J.... K.....K.....K..*..L..+..L..,.5L../.lL..0..L..1..M..2.JM..3.rM..4..M..5.QN..6..N..7.+O..>..O..?..O..N..O..g..O..i..O..j..O..k..O..l..P...].P...].P...].P...].R...].R...].R...]7S...].S...]ZT...].T...]9W...]mW...].W...].W...^.W...^.W...^SX...^.X...^.Z...^.Z...^.Z...^.Z...^.[...^c[...^u[...^.[...^.[...^.\...^.\...^.\...^.\..%^.\..&^1]..'^V]..)^$^..*^y^..+^.^..,^.^..-^._...^k_../^._..0^.a..1^.b..2^.c..3^.d..4^.d..5^.d..8^1e..9^.f..:^.h..;^.h..<^#i..>^.i..?^'k..@^)l..A^.l..B^.l..C^Lm..D^.o..E^.q..F^!r..G^!s..I^ws..K^.s..L^.s..M^.s..N^.t..O^qt..T^Eu..U^.u..V^.v..W^.v..X^Rw..Y^.w..Z^.y..[^.y..\^.z..]^,{..b^.|..c^.|..d^.}..e^.}..f^)}..g^i}..h^.}..i^.}..j^.}..k^.~..l^.~..o^.~..p^.~..q^<.

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\te.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):292506
                                                                                                  Entropy (8bit):4.456018055206471
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:XmgBEAYbTaJAuJLtobDpOr/gTipfJiUvqdWASw6Q7wdis5eRNwJLvM:XyAYbTaJAuJLtobDpOr/gTipfJiUvqdd
                                                                                                  MD5:5F441DE15CED6697594E8BC066297348
                                                                                                  SHA1:33C64379EC7297404E8AA4A4BA5A7155CD69DC90
                                                                                                  SHA-256:4AB6FBF03177BD7AD0908318D5AFFD0CAD142EC5E9ED560043E6B76E590BA995
                                                                                                  SHA-512:DAC2982DD5E9337FC3443A87D5DCBBFF46F0FEFDF9E163624BBA1ACD1528F543C84E2A088A83A749543E7B764607C16F1AB1C6C4F9504EFF48180A30681570F3
                                                                                                  Malicious:false
                                                                                                  Preview:..........".j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z."G..|.(G..}.:G....BG....GG....OG....WG...._G....fG....mG....tG....uG....vG.....G....-H....aH.....H.....H.....H.....H.....I....<I....mI.....I.....I.....I.....J....!J....$J....&J....MJ....tJ.....J.....J.....J.....J.....K.....K.....K.....K..*. L..+.#L..,.AL../.xL..0..L..1.-M..2.PM..3.yM..4..M..5..N..6..N..7..N..>.#O..?.6O..N.sO..g..O..i..O..j..O..k..O..l..O...].O...]0P...].P...]=R...]XR...].R...].R...]/S...].S...].T...].U...].V...].V...](V...^oV...^.V...^.V...^KW...^.X...^.Y...^$Y...^.Y...^.Y...^6Z...^TZ...^.Z...^.Z...^.[...^.[...^.[...^!\..%^@\..&^|\..'^.\..)^s]..*^.]..+^.^..,^G^..-^e^...^.^../^._..0^.`..1^:a..2^cb..3^.b..4^.b..5^.c..8^mc..9^$e..:^%g..;^<g..<^.g..>^.h..?^fi..@^@j..A^|j..B^.j..C^.k..D^Qm..E^<n..F^.o..G^.o..I^Hp..K^jp..L^.p..M^.p..N^.p..O^Pq..T^'r..U^.r..V^.s..W^.s..X^?t..Y^.t..Z^.u..[^Gv..\^.w..]^gw..b^.x..c^.x..d^.x..e^.x..f^.x..g^Ly..h^.y..i^.y..j^.y..k^)z..l^,z..o^.z..p^.z..q^-{

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\th.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):246816
                                                                                                  Entropy (8bit):4.526207320870026
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Oj8nCJFkcSCkIO+CSGHIqXqWmh+OqeZK8QyYo2w1p7GZuRM5aQxFvM4Obhi8ltOX:OAnsFkcSCkIO+CSGHIqXqWmh+OqeZK80
                                                                                                  MD5:F0A3CE8609D1CEA58D4D0DFC47D433F9
                                                                                                  SHA1:9F0497E31AC881960C2B9CE3F75FAC98D6EE300B
                                                                                                  SHA-256:31F31B2985C2AB430D373DD3D79821DB0674EDEE163B4AE74DC362051CCC1491
                                                                                                  SHA-512:0A722FE6373F0F64A844A8BD79CFF66707E158A908292DB8F5EE883E4732FC55864B06554988836A07039BEFC4020CB837883851DA0455F070BCB63DF390D919
                                                                                                  Malicious:false
                                                                                                  Preview:..........b.j..F..k..F..l..F..o.%F..p.2F..q.8F..r.GF..s.XF..t.aF..v.vF..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F....GG....kG.....G.....G.....H....0H....4H....FH....^H.....H.....H.....H.....H.....I.....I.....I....5I....VI....hI....qI.....I.....I.....I.....I....BJ....wJ..*..J..+..J..,..J../..J..0..J..1.sK..2..K..3..K..4..K..5.>L..6..L..7..L..>."M..?.SM..N.kM..g.~M..i..M..j..M..k..M..l..M...].M...].N...]HN...]]O...]oO...].O...].O...]SP...].P...]cR...].R...].R...].R...^.S...^ S...^kS...^.S...^.T...^.U...^.U...^.U...^.U...^.U...^.U...^.V...^IV...^jV...^.V...^.W...^lW..%^~W..&^.W..'^.W..)^aX..*^.X..+^.X..,^.X..-^.Y...^DY../^.Y..0^.Z..1^.[..2^.\..3^.]..4^Y]..5^w]..8^.]..9^.^..:^.`..;^.`..<^.`..>^Qa..?^&b..@^.b..A^.c..B^:c..C^.c..D^.f..E^.f..F^.g..G^Ph..I^.h..K^.h..L^.h..M^.h..N^.h..O^<i..T^.i..U^.j..V^.k..W^-k..X^Kk..Y^.k..Z^Xl..[^.m..\^.m..]^.m..b^.o..d^,o..e^;o..f^Ao..g^qo..h^.o..i^.o..j^.o..k^.p..l^.p..o^Ap..p^pp..q^.p..r^.q..s^)q..t^tq

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\tr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):131303
                                                                                                  Entropy (8bit):5.614477997540201
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:h9Jxt4IyitGJmAMvUsPnnNtOLlh74OfkiO8ru0j19S4jiRRhdaMEi4AJ/Nwi1PLP:x4VJmAWvR0MEAwiBBlnH
                                                                                                  MD5:FE23B2095B245AE359C449CF3AE2D4C4
                                                                                                  SHA1:56AF0705886551389DEDB9BA1D9BECC682321977
                                                                                                  SHA-256:48B76D081B4398C7AF10BE207751EF3BF67720700C35B17196A4AA0C94526208
                                                                                                  SHA-512:94B81F5469620BB7545F3CCDA35845861E92FF7D29351A7F562AC861F718454D3D8DFF324CFC904E484F5551D952BC338F24E284F585A714FFFFF5F3A5445F64
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.'G..y.-G..z.<G..|.BG..}.TG....\G....aG....iG....qG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....H....(H....*H.....H....5H....?H....OH...._H....qH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....1I..*.7I..+.:I..,.XI../.oI..0.xI..1..I..2..I..3..I..4..I..5..J..6.<J..7.YJ..>.~J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].K...].K...].L...]OL...]VL...]KM...]dM...]kM...]qM...^.M...^.M...^.M...^.M...^.N...^.N...^.N...^.O...^.O...^)O...^1O...^<O...^VO...^gO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^=P..*^cP..+^rP..,^.P..-^.P...^.P../^.P..0^=Q..2^.Q..3^.Q..4^.Q..5^.Q..8^.R..9^.R..:^aS..;^rS..<^.S..>^.S..?^9T..@^.T..A^.T..B^.T..C^.T..D^ V..E^.V..F^.V..G^.W..I^MW..K^SW..L^dW..M^mW..N^{W..O^.W..T^.W..U^.X..V^rX..W^.X..X^.X..Y^.X..Z^DY..[^.Y..\^.Y..]^.Z..b^.Z..c^.Z..d^.Z..e^.Z..f^.Z..g^.Z..h^.Z..i^.Z..j^.Z..k^.Z..l^.[..o^#[..p^N[..q^k[..r^.[

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\uk.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):216199
                                                                                                  Entropy (8bit):5.057813342706528
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:/J01cJI2B3IjHVzDFjqCKTASYagFczOAJ/ILNiXEMQOCqWiqrEb4UdsHh:iuJI2B3IjHB0TMWz2LNiXEoCqWiq5B
                                                                                                  MD5:6027526062E6F51A7C99FEEBC9AE1947
                                                                                                  SHA1:10D7346A8D6A4DADB48BF7720303EF39F76A564A
                                                                                                  SHA-256:5DDF9212CBC6696941547B2E57B02092517BFF6E70529F2EE14D0F593610E14F
                                                                                                  SHA-512:52178A648747F3247E32183CDB36ECC9A6314B2BEFA91CAE28D5110C479F5D1FF59AD2C802A75288C17650DE5A2EBCF369E04E760259015FF855FF8299DD9F3D
                                                                                                  Malicious:false
                                                                                                  Preview:..........%.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z..G..|."G..}.4G....<G....AG....IG....QG....YG....`G....gG....nG....oG....pG.....G.....G.....H....6H....xH....zH....~H.....H.....H.....H.....H.....I....'I....II....PI....SI....TI....dI....vI.....I.....I.....I.....I.....I.....I....,J....\J..*.mJ..+.pJ..,..J../..J..0..J..1.EK..2.^K..3.|K..4..K..5..K..6.<L..7._L..>..L..?..L..N..L..g..L..i..L..j..L..k..L..l..L...].L...]?M...]nM...].N...].N...].N...].O...];O...].O...].O...];S...]_S...]mS...]{S...^.S...^.S...^.S...^4T...^1U...^.U...^.U...^.U...^.U...^"V...^6V...^UV...^sV...^.V...^.V...^.W...^ W..%^0W..&^NW..'^kW..)^.W..*^9X..+^XX..,^yX..-^.X../^.X..0^]Y..1^.Z..2^.Z..3^.[..4^`[..5^.[..8^.[..9^.\..:^.]..;^.]..<^.^..>^s^..?^C_..@^.`..A^.`..B^.a..C^Ia..D^re..E^rg..F^.h..G^Ii..I^wi..K^.i..L^.i..M^.i..N^.i..O^"j..T^.j..U^.j..V^.k..W^.k..X^.k..Y^Hl..Z^.l..[^fm..\^.m..]^1n..b^(o..d^>o..e^Jo..f^Po..g^.o..h^.o..i^.o..j^.o..k^.o..l^.o..o^%p..p^np..q^.p..r^'q..s^Sq

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\vi.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):155363
                                                                                                  Entropy (8bit):5.800734141236524
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fIALmZzHiKMPnq2Piz+sjoO4294sK+UfclzQa1bwNgqoziL89KAJXSW8LTtdLpFd:6ZzHc0FosK+UfmbMYzig9SVX
                                                                                                  MD5:8D1DE53FF78406C42FE554ACC82B5983
                                                                                                  SHA1:1B80F071914C9A2F071355973DA7FF3D9508298B
                                                                                                  SHA-256:314FF8E069D132D43566143FFE0F5CEBC990A015AC32ED550AC687A4FF78D56F
                                                                                                  SHA-512:D027A534F8DDAC3C953D81BA635A8A3FE452E7295FB2AA7D8B9D5A718FFF7CD619323E3914DD6A17EACECB0C6D6F5129C9E793B2925F65DABEC83B9389DB295D
                                                                                                  Malicious:false
                                                                                                  Preview:..........2.j.hF..k.wF..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}..G...."G....'G..../G....7G....?G....FG....MG....TG....UG....VG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....H....%H....CH....SH....kH....rH....uH....vH.....H.....H.....H.....H.....H.....H.....H.....H.....I....#I..*..I..+.1I..,.OI../.kI..0.xI..1..I..2..I..3..I..4..I..5..I..6./J..7.LJ..>.wJ..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].L...]3L...]uL...].L...].M...].M...].M...].M...^.N...^!N...^ON...^.N...^2O...^rO...^zO...^.O...^.O...^.P...^.P...^$P...^FP...^VP...^.P...^.P...^.P..%^.P..&^.P..'^.Q..)^lQ..*^.Q..+^.Q..,^.Q..-^.Q...^.Q../^!R..0^.R..1^.S..2^.S..3^.S..4^.S..5^.T..8^!T..9^.T..:^.U..;^.U..<^.U..>^/V..?^.V..@^.W..A^.W..B^?W..C^aW..D^.X..E^-Y..F^.Y..G^.Y..I^.Z..K^.Z..L^&Z..M^9Z..N^CZ..O^mZ..T^.Z..U^.Z..V^h[..W^y[..X^.[..Y^.[..Z^E\..[^.\..\^.]..]^1]..b^.^..c^&^..d^/^..e^5^..f^9^..g^S^..h^~^..i^.^..j^.^..k^.^..l^.^..o^.^..p^._..q^#_..r^._

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\zh-CN.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):114748
                                                                                                  Entropy (8bit):6.7174096339004095
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:PyiDrZa1pqA5Rk109nKyeiTAArAJ/dIKqlES:6i81p7vnJcIll1
                                                                                                  MD5:B2E2087F9C688DC3EC45A55742BEDB6A
                                                                                                  SHA1:8EFD0726B46FC67CDA9FDC9989C707C23C7B031C
                                                                                                  SHA-256:2B255293F6C85ABB09162C825AEA120C3E695156EB952D26D1E5F505BA324B37
                                                                                                  SHA-512:2382B2B4D56831BD25D5A3535936D8A1039E00A287BD5AF05628C1A6FC54715FC8AD68AD3F207D6E073A588A66D5FA181E124125E7D1F00A5DE54ED658E5C33E
                                                                                                  Malicious:false
                                                                                                  Preview:..........b.j..F..k..F..l..F..m.&F..o.,F..p.1F..q.7F..r.FF..s.WF..t.`F..v.uF..w..F..|..F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....G.... G....,G....>G....PG....RG....VG....\G....hG....tG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....1H....EH..*.NH..+.QH..,.~H../..H..0..H..1..H..2..H..3..H..4..H..5..I..6.UI..7.jI..>..I..?..I..N..I..g..I..i..I..j..I..k..I..l..I...].I...].I...].J...]yJ...].J...].J...].J...].J...].J...].K...].K...].K...].K...^.K...^.K...^.L...^@L...^.L...^.L...^.L...^.L...^.M...^#M...^)M...^5M...^PM...^bM...^.M...^.M...^.M..%^.M..&^.M..'^.M..)^-N..*^\N..+^kN..,^wN..-^}N...^.N../^.N..0^-O..1^.O..2^9P..3^HP..4^kP..5^wP..8^.P..9^.Q..:^.Q..;^.Q..<^.Q..>^.R..?^tR..@^.R..A^.R..B^.S..C^.S..D^.S..E^^T..F^.T..G^.T..I^.U..K^.U..L^.U..M^.U..N^%U..O^[U..T^.U..U^.U..V^.V..W^EV..X^ZV..Y^.V..Z^.V..[^HW..\^.W..]^.W..b^bX..c^hX..d^nX..e^qX..f^tX..g^.X..h^.X..i^.X..j^.X..k^.X..l^.X..o^.X..p^!Y..q^;Y..r^.Y..s^.Y..t^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\locales\zh-TW.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):114042
                                                                                                  Entropy (8bit):6.719449431220688
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:KzLhdmOXfT3Ud8iCAJ/U/N/9XiPI5hcWTS:o5f4/s/9y0TS
                                                                                                  MD5:32F600C44C8A26FDF518FAFFBCE56B71
                                                                                                  SHA1:7481922ABB60EE20F6FAFF9AE4DC4A55F6E6224E
                                                                                                  SHA-256:1710CEA2EB84E4FEED749E9E497D01E16B1B244D1A621D380226B8AE7CCE07C6
                                                                                                  SHA-512:DA145697AC8D7CE6E8CDF3F6E190C23F9791F4FDC2C1EED2DBC10E8C6377298C4D02DF464752277CD7EC429297860FFE50E7B9DE79632699DD2202B7324F55FE
                                                                                                  Malicious:false
                                                                                                  Preview:..........c.j..F..k..F..l. F..n.(F..o.-F..p.5F..q.;F..r.JF..s.[F..t.dF..v.yF..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....G....(G....4G....CG....RG....VG....ZG....`G....iG....uG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....;H....OH..*.XH..+.[H..,..H../..H..0..H..1..H..2..H..3..H..4..I..5.#I..6.aI..7.vI..>..I..?..I..N..I..g..I..i..I..j..I..k..I..l..I...].I...].I...].J...].J...].J...].J...].J...].J...]%K...]1K...].K...].L...].L...] L...^/L...^5L...^ML...^zL...^.L...^.M...^.M...^?M...^QM...^lM...^rM...^~M...^.M...^.M...^.M...^.M...^.N..%^.N..&^#N..'^/N..)^.N..*^.N..+^.N..,^.N..-^.N...^.N../^.O..0^.O..1^.O..2^vP..3^.P..4^.P..5^.P..8^.P..9^TQ..:^.Q..;^.R..<^ R..>^MR..?^.R..@^.S..A^(S..B^4S..C^LS..D^.T..E^.T..F^.T..G^.U..I^/U..K^5U..L^AU..M^GU..N^SU..O^.U..T^.U..U^.U..V^FV..W^eV..X^tV..Y^.V..Z^.V..[^FW..\^.W..]^.W..b^DX..c^JX..d^PX..e^SX..f^VX..g^nX..h^.X..i^.X..j^.X..k^.X..l^.X..o^.X..p^.Y..q^.Y..r^]Y..s^qY

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5113713
                                                                                                  Entropy (8bit):7.996602002236813
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:98304:O6z11Kt66I0L1Yk93pP3qPh1348CYCUrwr1ISgMRQK8nXCpGm5vEybt:rz7Kt66KG3ohB48hCUkrGsyCV5vXbt
                                                                                                  MD5:A1E5AAFE5A1509EF461D584C98484FF7
                                                                                                  SHA1:455A36FFF7A12989D0D1FC944A3C8840141D865A
                                                                                                  SHA-256:DD0CDD9201C5966DCC8B3AC3F587FDB05CAD09547E267E0D16B8B1A3CFF14772
                                                                                                  SHA-512:F98E33FE7E89A7798C6C274B4220C7C5262A2CEDD0C0A04C7821634679F71145ECA78C7A36A9F576712A00FFBABFABF58C958483D2D69FA9960178A7C3581946
                                                                                                  Malicious:false
                                                                                                  Preview:............f.....h..&.....&.....&.....*.....0.....0.....0.....0...0.0...0,9...0.;...07M...0nV...0.^...0.`...0Wg...0.i...0.l...0.l...0.n...0.o...0.p...0.u...0Yz...0.....0k....0.....0h....0.....0f....0.....0....0$....0d....0.....0.....0;....0.....0.....0J....0.....0Z....1z....1w....1.....1.....1F3..(7O6..-7.A...7.B../7.E..07sJ..17'T..27.U..37.W..47?l..57.q..67....77...87....97\...:7....;7....<7....=7....>7....?7....@7X...A7....B7Z...C7....D7....E7....F7....G7....H7....j7X...k7....l7....m7H...n7....o7....p7....q7....r7.,..s7.7..t7.d..u7vl..v7L...w7e...x7u...y7!...z7....{7....|7Y...}7...~7u....72....7.....7....7.....7.....7....7....7U....7e....7"....;d....;.....;.....;.....;G....;U....<O....<*....<.....<.....<.....<O....<.....<.....<.....<.....<(2...<.5...<.k...<yp...<.x...<M....<.....<.....<.....<.....<....<.....<.....<j....<.....<O....H.(...H.-...H.2...H.3...H.7...H.J...H.S...H.V...H_Y...Hma...H.f...H,l...H.v...H.|...H=....HR....H.....H.....H.....Hi....H.....H.....H0....H.....H..

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):24108875
                                                                                                  Entropy (8bit):6.3762291740523
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:Hu8W9rGH5FeH9Fhy+87puACM1UA4s4QE4903+cDZcCoTp91tP6UYi7kgyD8cWNXB:Hu86T3T8AACMGEfcCtP6s6AEBhz+Xay
                                                                                                  MD5:2FE73D9EF0CD0AE3568EE2FFD85D115E
                                                                                                  SHA1:42DF085D68AFF56C9ECDE0E82C41F33C1E10BDFD
                                                                                                  SHA-256:3E0F453A4C5F6BD24E7651E3E43FEFC996CDAE2C29461E95ECC63535B3F7A284
                                                                                                  SHA-512:B199082E24F6850335CD7A879B551119E10054D41FEB0C63D0BA35FA22E9DCDAD51F01BEE13BEA4FF43EFD4BC759DB23B7BE5A619DBE66054DFCBBC8DC80D3D5
                                                                                                  Malicious:false
                                                                                                  Preview:................{"files":{"icon.ico":{"size":270398,"integrity":{"algorithm":"SHA256","hash":"85db7f849c7a0a41bb581446f773437ef2175b2952ed9224f00c6abbc9543c0f","blockSize":4194304,"blocks":["85db7f849c7a0a41bb581446f773437ef2175b2952ed9224f00c6abbc9543c0f"]},"offset":"0"},"package.json":{"size":1102,"integrity":{"algorithm":"SHA256","hash":"8dfc3896f4583fe20e6f12b3c20c2828039e495581e2fe021145f6cf272d1ccb","blockSize":4194304,"blocks":["8dfc3896f4583fe20e6f12b3c20c2828039e495581e2fe021145f6cf272d1ccb"]},"offset":"270398"},"src.rar":{"size":1390923,"integrity":{"algorithm":"SHA256","hash":"fd786f9c88d4b6534e2e263ebbd27101a3df5f6e579b02b2e98652c1fb1a6998","blockSize":4194304,"blocks":["fd786f9c88d4b6534e2e263ebbd27101a3df5f6e579b02b2e98652c1fb1a6998"]},"offset":"271500"},"src":{"files":{"alien.png":{"size":184182,"integrity":{"algorithm":"SHA256","hash":"61d672610d6b7e83fe83142c2f90b355343f8c9b14ba76efb829d855d0df33c9","blockSize":4194304,"blocks":["61d672610d6b7e83fe83142c2f90b355343f8c9

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\bug_report.md

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):693
                                                                                                  Entropy (8bit):4.817317048900465
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:/Qc6sM3aKEqZgay4zLKV/iEEK4G6kDTGcfY+j4nVVcKtOjhLXEG21YOJLP:/Qc6sM3aeZpy4zLKt3ycfY9PJ+yG2SO1
                                                                                                  MD5:D1D38ECC8B3A869312B3EEDC6A376201
                                                                                                  SHA1:4AA1D47AB0558E86F5A86629D0A1D99BA1AF336D
                                                                                                  SHA-256:A25704529F0D5D89309743F5CA52189FDB16A770885C0DBE8EDB3EA9D54A6A90
                                                                                                  SHA-512:CB77AEA773F82E95FC593AE67B31CAAB164E101205EB68F6BCE0103DF9EAADC7C1D9DC6D0083AE6420E82027B21925C55593A7033AE9B4203E9970FFF732C84F
                                                                                                  Malicious:false
                                                                                                  Preview:---.name: Bug report.about: Create a report to help us improve.title: ''.labels: bug.assignees: ''..---..**Describe the bug**.A clear and concise description of what the bug is...**To Reproduce**.Steps to reproduce the behavior:.1. Go to '...'.2. Click on '....'.3. Scroll down to '....'.4. See error..**Expected behavior**.A clear and concise description of what you expected to happen...**Screenshots**.If applicable, add screenshots to help explain your problem...**Environment (please complete the following information):**. - OS: [e.g. Window 10, Ubuntu 19.04]. - Engine [e.g. Node, Electron]. - Version [e.g. 12.0.3]..**Additional context**.Add any other context about the problem here..

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\feature_request.md

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):595
                                                                                                  Entropy (8bit):4.548493521051999
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:/IzRc7LM3iOizRP2JrR1ELwFj5RMW3KEEtVGfgY2EiPYLpMrG21YOJhzRf:/I9AM3iOi9P2J9IwBMzlrG2SOJh9f
                                                                                                  MD5:174545E1D9DAFF8020525FDD1E020411
                                                                                                  SHA1:F6867A2F0417FE89A0F2008730EE19DD38422021
                                                                                                  SHA-256:1F48C52F209A971B8E7EAE4120144D28FCF8EE38A7778A7B4D8CF1AB356617D2
                                                                                                  SHA-512:B18005CFE7409FDE541B934131C32C2EECDC4A8FD62CD558F274A25262C0E6B0B8FD27674EE55D6D4E4C435D49D580A077181FE8B15B095C39736B01FF4EE537
                                                                                                  Malicious:false
                                                                                                  Preview:---.name: Feature request.about: Suggest an idea for this project.title: ''.labels: ''.assignees: ''..---..**Is your feature request related to a problem? Please describe.**.A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]..**Describe the solution you'd like**.A clear and concise description of what you want to happen...**Describe alternatives you've considered**.A clear and concise description of any alternative solutions or features you've considered...**Additional context**.Add any other context or screenshots about the feature request here..

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\ci.yml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):635
                                                                                                  Entropy (8bit):4.474759295028999
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:UmjSKcqaoiIAfgZWAKN9UQye+yEdwZRV6zNpV2Lk/8N6C4eIvURhGn:7SKcZEA4WX9UQywEyPszoLn9nG
                                                                                                  MD5:D1F842C537B6B450FCDDED865831BCA9
                                                                                                  SHA1:6A95E32F6A599BE8D03B33CAC14F9DC776DBD44F
                                                                                                  SHA-256:72C6BF0A7A66C94D54E5792BDC808A6BA2107E692230CBCEBF6DECD46BBE11CA
                                                                                                  SHA-512:89CAF43140242FFBAD2D808EAC44095A3F072A0441DEF37ADF32E55209DF27498B800D57028E51BE4319DE1A0CE3BB26DAFC0CE0B218175605C91A107D1E6CFF
                                                                                                  Malicious:false
                                                                                                  Preview:name: CI..on:. push:. branches: [ master ]. pull_request:. branches: [ master ]..jobs:. build:.. strategy:. fail-fast: false. matrix:. os: [ubuntu-latest, windows-latest, macos-latest]. node-version: [10.x, 12.x, 14.x].. runs-on: ${{ matrix.os }}.. steps:. - uses: actions/checkout@v2. - name: Use Node.js ${{ matrix.node-version }}. uses: actions/setup-node@v1. with:. node-version: ${{ matrix.node-version }}. - run: npm ci. - name: Run headless test. uses: GabrielBB/xvfb-action@v1. with:. working-directory: ./ #optional. run: npm test.

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\lint.yml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):606
                                                                                                  Entropy (8bit):4.416871000371482
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:U24GSraKcqaoiIAfgKN9/ye+yEdwZRV6zNpV2Lk/8N6C4eIvURhL0:aaKcZEAP9/ywEyPszoLn9n4
                                                                                                  MD5:2659061B249572AF5E432F2C070FAC7F
                                                                                                  SHA1:437C3A1F784BD2E4B403D8CB71E177E9F4D07015
                                                                                                  SHA-256:7CD6D0C254B0B431D1842AD1B12A9B633AB41D378073B935996DE5C1AEE79A6E
                                                                                                  SHA-512:F054B3E7E97D6CD07A533878FF9E0FE1A8AC08295ED0962C0D41BBAFE30703A18BE1A3723094C4CD22625857704B479A7232C3007656C297081E7A014E28BF7D
                                                                                                  Malicious:false
                                                                                                  Preview:name: Style Check..on:. push:. branches: [ master ]. pull_request:. branches: [ master ]..jobs:. build:.. strategy:. fail-fast: false. matrix:. os: [ubuntu-latest]. node-version: [14.x].. runs-on: ${{ matrix.os }}.. steps:. - uses: actions/checkout@v2. - name: Use Node.js ${{ matrix.node-version }}. uses: actions/setup-node@v1. with:. node-version: ${{ matrix.node-version }}. - run: npm ci. - name: Run headless test. uses: GabrielBB/xvfb-action@v1. with:. working-directory: ./ #optional. run: npm run lint.

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\release.yml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):549
                                                                                                  Entropy (8bit):4.289671930448028
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:UyK8fQLUwHWdwZoeE02NpV2Lk/MNoyOwRhIenyPYJRhj:NK8fiWyog2zoLHfNnCkj
                                                                                                  MD5:F6D0E9B28417057E6685B1789D91E225
                                                                                                  SHA1:27F0D718D3557A12B925E23CB0B14B93B8A6AE6F
                                                                                                  SHA-256:C893BE9E533BC188F9039A9E24623C620DAB2BD863B419A44F93CD397A10AF1F
                                                                                                  SHA-512:D298DFFB5B5539E20EC4540BF96184F5E8F90A68B2B17127844CD5F02DCBA48BB62A8EE68711416A2730C155DCCE00B1FCEA9211F73E0AC61D0CD562E547F2BD
                                                                                                  Malicious:false
                                                                                                  Preview:name: Release.on:. push:. branches:. - master.jobs:. release:. name: Release. runs-on: ubuntu-18.04. steps:. - name: Checkout. uses: actions/checkout@v2. with:. fetch-depth: 0. - name: Setup Node.js. uses: actions/setup-node@v1. with:. node-version: 12. - name: Install dependencies. run: npm ci. - name: Release. env:. GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}. NPM_TOKEN: ${{ secrets.NPM_TOKEN }}. run: npx semantic-release

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):420
                                                                                                  Entropy (8bit):4.6764683698176395
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:jUML/BcEMLcBcESKsML0Bc9jBSMglR3L3iBRW:bBNBRD8B2jBSMUR38W
                                                                                                  MD5:394A6022C9E7AA401B3C992C4B92EA94
                                                                                                  SHA1:CAE58C8959C078B24484148A0D09DA816D350699
                                                                                                  SHA-256:125C1A517628169F4E66E0E237D201BE226AFB5C704A684AEE5155DE69281685
                                                                                                  SHA-512:CBD75168E3054A8412EEC7FC1415AD1906D8A3228A16A486674909BEC0F3A8B177F02E4C9C3419598E13FB0676D87132E82EE1182549C69C6BCF59FB59AAF0CE
                                                                                                  Malicious:false
                                                                                                  Preview:'strict mode'..if (process.platform === 'linux') {. module.exports = require('./lib/linux').} else if (process.platform === 'darwin') {. module.exports = require('./lib/darwin').} else if (process.platform === 'win32') {. module.exports = require('./lib/win32').} else {. module.exports = function unSupported () {. return Promise.reject(new Error('Currently unsupported platform. Pull requests welcome!')). }.}.

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\darwin\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5920
                                                                                                  Entropy (8bit):4.76870843435311
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:I+QUeOlMpnYW+6o9wGXxtwWMK6kZWiLMSnNjee+e9mO8q70VwJmyV5q+uMxKvWE:HQtdpL+9wWx2WKSxNjeb9O/70VwJmyVc
                                                                                                  MD5:78C9024198B8933BA47FD22220CCD12C
                                                                                                  SHA1:AE8E968A89E954DD31B5C1827D8BC1EA632CBE83
                                                                                                  SHA-256:E364425FEC6FB780C1FB00615014A0D5E39F65517848A12371B8934C5BB35E8D
                                                                                                  SHA-512:0E06A3B4684B7275491691329150FEDE20B253AEAFEB3307FB19F88D1477533AC20B028A73F61D32DEB41592414D95AC73C703AC016C8CEAEA4739F2A008CC36
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const exec = require('child_process').exec.const temp = require('temp').const fs = require('fs').const utils = require('../utils').const path = require('path')..const { unlinkP, readAndUnlinkP } = utils..function darwinSnapshot (options = {}) {. const performScreenCapture = displays => new Promise((resolve, reject) => {. // validate displayId. const totalDisplays = displays.length. if (totalDisplays === 0) {. return reject(new Error('No displays detected try dropping screen option')). }. const maxDisplayId = totalDisplays - 1. const displayId = options.screen || 0. if (!Number.isInteger(displayId) || displayId < 0 || displayId > maxDisplayId) {. const validChoiceMsg = (maxDisplayId === 0) ? '(valid choice is 0 or drop screen option altogether)' : `(valid choice is an integer between 0 and ${maxDisplayId})`. return reject(new Error(`Invalid choice of displayId: ${displayId} ${validChoiceMsg}`)). }.. con

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\linux\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5482
                                                                                                  Entropy (8bit):4.701522267659056
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:GCLjAz83t+bInwLdA+0y32wLdA+e9wLdA+AuHk2D1L0qn+rm3QB/CP9l9ODIW:GCLjA7sedATyGedAhedA3090Lrm3Hl9c
                                                                                                  MD5:3B9999E65606270A0FE405AA1BB32FD1
                                                                                                  SHA1:B090AD8054A7384C01203962E94776B9134F42E2
                                                                                                  SHA-256:F0CF780D0DEA403121F30FCF11096C48A4A0DC2B0393D41EBBB664FF7C89EC3A
                                                                                                  SHA-512:0A09384372A32C723AC8E8324DD2F93D57467D2E8B53DBE3231EE37CCAE9AAA5C91363BE4366E8C2A5495F607EA96782C11363DAB7097FCF27FE3645C403F141
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const exec = require('child_process').exec.const path = require('path').const defaultAll = require('../utils').defaultAll..const EXAMPLE_DISPLAYS_OUTPUT = `Screen 0: minimum 320 x 200, current 5760 x 1080, maximum 8192 x 8192.eDP-1 connected (normal left inverted right x axis y axis). 2560x1440 60.00 +. 1920x1440 60.00. 1856x1392 60.01. 1792x1344 60.01. 1920x1200 59.95. 1920x1080 59.93. 1600x1200 60.00. 1680x1050 59.95 59.88. 1600x1024 60.17. 1400x1050 59.98. 1280x1024 60.02. 1440x900 59.89. 1280x960 60.00. 1360x768 59.80 59.96. 1152x864 60.00. 1024x768 60.04 60.00. 960x720 60.00. 928x696 60.05. 896x672 60.01. 960x600 60.00. 960x540 59.99. 800x600 60.00 60.32 56.25. 840x525 60.01 59.88. 800x512 60.17. 700x525 59.98. 640x512 60.02. 720x450 59.89. 640x480 60.00

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\utils.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1118
                                                                                                  Entropy (8bit):4.361193968809056
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:YnIeCkk3i97CL3tZ9QIC6CiRmojxItKLCkY/4IwccDHnkEgxIkBIozW:KIeW0kpQGHnCtlbiHkxCkSozW
                                                                                                  MD5:A2F2486EFFFAA9BE30B2EF58E24D49A1
                                                                                                  SHA1:8AC5C529C227ADAAFBF43ABD917A44B87C92CE46
                                                                                                  SHA-256:F1065090CE89B14C76D533D11040556759C58679C0EB89A1E59337D318E16A6C
                                                                                                  SHA-512:D1283A5663AA62B2262283B1A611E002602F869DCF006DD336D742272F14D98791C35A5C32AF92884692A62FEF0942E6C99D0646AADBD6582E418EB4497A4C66
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const fs = require('fs')..function unlinkP (path) {. return new Promise((resolve, reject) => {. fs.unlink(path, function (err) {. if (err) {. return reject(err). }. return resolve(). }). }).}..function readFileP (path) {. return new Promise((resolve, reject) => {. fs.readFile(path, function (err, img) {. if (err) {. return reject(err). }. resolve(img). }). }).}..function readAndUnlinkP (path) {. return new Promise((resolve, reject) => {. readFileP(path). .then((img) => {. unlinkP(path). .then(() => resolve(img)). .catch(reject). }). .catch(reject). }).}..function defaultAll (snapshot) {. return new Promise((resolve, reject) => {. snapshot.listDisplays(). .then((displays) => {. const snapsP = displays. .map(({ id }) => snapshot({ screen: id })). Promise.all(snapsP). .then(resolve). .catch(reje

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):350
                                                                                                  Entropy (8bit):4.888222365859566
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:qRu9Td8oWRu9Tw3x4mUA+DrASbxjBAyAN0xxCG:O4iR44+DkGCyAW7
                                                                                                  MD5:8951565428AA6644F1505EDB592AB38F
                                                                                                  SHA1:9C4BEE78E7338F4F8B2C8B6C0E187F43CFE88BF2
                                                                                                  SHA-256:8814DB9E125D0C2B7489F8C7C3E95ADF41F992D4397ED718BDA8573CB8FB0E83
                                                                                                  SHA-512:7577BAD37B67BF13A0D7F9B8B7D6C077ECDFB81A5BEE94E06DC99E84CB20DB2D568F74D1BB2CEF906470B4F6859E00214BEACCA7D82E2B99126D27820BF3B8F5
                                                                                                  Malicious:false
                                                                                                  Preview:<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >. <asmv3:application>. <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">. <dpiAware>True/PM</dpiAware>. </asmv3:windowsSettings>. </asmv3:application>.</assembly>

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2677
                                                                                                  Entropy (8bit):5.056770966151904
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:thb9Zk4IQEQ1p3XQ1LjRzDRSa7F3sRRtn2JaTTl7Pjv07ENIsXopWCVEQ1aXQ16p:nk4IWp3InRRSaRMPTTl7rvmEKsGRaI6p
                                                                                                  MD5:AB2229F48309619A42E98F617F5D26EE
                                                                                                  SHA1:81671593FF9C5C85A09F23E5A7CCE3A4C80C3A2F
                                                                                                  SHA-256:ED1A0F3E590BD553451ED06FD24A4D34407DD5FC63EB93787A53EA51D20827CC
                                                                                                  SHA-512:520F5F82100F2CF70D5F2C8406D83BE30B8104197AA0A4DD1B45A9B6C1C15F2F3EAB4E578DB1C2FB41D2E2BBBE70A0F937CD6E8E3B6CD177F2444140DF35DB89
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const exec = require('child_process').exec.const temp = require('temp').const path = require('path').const utils = require('../utils')..const {. readAndUnlinkP,. defaultAll.} = utils..function windowsSnapshot (options = {}) {. return new Promise((resolve, reject) => {. const displayName = options.screen. const format = options.format || 'jpg'. const tmpPath = temp.path({. suffix: `.${format}`. }). const imgPath = path.resolve(options.filename || tmpPath).. const displayChoice = displayName ? ` /d "${displayName}"` : ''.. exec('"' + path.join(__dirname.replace('app.asar', 'app.asar.unpacked'), 'screenCapture_1.3.2.bat') + '" "' + imgPath + '" ' + displayChoice, {. cwd: __dirname.replace('app.asar', 'app.asar.unpacked'),. windowsHide: true. }, (err, stdout) => {. if (err) {. return reject(err). } else {. if (options.filename) {. resolve(imgPath). } else {.

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14246
                                                                                                  Entropy (8bit):4.755441316440423
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx
                                                                                                  MD5:DA0F40D84D72AE3E9324AD9A040A2E58
                                                                                                  SHA1:4CA7F6F90FB67DCE8470B67010AA19AA0FD6253F
                                                                                                  SHA-256:818350A4FB4146072A25F0467C5C99571C854D58BEC30330E7DB343BCECA008B
                                                                                                  SHA-512:30B7D4921F39C2601D94A3E3BB0E3BE79B4B7B505E52523D2562F2E2F32154D555A593DF87A71CDDB61B98403265F42E0D6705950B37A155DC1D64113C719FD9
                                                                                                  Malicious:false
                                                                                                  Preview:// 2>nul||@goto :batch./*.:batch.@echo off.setlocal enableDelayedExpansion..:: find csc.exe.set "csc=".for /r "%SystemRoot%\Microsoft.NET\Framework\" %%# in ("*csc.exe") do set "csc=%%#"..if not exist "%csc%" (. echo no .net framework installed. exit /b 10.)..if not exist "%~n0.exe" (. call %csc% /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"%~n0.exe" "%~dpsfnx0" || (. exit /b !errorlevel!. ).).%~n0.exe %*.endlocal & exit /b %errorlevel%..*/..// reference.// https://gallery.technet.microsoft.com/scriptcenter/eeff544a-f690-4f6b-a586-11eea6fc5eb8..using System;.using System.Runtime.InteropServices;.using System.Drawing;.using System.Drawing.Imaging;.using System.Collections.Generic;.using Microsoft.VisualBasic;..../// Provides functions to capture the entire screen, or a particular window, and save it to a file...public class ScreenCapture.{.. static String deviceName = "";. static Image capturedImage = null;.. /// Creates an Image obje

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12800
                                                                                                  Entropy (8bit):4.6904661074095575
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:k0ZP9yjWewKlBNOOOP3fs3JBy775ia7SBgvuIbZa8uXZlLpwHdGzpRT/:biW6OOOPUy75i/++XZ1pwHdGz7/
                                                                                                  MD5:BEFA2810B15D065C0095292F1DD4734B
                                                                                                  SHA1:2F2A776C7A8A6F1B7D8EFDAABE09F290385B24DD
                                                                                                  SHA-256:AB1FF81275C7B402863B9CCC599E0EE6E0E5C3C54E4F8D5EE49E8FC22A009A7A
                                                                                                  SHA-512:AF98A54B2F62667AD689BFF2290A341585B37CC1C314A877B342B67AE8E104DB034C74B31B9C8413413B9FD1E2117BD648318CD1957128B78EDDE57E5155B906
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yl.b.................(..........>G... ...`....@.. ....................................@..................................F..W....`..x............................................................................ ............... ..H............text...D'... ...(.................. ..`.rsrc...x....`.......*..............@..@.reloc...............0..............@..B................ G......H........*...............................................................0............(....(.....+..*....0..L........~....r...po......-(.(.....~.........-..~.....+.r...p(.......(....(.....+..*.0..0.........(................(....&...(.......(....&..+..*.0.............{......{....Y...{......{....Y..(........(.......(..............{......{.... ...(....&...(....&.(....&.(.......(....&....+...*....0............(........o.....*...0............(........o.....*...0...........(......

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\package.json

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):598
                                                                                                  Entropy (8bit):4.785292668201288
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:+HH1ITi6asG7sHJ0cIretJF/RdnObmPMPLBoSb2yMPp:4H1ITjGwHeredNkz2Ph
                                                                                                  MD5:E5DF4E3B7058C914E5048223A6C79F1D
                                                                                                  SHA1:AB75EBFCF8D669DA6C0B54AD2E5F5D73A466CB1E
                                                                                                  SHA-256:101C15C05C78832BC02635E6E2252F1ED23367D22411B51518A1775FF6E972FC
                                                                                                  SHA-512:A316798409C568E5CDD07A34A838D0B9842F65C03DED19853678A30EA3024E9F649AFA8B5D4093F5C0C811A33BF513FF1FE4AA33F60BAD7553FBFA6584327B29
                                                                                                  Malicious:false
                                                                                                  Preview:{. "name": "screenshot-desktop",. "version": "1.12.7",. "description": "Capture a screenshot of your local machine",. "main": "index.js",. "dependencies": {. "pinkie-promise": "^2.0.1",. "temp": "^0.9.4". },. "devDependencies": {. "ava": "^3.15.0",. "semantic-release": "^17.4.4",. "standard": "^16.0.3". },. "repository": {. "type": "git",. "url": "https://github.com/bencevans/screenshot-desktop.git". },. "author": "Ben Evans <ben@bensbit.co.uk> (https://bencevans.io)",. "license": "MIT",. "homepage": "https://github.com/bencevans/screenshot-desktop#readme".}

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\renovate.json

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):103
                                                                                                  Entropy (8bit):4.117332978228041
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:3TQWKLMWppyBpoEQevFFFm0yBYHRn:D1QXLyBpoA/80yBO
                                                                                                  MD5:63823BF8BE61361CBD13BF183E201BF1
                                                                                                  SHA1:4658400152C61EDEE1555BB86CB6DA13E2FE4401
                                                                                                  SHA-256:CBA2CBD76811A1B8E808000D073D04F657AAF0551C73A805CA3A4B492F21BD47
                                                                                                  SHA-512:8703CCA6F04DA47E5376730CF993665F7DB1FB854F8509C0B831F189BF4A4C396808ECA7949123E334E42A407A6AA84CDAD34E5BD1B00D0A4C30F07A80CC9A68
                                                                                                  Malicious:false
                                                                                                  Preview:{. "extends": [. "config:base". ],. "automerge": true,. "major": {. "automerge": false. }.}.

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\elevate.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):107520
                                                                                                  Entropy (8bit):6.442687067441468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                  MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                  SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                  SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                  SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\snapshot_blob.bin

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):405456
                                                                                                  Entropy (8bit):3.3151721500305027
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:tIEEOj4QYKlDP86x7WKvS1Oee66XIcKycPfia8mFZ1U2Kzm7pCs0XxYTZtaNI/2B:ScYg+1OktFo
                                                                                                  MD5:F14A9115EDBCC4697515DB49CDAF5B08
                                                                                                  SHA1:9C43D69BA11A03278885DC7F285584278DE9CA11
                                                                                                  SHA-256:F25DDF52F68DE295BF1CDBD4F7FC6AA9D8F882A16A2F97B4E08E322B6B90546E
                                                                                                  SHA-512:3C646B258A2BA7CD3E1D878D3009D181302D790F324C4C2B10A9EEEBBEAB9C49AB43B15B3154AE99749410DEBB2F3AD8D121979EC11E44AD074E1F675CF05DC0
                                                                                                  Malicious:false
                                                                                                  Preview:........#..<10.0.139.17-electron.0..........................................h....n......M.......a........a........a........at.......a........a.......... ....9.`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ....`....D..W.....W.....W...D. ..).`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D.(Jb....!.....@..F^.....U`....`.....(Jb....B.....@..F^...`.....D...IDa........D`....D`....D`.......`.....D].......D`.......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L`.....HD...%.D...L.....................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libEGL.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):459776
                                                                                                  Entropy (8bit):6.292318384263477
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:WXs0JzgsBJ3fFhPLAdis2TQS39tSgpZX01Wofw4HQlyTztmK8G:zKBJPFRLAHitzZX01WcTztj8
                                                                                                  MD5:29AE8BEF0CF8B6A26F4BEBC5A20900DA
                                                                                                  SHA1:515ABE76943288D531B35C1B4C764D1DBDB281DB
                                                                                                  SHA-256:711CF342B3A008C9116F6138358A67007A29D281D09CF23D20A5E17AA503EE9B
                                                                                                  SHA-512:99981E7074B580ACE154C36D0AA1542DCDB979F36476B680EF19C3FD8A9126B5A808E6E1CF2224D20BA22C328B9A621C280C4FFA74638E358297809001D737AD
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." ......................................................................`A........................................`.......q#..P....p...........=..............p...............................(....3..0............&..(............................text...f........................... ..`.rdata..L.... ......................@..@.data....M....... ..................@....pdata...=.......>..................@..@.00cfg..(....@......................@..@.tls.........P......................@..._RDATA.......`......................@..@.rsrc........p......................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\swiftshader\libGLESv2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3189760
                                                                                                  Entropy (8bit):6.423659291721246
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:P/CZxwhAhRPF/CA5cEK0mEVDTQc8F3Hn0Ha0nHzlJvOXkpNQkcXTVf4/NOmQrR4L:P4wHTccVfZ3nuV
                                                                                                  MD5:DC060F0BE506DC5B48402C2FFD62C3A1
                                                                                                  SHA1:3988BB810D92B2E317767F8E25D3D1E43F0A6F68
                                                                                                  SHA-256:A97834A44A1E28B574C967F1CB93B97CD19E26616439133C11C9DDA4B26D605B
                                                                                                  SHA-512:04CF84033462A521C45B71F31AB007F712C6B2F5CFBFC97CE7DBF60074D525933AF6388D9EDE366A00A0983BA4E34A1B318A759CFBBB520ED621DF9979BB315B
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....R+..V.......]'.......................................6...........`A............................................. ......d.....5.......4...............5.x1..<...........................(.....+.0............................................text....P+......R+................. ..`.rdata..<....p+......V+.............@..@.data........./.. ...p/.............@....pdata........4......./.............@..@.00cfg..(.....5......p0.............@..@.tls....).....5......r0.............@..._RDATA........5......t0.............@..@.rsrc.........5......v0.............@..@.reloc..x1....5..2...z0.............@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\v8_context_snapshot.bin

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):726296
                                                                                                  Entropy (8bit):4.668258384826135
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:AHQ4qoB5QYJu1I3DNuIb4GTRdrLtg8HYpzieXivvbwuJeby:f1DIHcBqazjyv3JCy
                                                                                                  MD5:DD0D4997DFAB65B96AAD66D035F6029C
                                                                                                  SHA1:65FAA1DBB7CCD902F1F1AF544F6941234FF679D3
                                                                                                  SHA-256:F033FB86FA92DF1BE464DE590AA312CC016BC5D6BEA26672C896BF4D3F1261CD
                                                                                                  SHA-512:86B06BD0F91F50BD13B3AF179F3F498F10A225D25BA5CA32258F75567E601C3F48F7A3FB436C3B0D2BA53CC9EAAA8F74C95B44458628B0EA716563694A3C7002
                                                                                                  Malicious:false
                                                                                                  Preview:.........lrz10.0.139.17-electron.0..........................................x....v...C......P...M.......a........a........aR.......at.......a........a.......... ....9.`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ....`....D..W.....W.....W...D. ..).`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D.(Jb....!.....@..F^.....U`....`.....(Jb....B.....@..F^...`.....D...IDa........D`....D`....D`.......`.....D].......D`.......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L`.....HD...%.D...L.............................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\vk_swiftshader.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4654592
                                                                                                  Entropy (8bit):6.2751649857298615
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:IF1AR5iHc7pcVZmoUAw2OtlWBLl0xmqOPAbbtCtZTK6pqFqP5z+PF/XL+j4aCyAj:BdVxA85dOj4/R
                                                                                                  MD5:6B40CE4AF617399536D0EA6EDC84BAAD
                                                                                                  SHA1:55C91309FE49AF121DD3DE9C24F60B8CFEA680F1
                                                                                                  SHA-256:C64B87D7CEBDAEE8B779859059A6C63FB47C8102A4F7311D678895F87B825C59
                                                                                                  SHA-512:9C4CADDB2F6BA7D17683D662A1D9ECD2EFCDF1FC081E0127260F0266EDA78B42C684BCAD5BCCBDC03A06619B9AE4960CCEA67472D7650C53E67A5A70BE6E36C6
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....":......... .2.......................................H...........`A........................................xeD.....o.D.P.....H.......F..1............H.Pi...6D......................5D.(....S:.0.............D.H............................text....!:......":................. ..`.rdata..L....@:......&:.............@..@.data....,...`E..&...8E.............@....pdata...1....F..2...^E.............@..@.00cfg..(.....G.......F.............@..@.tls....A.....G.......F.............@..._RDATA........G.......F.............@..@.rsrc.........H.......F.............@..@.reloc..Pi....H..j....F.............@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\vk_swiftshader_icd.json

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):106
                                                                                                  Entropy (8bit):4.724752649036734
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                  MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                  SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                  SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                  SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                  Malicious:false
                                                                                                  Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                  C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\vulkan-1.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):850432
                                                                                                  Entropy (8bit):6.547858375062584
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:t19hqUpfVn/HBSu5Eg14Jegb6m3vKzE/6oFXKQoEp7:X9hqCx5EgG6mSzNU+Ep
                                                                                                  MD5:4783D34314EF4FEB241F4FDF36499521
                                                                                                  SHA1:89296D6AC36CD005045DB7307BF31005D0CF29A7
                                                                                                  SHA-256:6E8BEB4E9DA77313F40E75C4FFAEEAA522B6F054FD792631EC1EFCF8248CA63B
                                                                                                  SHA-512:7EF1B0E89590B4AF20F182BED9D82D5175D1C8C675FC3D05DC0EB2F834052124C877135FC68B2988683CF35E8B25870E45F7C126349D28125C021C8EEB4998AC
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." ......... .......n....................................................`A........................................X...@!......P....p..........|e.............................................(.......0............................................text...v........................... ..`.rdata.............................@..@.data....M....... ...\..............@....pdata..|e.......f...|..............@..@.00cfg..(....@......................@..@.tls.........P......................@..._RDATA.......`......................@..@.rsrc........p......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\337648c0-e5e8-4a07-8dbc-cc53519a8930.tmp.node

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2745856
                                                                                                  Entropy (8bit):5.933546564676984
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:UVP1YhemMGeD/VZf9hxD7hPr9F1WxTfJqLTgAU5zXu+FVDqZ3Pi9ewOeVklKJw6:UVP1HC6/VZ17hj9uJYXgLQ+FxZPOll
                                                                                                  MD5:10549F42263E31E1A335CDF5824BE847
                                                                                                  SHA1:B4E736AADC5F66D7A67255C719773721D55B3D52
                                                                                                  SHA-256:487CEC14EEA6646BE0266A5767B53ED67B49B429036521EE13D0656365FCCA20
                                                                                                  SHA-512:018ED34EDFD60DE37A73191206ACE75521A6AC9C588AC6A05DCCC576F41CB5233C3C800E14C303D5F0D7BCD707F556D24151FE86C4B163C09B2F3CC5AAC930CF
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........[.l.[.l.[.l...o.O.l...i..l...h.{.l...h.U.l...o.R.l...h.Z.l...i.r.l...m.X.l.[.m...l...i.Y.l...l.Z.l....Z.l...n.Z.l.Rich[.l.................PE..d....m.b.........." .....n"..................................................`*...........`...........................................'.......).(.....*.<....P(../........... *.x....@%.8...........................`?%.8.............).......).@....................text....m"......n"................. ..`.rdata..N.....".. ...r".............@..@.data.........'.......'.............@....pdata...O...P(..P....(.............@..@.idata........)......h).............@..@.didat..d!....).."....).............@....00cfg..Q.....).......).............@..@_RDATA..".....*.......).............@..@.rsrc...<.....*.......).............@..@.reloc...6... *..8....).............@..B................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\70141593-64e7-4416-9423-9417705bd356.tmp.node

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):144384
                                                                                                  Entropy (8bit):6.1198999841093995
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:2+8uGOP2Mfvr/FlU++HuCcUVEoBVYKVK77LaB:2RC94++uYEKGnaB
                                                                                                  MD5:AEE9691E1C7DDCB92CF87D7331516ED9
                                                                                                  SHA1:600824A5A5F935F2D6617B81A34A7D6C4537A3B5
                                                                                                  SHA-256:725B4DF4D2D114E8EE06B37CCFAA0CCA2EE23EBEFD5F46B5019A02066DEA4C38
                                                                                                  SHA-512:F803FDC4A2D81308949394EB9A2F3D7076458F7B6859E5C95438B8E9252C36AFCCC01B7219A8EB86C2AE8EA82EDD4692F31EF3DC202BE88363CA6A49B9ED28C1
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............B...B...B..C...B..C...B..CX..B...B...B...C...B...C...B...C...B..C...B...BT..Bm..C...Bm..C...Bm..B...Bm..C...BRich...B................PE..d....z.b.........." .....D...........$....................................................`.............................................\...\...<....p.......@..........................p...............................8............`..x.......@....................text....B.......D.................. ..`.rdata......`.......H..............@..@.data...X.... ......................@....pdata.......@......................@..@_RDATA.......`.......(..............@..@.rsrc........p.......*..............@..@.reloc...............,..............@..B........................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Cookies

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):2.3172897780113213
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:oNwCz2C+NR73QOaq9kozeav2RT3VnnnekEEN9ORelnasL:ouZC+NJLaqe0LUTpnn1DN9OROnj
                                                                                                  MD5:D5ECE7413F423743B368D55921D78C0A
                                                                                                  SHA1:3F1E854E373FB2F9BFD868AF38AF5C6B3CD2A71D
                                                                                                  SHA-256:D38D8A693CD4B718EA9E4995939262749893878EE9A0931BEB0F33781979FD77
                                                                                                  SHA-512:F54CAB99D2795DF2D01E54D1E1184D116A56E8053140BAF868ADBFC7EE35EFBC59F83E3FF26C84E0D6D1A118BB79CAB82527F1502D328483953A0A58BEED8E0B
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}.........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Epsilon-user.zip

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:Zip archive data, at least v2.0 to extract
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1241652
                                                                                                  Entropy (8bit):7.9979277523692565
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:24576:1JXmMh4+bYBxCVLlW+5dVpdttYNXVZdcbcvEQYygtapxxnZx/7F4NeL7Wq9WZ:/1G+bYU9A6DpJYXVZdxvEQotAxVD/EeC
                                                                                                  MD5:64D6948A0FC87DC736066159FA316425
                                                                                                  SHA1:7420B6FF1F62FA442D8F3C11D2E16C9F19031DD4
                                                                                                  SHA-256:16170B6ECD4BD333F5D9A8D39D8DAB2C12AEB98BA4D462F6C8485E547CF9B397
                                                                                                  SHA-512:153630CC9F571D0B00B0C923C0ECCE5FDC415538CDD0F4B1D76CC83805EAE91E1707C2FB82E337F8AEDC579BE1B808884F64E2C463E24DC6E5525ACD969AB7B0
                                                                                                  Malicious:false
                                                                                                  Preview:PK........&..U................Autofill Data.txt.....0...{."..X.B.C.".tA[O...........J.^E...m......I...C.%.z.(..E... ..V.T...`.QN.R....TR.!....r.rM ..7>.8...M7 ..Y0.......(o.Zg.6........f.^..^<.~&...]..e&..6.zN..?.<.2%..k..E..PK..X.Uv....H...PK........&..U................Cookies.txt.|i..8..g...J..."x.i..x..%.").....>.K<D.SS.}......L.L.mD(.....p<....S.,......}.....i.th.a...z.........."..K....~|..G.7../.?~.o.f......(...M........Q.a..4..(...s.-$.~A^`..h.Cq.$...0.B.....K.a..P...H....P.....W...0..S.A.U......6.>..UP.."@h8(..v..p.+..+_.....M...T...O...A.I}...................K....t.B./..S:..M...}/,..E..A3..G.$@...pa.so........w:...;..w....;x7a.}..<.T...kC.e.....C=*.}..a..q.......I.Ap..!....'hP*...&}..) ...,.EX.UQ{......6+.v....KP..W....ao...Xvm.......`x......UK.I........H.........o...l..'....%....i]#......b2....p.5o.Rn..,I.!>.)..$u0..n..5jfC.."..3.K.O....N`0T..D`.K...5.-.-.w.M....+I.Q.G.q.......e."....{..>.L..,..4.........S...K.,...~.J.........sP

                                                                                                  C:\Users\user\AppData\Local\Temp\History

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                  Category:dropped
                                                                                                  Size (bytes):139264
                                                                                                  Entropy (8bit):0.4584980337765077
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:X3WU+bDoYysX0uhnyQtha5kVjN9DLjGQLBE3u:X3l+bDo3irhnyGikVj3XBBE3u
                                                                                                  MD5:1A0256EDD88CC9B52DFC4134AC34F7F6
                                                                                                  SHA1:E004764918103505976F2FF137D779AC8281D888
                                                                                                  SHA-256:5DB74ACAEE1CA69A5B714BDB480A270583544107FDDC820934FE27AFBDF8F345
                                                                                                  SHA-512:8DCCA30ACE289D978960FE0AADA5EC609B030163F52E1817D9B61EDA142B2EE34D38EDAAF7F1DFED12C7DAF3182EC587177D5EC8892FF7893A97899DBA3B2F2F
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ ......."..................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Login Data

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                  Category:dropped
                                                                                                  Size (bytes):49152
                                                                                                  Entropy (8bit):0.8182303930711242
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:+RMKLyeymwxCn8MZyFltK3PlGNxot83n:+RkxGO8PlGNxz
                                                                                                  MD5:A93B35941137916187814E3E7C88C93D
                                                                                                  SHA1:3834E7B2A614BD688831CFC47786729F6CAC0121
                                                                                                  SHA-256:0D1DC0E9F4C9BE281E17D24AC969E0FF3F8388114420417126A4F502EABC3107
                                                                                                  SHA-512:84A749B77BBED02944C9B25D1B98C638B3DBB906A2A222FF9FB229C7AC0C8A64D123D1CB47A1E9A88FB9E67BAD0928FE1C952152F30311EFC6C8B9330B9441B4
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\Web Data

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005
                                                                                                  Category:dropped
                                                                                                  Size (bytes):122880
                                                                                                  Entropy (8bit):1.1305327154874678
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:oLt4nKTjebGAUJp/XH9euJDvphC+KRmquPWSTVumQ6:it4nsJp/39RDhw+KRmqu+cVumQ
                                                                                                  MD5:D331C900DDE8ACB523C51D9448205C0A
                                                                                                  SHA1:BDB3366F54876E78F76A6244EDA7A4C302FEB91D
                                                                                                  SHA-256:F199798DF1C37E3A8F6FFF1E208F083CF687F5C6A220DCAD42BB68F2120181CD
                                                                                                  SHA-512:415E4F4F26D4F861063676EA786C2941DB8DB7E248E32D84595BC7D531CE19669AFDCB447BC18B0B723839984CD15269FF6E89EBCD168D8EBD0EC7AF86CC92E7
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ .......;...........O......................................................O}...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\cookies.sqlite

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3036000
                                                                                                  Category:dropped
                                                                                                  Size (bytes):98304
                                                                                                  Entropy (8bit):0.08231524779339361
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO
                                                                                                  MD5:886A5F9308577FDF19279AA582D0024D
                                                                                                  SHA1:CDCCC11837CDDB657EB0EF6A01202451ECDF4992
                                                                                                  SHA-256:BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2
                                                                                                  SHA-512:FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ ..........................................................................S`.....}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\cookies.sqlite-shm

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                  Malicious:false
                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\epsilon-user\Autofill Data.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1096
                                                                                                  Entropy (8bit):2.5189543192378183
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:W2OCN23iKKdKQlETJVfPf1LxrVAfb1O1L1fK1L3c1US81LOkMbqW2OCN23oH+Tce:85KkQl0f1NrVAhO1Y1X10e8YebQlO
                                                                                                  MD5:665BE975DC21FFFF14A3523461BA334A
                                                                                                  SHA1:41F64B6410C418B663EB398EB549D41B3BCC27D3
                                                                                                  SHA-256:695F51ADAA9EFDC5C846740212611AAF51E636BAB393E314930904B41A2A6A69
                                                                                                  SHA-512:030397C4436749B5C8C54562F86D48B597016E38A2AF04A6375A95B1B8886E5F6965B8392C99F69CA2C11DBEE01DCEBB50875DD250D7915922564B814A3F01AB
                                                                                                  Malicious:false
                                                                                                  Preview:.AUTOFILL DATA FROM C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ #EPSILON..===========================================================================.Name: PinText1.Value: r4cmq.===========================================================================..===========================================================================.Name: PinText2.Value: t76tc.===========================================================================..===========================================================================.Name: PinText3.Value: ymw2y.===========================================================================..===========================================================================.Name: PinText4.Value: yhgxj.===========================================================================..===========================================================================.Name: PinText5.Value: 7fvrz.===========================================================================..

                                                                                                  C:\Users\user\AppData\Local\Temp\epsilon-user\Cookies.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with very long lines
                                                                                                  Category:dropped
                                                                                                  Size (bytes):17305
                                                                                                  Entropy (8bit):5.979178785179199
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:ugyKqbBekXwAaqymoOkVxkgnjFs95MWxhoY:ugyhckXCqdoOyxxFcTxmY
                                                                                                  MD5:E5E1712509FC9CB52D64BDF55DFD3A7C
                                                                                                  SHA1:ABC41F6856FEB8E613437C23D1A941DB066B0C8B
                                                                                                  SHA-256:9DA8D6D68D745ADF9DF88C81C954167451384251FDE32ACFA0479BF5FB015AC2
                                                                                                  SHA-512:81B6556E3ED0AA7E7315E4A691760873FA8A46CA05B5D0B86E5FE7A88897EDB4F615D1CCD9B0743C108FE83EE0169A6DCF5B2B3FABF0593521334F1A52BD5EF3
                                                                                                  Malicious:false
                                                                                                  Preview:.COOKIES FROM C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ #EPSILON...mozilla.org.TRUE./.FALSE.2597573456._ga.GA1.2.1600984353.1629284902..mozilla.org.TRUE./.FALSE.2597573456._gid.GA1.2.1917303933.1629284902..mozilla.org.TRUE./.FALSE.2597573456._gat_UA-36116321-1.1.www.mozilla.org.TRUE./.FALSE.2597573456.moz-stub-attribution-code.c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT1yZWZlcnJhbCZjYW1wYWlnbj0obm90IHNldCkmY29udGVudD0obm90IHNldCkmZXhwZXJpbWVudD0obm90IHNldCkmdmFyaWF0aW9uPShub3Qgc2V0KSZ1YT1jaHJvbWUmdmlzaXRfaWQ9MTYwMDk4NDM1My4xNjI5Mjg0OTAy.www.mozilla.org.TRUE./.FALSE.2597573456.moz-stub-attribution-sig.50ad43a8fbb91d1a455ab867aac80170225861094e9e569bb9ce2c97b18b8345..mozilla.org.TRUE./.FALSE.2597573456._gali.download-button-primary..google.com.TRUE./.FALSE.2597573456.CONSENT.YES+srp.gws-20210811-0-RC2.en+FX+979..google.co.uk.TRUE./.FALSE.2597573456.CONSENT.YES+srp.gws-20210811-0-RC2.en+FX+874..google.co.uk.TRUE./.FALSE.2597573456.NID.221=2LbIBl-Wy6ps2Ch6BzX2V9QP6iXFgR2V

                                                                                                  C:\Users\user\AppData\Local\Temp\epsilon-user\Downloads.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with very long lines
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4700
                                                                                                  Entropy (8bit):4.296579862349949
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:6SQUk1nN1XnaqdOR8kUDT09Jq098yNLlWs55qdsoAy:VQD1N1XnPdOR8kUDT0C0Wy18s55qqk
                                                                                                  MD5:22C4BB8F705B3074DC65787B1DA7B1A1
                                                                                                  SHA1:FBC0F7BAACEE6D23D15E3722E1E95209BEAA8FB9
                                                                                                  SHA-256:723DECF6537613FB20B151D3C279889E208D9EFF34FAFFA0DE1DFF45D9F67CD6
                                                                                                  SHA-512:5648F4B74526F2CC6C10964B9BD6AF2815A8FE4C3B75D4C07A23DBB08C6071C5061E11CDB0A1FF5E6D634503A12A2837BD086386AD31B516D536FEA9200AF0F0
                                                                                                  Malicious:false
                                                                                                  Preview:.DOWNLOADS FROM C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ #EPSILON..===========================================================================.URL: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release.===========================================================================..===========================================================================.URL: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT1yZWZlcnJhbCZjYW1wYWlnbj0obm90IHNldCkmY29udGVudD0obm90IHNldCkmZXhwZXJpbWVudD0obm90IHNldCkmdmFyaWF0aW9uPShub3Qgc2V0KSZ1YT1jaHJvbWUmdmlzaXRfaWQ9MTYwMDk4NDM1My4xNjI5Mjg0OTAy&attribution_sig=50ad43a8fbb91d1a455ab867aac80170225861094e9e569bb9ce2c97b18b8345.===========================================================================..===========================================================================.URL: https://stubdownloader.services.mozilla.com/?attribution_code

                                                                                                  C:\Users\user\AppData\Local\Temp\epsilon-user\History.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:UTF-8 Unicode text, with very long lines
                                                                                                  Category:dropped
                                                                                                  Size (bytes):31639
                                                                                                  Entropy (8bit):4.986484700212864
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:sybrypO/Wo1/XE0bt3z3LuFSGuFSFSMuw4ySMusSMuWswxRFaFGFvT/:sybrkO/Wo1/XE0bt3u0F00/w4f/1/aAq
                                                                                                  MD5:8F362636DD702F2ECB96EA06CF325D3A
                                                                                                  SHA1:693DBDE4A5E5459C55DF1DD7D641D62217A5266C
                                                                                                  SHA-256:FDC800CE5172D9DE80535BACD443CBE3BCA6B2B2ED84CED61A53B3F09CA08EE2
                                                                                                  SHA-512:C309CE1C403AE029E9782AB978FFCCBE8D98F048343049F95E8DD6223BBA4CEB4827415E4C40F258087A037A62DA710824D636A992427830BE884C9393FC8313
                                                                                                  Malicious:false
                                                                                                  Preview:.HISTORY FROM C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ #EPSILON..===========================================================================.Title: firefox download - Google Search.URL: https://www.google.com/search?q=firefox+download&oq=firefox+d&aqs=chrome.0.0i512j69i57j0i131i433i512j0i433i512j0i512l6.2401j0j7&sourceid=chrome&ie=UTF-8.===========================================================================..===========================================================================.Title: Download Mozilla Firefox for Windows . Fast, Private & Free . from Mozilla (UK).URL: https://www.mozilla.org/en-GB/firefox/windows/.===========================================================================..===========================================================================.Title: Download the Firefox Browser in English (US) and more than 90 other languages.URL: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release.===============================

                                                                                                  C:\Users\user\AppData\Local\Temp\epsilon-user\Passwords.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):183
                                                                                                  Entropy (8bit):4.852601803162131
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:HMAjjF5OONtkE2J5iKKKc64E/YP9Erd6AjjF5OONtkE2J5oH+fg0cwr4E/YP9Er3:HMGjF5OCN23iKKdKQlEx6GjF5OCN23oe
                                                                                                  MD5:B3E81DDE363BA8E4987C6A96CD233BB7
                                                                                                  SHA1:F9FB0FC7658CF63C01F2527D61A3FF46D5173F47
                                                                                                  SHA-256:A0B02F296219A9813A31DF8162512242FA600365B79EB483CF8E88E8B2325FF6
                                                                                                  SHA-512:6E2A98C3E8B1365F5D2FDAD6B2F07EF4ADE49D6054BA5856F9913CFBD1536FE4E3BCB2A835581922289392C95E5ADE442B959B8DF8D58E5669FAA97B39A64C32
                                                                                                  Malicious:false
                                                                                                  Preview:.PASSWORDS FROM C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ #EPSILON...PASSWORDS FROM C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ #EPSILON..

                                                                                                  C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
                                                                                                  File Type:PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1257557
                                                                                                  Entropy (8bit):7.950505987692275
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24576:1wXH+9HrC1S7kQbOIEHy7n2q7KVC97vNj+3Js2UIQbPD4itBU:8OHlbOZHyqg8kVj+eYQbPjC
                                                                                                  MD5:9EBA33A059242CFA7E85B47C2620BDD4
                                                                                                  SHA1:47EE1AFB50F209F4B4E833C3C9A24FA6ED2304AA
                                                                                                  SHA-256:3E5523C1FCBC88E01FA105A7CDFD41E8CC04F0688170754F10ABBBC09C8A58E1
                                                                                                  SHA-512:B43A0E735928A406258E63C0C27570112E1AC11A491769F5B51962E67308042DFDE59F9E05E7FFC5544D39040B89C36749347EB36E506865C0675819984BB1FD
                                                                                                  Malicious:false
                                                                                                  Preview:.PNG........IHDR.......8........C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..g...u..Vw....;?.tc..bwf...Xz...{.I...=)C...5.3#......J.V... ....'hA.:.....|.............Df.<.oVu}XM<{..t>.h3...|8.xb8g=..!.~F0..g..L.B...qv.q.._....'..3s....;.W.O6.X{.v.}...s.n..T3w..l.M...X..>Z..1...y.../.03..3.>..~....$;.8d{f..\....3..N.f......x...6.....w?.........-+..03.*..2...O.2.7.,........e....4Uf.[9..:.Y.0.W.\...e.).....bv.....+.?.A._.x^...:....8f>...t..{i<2j.....?z`B.3.3...E...oUbl...;...\...............s'.`...9.qr3f......{....{.2../..{...s....w~..wt...d.._MY...c.m.1../O..o...o}i.s#.}........{....}.*..lg.x_..c.....t^.Oe....{..o(.x}.-.Q.]..6.....~w....x.{+.....!V.~;.x...s...C.{.]....N......;....[0.fO......}..y.;....|{...{+..N...T....om.Z..`....j.....c.B..1........=.f..6.O..B............].5'..pke...*3..R..\>.q7.y.N)..q..y.;..f..5..w..5'....{C..|w...K..'.....S3{.u~..4k.+....753G.X[..O*.>...s..M.....'.g..o.s.K.\Y.kX[X{...:.(-.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\GalacticFever.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):146870272
                                                                                                  Entropy (8bit):6.718372413676001
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1572864:KFPFqg/QDqnOeMvLq82U/pmmKKmB7Bg2N:MQfhbbmBL
                                                                                                  MD5:7E0C6A869431C00542C18DF9C3105672
                                                                                                  SHA1:D9496CD15957A5292A8A36A5F3402379CA5204F4
                                                                                                  SHA-256:C2F0D1054307CE07531ECE51CA02EC2247F546B64A09265E8E02CAA6A0C5B5AA
                                                                                                  SHA-512:22678E7ED3CD15FDA6E41CD6DE38E20C686FBFA1603B13C4E2E1846AB4CCF2B2931C079973437C8FEB143634D3DE2396FD92A509FA27335488229E20D22FCF29
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b..........".......... .......#.........@..........................................`...........................................c.jC..r.f.h..............q:..........p.......VZ.....................`QZ.(...P...0...........8.f.X...HGc.`....................text...H........................... ..`.rdata....M.......M.................@..@.data....HB...j......dj.............@....pdata...q:.....r:..Vr.............@..@.00cfg..(....P.....................@..@.retplne`....`..........................rodata......p..................... ..`.tls....a..........................@...CPADinfo8..........................@..._RDATA.............................@..@malloc_h........................... ..`.rsrc.............................@..@.reloc.......p......................@..B................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\LICENSE.electron.txt

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1096
                                                                                                  Entropy (8bit):5.13006727705212
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                  SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                  SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                  SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                  Malicious:false
                                                                                                  Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\LICENSES.chromium.html

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5557692
                                                                                                  Entropy (8bit):4.82586139211392
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:DFA12F4EDCCB902D7D3B07FAE219F176
                                                                                                  SHA1:C2073440A5ADD265B4143DE05E6864FED2C3B840
                                                                                                  SHA-256:501F0B7EBF0BE7ED8702D317332A0F8820AF837C0A2A1D7645BA04352270E2B8
                                                                                                  SHA-512:EEE3A8E0EEAE139DDD9369D0869C29C91007BF6C5B0D7982918D5A013214A9E80B9233E7C1CCB43124152F684F0B782831B0A6B3D126558261DD161230004E50
                                                                                                  Malicious:false
                                                                                                  Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\chrome_100_percent.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):148598
                                                                                                  Entropy (8bit):7.923683311160288
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:237CA1BE894F5E09FD1CCB934229C33B
                                                                                                  SHA1:F0DFCF6DB1481315054EFB690DF282FFE53E9FA1
                                                                                                  SHA-256:F14362449E2A7C940C095EDA9C41AAD5F1E0B1A1B21D1DC911558291C0C36DD2
                                                                                                  SHA-512:1E52782DB4A397E27CE92412192E4DE6D7398EFFAF8C7ACABC9C06A317C2F69EE5C35DA1070EB94020ED89779344B957EDB6B40F871B8A15F969EF787FBB2BCA
                                                                                                  Malicious:false
                                                                                                  Preview:..................#.Z...:......k.....k.....k ....k.....k=....k.....k.....k.....l.....l.....l;....l."...l2....l.9...l.;...l.<...l.>...l'?...l.H...l.P...l.R...l{S..NziT..Oz.U..PzJW..Qz2Z..Rz+]..Sz^`..Tzod..Uz9h..Vz.k...z.o...z.p...zmr...z.s...z.t...zWu...z.u...zA....z......p.....s.....................................................=...........{.....9............"....1,....Q/.....7.....;....-E....eO.....S....3U.....]....|f....dg.....h.....j.....m.....n.....q.....s....Wu.....w.....y....2z.....{....D}................;..............................................l....N........H.............|....K....0...."...................B....0.......................Y........................o....6..............{....4....F....".........f..........L........t....>.......................:.......................:.....q.....g.....\.....T".....'....z'.....'....'(.....(.....).....*.....+....Z+.....+....+...=,...Q2...;6....6...;7....7...H8....8...a9....9

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\chrome_200_percent.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):219575
                                                                                                  Entropy (8bit):7.950067097420845
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:7059AF03603F93898F66981FEB737064
                                                                                                  SHA1:668E41A728D2295A455E5E0F0A8D2FEE1781C538
                                                                                                  SHA-256:04D699CFC36565FA9C06206BA1C0C51474612C8FE481C6FD1807197DC70661E6
                                                                                                  SHA-512:435329D58B56607A2097D82644BE932C60727BE4AE95BC2BCF10B747B7658918073319DFA1386B514D84090304A95FCF19D56827C4B196E4D348745565441544
                                                                                                  Malicious:false
                                                                                                  Preview:..................#.[...:......k.....k.....ky....k>....k|....kw....k5&...kq+...l.....l.5...l.:...l.B...l.X...l\o...l.q...lBs...l.v...l<w...l.....l....l.....l...Nz....Oz...Pz....Qz....Rz....SzS...Tzp...UzF...Vz.....z.....z.....z.....z.....z.....z|....z.....zf....z.'.....*....3/....u8....~:.....=.....B.....N.....O.....X.....^....id.....i.....p.....r....#w.....{...............4.....%................\................\...../.....O.....\.....q.................q.................o.....m.....Z.....{.....l.............................d..........=....>....C....H....I....K....L...%N....N...OP....Q...BS....T....V....Y....]....b....j....r....s...Du....v....w...^y....z...}~...._.........y........8....W.............E.......................H...............U..............6.....Z.....{.....o.....e...................................I............(.....8.....9....l9.....9....y:.....;.....<.....<....==.....=....=...D>...dD...ZH....H...rI....J....J

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\d3dcompiler_47.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4524696
                                                                                                  Entropy (8bit):6.367051782021837
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:7641E39B7DA4077084D2AFE7C31032E0
                                                                                                  SHA1:2256644F69435FF2FEE76DEB04D918083960D1EB
                                                                                                  SHA-256:44422E6936DC72B7AC5ED16BB8BCAE164B7554513E52EFB66A3E942CEC328A47
                                                                                                  SHA-512:8010E1CB17FA18BBF72D8344E1D63DED7CEF7BE6E7C13434FA6D8E22CE1D58A4D426959BDCB031502D4B145E29CB111AF929FCBC66001111FBC6D7A19E8800A5
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S........................................a.............................................................................Rich....................PE..d.....2..........." ......3.........0.&.......................................E.....VTE...`A..........................................A.x.....A...... E.@.....B..!....D.."...0E....P.>.T....................{7.(...pz7..............{7..............................text...D.3.......3................. ..`.rdata........3.......3.............@..@.data....#....A.......A.............@....pdata...!....B.."...>B.............@..@.rsrc...@.... E......`D.............@..@.reloc......0E......fD.............@..B................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\ffmpeg.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2714112
                                                                                                  Entropy (8bit):6.6777628855193685
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:21647425561F9DFA567139D2C505F585
                                                                                                  SHA1:EFD5B3D6A21886C6467D28C73D20BE0ACB4591E9
                                                                                                  SHA-256:B827172262CEA032BE8303AAE69A947A8D867006269BB8B2BC7E77619333C1B6
                                                                                                  SHA-512:C5316A6B2D77CF2C2949698F9CBA92FE1EC57B2AC82D55FBBEFFE71B4834EC06E83728A176F5089C91CC9544DEDA0667F39338F1E9D1A37DB69BD8BAD4AF915A
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....(!..>................................................?...........`A........................................X.'.....r.'.(............p>..............P?../....'.......................'.(...`e!.0.............'.0............................text....'!......(!................. ..`.rdata...9...@!..:...,!.............@..@.data.........(.."...f(.............@....pdata.......p>.......(.............@..@.00cfg..(.... ?......4).............@..@.tls.........0?......6).............@..._RDATA.......@?......8).............@..@.reloc.../...P?..0...:).............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\icudtl.dat

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10284336
                                                                                                  Entropy (8bit):6.285840716785654
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:D866D68E4A3EAE8CDBFD5FC7A9967D20
                                                                                                  SHA1:42A5033597E4BE36CCFA16D19890049BA0E25A56
                                                                                                  SHA-256:C61704CC9CF5797BF32301A2B3312158AF3FE86EADC913D937031CF594760C2D
                                                                                                  SHA-512:4CC04E708B9C3D854147B097E44FF795F956B8A714AB61DDD5434119ADE768EB4DA4B28938A9477E4CB0D63106CCE09FD1EC86F33AF1C864F4EA599F8D999B97
                                                                                                  Malicious:false
                                                                                                  Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .0....A..p....A.......A..`....A.......A.......A..P....A.. &...B..p&...B...&.. B...n..4B...n..GB...o..ZB.. p..mB...p...B..0r...B...r...B...r...B..Ps...B...t...B..`u...B...v...C..Pw...C...w..+C...y..>C...y..QC...{..dC..p}..wC...}...C.......C..p....C..P....C.......C.. ....C.......C.......D.. ..."D.....5D..0...FD......ZD.....jD.. ...}D.......D.......D.......D..`....D.......D.......D..P....E.......E...../E..P...BE......YE......iE..p...|E.......E.......E..`....E.......E.......E...2...F....&..F..`.&.6F....&.MF....&.gF..@.&.~F....&..F..p.&..F.. .&..F..P.&..F..pY(..F...%)..G....).7G....).YG...K*.yG...*..G..0.+..G.. .+..G....+..G..`.+..H....+..H...e+.6H....+.TH..`.-.mH....-..H....-..H....-..H..`.-..H....-..H..P....H.......I.......I..@...-I...I..@I...J..SI..`J..fI...J..yI...K...I..`K...I...K...I...M...I...p...I...q...I..`....J.......J......4J...$/.IJ..

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\libEGL.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):447488
                                                                                                  Entropy (8bit):6.309802860311442
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:91F11A9181583F75E2B29FCD9050C7F5
                                                                                                  SHA1:FD90ABC3048F3347435DFBD1075B8051AC6FFABC
                                                                                                  SHA-256:43A549FF51CE4EE20074999527B19FBF280A8CAA7DB0BDE957704033B6F5B330
                                                                                                  SHA-512:925AC2A87E436219E22A924F615669CB166E8183D6E4DD0F00ED68C16FAA3FFA10AB410106A7F81320F10205415BFF9D10976F1DC0BB695B9293B80101E4CE8A
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." ................0........................................`............`A............................................a...I...(....@..x........=...........P..................................(.......0...........X................................text............................... ..`.rdata..D...........................@..@.data...|L....... ...\..............@....pdata...=.......>...|..............@..@.00cfg..(...........................@..@.tls....!.... ......................@..._RDATA.......0......................@..@.rsrc...x....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\libGLESv2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):7040512
                                                                                                  Entropy (8bit):6.411129914957704
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:16DEB84C2DD1D55ED938A112B6CE92D4
                                                                                                  SHA1:15ED353F418030E2A3D94C2C77D45605EA9CB3C2
                                                                                                  SHA-256:B49922F98946952E96C03C468A4812E0B1E7A090F4E1F96489F48ACC07EBA1F8
                                                                                                  SHA-512:BB9EA90E01AC7E633D3E27054206C6070B352CCE196B7B70B989AF2B718DEC3506D3AAF62E3074FDC93E7E23839ED15CCB8A508305170E7BA38920CA21F4047B
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....VQ...........F......................................Pl...........`A..........................................b. ...-.c.d....Pk.......i.,............`k......jb......................ib.(... .Q.0........... .c.....0.b.@....................text...UUQ......VQ................. ..`.rdata..|....pQ......ZQ.............@..@.data........pd......Vd.............@....pdata..,.....i......`h.............@..@.00cfg..(.... k......rj.............@..@.tls....1....0k......tj.............@..._RDATA.......@k......vj.............@..@.rsrc........Pk......xj.............@..@.reloc.......`k......~j.............@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\am.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):192492
                                                                                                  Entropy (8bit):5.056947701287817
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:C0490D3C4FF1EE8614225043654AAF0C
                                                                                                  SHA1:B044484CED372B5817285B67EBA59F0AF40CB639
                                                                                                  SHA-256:E98F3437F6D451FB9FEC33473ABC9F07ABF0794CD45D02AE1DE48CCB9FC5C8B6
                                                                                                  SHA-512:3D66B9A2AA4B08B19C635D350342A162879042E926FA41E059E3C62FC68BDD73A91D6A9A41E409EEEE7338DAF0A931F178E9D151B4B9EE9EF6545F8957CCEFB4
                                                                                                  Malicious:false
                                                                                                  Preview:..........6.j.`F..k.oF..l.zF..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..G..}..G.....G.....G....'G..../G....7G....>G....EG....LG....MG....NG....zG.....G.....G.....G.....G.....G.....H.....H.....H....8H....jH.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I....%I....<I....HI....UI.....I.....I..*..I..+..I..,..I../..J..0."J..1.~J..2..J..3..J..4..J..5..K..6.|K..7..K..>..K..?..K..N..L..g..L..i..L..j..L..k..L..l.$L...])L...]}L...].L...].M...].M...].M...].M...].N...]hN...]~N...]FP...]hP...]qP...]zP...^.P...^.P...^.P...^"Q...^.Q...^>R...^GR...^.R...^.R...^.R...^.R...^.S...^@S...^_S...^.S...^.S...^.T..%^.T..&^)T..'^BT..)^.T..*^.T..+^.U..,^&U..-^8U...^dU../^.U..0^{V..2^,W..3^FW..4^.W..5^.W..8^.W..9^.X..:^.Y..;^.Y..<^.Y..>^gZ..?^%[..@^.\..A^.\..B^H\..C^|\..D^.^..E^._..F^.`..G^.a..I^Ha..K^Qa..L^pa..M^.a..N^.a..O^.a..T^nb..U^.b..V^fc..W^.c..X^.c..Y^.c..Z^id..[^.d..\^We..]^.e..b^Lf..d^[f..e^af..f^jf..g^.f..h^.f..i^.f..j^.f..k^.g..l^.g..o^8g..p^gg..q^.g..r^.h..s^6h

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ar.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):198772
                                                                                                  Entropy (8bit):5.130198020742576
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:9B610C0107724603B19893C4CCC551A0
                                                                                                  SHA1:37D987196C640861B336628D67E22EF283115E7D
                                                                                                  SHA-256:F9D96AF7D5EF9E0B4F4EF133A98A64B4398C7AEF04E20688B523E6EA27C61F15
                                                                                                  SHA-512:E99C07E474278990027E560D0F0464ED0D59C485226B56C8318470C41B5976602B1D52659996EBEECECC3D59927577202AB6312E07F40F71EB39972AE5296BC6
                                                                                                  Malicious:false
                                                                                                  Preview:..........>.j.PF..k._F..l.jF..n.rF..o.wF..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..G.....G.....G.....G.....G....'G.....G....5G....<G....>G....~G.....G.....G.....G.....H.... H....$H.....H....NH....nH.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I.....I....'I..../I....BI.....I.....I..*..I..+..I..,..I../..I..0..I..1.8J..2.MJ..3.fJ..4..J..5..J..6..K..7.<K..>.mK..?.xK..N..K..g..K..i..K..j..K..k..K..l..K...].K...].L...]6L...]9M...]AM...].M...].M...].M...] N...]@N...]/R...]SR...][R...]lR...^.R...^.R...^.R...^.S...^.S...^/T...^3T...^hT...^}T...^.T...^.T...^.T...^.U...^.U...^uU...^.U...^.U..%^.U..&^.U..'^.U..)^TV..*^.V..+^.V..-^.V...^.V../^.W..0^.W..1^bX..2^.Y..3^8Y..4^jY..5^.Y..8^.Y..9^dZ..:^c[..;^y[..<^.[..>^.[..?^.\..@^.]..A^'^..B^L^..C^.^..D^.b..E^zd..F^.f..G^.f..I^.f..K^.f..L^.f..M^.f..N^.g..O^dg..T^.h..U^Qh..V^.h..W^.i..X^/i..Y^.i..Z^,j..[^.j..\^'k..]^wk..b^.l..c^.l..d^.l..e^.l..f^.l..g^.l..h^.l..i^.m..j^.m..k^8m..l^hm..o^.m..p^.n..q^+n..r^.n..s^.n..t^.o

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\bg.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):214333
                                                                                                  Entropy (8bit):4.866044052884893
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:7F3FE009D84DDDF6A509AE33D95A7E7B
                                                                                                  SHA1:667D804C714FEAB9D104DB211A981357B2B8124F
                                                                                                  SHA-256:58BEC94801D09157C852CFBC3CCD9916FAFD1947FDC61C1453456BCE5B054C4E
                                                                                                  SHA-512:92151D7589682C7078D9F9915EB6D14D350A13A126A000E4DA29228649926282CAF03CD996E68704F9E5DD0FAF11750F7C4EE105E1655F9BECBE0E267F7FC614
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.'G..y.-G..z.<G..|.BG..}.TG....\G....aG....iG....qG....yG.....G.....G.....G.....G.....G.....G.....G.....H....4H....YH....[H...._H....kH....~H.....H.....H.....H....&I....WI....^I....aI....bI....vI.....I.....I.....I.....I.....I.....I.....J....cJ.....J..*..J..+..J..,..J../..K..0.&K..1..K..2..K..3..K..4..L..5.@L..6..L..7..L..>..M..?..M..N.>M..g.LM..i.OM..j.SM..k.ZM..l.hM...]mM...].M...].M...].O...]+O...]rO...].O...].O...]%P...]OP...].Q...].Q...].R...].R...^;R...^MR...^.R...^.R...^9T...^.T...^.T...^.T...^.U...^WU...^xU...^.U...^.U...^)V...^AV...^gV..%^yV..&^.V..'^.V..)^IW..*^.W..+^.W..,^.W..-^.W...^#X../^uX..0^QY..1^.Z..2^.Z..3^.Z..4^.[..5^X[..8^.[..9^t\..:^.]..;^.]..<^.]..>^X^..?^5_..@^._..A^._..B^.`..C^B`..D^.b..E^.b..F^yc..G^.c..I^#d..K^-d..L^Od..M^ad..N^.d..O^.d..T^~e..U^.e..V^.f..W^.f..X^.f..Y^Rg..Z^.h..[^.h..\^#i..]^.i..b^.j..d^.j..e^.j..f^.j..g^.k..h^.k..i^dk..j^ek..k^.k..l^.k..o^.k..p^:l..q^pl..r^.l..s^!m

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\bn.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):274613
                                                                                                  Entropy (8bit):4.47502496975818
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:ECFF6F8DC301B6B435DF5E44C2AE8A2A
                                                                                                  SHA1:6FDFA4136F3BB5CCD9E4E7B4706DB98F17F85C1B
                                                                                                  SHA-256:3250ADECE302934B9A78569D72CA70E596D91865455D5274CCF8D651CCAC5350
                                                                                                  SHA-512:C9E22FF9FEF3C2EEF6B25886E32A27FD19D56C1085C993AEA1D5A1528D65735B0628B825A2834A1B8B2512D8ABF59CABB3B35044484F566057826EAA3CFA682D
                                                                                                  Malicious:false
                                                                                                  Preview:..........4.j.dF..k.sF..l.~F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..G..}..G.....G....$G....,G....4G....9G....AG....HG....OG....VG....WG....XG.....G.....H....7H....bH.....H.....H.....H.....H.....H.....I....;I....iI.....I.....I.....I.....I.....I.....I.....J.....J....,J....MJ....\J....tJ.....J....&K..*.DK..,.GK../.~K..0..K..1..L..2.,L..3.HL..4..L..5..L..6.}M..7..M..>..N..?. N..N.UN..g.nN..i.qN..j.uN..k.zN..l..N...].N...].N...].O...].P...].P...]9Q...]xQ...].Q...]0R...]\R...].U...]WU...]`U...]xU...^.U...^.U...^ V...^.V...^.W...^.W...^.X...^hX...^.X...^.X...^.X...^.Y...^@Y...^UY...^.Y...^.Y...^.Z..%^+Z..&^UZ..'^{Z..)^'[..*^z[..+^.[..,^.[..-^.[...^H\../^.\..0^.]..1^.^..2^.`..3^/`..4^.`..5^.`..8^.a..9^eb..:^od..;^.d..<^.d..>^4e..?^.f..@^.g..A^.g..B^.g..C^Hh..D^.k..E^Xm..F^.n..G^Po..I^.o..K^.o..L^.o..M^.o..N^.p..O^yp..T^.q..U^.q..V^.r..W^.s..X^Us..Y^}s..Z^Zt..[^.u..\^.u..]^+v..b^.w..c^.w..d^.w..e^.w..f^.w..g^/x..h^.x..i^.x..j^.x..k^.x..l^.x..o^dy..p^.y..q^.z..r^.z

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ca.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136216
                                                                                                  Entropy (8bit):5.401900922137372
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:65C1F1FAEE2EDBE7D7B6709D7E6B6EF7
                                                                                                  SHA1:A81848018BC9978EDB9E764474CF9C9B297BB91C
                                                                                                  SHA-256:D8A83A19F8C66742226538AF9489B70C1439F6133591E29A353ADDD9089F67C6
                                                                                                  SHA-512:590587A66BF03C2CC61C49CB9452220B3697AD4A00ABC0056017FD0203EBC2980EC8F59337FCD1FF90EEDFA8F8171ACEF5818B1DA856EC78C352498002679FBD
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.+G..y.1G..z.@G..|.FG..}.XG....`G....eG....mG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....0H....4H....;H....HH....XH....nH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I..../I....KI..*.WI..+.ZI..,.xI../..I..0..I..1..I..2..I..3..I..4..J..5.9J..6.vJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...])K...].K...].K...].K...].L...]1L...]hL...]vL...]=M...]XM...]`M...]gM...^}M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^.O...^"O...^3O...^JO...^^O...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^0P..*^ZP..+^oP..,^.P..-^.P...^.P../^.P..0^GQ..1^.Q..2^?R..3^\R..4^.R..5^.R..8^.R..9^HS..:^.T..;^+T..<^IT..>^}T..?^.U..@^cU..A^tU..B^.U..C^.U..D^.V..E^AW..F^.W..G^.X..I^:X..K^DX..L^WX..M^bX..N^vX..O^.X..T^.X..U^.Y..V^yY..W^.Y..X^.Y..Y^.Y..Z^OZ..[^.Z..\^.Z..]^*[..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^/\..j^0\..k^E\..l^H\..o^i\..p^.\..q^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\cs.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):139589
                                                                                                  Entropy (8bit):5.805335191018667
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:C64366988F8D46B6912F2D6BE0120B1A
                                                                                                  SHA1:3A33FE58CA30F41EA341CC9B9413A6CBDD6A1E4B
                                                                                                  SHA-256:30FD14794EE1088D37387F42E5D366F962FA9273EBA8CCDD9B950646D2DD6172
                                                                                                  SHA-512:8990D212AFF170A547733B0CD54055ECF6D30319189A7D88CDA149B8994986C9CCC899D203FA4CEDCDACB3217B2B72E2A9E69AA195B285AA388BF2AF125158FE
                                                                                                  Malicious:false
                                                                                                  Preview:..........!.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.$G..|.*G..}.<G....DG....IG....QG....YG....aG....hG....oG....vG....wG....xG.....G.....G.....G.....G.....G.....G.....H.....H.....H....+H....9H....IH....XH....iH....pH....sH....tH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I..*..I..+..I..,.<I../.YI..0.cI..1..I..2..I..3..I..4..I..5..I..6.4J..7.HJ..>.^J..?.fJ..N.xJ..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...]{K...].K...].K...].K...].K...].L...].L...].M...].N...].N...].N...^"N...^,N...^EN...^hN...^.N...^.O...^.O...^>O...^LO...^wO...^.O...^.O...^.O...^.O...^.O...^.P...^.P..%^ P..&^.P..'^;P..)^.P..*^.P..+^.P..-^.P...^.P../^.P..0^gQ..1^.Q..2^7R..3^MR..4^{R..5^.R..8^.R..9^.S..:^.S..;^.S..<^.T..>^CT..?^.T..@^lU..A^~U..B^.U..C^.U..D^.W..E^.X..F^lY..G^.Y..I^.Y..K^.Y..L^.Y..M^.Y..N^.Y..O^ Z..T^pZ..U^.Z..V^.Z..W^.[..X^([..Y^`[..Z^.[..[^.[..\^B\..]^m\..b^.\..c^.]..d^.]..e^.]..f^.]..g^*]..h^B]..i^Q]..j^T]..k^e]..l^h]..o^.]..p^.]..q^.]..r^.^

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\da.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):127576
                                                                                                  Entropy (8bit):5.4328055342090105
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:9FB8A421CAF18588B494C3F34D8764C6
                                                                                                  SHA1:201AC33074C76830893197AB9382EC84553F1794
                                                                                                  SHA-256:0997BE868557F97F013242C066B192E574B4FA553D13F37F97A1DE714B95A858
                                                                                                  SHA-512:59B2FD820F9BD45015444C85FCB55E04027836E62C6A9187E8CE0C2A9AEA6E5E626B76627C9601F69E769D4DDD09F6A8CCC2DFDDA6835E261B94A5AF91D8BBF9
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....%H....2H....=H....QH....cH....jH....mH....nH....uH....~H.....H.....H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../.&I..0.0I..1.^I..2.jI..3.tI..4..I..5..I..6..I..7..I..>..I..?..J..N..J..g..J..i.!J..j.%J..k.*J..l./J...]4J...]]J...].J...]6K...]<K...]ZK...]hK...]xK...].K...].K...].M...](M...]/M...]5M...^BM...^OM...^.M...^.M...^4N...^`N...^iN...^.N...^.N...^.N...^.N...^.N...^.N...^.N...^,O...^3O...^FO..%^IO..&^]O..'^eO..)^.O..*^.O..+^.O..,^.O..-^.O...^.P../^(P..0^.P..1^.P..2^UQ..3^gQ..4^.Q..5^.Q..8^.Q..9^.R..:^.R..;^.R..<^.R..>^.S..?^fS..@^.S..A^.S..B^.T..C^.T..D^CU..E^.U..F^YV..G^.V..I^.V..K^.V..L^.V..M^.V..N^.V..O^.W..T^IW..U^oW..V^.W..W^.X..X^.X..Y^<X..Z^.X..[^.X..\^.Y..]^JY..b^.Y..d^.Y..e^.Y..f^.Y..g^.Y..h^.Z..i^!Z..j^"Z..k^0Z..l^3Z..o^HZ..p^}Z..q^.Z..r^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\de.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136414
                                                                                                  Entropy (8bit):5.486129891558703
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:A4D8EECEC2747FFB12551AB8E93FAFDF
                                                                                                  SHA1:59AA4C3A7179C46C7699D0D918DD92722A614DEF
                                                                                                  SHA-256:D67F95E2982E7DEBF67741B88CE054F5BB8356021A280E092227B77EC82E298F
                                                                                                  SHA-512:1DE20FA8798D050966C99AA0590C7460A40B6FF41AFC36645C1F4655A09F6070530ADBD1D6FB5937D1FC9965C7AAC932DBB06A0FF47F31BCB6D4717EAA81613E
                                                                                                  Malicious:false
                                                                                                  Preview:..........F.j.@F..k.OF..l.ZF..n.bF..o.gF..p.tF..q.zF..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....F.....G.....G.....G.....G....%G....,G....-G.....G....gG....xG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....-H....FH....MH....PH....QH....[H....eH....yH.....H.....H.....H.....H.....H.....H.....H..*..H..+..I..,..I.././I..0.7I..1.\I..2.jI..3.sI..4..I..5..I..6..J..7..J..>.*J..?.2J..N.GJ..g.RJ..i.UJ..j.YJ..k.bJ..l.hJ...]uJ...].J...].J...]{K...].K...].K...].K...].K...].L...],L...]%M...]<M...]CM...]IM...^fM...^sM...^.M...^.M...^VN...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^.O...^2O...^mO...^{O...^.O..%^.O..&^.O..'^.O..)^.P..*^#P..+^4P..,^DP..-^JP...^mP../^.P..0^.Q..1^.Q..2^TR..3^kR..4^.R..5^.R..8^.R..9^SS..:^!T..;^0T..<^LT..>^tT..?^.T..@^ZU..A^aU..B^lU..C^.U..D^.V..E^.W..F^.W..G^.X..I^)X..K^2X..L^@X..M^IX..N^XX..O^.X..T^.X..U^.Y..V^.Y..W^.Y..X^.Y..Y^.Y..Z^2Z..[^.Z..\^.Z..]^.[..b^.[..d^.[..e^.[..f^.[..g^.[..h^.[..i^.\..j^.\..k^#\..l^&\..o^>\..p^h\..q^.\..r^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\el.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):235472
                                                                                                  Entropy (8bit):4.928800315357694
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:DC334C39FA35F04D554FD6BF4D6301BE
                                                                                                  SHA1:8F83F39B41447E479E1DE761721FC35B22A1F227
                                                                                                  SHA-256:168FDC777570FA85C16EE7A701BEF28FE6D7EB943A674AD8681A2F9FCEDD2635
                                                                                                  SHA-512:E4F0FE4AC83DF9F106D60DE2D4563519512D1B088ABB0FD52D4D459CCF093397C5F56E41958111AD67AB9A19DC2A9DD6870356BE2E344559DEAF757D3B96B7A1
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.*G..|.0G..}.BG....JG....OG....WG...._G....gG....nG....uG....|G....}G....~G.....G.....H....+H....eH.....H.....H.....H.....H.....H.....H.....I....2I...._I.....I.....I.....I.....I.....I.....I.....I.....I.....J.....J...."J....2J.....J.....J..*..J..+..K..,. K../.pK..0..K..1..L..2.2L..3.JL..4..L..5..L..6.TM..7.|M..>..M..?..M..N..M..g..M..i..N..j..N..k..N..l..N...].N...]tN...].N...].O...].O...]CP...]jP...].P...].Q...]0Q...].R...].S...].S...]#S...^WS...^iS...^.S...^.S...^/U...^.U...^.U...^.V...^)V...^]V...^mV...^.V...^.V...^.V...^oW...^.W...^.W..%^.W..&^.W..'^.X..)^.X..*^.X..+^.Y..,^.Y..-^FY...^.Y../^.Y..0^.Z..1^.[..2^.\..3^.\..4^:]..5^a]..8^.]..9^.^..:^;`..;^V`..<^z`..>^.`..?^.a..@^sb..A^.b..B^.b..C^.b..D^.d..E^.e..F^.f..G^Qg..I^.g..K^.g..L^.g..M^.g..N^.g..O^8h..T^.h..U^.i..V^.i..W^Wj..X^xj..Y^.j..Z^.k..[^Ll..\^.m..]^jm..b^.n..c^.n..d^.n..e^.n..f^.n..g^.n..h^.o..i^3o..j^4o..k^So..l^Vo..o^.o..p^.o..q^.o

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\en-GB.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):112584
                                                                                                  Entropy (8bit):5.476085642762499
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:998947B55A25776181CC11110902F6D7
                                                                                                  SHA1:A93272EB26EB9977833FB809DF593759F2533570
                                                                                                  SHA-256:FCBCDFB71363750A9E404A365A00F196C9ED4FE149532580F149811475B45636
                                                                                                  SHA-512:A58B9B8BF6C2C2B14F870FDD3557B18AA002F5CC8C270EB0D35A1AAB3CB864CF472328F0515039515879C9B355569B7D049CA1A1569304CF347B40B5815B726F
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v."G..w./G..y.5G..z.DG..|.JG..}.\G....dG....iG....qG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....(H....8H....MH....bH....iH....lH....mH....uH....}H.....H.....H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../..I..0.!I..1.UI..2.cI..3.iI..4.}I..5..I..6..I..7..I..>..I..?..I..N..J..g..J..i..J..j..J..k..J..l..J...]#J...]DJ...]SJ...].J...].J...].J...].J...].J...]"K...]/K...].K...].K...].K...].K...^.L...^.L...^.L...^=L...^.L...^.L...^.L...^.L...^.L...^.L...^.L...^.M...^(M...^5M...^mM...^wM...^.M..%^.M..&^.M..'^.M..)^.M..*^.N..+^.N..,^.N..-^.N...^*N../^PN..0^.N..1^.N..2^UO..3^dO..4^.O..5^.O..8^.O..9^(P..:^.P..;^.P..<^.P..>^.Q..?^{Q..@^.Q..A^.Q..B^.Q..C^.R..D^.R..E^wS..F^.S..G^.T..I^8T..K^>T..L^HT..M^OT..N^ZT..O^vT..T^.T..U^.T..V^,U..W^@U..X^PU..Y^tU..Z^.U..[^.V..\^OV..]^sV..b^.V..c^.V..d^.W..e^.W..f^.W..g^.W..h^2W..i^EW..j^FW..k^QW..l^TW..o^kW..p^.W..q^.W

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\en-US.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):113481
                                                                                                  Entropy (8bit):5.470392531977106
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:5CC884BF0EC1C702240173B35A421D1B
                                                                                                  SHA1:19BDFB0B31DC4A75E7C135D1A8EF76F5F6CC3A31
                                                                                                  SHA-256:9F0C75C84381360677055D6197812C7A6C42DBFC6134EB8212D8A60ED1CA1601
                                                                                                  SHA-512:48772F50F6B0D846084A0CFB0D6433F2FBF73677B557B022D0D73D04790636C0C40ED873C32FD037013E943FB7C24816EFDCDE38429520895C00C2D85A17EA5C
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..G..r..G..s."G..t.+G..v.@G..w.MG..y.SG..z.bG..|.hG..}.zG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....!H....%H....,H....6H....FH....VH....kH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H..*..I..+..I..,.%I../.6I..0.?I..1.rI..2..I..3..I..4..I..5..I..6..I..7..I..>..J..?..J..N..J..g.(J..i.+J..j./J..k.4J..l.;J...]@J...]aJ...]pJ...].J...].J...].J...].K...].K...]?K...]LK...].L...].L...]"L...](L...^1L...^9L...^KL...^jL...^.L...^.L...^.L...^.M...^.M...^.M...^&M...^9M...^UM...^bM...^.M...^.M...^.M..%^.M..&^.M..'^.M..)^.N..*^-N..+^7N..,^CN..-^GN...^VN../^xN..0^.N..1^.O..2^yO..3^.O..4^.O..5^.O..8^.O..9^OP..:^.P..;^.Q..<^.Q..>^>Q..?^.Q..@^.R..A^.R..B^'R..C^@R..D^5S..E^.S..F^:T..G^kT..I^.T..K^.T..L^.T..M^.T..N^.T..O^.T..T^.U..U^+U..V^.U..W^.U..X^.U..Y^.U..Z^%V..[^gV..\^.V..]^.V..b^PW..c^WW..d^]W..e^bW..f^fW..g^xW..h^.W..i^.W..j^.W..k^.W..l^.W..o^.W..p^.W..q^.X

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\es-419.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):135123
                                                                                                  Entropy (8bit):5.373057629573399
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:10B1D1097987EA050A5791ECEB5EABDA
                                                                                                  SHA1:C0812FBC16592A39CD1600196E62D0000B22BD73
                                                                                                  SHA-256:04B24396CC017E1DBB0BCA7371D7CAE10CAD2350DA661A8A035B572AA76CBD49
                                                                                                  SHA-512:F2A6767EAE2D5EEBFF35F6B7D3A932FFD797FDFB48023C75B3C98B1CED5B3695EC12E642D68582DA1AACAC1C59B0D3A2F029C702D0DF02D7B08430384D40E178
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.)G..y./G..z.>G..|.DG..}.VG....^G....cG....kG....sG....{G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....!H....2H....EH....XH....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....5I..*.@I..+.CI..,.aI../..I..0..I..1..I..2..I..3..I..4..J..5.*J..6.qJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]3K...].K...].K...].L...]!L...]4L...]hL...]wL...]TM...]uM...]~M...].M...^.M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^&O...^/O...^AO...^UO...^cO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^4P..*^hP..+^xP..,^.P..-^.P...^.P../^.P..0^EQ..1^.Q..2^SR..3^sR..4^.R..5^.R..8^.R..9^_S..:^)T..;^@T..<^UT..>^.T..?^.U..@^yU..A^.U..B^.U..C^.U..D^.V..E^.W..F^.W..G^.W..I^.X..K^.X..L^)X..M^4X..N^BX..O^hX..T^.X..U^.X..V^JY..W^jY..X^}Y..Y^.Y..Z^.Z..[^jZ..\^.Z..]^.Z..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^.\..j^.\..k^*\..l^-\..o^T\..p^.\..q^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\es.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136317
                                                                                                  Entropy (8bit):5.340572969000703
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:460ED6807D7A0E5DDE909D706B4F267C
                                                                                                  SHA1:D4948B217B8A2E620E7AAC7A04C2E8483AA84B3C
                                                                                                  SHA-256:665E93CA25DE6050A4FBC1F343D67496D6E1E296DBBCC9EDF3DAB7BBCF1035DB
                                                                                                  SHA-512:FA6C57DCFDB6E53FA13FBB353C3C581C3DFBD4D34AE7612B1F780F4DA944DA253767FE86AB3C5A3EAE918A339649828643FD50B9F66BB943F29924E713891D98
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.+G..y.1G..z.@G..|.FG..}.XG....`G....eG....mG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....!H..../H....@H....SH....fH....~H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....>I..*.II..+.LI..,.jI../..I..0..I..1..I..2..I..3..I..4..J..5. J..6.lJ..7.}J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]"K...].K...].K...].K...].L...].L...]?L...]NL...]%M...]@M...]IM...]OM...^`M...^nM...^.M...^.M...^YN...^.N...^.N...^.N...^.N...^.O...^.O...^!O...^:O...^HO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^)P..*^]P..+^mP..,^.P..-^.P...^.P../^.P..0^GQ..1^.Q..2^6R..3^VR..4^.R..5^.R..8^.R..9^5S..:^.S..;^.S..<^.T..>^HT..?^.T..@^.U..A^$U..B^6U..C^[U..D^VV..E^.V..F^JW..G^.W..I^.W..K^.W..L^.W..M^.W..N^.W..O^'X..T^yX..U^.X..V^.Y..W^?Y..X^RY..Y^.Y..Z^.Z..[^eZ..\^.Z..]^.Z..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.[..i^.\..j^.\..k^.\..l^.\..o^1\..p^V\..q^y\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\et.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):123538
                                                                                                  Entropy (8bit):5.464890802945206
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:9EB930ED036C2828877BBEAED94071B2
                                                                                                  SHA1:B410F1CBD1774FD2036C5E8424022554B1FC61F9
                                                                                                  SHA-256:502AB41D852C69EA961DF20B79480FD9D38F99BBAD07A4D1B5E7143BA1F7BDC3
                                                                                                  SHA-512:86A0C8C6ED19C801705D0CD07A5634C6D234329D4A3AFC10F2E221ABE6A21DEA0F3CB808E2DAF94BDF113B64B7ACDE6AC836BA238D9F8B5F7BB355DA1346E402
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.;G..y.AG..z.PG..|.VG..}.hG....pG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....#H....%H....)H....5H....AH....JH....ZH....iH....~H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.'I..+.*I..,.HI../.bI..0.oI..1..I..2..I..3..I..4..I..5..I..6..J..7.5J..>.NJ..?.VJ..N.eJ..g.oJ..i.rJ..j.vJ..k.}J..l..J...].J...].J...].J...]}K...].K...].K...].K...].K...].L...] L...].L...].M...].M...].M...^-M...^3M...^MM...^tM...^.M...^ N...^%N...^UN...^dN...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^.O..%^.O..&^1O..'^?O..)^.O..*^.O..+^.O..,^.O..-^.O...^.O../^.P..0^tP..1^.P..2^LQ..3^^Q..4^.Q..5^.Q..8^.Q..9^(R..:^.R..;^.R..<^.R..>^$S..?^.S..@^.T..A^.T..B^.T..C^FT..D^>U..E^.U..F^.V..G^RV..I^lV..K^tV..L^.V..M^.V..N^.V..O^.V..T^.W..U^+W..V^.W..W^.W..X^.W..Y^.W..Z^AX..[^.X..\^.X..]^.X..b^gY..d^nY..e^qY..f^vY..g^.Y..h^.Y..i^.Y..j^.Y..k^.Y..l^.Y..o^.Y..p^.Z..q^DZ..r^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\fa.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):190789
                                                                                                  Entropy (8bit):5.232451563180468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:993FFA47D0354C2A9B9B4D378026E653
                                                                                                  SHA1:416EF059058FAE7E91D79E94C0AE4CC56D604F3B
                                                                                                  SHA-256:309CEC5292EE0361D45796C2234CF40A064249DA09108B1DA75BF570963941A2
                                                                                                  SHA-512:D1ED53F52858090641058AD924E42BAD29610E8E7546279325335C4D8EB9F5830FFE32FA35DACB18040090078A4466199A586D3EA4E82247B73BAB02ECEB17C7
                                                                                                  Malicious:false
                                                                                                  Preview:..........P.j.,F..k.;F..l.FF..n.NF..o.SF..p.`F..q.fF..r.uF..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....F.....G.....G.....G.....G.....G....bG....|G.....G.....G.....G.....G.....G.....G.....H....$H....JH....gH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I....oI.....I..*..I..+..I..,..I../..I..0..J..1.GJ..2.VJ..3.iJ..4..J..5..J..6.,K..7.dK..>..K..?..K..N..K..g..K..i..K..j..K..k..K..l..K...].K...]CL...]nL...]lM...].M...].M...].M...].N...]lN...].N...]YP...].P...].P...].P...^.P...^.P...^"Q...^kQ...^GR...^.R...^.R...^.R...^.S...^>S...^HS...^pS...^.S...^.S...^.T...^)T...^GT..%^QT..&^mT..'^.T..)^.T..*^(U..+^CU..,^_U..-^gU...^.U../^.U..0^.V..1^.W..2^.X..3^.X..4^.X..5^.Y..8^)Y..9^.Z..:^K[..;^l[..<^.[..>^.[..?^.\..@^.]..A^.]..B^.]..C^.]..D^_`..E^Ua..F^Kb..G^.b..K^.b..L^.c..M^.c..N^)c..O^nc..T^.c..U^Kd..V^.d..W^.e..X^*e..Y^he..Z^.e..[^rf..\^.f..]^'g..b^.g..d^.g..e^.h..f^.h..g^3h..h^Qh..i^rh..j^sh..k^.h..l^.h..o^.h..p^.h..q^-i..r^.i..s^.i..t^.j..v^!j

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\fi.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):125760
                                                                                                  Entropy (8bit):5.447273613792246
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:DD7E21B02BDCED910A171D592FAE0B18
                                                                                                  SHA1:CC28F1B8F0B06E71DAC3802EE26F644837982FA5
                                                                                                  SHA-256:9E1C20ECDBE9D15386ED493D0AC839612CC91A2284D5A97D9DC38EA2C90A3DC1
                                                                                                  SHA-512:12B3FD4BA110087074D5BEF6237EEBA96EDEFBCC31BB701142DA058034AF591A627B7B07550670689733A32C747991AE4555884796D29631B7865D06B13E90F7
                                                                                                  Malicious:false
                                                                                                  Preview:..........#.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z. G..|.&G..}.8G....@G....EG....MG....UG....]G....dG....kG....rG....sG....tG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....%H....7H....FH....UH....\H...._H....`H....iH....qH....xH....}H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../.)I..0.7I..1.oI..2.}I..3..I..4..I..5..I..6..I..7..J..>.;J..?.DJ..N.cJ..g.nJ..i.qJ..j.uJ..k.zJ..l..J...].J...].J...].J...]gK...]lK...].K...].K...].K...].K...].L...].L...].M...].M...].M...^!M...^*M...^=M...^mM...^.M...^.N...^.N...^2N...^@N...^_N...^dN...^sN...^.N...^.N...^.N...^.N...^.N..%^.N..&^.O..'^.O..)^VO..*^{O..+^.O..,^.O..-^.O...^.O../^.O..0^VP..1^.P..2^.Q..3^+Q..4^UQ..5^bQ..8^.Q..9^.R..:^.R..;^.R..<^.R..>^"S..?^.S..@^.S..A^.S..B^.T..C^*T..D^.U..E^.U..F^.V..G^5V..I^UV..K^YV..L^gV..M^sV..N^.V..O^.V..T^.V..U^.W..V^`W..W^rW..X^.W..Y^.W..Z^.W..[^>X..\^.X..]^.X..b^.Y..d^ Y..e^(Y..f^-Y..g^DY..h^[Y..i^qY..j^rY..k^.Y..l^.Y..o^.Y..p^.Y..q^.Y..r^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\fil.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):140356
                                                                                                  Entropy (8bit):5.190245344679947
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:9F3A970C8FED49AC50BDDBF09DD9A950
                                                                                                  SHA1:E8B986D42D4A79C513BF2DA3D3314FBF55A2A960
                                                                                                  SHA-256:7A4C4822516F47CDBABC4B9EF45B710B057A056BC29D3A4A270A22E963E257D3
                                                                                                  SHA-512:4533A05B38E45F8CEDFFDECEFB77ED9AF44ABA799F030A770B616EC7867FD0D7893DE67528A611D1002D18E3EE7F8799944804E008EC8217CBF59E03A19139B5
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..G..s..G..t..G..v.0G..w.=G..y.CG..z.RG..|.XG..}.jG....rG....wG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....!H....#H....'H....-H....7H....@H....WH....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H....2I....YI..*.gI..+.jI..,..I../..I..0..I..1..I..2..I..3..I..4..J..5.5J..6.nJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]0K...].K...].K...].K...].K...].L...]EL...]ZL...].M...].M...].M...].M...^.M...^.M...^.M...^&N...^.N...^.N...^.N...^.O...^.O...^)O...^3O...^MO...^fO...^zO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^EP..*^gP..+^wP..,^.P..-^.P...^.P../^.P..0^>Q..1^.Q..2^.R..3^5R..4^fR..5^~R..8^.R..9^,S..:^.S..;^.T..<^.T..>^JT..?^.T..@^YU..A^eU..B^yU..C^.U..D^.W..E^.W..F^vX..G^.X..I^.X..K^.X..L^.X..M^.Y..N^.Y..O^;Y..T^.Y..U^.Y..V^.Z..W^2Z..X^IZ..Y^yZ..Z^.Z..[^1[..\^.[..]^.[..b^X\..c^c\..d^k\..e^p\..f^t\..g^.\..h^.\..i^.\..j^.\..k^.\..l^.\..o^.\..p^ ]..q^?]

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\fr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):145490
                                                                                                  Entropy (8bit):5.383401113888468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:B7AD524464A61CFE4A5BE1D41C069D4B
                                                                                                  SHA1:9EB5C98999D5EA3B0BE56DDEC39BAF58BA5EB078
                                                                                                  SHA-256:5B9951426B8783B203B8ED44EBAB916CA8AF020B9E0A32F7249ED9021CCE1C3C
                                                                                                  SHA-512:9B6B3274A98097E79DA946B90DA8B0A50575D202A8D76A07868CE03BCAC69C1B848A9A28A55814683E44C8760E5D7A0F25CFF18C974349FB393B9BDAAAADA8E4
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.(G..|..G..}.@G....HG....MG....UG....]G....eG....lG....sG....zG....{G....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....7H....NH....fH....mH....pH....qH....yH.....H.....H.....H.....H.....H.....H.....H.....H.....I..*..I..+..I..,.9I../.PI..0.^I..1..I..2..I..3..I..4..I..5..I..6.BJ..7.SJ..>.kJ..?.vJ..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].K...]4L...]HL...]jM...]}M...].M...].M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^.O...^%O...^.O...^EO...^hO...^.O...^.O...^.O...^.O..%^.O..&^.P..'^ P..)^sP..*^.P..+^.P..-^.P...^.P../^.Q..0^.Q..1^2R..2^.R..3^.R..4^.S..5^.S..8^6S..9^.S..:^.T..;^.T..<^.T..>^.T..?^.U..@^?V..A^RV..B^oV..C^.V..D^SX..E^$Y..F^.Y..G^)Z..K^UZ..L^hZ..M^rZ..N^.Z..O^.Z..T^.[..U^2[..V^.[..W^.[..X^.[..Y^.\..Z^.\..[^.\..\^Z]..]^.]..b^H^..c^Q^..d^X^..e^\^..f^b^..g^{^..h^.^..i^.^..j^.^..k^.^..l^.^..o^.^..p^._..q^0_..r^s_..s^._

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\gu.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):265683
                                                                                                  Entropy (8bit):4.514931934952092
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:45943AE45049D9B7D76068D3721D6C8F
                                                                                                  SHA1:0BC3F9B24F0C8CA0078AC7780A21F623B8D7F9E6
                                                                                                  SHA-256:AA885CBBF8A13FB95405CC3DCA6677545FD51E303A65897D14ED019955C040DA
                                                                                                  SHA-512:7CD2BEC685CE103DCB0900BE832C472BCD1619F549FFC2864A2AE61B60B06565ACC95DC25222521E192362F8D3C4F8816BD1C3438AF7BAD826561247326CBA99
                                                                                                  Malicious:false
                                                                                                  Preview:..........2.j.hF..k.wF..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}..G...."G....'G..../G....7G....?G....FG....MG....TG....UG....VG.....G.....G.....H....BH....zH....|H.....H.....H.....H.....H.....I....+I....XI....|I.....I.....I.....I.....I.....I.....I.....I.....J....$J....0J....RJ.....J.....J..*..K..+..K..,.-K../.aK..0..K..1..K..2..L..3.$L..4.XL..5..L..6..L..7.%M..>..M..?..M..N..M..g..M..i..M..j..M..k..M..l..M...].M...]FN...].N...].O...].O...]&P...]iP...].P...]>Q...]dQ...]4T...]\T...]eT...]zT...^.T...^.T...^/U...^.U...^.V...^.V...^.W...^^W...^zW...^.W...^.W...^.W...^4X...^`X...^.Y...^0Y...^aY..%^pY..&^.Y..'^.Y..)^\Z..*^.Z..+^.Z..,^.Z..-^.[...^E[../^.[..0^.\..1^.]..2^.^..3^.^..4^%_..5^N_..8^._..9^.`..:^.b..;^.b..<^.b..>^ic..?^.d..@^.e..A^.e..B^.f..C^.f..D^&j..E^.k..F^.l..G^em..I^.m..K^.m..L^.m..M^.n..N^+n..O^.n..T^6o..U^.o..V^.p..W^.p..X^.p..Y^Vq..Z^?r..[^.s..\^.s..]^.t..b^Vu..c^ru..d^.u..e^.u..f^.u..g^.u..h^]v..i^.v..j^.v..k^.v..l^.v..o^Bw..p^.w..q^.w

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\he.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):167370
                                                                                                  Entropy (8bit):4.897123170448971
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:3716C23FA0D68B698F5FD41153757622
                                                                                                  SHA1:800CC99237FD8C2151C90E01D6C78978617C0F27
                                                                                                  SHA-256:45E428FE527BCC746039A9822DB7F5DF12FD651452209A8746182383C2C004EC
                                                                                                  SHA-512:D738DA7FBB6BDA597F2C381C533BA70B8E0A8417E943A17FC91AF455492B04E7607CDD89EB3CB6D2D70F0B87BF89BFBD6FD96DF18603F0FAE485FEE9C7FFFD70
                                                                                                  Malicious:false
                                                                                                  Preview:..........=.j.RF..k.aF..l.lF..n.tF..o.yF..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..G.....G.....G.....G....!G....)G....0G....7G....>G....?G....@G.....G.....G.....G.....G.....G.....G.....G.....H....,H....?H....VH....iH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....TI....{I..*..I..+..I..,..I../..I..0..I..1..J..2..J..3.*J..4.NJ..5.}J..6..J..7..J..>..J..?..K..N..K..g.&K..i.)K..j.-K..k.2K..l.:K...]?K...]tK...].K...]cL...]pL...].L...].L...].L...]GM...]cM...].O...].O...].O...].P...^$P...^0P...^[P...^.P...^[Q...^.Q...^.Q...^.Q...^.R...^:R...^BR...^QR...^uR...^.R...^.R...^.R...^.R..%^.S..&^$S..'^;S..)^.S..*^.S..+^.S..,^.S..-^.T...^-T../^iT..0^.T..1^.U..2^/V..3^GV..4^yV..5^.V..8^.V..9^`W..:^OX..;^lX..<^.X..>^.X..?^xY..@^fZ..A^xZ..B^.Z..C^.Z..D^T]..E^~^..F^._..G^.`..I^5`..K^?`..L^V`..M^c`..N^x`..O^.`..T^.a..U^Aa..V^.a..W^.a..X^.b..Y^Zb..Z^.b..[^%c..\^.c..]^.c..b^od..c^yd..d^.d..e^.d..f^.d..g^.d..h^.d..i^.d..j^.d..k^.e..l^.e..o^6e..p^pe..q^.e

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\hi.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):273942
                                                                                                  Entropy (8bit):4.493588587563909
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:0CE87D6655517DCB4D74E5130F235C89
                                                                                                  SHA1:0A61C0E385523BC55B3AB2435E7D1231548D3BD2
                                                                                                  SHA-256:79FC8A24C93E19ED052DDC0F158E516198A10DF7280265CCB769EE196A438CD7
                                                                                                  SHA-512:18ED9D0D354CD8DE96A54A6F793E6C59FF476F02106F7C3CA309175DFBDB00271AA3290BA9805F1B9484E7FAF2CC44E3AC93AA69B7D30C8E99EE31E29D7E4808
                                                                                                  Malicious:false
                                                                                                  Preview:..........A.j.JF..k.YF..l.dF..n.lF..o.qF..p.~F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....G.....G.....G.....G....!G....(G..../G....6G....7G....8G.....G.....G.....H....<H....mH....oH....sH.....H.....H.....H.....H.....I....FI....pI....wI....zI....|I.....I.....I.....I.....I.....J....*J....CJ....YJ.....J.....J..*..K..+..K..,.-K../.mK..0..K..1..L..2.#L..3.CL..4..L..5..L..6..M..7.YM..>..M..?..M..N..M..g..N..i..N..j..N..k. N..l..N...]3N...].N...]SO...].Q...].Q...].R...]FR...].R...]2S...]^S...].V...].V...].V...].V...^TW...^fW...^.W...^!X...^.Y...^8Z...^NZ...^.[...^:[...^.[...^.[...^.\...^c\...^.\...^:]...^^]...^z]..%^.]..&^.]..'^.]..)^.^..*^.^..+^._..,^G_..-^W_...^._../^.`..0^.a..1^.a..2^.b..3^.c..4^^c..5^.c..8^.c..9^.e..:^.f..;^.f..<^.g..>^.g..?^.h..@^.i..A^$j..B^Uj..C^.j..D^.m..E^.o..F^Ap..G^.p..I^.q..K^.q..L^;q..M^Mq..N^lq..O^.r..T^?s..U^.s..V^.t..W^.t..X^.t..Y^2u..Z^.v..[^.v..\^.w..]^Dx..b^xy..d^.y..e^.y..f^.y..g^.y..h^Bz..i^.z..j^.z..k^.z..l^.z..o^#{..p^.{..q^I|..r^.|

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\hr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133955
                                                                                                  Entropy (8bit):5.502579129345829
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:B8A77FDFDF62A844C90FE62DE0B6858A
                                                                                                  SHA1:B601AB105FCB328AF4B17B3E1DBEBF94ECDDAB33
                                                                                                  SHA-256:AD13BAB195D7619C58494D592CB11C22DDDCF3B2735804BE60F951F87DDD734B
                                                                                                  SHA-512:164122955B11EAF5E88BC61366C473B7A67C12B858BDAB407C189DC74ACA75C406075BFC0BD5877FA0B3857BA5DAD81C9795EB55D3DBE7EADA67B03D1BFAA442
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....%H....8H....NH....dH....kH....nH....oH....zH.....H.....H.....H.....H.....H.....H.....H.....H.....I..*..I..+..I..,.4I../.MI..0.SI..1..I..2..I..3..I..4..I..5..I..6.%J..7.>J..>.XJ..?.aJ..N.rJ..g.{J..i.~J..j..J..k..J..l..J...].J...].J...].J...]xK...].K...].K...].K...].K...].K...].L...].M...].M...].M...].M...^.M...^.M...^.N...^>N...^.N...^.N...^.O...^,O...^<O...^oO...^vO...^.O...^.O...^.O...^.O...^.O...^.O..%^.P..&^ P..'^1P..)^yP..*^.P..+^.P..,^.P..-^.P...^.P../^.Q..0^.Q..1^.Q..2^LR..3^`R..4^.R..5^.R..8^.R..9^%S..:^.S..;^.S..<^.T..>^BT..?^.T..@^zU..A^.U..B^.U..C^.U..D^.W..E^.X..F^yY..G^.Y..I^.Y..K^.Y..L^.Y..M^.Y..N^.Z..O^1Z..T^pZ..U^.Z..V^.Z..W^.[..X^-[..Y^U[..Z^.[..[^.\..\^Z\..]^.\..b^.]..d^.]..e^"]..f^(]..g^@]..h^U]..i^g]..j^h]..k^{]..l^~]..o^.]..p^.]..q^.^..r^H^

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\hu.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):144547
                                                                                                  Entropy (8bit):5.634145281802686
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:873CA729BBFEAB336795E1696289B191
                                                                                                  SHA1:BEF9CC201BCA2D433E2DC183C96425A542BC3F01
                                                                                                  SHA-256:D7C29C66D265129EDE1019C708BD0A358D6B820366509845834752EC2EF705DA
                                                                                                  SHA-512:2973C94779893C1F4D8725677355D71EDEA2599077EEFE7DAD6D4E4392AB036C0633440D2578A2D51947007ADF9DFE859F9B50E39CE7D7482992D5A3790CFDC4
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z..G..|.4G..}.FG....NG....SG....[G....cG....kG....rG....yG.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H...."H....)H....>H....SH....mH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I.....I....QI....sI..*.|I..+..I..,..I../..I..0..I..1..I..2..I..3..J..4.%J..5.GJ..6..J..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].K...]2K...]TK...].L...]"L...]TL...]vL...].L...].L...].L...].M...].N...].N...].N...^+N...^9N...^LN...^yN...^.O...^DO...^MO...^xO...^.O...^.O...^.O...^.O...^.O...^.O...^)P...^9P...^KP..%^RP..&^dP..'^tP..)^.P..*^.P..+^.P..,^.P..-^.Q...^ Q../^@Q..0^.Q..1^$R..2^.R..3^.R..4^.R..5^.R..8^.S..9^.S..:^sT..;^.T..<^.T..>^.T..?^dU..@^.U..A^.U..B^.U..C^.V..D^.W..E^.W..F^.X..G^XX..I^.X..K^.X..L^.X..M^.X..N^.X..O^.X..T^CY..U^lY..V^.Y..W^.Y..X^.Z..Y^UZ..Z^.Z..[^ [..\^.[..]^.[..b^o\..c^}\..d^.\..e^.\..f^.\..g^.\..h^.\..i^.\..j^.\..k^.\..l^.\..o^.]..p^P]..q^.]

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\id.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):121818
                                                                                                  Entropy (8bit):5.360373815575629
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:E61A4D062CD61972A534A5E86E49C34D
                                                                                                  SHA1:C19BE8F744B956753CE40D91A34F0DA02F699FFA
                                                                                                  SHA-256:D00C7EE5EDEB1BD1493C49CF2D124FFDF47405D21D8D43C1A41C8749CE5C86A3
                                                                                                  SHA-512:7DE4453B0793DDE96503E762D4E9A77835DDBB1D75D35F012D24E8453A90AC85F87B0A62D95AD68393901A8AC3FCB147CF2B7BD468DFFA62D959133528AF15F9
                                                                                                  Malicious:false
                                                                                                  Preview:..........$.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z..G..|.$G..}.6G....>G....CG....KG....SG....[G....bG....iG....pG....qG....rG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....4H....IH....PH....SH....TH....\H....dH....lH....qH....wH.....H.....H.....H.....H.....H..*..H..+..H..,..I../..I..0..I..1.II..2.[I..3.eI..4..I..5..I..6..I..7..I..>..I..?..I..N..J..g..J..i..J..j..J..k.!J..l.)J...].J...]VJ...]pJ...].K...].K...],K...];K...]jK...]yK...]hL...].L...].L...].L...^.L...^.L...^.L...^.L...^^M...^.M...^.M...^.M...^.M...^.M...^.M...^.N...^.N...^*N...^iN...^rN...^.N..%^.N..&^.N..'^.N..)^.N..*^.N..+^.O..,^.O..-^.O...^4O../^fO..0^.O..1^;P..2^.P..3^.P..4^.P..5^.P..8^.Q..9^.Q..:^SR..;^bR..<^tR..>^.R..?^.S..@^qS..A^.S..B^.S..C^.S..D^.T..E^.U..F^{U..G^.U..I^.U..K^.U..L^.U..M^.U..N^.V..O^.V..T^^V..U^.V..V^.V..W^.V..X^.W..Y^+W..Z^.W..[^.W..\^.X..]^=X..b^.X..c^.X..d^.X..e^.X..f^.X..g^.X..h^.Y..i^&Y..j^'Y..k^5Y..l^8Y..o^QY..p^uY..q^.Y..r^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\it.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):134374
                                                                                                  Entropy (8bit):5.276015939200961
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:A2E2D2B990CFFD395772D2F146084775
                                                                                                  SHA1:30EB2B67223104E72FD4CBD3448B01442928FC56
                                                                                                  SHA-256:27C74ECE0AA92E15D2F26628C4E132AF03A6DB5384E24504932C45912ABA7268
                                                                                                  SHA-512:8D874A43DC7FD2933CE4B81C8CB8D17C709E1947CCA8867614F726A34600F8B59689FB7DF50C7502FC21CC99785074723E4502622C677E5239D598CAC8962E00
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y.%G..z.4G..|.:G..}.LG....TG....YG....aG....iG....qG....xG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....CH....VH....nH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....+I..*.7I..+.:I..,.XI../.iI..0.nI..1..I..2..I..3..I..4..I..5..J..6.`J..7.pJ..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].K...].K...].L...]ZL...]gL...]NM...]tM...]|M...].M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^.O...^.O...^%O...^9O...^VO...^gO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^)P..*^SP..+^`P..,^qP..-^uP...^.P../^.P..0^.Q..1^.Q..2^.R..3^#R..4^NR..5^`R..8^zR..9^.S..:^.S..;^.S..<^.T..>^BT..?^.T..@^%U..A^0U..B^AU..C^rU..D^.V..E^.W..F^.W..G^.W..K^.X..L^"X..M^,X..N^9X..O^^X..T^.X..U^.X..V^@Y..W^fY..X^wY..Y^.Y..Z^.Z..[^pZ..\^.Z..]^.Z..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.[..i^.[..j^.[..k^.\..l^.\..o^0\..p^Q\..q^p\..r^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ja.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):159139
                                                                                                  Entropy (8bit):5.873398037642396
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:0553C4D65C38A5AFB98A0EE8F420A207
                                                                                                  SHA1:C6011AB07BC0B1E036BF564BE6F4D65C24E7D3E4
                                                                                                  SHA-256:C2BAD3C397CC41210E1D5D1D04A7185F9287C670E285D30C66235F5807B39FCF
                                                                                                  SHA-512:F3B9636A93BA77C1BD00D491710ADB221F570A30D1B5ADC50B8E263165B81A17C062ACA1CB656314140A512CD7E69F583DA781EE4C8929A1305E743361A3B030
                                                                                                  Malicious:false
                                                                                                  Preview:..........h.j..E..k..F..l..F..m..F..o.3F..p.@F..q.FF..v.UF..w.bF..y.hF..z.wF..|.}F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F....&G....?G....]G....~G.....G.....G.....G.....G.....G.....G.....G.....G...."H....KH....RH....UH....^H....gH....mH....vH.....H.....H.....H.....H.....H.....I..*. I..+.#I..,.EI../.aI..0.jI..1..I..2..I..3..I..4..I..5..J..6.oJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...];K...]bK...]:L...]@L...]pL...].L...].L...].L...]<N...]QN...]WN...]fN...^{N...^.N...^.N...^.N...^.O...^.O...^)P...^AP...^\P...^bP...^.P...^.P...^.P...^.Q...^.Q...^(Q..%^.Q..&^OQ..'^aQ..)^.Q..*^.Q..+^.R..,^%R..-^+R...^LR../^vR..0^.S..1^.S..2^.T..3^.T..4^VT..5^eT..8^zT..9^.U..:^.U..;^.U..<^.V..>^oV..?^.W..@^~W..A^.W..B^.W..C^.W..D^.X..E^sY..F^.Y..G^LZ..I^sZ..K^.Z..L^.Z..M^.Z..N^.Z..O^.Z..T^>[..U^n[..V^.[..W^.\..X^.\..Y^;\..Z^.\..[^.\..\^W]..]^.]..b^)^..d^/^..e^2^..f^5^..g^Y^..h^w^..i^.^..j^.^..k^.^..l^.^..o^.^..p^*_..q^Y_..r^._..s^._..t^._..v^._..x^.`

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\kn.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):299517
                                                                                                  Entropy (8bit):4.421440980554494
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:33BC5AC34A95379D58F9C42CB21A92E4
                                                                                                  SHA1:0F4EF0A9A40E9042F3B744B5B87FCF00C08FD7E1
                                                                                                  SHA-256:99C8C57A808C63088D3E7B83DCF7CF80FB2A648D678A7C9473F2B5CC0BEF8152
                                                                                                  SHA-512:62DB9B5781B6C218E39BF7D4E47614FAF2EDB496A51E0B4E802047D57639890F13A4B4F84B6326FBDF6218B8991A0456DC5BB1473436CC74AF4E54283BB3BF13
                                                                                                  Malicious:false
                                                                                                  Preview:........../.j.nF..k.}F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}. G....(G....-G....5G....=G....EG....LG....SG....ZG....[G....\G.....G....%H....\H.....H.....H.....H.....H.....I....-I....^I.....I.....I.....J....@J....GJ....JJ....LJ....dJ.....J.....J.....J.....J.....J.....K....%K.....K.....K..*..K..+..L..,. L../.QL..0.oL..1..M..2..M..3.4M..4..M..5..M..6.RN..7..N..>..N..?..N..N.1O..g.MO..i.PO..j.TO..k.YO..l.gO...]lO...].O...]=P...].Q...].Q...]5R...]xR...].R...]%S...]qS...]WV...].V...].V...].V...^.V...^.W...^hW...^.W...^2Y...^.Y...^.Y...^+Z...^JZ...^.Z...^.Z...^.Z...^.[...^D[...^!\...^J\...^u\..%^.\..&^.\..'^.\..)^.]..*^.]..+^.^..,^X^..-^p^...^.^../^?_..0^z`..1^~a..2^.b..3^.b..4^ c..5^Tc..8^.c..9^Ce..:^Tg..;^kg..<^.g..>^Sh..?^.i..@^.j..A^Wk..B^.k..C^.k..D^.o..E^kq..F^.r..G^.s..K^.s..L^.t..M^@t..N^qt..O^.t..T^.u..U^Av..V^fw..W^.w..X^.w..Y^bx..Z^_y..[^?z..\^#{..]^.{..b^.|..c^.}..d^$}..e^6}..f^B}..g^.}..h^.}..i^/~..j^0~..k^h~..l^k~..o^.~..p^....q^m...r^1.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ko.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):134295
                                                                                                  Entropy (8bit):6.191082491321746
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:7FF011AE4E5FFD05736F99888AE9A8CB
                                                                                                  SHA1:544BF65AB5FE462FAADCDA88E2E5DB0009169123
                                                                                                  SHA-256:5BA83651D941CB9F87B961F735D5BFB0E249878255129BE1D8E8D6BA5D903D76
                                                                                                  SHA-512:BAA72F1A5561FD67A047309255CA799A55365D6D755324313E86E26AE9F3A8209AF7AF24C1A9BA83FAA441CF49FB843D9AD1FAB4B76354B0800EDFD9A2AE21F7
                                                                                                  Malicious:false
                                                                                                  Preview:..........o.j..E..k..E..l..F..m..F..o..F..p..F..q..F..r.-F..s.>F..t.GF..y.\F..z.kF..|.qF..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....G.....G....'G....:G....JG....LG....PG....\G....cG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....XH....jH..*.wH..+.zH..,..H../..H..0..H..1..I..2.#I..3./I..4.NI..5.vI..6..I..7..I..>..I..?..I..N..I..g..J..i..J..j..J..k..J..l."J...]'J...]SJ...]}J...].K...].K...]CK...]TK...].K...].K...].L...].L...].L...].L...^.L...^.L...^.L...^.M...^.M...^.M...^.M...^.N...^.N...^/N...^5N...^BN...^ON...^_N...^.N...^.N...^.N..%^.N..&^.N..'^.O..)^NO..*^.O..+^.O..,^.O..-^.O...^.O../^.O..0^tP..1^.P..2^lQ..3^.Q..4^.Q..5^.Q..8^.Q..9^yR..:^tS..;^.S..<^.S..>^.S..?^PT..@^.T..A^.T..B^.T..C^.T..D^.V..E^.V..F^.W..G^aW..K^.W..L^.W..M^.W..N^.W..O^.W..T^<X..U^oX..V^.X..W^.X..X^.Y..Y^5Y..Z^.Y..[^.Y..\^3Z..]^XZ..d^.Z..e^.Z..f^.Z..g^.[..h^,[..i^F[..j^G[..k^Z[..l^][..o^q[..p^.[..q^.[..r^.\..s^.\..t^S\..v^\\..x^p\..y^v\..z^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\lt.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):146763
                                                                                                  Entropy (8bit):5.624470493823786
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:90847DC4F0387C80DD00BAD7B001A879
                                                                                                  SHA1:B7543FA3A3185201EACB2CBEB1F6EF667CCA10B1
                                                                                                  SHA-256:FB5BB8AA591D3D8D7557FB296317C30DB3C4D5C9F438FE0A43A94B974B9286A1
                                                                                                  SHA-512:19ED2F2B9D71F00A81EE93C776EE9B2D4D6283CB5ADB280A30EB8ADB9BE53A2D007D267DD8143FE7EB98AB909DBC88B16BC7E4167717D3F4EEC3B1C7DCEB8B1B
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....,H....?H....QH....iH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....-I..*.:I..+.=I..,.[I../..I..0..I..1..I..2..I..3..I..4..I..5.%J..6.tJ..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..K...].K...];K...]OK...].K...].K...]#L...]4L...]DL...].L...].L...].O...])O...]2O...]JO...^]O...^gO...^.O...^.O...^BP...^jP...^rP...^.P...^.P...^.P...^.P...^.P...^.Q...^.Q...^TQ...^^Q...^rQ..%^|Q..&^.Q..'^.Q..)^.Q..*^.R..+^2R..,^CR..-^JR...^gR../^.R..0^.S..1^.S..2^(T..3^BT..4^rT..5^.T..8^.T..9^5U..:^.U..;^.V..<^#V..>^LV..?^.V..@^.W..A^.W..B^.W..C^.X..D^HZ..E^.[..F^.\..G^.\..I^.]..K^!]..L^7]..M^@]..N^S]..O^.]..T^.]..U^.^..V^s^..W^.^..X^.^..Y^._..Z^u_..[^._..\^&`..]^f`..b^1a..d^<a..e^Ba..f^Ga..g^_a..h^sa..i^.a..j^.a..k^.a..l^.a..o^.a..p^.a..q^.b..r^Db

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\lv.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):145384
                                                                                                  Entropy (8bit):5.624257022055004
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:61EE8D708739FB4BB33F37BFFBA745AE
                                                                                                  SHA1:7173073DDDD29E4688B922297EEC471AE8B0FDF9
                                                                                                  SHA-256:F944E3DBBE9694EF7C111E1A0BF91F5B0229B7C3CA221F54C253276242C281F8
                                                                                                  SHA-512:25FDFC2EBBF7D408D9570DA3D55D9722C912B2995DE9E73449B8CDE8C0EBB3C25B38E70F66681CBF39D791F151194C85146D95EF59A7B43E7E64B0169B49E2A7
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..G..s..G..t..G..v.0G..w.=G..y.CG..z.RG..|.XG..}.jG....rG....wG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....#H....%H....)H....0H....;H....KH....^H....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....OI..*.\I..+._I..,.}I../..I..0..I..1..I..2..I..3..J..4..J..5.@J..6.{J..7..J..>..J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].K...]/K...].K...].K...].L...].L...]<L...]zL...].L...]eN...]{N...].N...].N...^.N...^.N...^.N...^.O...^.O...^.O...^.O...^.O...^.P...^&P...^/P...^DP...^_P...^.P...^.P...^.P...^.P..%^.P..&^.P..'^.Q..)^NQ..*^xQ..+^.Q..,^.Q..-^.Q...^.Q../^.Q..0^gR..1^.R..2^KS..3^kS..4^.S..5^.S..8^.S..9^QT..:^.U..;^/U..<^RU..>^.U..?^.U..@^.V..A^.V..B^.V..C^.W..D^.Y..E^.Z..F^.Z..G^.[..I^0[..K^6[..L^D[..M^O[..N^\[..O^.[..T^.[..U^.[..V^U\..W^r\..X^.\..Y^.\..Z^.]..[^`]..\^.]..]^.]..b^`^..c^l^..d^v^..e^~^..f^.^..g^.^..h^.^..i^.^..j^.^..k^.^..l^.^..o^._..p^L_..q^m_

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ml.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):315496
                                                                                                  Entropy (8bit):4.438433180200473
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:6183544A4F554D40A211C8E0376C95AA
                                                                                                  SHA1:A9E855BBD03CFEB96DAE4C52E6A577B9F0374184
                                                                                                  SHA-256:2B5C12D6628B1835D5658085C04F9DCF0D792DB603A034264E70D86F8D43E044
                                                                                                  SHA-512:7C517702F24C92B708DD4EE1D6D5A911213062CFA5AE05C12DA9B2CD4DEC06ED9B218CE88A75AE9A7C9177AF100169F61056B1ECCB9AB3F10811B6E6C99CC86E
                                                                                                  Malicious:false
                                                                                                  Preview:............j.pF..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}."G....*G..../G....7G....?G....GG....NG....UG....\G....]G....^G.....G.....H....IH.....H.....H.....H.....H.....I.....I....?I.....I.....I.....I....(J..../J....2J....4J....UJ....sJ.....J.....J.....J.....K....0K....NK....)L....TL..*..L..+..L..,..L../..L..0..L..1..M..2..M..3..M..4.+N..5..N..6.%O..7.mO..>..O..?..P..N.5P..g.WP..i.ZP..j.^P..k.cP..l.wP...]|P...].Q...]NQ...]9S...]WS...].S...].S...]%T...].T...].T...].V...]0W...]9W...]ZW...^.W...^.W...^.W...^|X...^.Z...^oZ...^.Z...^.[...^1[...^y[...^.[...^.[...^&\...^M\...^.\...^.]...^A]..%^e]..&^.]..'^.]..)^x^..*^.^..+^._..,^B_..-^i_...^._../^0`..0^ga..1^.b..2^.c..3^.d..4^.d..5^.d..8^.e..9^.f..:^.h..;^.h..<^%i..>^.i..?^.k..@^%l..A^ll..B^.l..C^.m..D^.o..E^.p..F^.q..G^.r..I^.r..K^.s..L^1s..M^Ls..N^.s..O^.s..T^.u..U^.u..V^.v..W^.v..X^7w..Y^.w..Z^.x..[^cy..\^Fz..]^.z..b^e|..d^.|..e^.|..f^.|..g^.|..h^F}..i^.}..j^.}..k^.}..l^.}..o^-~..p^.~..q^.~..r^..

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\mr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):260776
                                                                                                  Entropy (8bit):4.505268866905645
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:80B49D820F83133B9EFB9AC2CA102C83
                                                                                                  SHA1:6E2D370C74891BEF70768F051E4BA0483D6B5C1E
                                                                                                  SHA-256:DF72EACF4938F4912F5BAE563DBE7E81A758A7E8FFD49F14502F6D0B5DAB6F27
                                                                                                  SHA-512:AFD58A2ADA72E96423CA1F9E1869C8E1621C22E72A13B90FEC5FD2DBE662D2D9280E3277018D426196AD63CD74CE7406975BD134F577B6B3E5864DA7F0831936
                                                                                                  Malicious:false
                                                                                                  Preview:..........D.j.DF..k.SF..l.^F..n.fF..o.kF..p.xF..q.~F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....G.....G.....G.....G...."G....)G....0G....1G....2G.....G.....G.....G.....H...._H....aH....eH.....H.....H.....H.....H.....I.....I....RI....YI....\I....^I....qI.....I.....I.....I.....I.....I.....J.....J....pJ.....J..*..J..+..J..,..J../.*K..0.7K..1..K..2..K..3..K..4..L..5.TL..6..L..7..L..>.>M..?.QM..N..M..g..M..i..M..j..M..k..M..l..M...].M...].N...]yN...].O...].O...]7P...]dP...].P...].P...].R...].R...].R...].S...^@S...^XS...^.S...^.S...^.T...^QU...^`U...^.U...^.U...^.V...^.V...^FV...^.V...^.V...^2W...^IW...^kW..%^.W..&^.W..'^.W..)^.X..*^.Y..+^/Y..,^mY..-^.Y...^.Y../^3Z..0^;[..1^2\..2^,]..3^Z]..4^.]..5^.]..8^*^..9^._..:^Xa..;^oa..<^.a..>^-b..?^}c..@^od..A^.d..B^.d..C^@e..D^.g..E^.h..F^|i..G^.j..I^fj..K^|j..L^.j..M^.j..N^.j..O^6k..T^.k..U^Rl..V^Hm..W^.m..X^.m..Y^An..Z^-o..[^.o..\^.p..]^*q..b^ur..c^.r..d^.r..e^.r..f^.r..g^.s..h^[s..i^.s..j^.s..k^.s..l^.s..o^.t..p^Xt..q^.t..r^.u

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ms.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):125611
                                                                                                  Entropy (8bit):5.26463363101804
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:0CDA98188CCC97E932408BED970E2CE1
                                                                                                  SHA1:91595881665CC51FBC013EC0A1D212DEA9F70CB5
                                                                                                  SHA-256:18C1CD2F95F5C029F308C53774F49E4B718BC94B78FC3029F95457BCC58281D7
                                                                                                  SHA-512:4CF8A939ADF3B79537051016D52A0E2C3C10135DC2A652B68D5EA7BB338DAC422D3AD814DDA1902C393083DB55168E12822DD51151302D5770FE599C0B395AB4
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z..G..|.4G..}.FG....NG....SG....[G....cG....kG....rG....yG.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....1H....EH....WH....pH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.%I..+.(I..,.FI../.WI..0.aI..1..I..2..I..3..I..4..I..5..I..6..J..7.2J..>.NJ..?.VJ..N.kJ..g.tJ..i.wJ..j.{J..k..J..l..J...].J...].J...].J...]\K...]dK...].K...].K...].K...].K...].L...].L...].L...].L...^.L...^.L...^.M...^3M...^.M...^.M...^.M...^.M...^.N...^.N...^%N...^3N...^QN...^^N...^.N...^.N...^.N..%^.N..&^.N..'^.N..)^+O..*^FO..+^RO..,^ZO..-^aO...^zO../^.O..0^.P..1^lP..2^.P..3^.P..4^.Q..5^.Q..8^2Q..9^.Q..:^cR..;^rR..<^.R..>^.R..?^.S..@^tS..A^.S..B^.S..C^.S..D^.T..E^,U..F^.U..G^.U..I^.U..K^.U..L^.V..M^.V..N^.V..O^8V..T^.V..U^.V..V^.V..W^.W..X^.W..Y^KW..Z^.W..[^.W..\^DX..]^fX..b^.X..d^.Y..e^.Y..f^.Y..g^.Y..h^5Y..i^KY..j^LY..k^ZY..l^]Y..o^uY..p^.Y..q^.Y..r^.Z..s^%Z

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\nb.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):124135
                                                                                                  Entropy (8bit):5.430025230496119
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:00F1A382F8F5E0950CB9BA4A4F3FD478
                                                                                                  SHA1:BBA2DE6051BDD9B596F66312F2E2296C370E2D93
                                                                                                  SHA-256:E42E748F28E944F9A3A7FAD19E686B856BC60B3E0128DE94E6CD7619A7D24071
                                                                                                  SHA-512:2D8F502F51FCF066BF8C420CA2C86FE4EC6274AB0DA5A5266293225910C9A0DFB6D5C529A9FD0DA6FF4952BAC385FCE2885757DE81A4DB2D7F5C10CDDD539C0E
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.(G..|..G..}.@G....HG....MG....UG....]G....eG....lG....sG....zG....{G....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....>H....EH....HH....IH....PH....XH....cH....gH....nH....yH.....H.....H.....H.....H..*..H..+..H..,..H../..I..0..I..1.6I..2.BI..3.SI..4.mI..5..I..6..I..7..I..>..I..?..I..N..I..g..J..i..J..j..J..k..J..l..J...]!J...]LJ...]pJ...].K...].K...]=K...]MK...]\K...].K...].K...]@L...]RL...]YL...]bL...^xL...^.L...^.L...^.L...^nM...^.M...^.M...^.M...^.M...^.M...^.M...^.N...^.N...^%N...^`N...^hN...^{N..%^.N..&^.N..'^.N..)^.N..*^.O..+^.O..,^)O..-^/O...^DO../^jO..0^.O..1^NP..2^.P..3^.P..4^.P..5^.P..8^.Q..9^oQ..:^.R..;^.R..<^)R..>^UR..?^.R..@^.S..A^/S..B^<S..C^XS..D^FT..E^.T..F^*U..G^oU..I^.U..K^.U..L^.U..M^.U..N^.U..O^.U..T^.V..U^EV..V^.V..W^.V..X^.V..Y^)W..Z^.W..[^.W..\^.X..]^FX..b^.X..d^.X..e^.X..f^.X..g^.Y..h^(Y..i^9Y..j^:Y..k^IY..l^LY..o^eY..p^.Y..q^.Y..r^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\nl.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128369
                                                                                                  Entropy (8bit):5.355883393524085
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:2D4BBBF2E9459992252D62AB1A152D30
                                                                                                  SHA1:78E696C8B30F2B4A113B72A92C0A011AA7D777BE
                                                                                                  SHA-256:4D450B5659EA7BB907728E2B8F48D77A43DC18024E2A15E749F5A760D4144571
                                                                                                  SHA-512:3325DBCF891A55E06D2D106046D0E0589DAE5E437B4437B929672150735B38DCF39AFCCF0FADB2C43DD1484F3726ECF9B0EE1641BDE7BB31A84B88790E9CAD55
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.#G..y.)G..z.8G..|.>G..}.PG....XG....]G....eG....mG....uG....|G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....)H....=H....PH....kH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.#I..+.&I..,.DI../.UI..0._I..1..I..2..I..3..I..4..I..5..I..6..J..7.7J..>.TJ..?.aJ..N.pJ..g.}J..i..J..j..J..k..J..l..J...].J...].J...].J...]eK...]mK...].K...].K...].K...].K...].K...].L...].L...].L...].L...^.M...^.M...^:M...^[M...^.M...^"N...^*N...^UN...^^N...^xN...^.N...^.N...^.N...^.N...^.N...^.N...^.N..%^.O..&^.O..'^.O..)^ZO..*^xO..+^.O..,^.O..-^.O...^.O../^.O..0^HP..1^.P..2^.Q..3^"Q..4^OQ..5^^Q..8^rQ..9^.Q..:^.R..;^.R..<^.R..>^.R..?^`S..@^.S..A^.S..B^.S..C^.S..D^.U..E^.U..F^.V..G^KV..I^nV..K^wV..L^.V..M^.V..N^.V..O^.V..T^.W..U^:W..V^.W..W^.W..X^.W..Y^.X..Z^lX..[^.X..\^.X..]^(Y..b^.Y..c^.Y..d^.Y..e^.Y..f^.Y..g^.Y..h^.Z..i^.Z..j^.Z..k^&Z..l^)Z..o^GZ..p^qZ..q^.Z

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\pl.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):139797
                                                                                                  Entropy (8bit):5.7397990834880295
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:999ED3F4123A1479D43AB2DC9028EDE9
                                                                                                  SHA1:346A3C515D01929A4FE3B33C42A3AAD5FE731843
                                                                                                  SHA-256:4174B220824334D04BAD161309D342A647433FAE7C353432E34EAF49EC8787CB
                                                                                                  SHA-512:ABFB66F0826E88AD2E1C5850C14AD03A9DAF96239E1B675C7442659B9851F202F73B4BA98FF494719683E5C4EEA5CE8756533AF609218E83A47D61730F28E9A6
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.)G..y./G..z.>G..|.DG..}.VG....^G....cG....kG....sG....{G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H.....H....3H....AH....PH....fH....}H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....'I..*.2I..+.5I..,.SI../.|I..0..I..1..I..2..I..3..I..4..I..5..J..6.CJ..7.\J..>.uJ..?.~J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].K...].L...]=L...].M...].M...].M...].M...^.N...^.N...^0N...^eN...^.N...^.O...^.O...^FO...^UO...^{O...^.O...^.O...^.O...^.O...^.O...^.P..%^.P..&^ P..'^-P..)^yP..*^.P..+^.P..,^.P..-^.P...^.P../^.Q..0^.Q..1^.Q..2^bR..3^.R..4^.R..5^.R..8^.R..9^VS..:^.T..;^.T..<^(T..>^`T..?^.T..@^.U..A^.U..B^.U..C^.U..D^.W..E^.X..F^?Y..G^xY..I^.Y..K^.Y..L^.Y..M^.Y..N^.Y..O^.Y..T^3Z..U^WZ..V^.Z..W^.Z..X^.Z..Y^.[..Z^e[..[^.[..\^.[..]^"\..b^.\..c^.\..d^.\..e^.\..f^.\..g^.\..h^.\..i^.]..j^.]..k^%]..l^(]..o^=]..p^e]..q^.]..r^.]

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\pt-BR.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133496
                                                                                                  Entropy (8bit):5.415308981100393
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:31556D02BA0EE812EBDA678E3B70B1F7
                                                                                                  SHA1:A2468245936DCE8B2944A66C7562EF4745F64FF7
                                                                                                  SHA-256:9D93FDB7F9D0D7833EBEF8EA7016F952301075E714A4918C6A3D5338FEC08FFE
                                                                                                  SHA-512:3B6EF3AD2D0115E9694A879E127ECF067D8DF03F0875EBED4427BC674C0C9CC0DEB591FEDA9DF120062C3A59D65FE952727B2A59F352A096887449A0745C8FE5
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.%G..y.+G..z.:G..|.@G..}.RG....ZG...._G....gG....oG....wG....~G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....&H....0H....BH....SH....iH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I.....I..*.)I..+.,I..,.JI../.[I..0.dI..1..I..2..I..3..I..4..I..5..I..6.$J..7.8J..>.PJ..?.[J..N.pJ..g.|J..i..J..j..J..k..J..l..J...].J...].J...].J...]gK...]oK...].K...].K...].K...].K...].K...]UM...]mM...]uM...]{M...^.M...^.M...^.M...^.M...^LN...^rN...^yN...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^9O...^=O...^SO..%^YO..&^hO..'^vO..)^.O..*^.O..+^.O..,^.O..-^.P...^'P../^VP..0^.P..1^4Q..2^.Q..3^.Q..4^.Q..5^.Q..8^.R..9^.R..:^.S..;^.S..<^.S..>^.S..?^ST..@^.T..A^.T..B^.T..C^.U..D^.V..E^]W..F^.X..G^ZX..I^.X..K^.X..L^.X..M^.X..N^.X..O^.X..T^.Y..U^CY..V^.Y..W^.Y..X^.Y..Y^.Y..Z^`Z..[^.Z..\^.[..]^<[..b^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^&\..j^'\..k^8\..l^;\..o^]\..p^.\..q^.\..r^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\pt-PT.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):133827
                                                                                                  Entropy (8bit):5.406788102503695
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:B7456478AB25DA7A037689ECF9FC39B1
                                                                                                  SHA1:6CACB9E84AF6ADB490B92CAA6A24DEF7114266AD
                                                                                                  SHA-256:F07D58C568707C6DE882A19E260C9F97751BF750237FC0BF3556BA95995F5442
                                                                                                  SHA-512:9F71AC8F21C64E4B8C93ECDA70C47CC697395E0E67D8B4A8AB4D2C1F95F4D5644AEC87DF2E058526534BD4D65130D600443D3BAAF6AD32BCCE5BB994C506159B
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v..G..w.+G..y.1G..z.@G..|.FG..}.XG....`G....eG....mG....uG....}G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H...."H....,H....@H....TH....kH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....'I..*./I..+.2I..,.PI../.gI..0.rI..1..I..2..I..3..I..4..I..5..J..6.MJ..7.aJ..>.wJ..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].K...].K...].K...](L...]8L...]EM...]]M...]gM...]mM...^}M...^.M...^.M...^.M...^iN...^.N...^.N...^.N...^.N...^.N...^.N...^.N...^.O...^,O...^cO...^qO...^.O..%^.O..&^.O..'^.O..)^.P..*^+P..+^;P..,^IP..-^SP...^vP../^.P..0^.Q..1^.Q..2^.R..3^.R..4^IR..5^WR..8^sR..9^.S..:^.S..;^.T..<^!T..>^bT..?^.T..@^DU..A^`U..B^xU..C^.U..D^.V..E^5W..F^.W..G^.W..I^%X..K^-X..L^9X..M^BX..N^QX..O^.X..T^.X..U^.Y..V^tY..W^.Y..X^.Y..Y^.Y..Z^OZ..[^.Z..\^.Z..]^)[..b^.[..c^.[..d^.[..e^.[..f^.[..g^.[..h^.\..i^.\..j^.\..k^'\..l^*\..o^@\..p^p\..q^.\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ro.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):136702
                                                                                                  Entropy (8bit):5.445627159958296
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:B665411D1B5570903F8E4C2501F977D5
                                                                                                  SHA1:CB8D98CF3E053C278F8B93D734FD2B1A42B6F322
                                                                                                  SHA-256:8DA674ABE460D1E2824A13338D29344BAE2F092FD94082D71EE91389F8822D69
                                                                                                  SHA-512:BDCB8E626DB816C1DB5C60489064D4BA4720381889A36E3D80D00E9988332EC6529107D9B3EF062B9BCC2AFDFE75EC55C8F08BA06D908B07D772D2547C7B4CF1
                                                                                                  Malicious:false
                                                                                                  Preview:..........).j.zF..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..G..z..G..|..G..}.,G....4G....9G....AG....IG....QG....XG...._G....fG....gG....hG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....,H....GH....eH....lH....oH....pH....|H.....H.....H.....H.....H.....H.....H.....H.....H.....I..*.$I..+.'I..,.EI../._I..0.pI..1..I..2..I..3..I..4..I..5..I..6.5J..7.JJ..>.aJ..?.iJ..N.xJ..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...]mK...]tK...].K...].K...].K...].L...]"L...]eM...]zM...].M...].M...^.M...^.M...^.M...^.M...^.N...^.N...^.N...^.N...^.N...^%O...^.O...^@O...^SO...^dO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^ P..*^AP..+^UP..,^kP..-^sP...^.P../^.P..0^/Q..1^.Q..2^.Q..3^.R..4^<R..5^LR..8^cR..9^.R..:^.S..;^.S..<^.S..>^.S..?^[T..@^.T..A^.T..B^.U..C^'U..D^.V..E^CW..F^.W..G^.X..K^6X..L^DX..M^LX..N^[X..O^.X..T^.X..U^.X..V^aY..W^|Y..X^.Y..Y^.Y..Z^.Z..[^\Z..\^.Z..]^.Z..b^`[..d^k[..e^p[..f^r[..g^.[..h^.[..i^.[..j^.[..k^.[..l^.[..o^.[..p^.\..q^(\..r^a\..s^y\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ru.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):213507
                                                                                                  Entropy (8bit):5.024482756621217
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:848ED63D29215F8B7D002F8D731DB13C
                                                                                                  SHA1:1A33D0ABFC5F4237E63440AB04A698AC4F230EC6
                                                                                                  SHA-256:CF4D6FA2C4A8F828FB11D464F504DDBBFF5ABAB9CC78CBA326BB8EAFCFCDF812
                                                                                                  SHA-512:2A1F75D2AAC4075DD43F816FA0B5D7949B1591E53BC711A69DD5540A3A6AD502648F7C6681DB7632B869553FF24EA43AB7CB4CE4B646C022FB88F0ACE97A3C7F
                                                                                                  Malicious:false
                                                                                                  Preview:..........J.j.8F..k.GF..l.RF..n.ZF..o._F..p.lF..q.rF..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....G.....G.....G.....G....$G....%G....&G....~G.....G.....G.....G.....G.....G.....G.....H...."H....4H....SH....vH.....H.....H.....H.....H.....H.....H.....H.....H.....I.... I....8I....BI....NI.....I.....I..*..I..+..I..,..J../.%J..0.6J..1..J..2..J..3..J..4..J..5.'K..6..K..7..K..>..K..?..K..N..L..g.'L..i.*L..j..L..k.7L..l.CL...]HL...].L...].L...].M...].M...].N...]:N...]^N...].N...].N...].R...].R...].S...].S...^-S...^?S...^iS...^.S...^.T...^.T...^.T...^.U...^OU...^.U...^.U...^.U...^.U...^.U...^\V...^yV...^.V..%^.V..&^.V..'^.V..)^OW..*^.W..+^.W..-^.W...^.W../^%X..0^.Y..1^.Y..2^.Z..3^.Z..4^.Z..5^.Z..8^D[..9^0\..:^p]..;^.]..<^.]..>^.]..?^.^..@^"`..A^/`..B^I`..C^.`..D^.d..E^.e..F^]g..G^.g..K^.g..L^.h..M^0h..N^Ih..O^.h..T^.i..U^Ui..V^.i..W^%j..X^Sj..Y^.j..Z^*k..[^.k..\^$l..]^ll..b^Am..d^Wm..e^am..f^gm..g^.m..h^.m..i^.m..j^.m..k^.n..l^!n..o^]n..p^.n..q^.n..r^,o..s^Ro..t^~o

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\sk.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):141995
                                                                                                  Entropy (8bit):5.773757591863307
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:0B9599388DEC973FFEC68A5738A848F4
                                                                                                  SHA1:0A0AAF4F9618CF867A1BF1E5BC6B8B21B46C4870
                                                                                                  SHA-256:E7038A23BE62E4A476960B935A6C528AAEFB781B28FDB7E24B3D830B5C02F10E
                                                                                                  SHA-512:5EE7AEAAF1BE25DDC86694A16CA595872F2A9DCF1E48D0189D3A1EEF425629ABDC814FF32A8B288B468AB4F263953618C4363D033EF7AEC2BAE0072129DD1F9A
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v. G..w.-G..y.3G..z.BG..|.HG..}.ZG....bG....gG....oG....wG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H.....H....$H....8H....FH....WH....gH....zH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....'I..*.1I..+.4I..,.RI../.cI..0.mI..1..I..2..I..3..I..4..I..5..I..6.6J..7.KJ..>.bJ..?.lJ..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].L...]EL...]UL...].N...].N...].N...]%N...^=N...^GN...^iN...^.N...^&O...^RO...^WO...^.O...^.O...^.O...^.O...^.O...^.O...^.P...^BP...^OP...^bP..%^jP..&^yP..'^.P..)^.P..*^.P..+^.Q..,^.Q..-^ Q...^7Q../^fQ..0^.Q..1^LR..2^.R..3^.R..4^.R..5^.S..8^%S..9^.S..:^pT..;^.T..<^.T..>^.T..?^OU..@^.U..A^.V..B^$V..C^EV..D^.X..E^.Y..F^.Y..G^>Z..I^_Z..K^gZ..L^vZ..M^.Z..N^.Z..O^.Z..T^"[..U^J[..V^.[..W^.[..X^.[..Y^.\..Z^h\..[^.\..\^.\..]^%]..b^.]..c^.]..d^.]..e^.]..f^.]..g^.]..h^.]..i^.^..j^.^..k^,^..l^/^..o^K^..p^.^..q^.^..r^.^

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\sl.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):135567
                                                                                                  Entropy (8bit):5.468430155460571
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:3BF6C4AA2129B4B535637AA6727FB1E9
                                                                                                  SHA1:569BCFAB7176BB9833A02B5853BBBEB3165538CC
                                                                                                  SHA-256:CBFF2DBB38D4D95FE7C811E0ABDB0B92AAD621E5C2C1EEDA3C394DCE5CF1D34F
                                                                                                  SHA-512:779CED23ADC89AF08F43531056B7195D253B7EA021439F73F0C9F9B49969153A2044E90ACC0BDA3C14D3B3E68F772F5CF8611F954B5B9CB0370D252A484CA36E
                                                                                                  Malicious:false
                                                                                                  Preview:..........!.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z.$G..|.*G..}.<G....DG....IG....QG....YG....aG....hG....oG....vG....wG....xG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....-H....BH....YH....`H....cH....dH....oH....wH....}H.....H.....H.....H.....H.....H.....H.....H..*..H..+..H..,..I../.?I..0.II..1.zI..2..I..3..I..4..I..5..I..6..J..7..J..>.4J..?.>J..N.LJ..g.XJ..i.[J..j._J..k.fJ..l.nJ...]sJ...].J...].J...]cK...]iK...].K...].K...].K...].K...].K...].M...].M...].M...].N...^2N...^<N...^bN...^.N...^'O...^UO...^\O...^.O...^.O...^.O...^.O...^.O...^.O...^&P...^/P...^KP..%^QP..&^jP..'^xP..)^.P..*^.P..+^.P..,^.Q..-^.Q...^/Q../^SQ..0^.Q..1^/R..2^.R..3^.R..4^.R..5^.R..8^.R..9^gS..:^.T..;^.T..<^)T..>^\T..?^.T..@^.U..A^.U..B^.U..C^.U..D^.X..E^.Y..F^.Z..G^.Z..I^.Z..K^.Z..L^.[..M^.[..N^#[..O^C[..T^.[..U^.[..V^.\..W^.\..X^'\..Y^a\..Z^.\..[^.\..\^A]..]^a]..b^.]..c^.]..d^.]..e^.]..f^.]..g^.^..h^&^..i^8^..j^9^..k^K^..l^N^..o^n^..p^.^..q^.^..r^._

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\sr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):202805
                                                                                                  Entropy (8bit):4.966841321768272
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:9F9570670D844A1B14B256A7584665E8
                                                                                                  SHA1:5B5CF46415662CC1CE4D93B876F4C45389AEDFC2
                                                                                                  SHA-256:ABCEE52DEB7382D84DE334C3228711A62A7D21D9A2CE506385805EEA0ED716F4
                                                                                                  SHA-512:D38FCA2D639E32F5EF90DFAAC04AEF0CCFBCC409619ACEC6535B5401502B7141F6EB24F574DB97A7ABC550B8E35E93CBC62A4A0F7494C56537FB670F19E02F8E
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..G..t..G..v.$G..w.1G..y.7G..z.FG..|.LG..}.^G....fG....kG....sG....{G.....G.....G.....G.....G.....G.....G.....G.....H....6H....[H.....H.....H.....H.....H.....H.....H.....H.....I....8I....VI....]I....`I....aI....kI....wI.....I.....I.....I.....I.....I.....I....1J....dJ..*.yJ..+.|J..,..J../..J..0..J..1.*K..2.AK..3.ZK..4..K..5..K..6.3L..7.[L..>..L..?..L..N..L..g..L..i..L..j..L..k..L..l..L...].L...]>M...].M...].N...].N...].N...].N...].O...]wO...].O...]7R...]sR...].R...].R...^.R...^.R...^.R...^MS...^PT...^.T...^.T...^.T...^.U...^oU...^.U...^.U...^.U...^.U...^QV...^aV...^.V..%^.V..&^.V..'^.V..)^_W..*^.W..+^.W..,^.W..-^.X...^7X../^{X..0^9Y..1^.Y..2^}Z..3^.Z..4^.Z..5^.Z..8^.[..9^.[..:^.\..;^.\..<^.]..>^v]..?^L^..@^]_..A^s_..B^._..C^._..D^.b..E^,d..F^.e..G^.f..I^<f..K^Hf..L^ef..M^uf..N^.f..O^.f..T^4g..U^.g..V^&h..W^Oh..X^th..Y^.h..Z^Li..[^.i..\^Jj..]^xj..b^Mk..c^[k..d^mk..e^wk..f^.k..g^.k..h^.k..i^.k..j^.k..k^.l..l^.l..o^Il..p^.l..q^.l

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\sv.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):124359
                                                                                                  Entropy (8bit):5.508086107251322
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:C0EB9DC359EAD97302591D09A4D80C81
                                                                                                  SHA1:5569C326861E80DD05AA49A74D77815364915AF1
                                                                                                  SHA-256:B34E855F518A2041E4BBD7B5C269E35E7DFAA431FDD876FC0AAC38B887E65AFF
                                                                                                  SHA-512:B488831AA6219A246D0CDC370DC7B95FC07754702447964737EB53B9D5F64092E8873032BC40E8AF9270388BB1B655B4F06D6DE304B85B32FDD297959534D06D
                                                                                                  Malicious:false
                                                                                                  Preview:..........#.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z. G..|.&G..}.8G....@G....EG....MG....UG....]G....dG....kG....rG....sG....tG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....1H....BH....IH....LH....MH....UH....]H....hH....nH....vH.....H.....H.....H.....H.....H..*..H..+..H..,..H../..I..0..I..1.HI..2.RI..3.]I..4..I..5..I..6..I..7..I..>..I..?..I..N..J..g..J..i..J..j..J..k.$J..l.)J...].J...]]J...].J...].K...].K...]@K...]PK...]bK...].K...].K...]uL...].L...].L...].L...^.L...^.L...^.L...^"M...^.M...^.M...^.M...^.M...^.M...^.N...^.N...^#N...^;N...^IN...^.N...^.N...^.N..%^.N..&^.N..'^.N..)^.O..*^0O..+^BO..,^NO..-^SO...^qO../^.O..0^.P..1^eP..2^.P..3^.P..4^.Q..5^)Q..8^CQ..9^.Q..:^lR..;^~R..<^.R..>^.R..?^2S..@^.S..A^.S..B^.S..C^.S..D^.T..E^&U..F^.U..G^.U..I^.V..K^.V..L^.V..M^$V..N^0V..O^WV..T^.V..U^.V..V^%W..W^;W..X^KW..Y^qW..Z^.W..[^.X..\^RX..]^yX..b^.X..c^.X..d^.Y..e^.Y..f^.Y..g^'Y..h^=Y..i^XY..j^YY..k^iY..l^lY..o^.Y..p^.Y..q^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\sw.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128671
                                                                                                  Entropy (8bit):5.3456626209237825
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:9CD6230B42F2F99D9580F7EF84508F9C
                                                                                                  SHA1:4F9D82E3C39F2B0D3B0CC32733254AAF38E811B2
                                                                                                  SHA-256:FE18B3E9E275D7330706DD19F4AF603A8AD899138374BFCBA8E2C6764F94C190
                                                                                                  SHA-512:46A07A61EE7A70B4D261C16D2FEF6F0E8A35CAF371E33E05CA1DC3BDC7F3D304C1DBDB34DDBA7B6BC573A6A58E170D9250CB1B6A4AD8AE6E255704416C022607
                                                                                                  Malicious:false
                                                                                                  Preview:..........".j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z."G..|.(G..}.:G....BG....GG....OG....WG...._G....fG....mG....tG....uG....vG.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H....(H....;H....OH....eH....lH....oH....pH....wH....|H.....H.....H.....H.....H.....H.....H.....H.....H..*..I..+..I..,.+I../.KI..0.NI..1..I..2..I..3..I..4..I..5..I..6..J..7.,J..>.HJ..?.QJ..N.lJ..g.xJ..i.{J..j..J..k..J..l..J...].J...].J...].J...].K...].K...].K...].K...].L...]*L...]LM...]_M...]cM...]qM...^.M...^.M...^.M...^.M...^aN...^.N...^.N...^.N...^.N...^.O...^.O...^#O...^FO...^UO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^-P..*^_P..+^pP..,^|P..-^.P...^.P../^.P..0^2Q..1^.Q..2^$R..3^;R..4^kR..5^zR..8^.R..9^5S..:^.S..;^.T..<^.T..>^QT..?^.T..@^$U..A^5U..B^HU..C^lU..D^zV..E^.W..F^gW..G^.W..I^.W..K^.W..L^.W..M^.W..N^.W..O^.X..T^cX..U^.X..V^.X..W^.Y..X^.Y..Y^IY..Z^.Y..[^.Y..\^>Z..]^aZ..b^.Z..d^.Z..e^.Z..f^.[..g^.[..h^/[..i^B[..j^C[..k^\[..l^_[..o^|[..p^.[..q^.[..r^.\..s^&\

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\ta.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):313562
                                                                                                  Entropy (8bit):4.239267478834166
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:AFBB6F8A11ECB993E73A530E2682848C
                                                                                                  SHA1:950D0FA6CD4338084B5FFA72EB49F79B07830466
                                                                                                  SHA-256:3D16A99568173AD5760BF195B047C8850E39EC8D308A94F6C81CF7BA733F6F5F
                                                                                                  SHA-512:74EE545CDCE2E263BC33279325E0C72336575B36DE7DFE145897964CDE7EB57429CDFF082EC5A06E7F46F75E9BC6D5C4CC3DCA395745E990092CDAC27E56F129
                                                                                                  Malicious:false
                                                                                                  Preview:..........<.j.TF..k.cF..l.nF..n.vF..o.{F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..F..|..F..}..G.....G.....G.....G....#G....+G....2G....9G....@G....AG....BG.....G.....H....8H....xH.....H.....H.....H.....H.....I....;I....{I.....I.....I....'J.....J....1J....2J....PJ....nJ.....J.....J.....J.....J.....J.... K.....K.....K..*..L..+..L..,.5L../.lL..0..L..1..M..2.JM..3.rM..4..M..5.QN..6..N..7.+O..>..O..?..O..N..O..g..O..i..O..j..O..k..O..l..P...].P...].P...].P...].R...].R...].R...]7S...].S...]ZT...].T...]9W...]mW...].W...].W...^.W...^.W...^SX...^.X...^.Z...^.Z...^.Z...^.Z...^.[...^c[...^u[...^.[...^.[...^.\...^.\...^.\...^.\..%^.\..&^1]..'^V]..)^$^..*^y^..+^.^..,^.^..-^._...^k_../^._..0^.a..1^.b..2^.c..3^.d..4^.d..5^.d..8^1e..9^.f..:^.h..;^.h..<^#i..>^.i..?^'k..@^)l..A^.l..B^.l..C^Lm..D^.o..E^.q..F^!r..G^!s..I^ws..K^.s..L^.s..M^.s..N^.t..O^qt..T^Eu..U^.u..V^.v..W^.v..X^Rw..Y^.w..Z^.y..[^.y..\^.z..]^,{..b^.|..c^.|..d^.}..e^.}..f^)}..g^i}..h^.}..i^.}..j^.}..k^.~..l^.~..o^.~..p^.~..q^<.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\te.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):292506
                                                                                                  Entropy (8bit):4.456018055206471
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:5F441DE15CED6697594E8BC066297348
                                                                                                  SHA1:33C64379EC7297404E8AA4A4BA5A7155CD69DC90
                                                                                                  SHA-256:4AB6FBF03177BD7AD0908318D5AFFD0CAD142EC5E9ED560043E6B76E590BA995
                                                                                                  SHA-512:DAC2982DD5E9337FC3443A87D5DCBBFF46F0FEFDF9E163624BBA1ACD1528F543C84E2A088A83A749543E7B764607C16F1AB1C6C4F9504EFF48180A30681570F3
                                                                                                  Malicious:false
                                                                                                  Preview:..........".j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..G..w..G..y..G..z."G..|.(G..}.:G....BG....GG....OG....WG...._G....fG....mG....tG....uG....vG.....G....-H....aH.....H.....H.....H.....H.....I....<I....mI.....I.....I.....I.....J....!J....$J....&J....MJ....tJ.....J.....J.....J.....J.....K.....K.....K.....K..*. L..+.#L..,.AL../.xL..0..L..1.-M..2.PM..3.yM..4..M..5..N..6..N..7..N..>.#O..?.6O..N.sO..g..O..i..O..j..O..k..O..l..O...].O...]0P...].P...]=R...]XR...].R...].R...]/S...].S...].T...].U...].V...].V...](V...^oV...^.V...^.V...^KW...^.X...^.Y...^$Y...^.Y...^.Y...^6Z...^TZ...^.Z...^.Z...^.[...^.[...^.[...^!\..%^@\..&^|\..'^.\..)^s]..*^.]..+^.^..,^G^..-^e^...^.^../^._..0^.`..1^:a..2^cb..3^.b..4^.b..5^.c..8^mc..9^$e..:^%g..;^<g..<^.g..>^.h..?^fi..@^@j..A^|j..B^.j..C^.k..D^Qm..E^<n..F^.o..G^.o..I^Hp..K^jp..L^.p..M^.p..N^.p..O^Pq..T^'r..U^.r..V^.s..W^.s..X^?t..Y^.t..Z^.u..[^Gv..\^.w..]^gw..b^.x..c^.x..d^.x..e^.x..f^.x..g^Ly..h^.y..i^.y..j^.y..k^)z..l^,z..o^.z..p^.z..q^-{

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\th.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):246816
                                                                                                  Entropy (8bit):4.526207320870026
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:F0A3CE8609D1CEA58D4D0DFC47D433F9
                                                                                                  SHA1:9F0497E31AC881960C2B9CE3F75FAC98D6EE300B
                                                                                                  SHA-256:31F31B2985C2AB430D373DD3D79821DB0674EDEE163B4AE74DC362051CCC1491
                                                                                                  SHA-512:0A722FE6373F0F64A844A8BD79CFF66707E158A908292DB8F5EE883E4732FC55864B06554988836A07039BEFC4020CB837883851DA0455F070BCB63DF390D919
                                                                                                  Malicious:false
                                                                                                  Preview:..........b.j..F..k..F..l..F..o.%F..p.2F..q.8F..r.GF..s.XF..t.aF..v.vF..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F....GG....kG.....G.....G.....H....0H....4H....FH....^H.....H.....H.....H.....H.....I.....I.....I....5I....VI....hI....qI.....I.....I.....I.....I....BJ....wJ..*..J..+..J..,..J../..J..0..J..1.sK..2..K..3..K..4..K..5.>L..6..L..7..L..>."M..?.SM..N.kM..g.~M..i..M..j..M..k..M..l..M...].M...].N...]HN...]]O...]oO...].O...].O...]SP...].P...]cR...].R...].R...].R...^.S...^ S...^kS...^.S...^.T...^.U...^.U...^.U...^.U...^.U...^.U...^.V...^IV...^jV...^.V...^.W...^lW..%^~W..&^.W..'^.W..)^aX..*^.X..+^.X..,^.X..-^.Y...^DY../^.Y..0^.Z..1^.[..2^.\..3^.]..4^Y]..5^w]..8^.]..9^.^..:^.`..;^.`..<^.`..>^Qa..?^&b..@^.b..A^.c..B^:c..C^.c..D^.f..E^.f..F^.g..G^Ph..I^.h..K^.h..L^.h..M^.h..N^.h..O^<i..T^.i..U^.j..V^.k..W^-k..X^Kk..Y^.k..Z^Xl..[^.m..\^.m..]^.m..b^.o..d^,o..e^;o..f^Ao..g^qo..h^.o..i^.o..j^.o..k^.p..l^.p..o^Ap..p^pp..q^.p..r^.q..s^)q..t^tq

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\tr.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):131303
                                                                                                  Entropy (8bit):5.614477997540201
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:FE23B2095B245AE359C449CF3AE2D4C4
                                                                                                  SHA1:56AF0705886551389DEDB9BA1D9BECC682321977
                                                                                                  SHA-256:48B76D081B4398C7AF10BE207751EF3BF67720700C35B17196A4AA0C94526208
                                                                                                  SHA-512:94B81F5469620BB7545F3CCDA35845861E92FF7D29351A7F562AC861F718454D3D8DFF324CFC904E484F5551D952BC338F24E284F585A714FFFFF5F3A5445F64
                                                                                                  Malicious:false
                                                                                                  Preview:............j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..G..v..G..w.'G..y.-G..z.<G..|.BG..}.TG....\G....aG....iG....qG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....H....(H....*H.....H....5H....?H....OH...._H....qH.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....H.....I....1I..*.7I..+.:I..,.XI../.oI..0.xI..1..I..2..I..3..I..4..I..5..J..6.<J..7.YJ..>.~J..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].K...].K...].L...]OL...]VL...]KM...]dM...]kM...]qM...^.M...^.M...^.M...^.M...^.N...^.N...^.N...^.O...^.O...^)O...^1O...^<O...^VO...^gO...^.O...^.O...^.O..%^.O..&^.O..'^.O..)^=P..*^cP..+^rP..,^.P..-^.P...^.P../^.P..0^=Q..2^.Q..3^.Q..4^.Q..5^.Q..8^.R..9^.R..:^aS..;^rS..<^.S..>^.S..?^9T..@^.T..A^.T..B^.T..C^.T..D^ V..E^.V..F^.V..G^.W..I^MW..K^SW..L^dW..M^mW..N^{W..O^.W..T^.W..U^.X..V^rX..W^.X..X^.X..Y^.X..Z^DY..[^.Y..\^.Y..]^.Z..b^.Z..c^.Z..d^.Z..e^.Z..f^.Z..g^.Z..h^.Z..i^.Z..j^.Z..k^.Z..l^.[..o^#[..p^N[..q^k[..r^.[

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\uk.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):216199
                                                                                                  Entropy (8bit):5.057813342706528
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:6027526062E6F51A7C99FEEBC9AE1947
                                                                                                  SHA1:10D7346A8D6A4DADB48BF7720303EF39F76A564A
                                                                                                  SHA-256:5DDF9212CBC6696941547B2E57B02092517BFF6E70529F2EE14D0F593610E14F
                                                                                                  SHA-512:52178A648747F3247E32183CDB36ECC9A6314B2BEFA91CAE28D5110C479F5D1FF59AD2C802A75288C17650DE5A2EBCF369E04E760259015FF855FF8299DD9F3D
                                                                                                  Malicious:false
                                                                                                  Preview:..........%.j..F..k..F..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..G..y..G..z..G..|."G..}.4G....<G....AG....IG....QG....YG....`G....gG....nG....oG....pG.....G.....G.....H....6H....xH....zH....~H.....H.....H.....H.....H.....I....'I....II....PI....SI....TI....dI....vI.....I.....I.....I.....I.....I.....I....,J....\J..*.mJ..+.pJ..,..J../..J..0..J..1.EK..2.^K..3.|K..4..K..5..K..6.<L..7._L..>..L..?..L..N..L..g..L..i..L..j..L..k..L..l..L...].L...]?M...]nM...].N...].N...].N...].O...];O...].O...].O...];S...]_S...]mS...]{S...^.S...^.S...^.S...^4T...^1U...^.U...^.U...^.U...^.U...^"V...^6V...^UV...^sV...^.V...^.V...^.W...^ W..%^0W..&^NW..'^kW..)^.W..*^9X..+^XX..,^yX..-^.X../^.X..0^]Y..1^.Z..2^.Z..3^.[..4^`[..5^.[..8^.[..9^.\..:^.]..;^.]..<^.^..>^s^..?^C_..@^.`..A^.`..B^.a..C^Ia..D^re..E^rg..F^.h..G^Ii..I^wi..K^.i..L^.i..M^.i..N^.i..O^"j..T^.j..U^.j..V^.k..W^.k..X^.k..Y^Hl..Z^.l..[^fm..\^.m..]^1n..b^(o..d^>o..e^Jo..f^Po..g^.o..h^.o..i^.o..j^.o..k^.o..l^.o..o^%p..p^np..q^.p..r^'q..s^Sq

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\vi.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):155363
                                                                                                  Entropy (8bit):5.800734141236524
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:8D1DE53FF78406C42FE554ACC82B5983
                                                                                                  SHA1:1B80F071914C9A2F071355973DA7FF3D9508298B
                                                                                                  SHA-256:314FF8E069D132D43566143FFE0F5CEBC990A015AC32ED550AC687A4FF78D56F
                                                                                                  SHA-512:D027A534F8DDAC3C953D81BA635A8A3FE452E7295FB2AA7D8B9D5A718FFF7CD619323E3914DD6A17EACECB0C6D6F5129C9E793B2925F65DABEC83B9389DB295D
                                                                                                  Malicious:false
                                                                                                  Preview:..........2.j.hF..k.wF..l..F..n..F..o..F..p..F..q..F..r..F..s..F..t..F..v..F..w..F..y..F..z..G..|..G..}..G...."G....'G..../G....7G....?G....FG....MG....TG....UG....VG....yG.....G.....G.....G.....G.....G.....G.....G.....G.....H....%H....CH....SH....kH....rH....uH....vH.....H.....H.....H.....H.....H.....H.....H.....H.....I....#I..*..I..+.1I..,.OI../.kI..0.xI..1..I..2..I..3..I..4..I..5..I..6./J..7.LJ..>.wJ..?..J..N..J..g..J..i..J..j..J..k..J..l..J...].J...].J...].K...].K...].K...].L...]3L...]uL...].L...].M...].M...].M...].M...^.N...^!N...^ON...^.N...^2O...^rO...^zO...^.O...^.O...^.P...^.P...^$P...^FP...^VP...^.P...^.P...^.P..%^.P..&^.P..'^.Q..)^lQ..*^.Q..+^.Q..,^.Q..-^.Q...^.Q../^!R..0^.R..1^.S..2^.S..3^.S..4^.S..5^.T..8^!T..9^.T..:^.U..;^.U..<^.U..>^/V..?^.V..@^.W..A^.W..B^?W..C^aW..D^.X..E^-Y..F^.Y..G^.Y..I^.Z..K^.Z..L^&Z..M^9Z..N^CZ..O^mZ..T^.Z..U^.Z..V^h[..W^y[..X^.[..Y^.[..Z^E\..[^.\..\^.]..]^1]..b^.^..c^&^..d^/^..e^5^..f^9^..g^S^..h^~^..i^.^..j^.^..k^.^..l^.^..o^.^..p^._..q^#_..r^._

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\zh-CN.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):114748
                                                                                                  Entropy (8bit):6.7174096339004095
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:B2E2087F9C688DC3EC45A55742BEDB6A
                                                                                                  SHA1:8EFD0726B46FC67CDA9FDC9989C707C23C7B031C
                                                                                                  SHA-256:2B255293F6C85ABB09162C825AEA120C3E695156EB952D26D1E5F505BA324B37
                                                                                                  SHA-512:2382B2B4D56831BD25D5A3535936D8A1039E00A287BD5AF05628C1A6FC54715FC8AD68AD3F207D6E073A588A66D5FA181E124125E7D1F00A5DE54ED658E5C33E
                                                                                                  Malicious:false
                                                                                                  Preview:..........b.j..F..k..F..l..F..m.&F..o.,F..p.1F..q.7F..r.FF..s.WF..t.`F..v.uF..w..F..|..F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....F.....G.... G....,G....>G....PG....RG....VG....\G....hG....tG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H....1H....EH..*.NH..+.QH..,.~H../..H..0..H..1..H..2..H..3..H..4..H..5..I..6.UI..7.jI..>..I..?..I..N..I..g..I..i..I..j..I..k..I..l..I...].I...].I...].J...]yJ...].J...].J...].J...].J...].J...].K...].K...].K...].K...^.K...^.K...^.L...^@L...^.L...^.L...^.L...^.L...^.M...^#M...^)M...^5M...^PM...^bM...^.M...^.M...^.M..%^.M..&^.M..'^.M..)^-N..*^\N..+^kN..,^wN..-^}N...^.N../^.N..0^-O..1^.O..2^9P..3^HP..4^kP..5^wP..8^.P..9^.Q..:^.Q..;^.Q..<^.Q..>^.R..?^tR..@^.R..A^.R..B^.S..C^.S..D^.S..E^^T..F^.T..G^.T..I^.U..K^.U..L^.U..M^.U..N^%U..O^[U..T^.U..U^.U..V^.V..W^EV..X^ZV..Y^.V..Z^.V..[^HW..\^.W..]^.W..b^bX..c^hX..d^nX..e^qX..f^tX..g^.X..h^.X..i^.X..j^.X..k^.X..l^.X..o^.X..p^!Y..q^;Y..r^.Y..s^.Y..t^.Y

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\locales\zh-TW.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):114042
                                                                                                  Entropy (8bit):6.719449431220688
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:32F600C44C8A26FDF518FAFFBCE56B71
                                                                                                  SHA1:7481922ABB60EE20F6FAFF9AE4DC4A55F6E6224E
                                                                                                  SHA-256:1710CEA2EB84E4FEED749E9E497D01E16B1B244D1A621D380226B8AE7CCE07C6
                                                                                                  SHA-512:DA145697AC8D7CE6E8CDF3F6E190C23F9791F4FDC2C1EED2DBC10E8C6377298C4D02DF464752277CD7EC429297860FFE50E7B9DE79632699DD2202B7324F55FE
                                                                                                  Malicious:false
                                                                                                  Preview:..........c.j..F..k..F..l. F..n.(F..o.-F..p.5F..q.;F..r.JF..s.[F..t.dF..v.yF..w..F..y..F..z..F..|..F..}..F.....F.....F.....F.....F.....F.....F.....F.....F.....G....(G....4G....CG....RG....VG....ZG....`G....iG....uG.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....G.....H.....H.....H....;H....OH..*.XH..+.[H..,..H../..H..0..H..1..H..2..H..3..H..4..I..5.#I..6.aI..7.vI..>..I..?..I..N..I..g..I..i..I..j..I..k..I..l..I...].I...].I...].J...].J...].J...].J...].J...].J...]%K...]1K...].K...].L...].L...] L...^/L...^5L...^ML...^zL...^.L...^.M...^.M...^?M...^QM...^lM...^rM...^~M...^.M...^.M...^.M...^.M...^.N..%^.N..&^#N..'^/N..)^.N..*^.N..+^.N..,^.N..-^.N...^.N../^.O..0^.O..1^.O..2^vP..3^.P..4^.P..5^.P..8^.P..9^TQ..:^.Q..;^.R..<^ R..>^MR..?^.R..@^.S..A^(S..B^4S..C^LS..D^.T..E^.T..F^.T..G^.U..I^/U..K^5U..L^AU..M^GU..N^SU..O^.U..T^.U..U^.U..V^FV..W^eV..X^tV..Y^.V..Z^.V..[^FW..\^.W..]^.W..b^DX..c^JX..d^PX..e^SX..f^VX..g^nX..h^.X..i^.X..j^.X..k^.X..l^.X..o^.X..p^.Y..q^.Y..r^]Y..s^qY

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources.pak

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5113713
                                                                                                  Entropy (8bit):7.996602002236813
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:
                                                                                                  MD5:A1E5AAFE5A1509EF461D584C98484FF7
                                                                                                  SHA1:455A36FFF7A12989D0D1FC944A3C8840141D865A
                                                                                                  SHA-256:DD0CDD9201C5966DCC8B3AC3F587FDB05CAD09547E267E0D16B8B1A3CFF14772
                                                                                                  SHA-512:F98E33FE7E89A7798C6C274B4220C7C5262A2CEDD0C0A04C7821634679F71145ECA78C7A36A9F576712A00FFBABFABF58C958483D2D69FA9960178A7C3581946
                                                                                                  Malicious:false
                                                                                                  Preview:............f.....h..&.....&.....&.....*.....0.....0.....0.....0...0.0...0,9...0.;...07M...0nV...0.^...0.`...0Wg...0.i...0.l...0.l...0.n...0.o...0.p...0.u...0Yz...0.....0k....0.....0h....0.....0f....0.....0....0$....0d....0.....0.....0;....0.....0.....0J....0.....0Z....1z....1w....1.....1.....1F3..(7O6..-7.A...7.B../7.E..07sJ..17'T..27.U..37.W..47?l..57.q..67....77...87....97\...:7....;7....<7....=7....>7....?7....@7X...A7....B7Z...C7....D7....E7....F7....G7....H7....j7X...k7....l7....m7H...n7....o7....p7....q7....r7.,..s7.7..t7.d..u7vl..v7L...w7e...x7u...y7!...z7....{7....|7Y...}7...~7u....72....7.....7....7.....7.....7....7....7U....7e....7"....;d....;.....;.....;.....;G....;U....<O....<*....<.....<.....<.....<O....<.....<.....<.....<.....<(2...<.5...<.k...<yp...<.x...<M....<.....<.....<.....<.....<....<.....<.....<j....<.....<O....H.(...H.-...H.2...H.3...H.7...H.J...H.S...H.V...H_Y...Hma...H.f...H,l...H.v...H.|...H=....HR....H.....H.....H.....Hi....H.....H.....H0....H.....H..

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):24108875
                                                                                                  Entropy (8bit):6.3762291740523
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:2FE73D9EF0CD0AE3568EE2FFD85D115E
                                                                                                  SHA1:42DF085D68AFF56C9ECDE0E82C41F33C1E10BDFD
                                                                                                  SHA-256:3E0F453A4C5F6BD24E7651E3E43FEFC996CDAE2C29461E95ECC63535B3F7A284
                                                                                                  SHA-512:B199082E24F6850335CD7A879B551119E10054D41FEB0C63D0BA35FA22E9DCDAD51F01BEE13BEA4FF43EFD4BC759DB23B7BE5A619DBE66054DFCBBC8DC80D3D5
                                                                                                  Malicious:false
                                                                                                  Preview:................{"files":{"icon.ico":{"size":270398,"integrity":{"algorithm":"SHA256","hash":"85db7f849c7a0a41bb581446f773437ef2175b2952ed9224f00c6abbc9543c0f","blockSize":4194304,"blocks":["85db7f849c7a0a41bb581446f773437ef2175b2952ed9224f00c6abbc9543c0f"]},"offset":"0"},"package.json":{"size":1102,"integrity":{"algorithm":"SHA256","hash":"8dfc3896f4583fe20e6f12b3c20c2828039e495581e2fe021145f6cf272d1ccb","blockSize":4194304,"blocks":["8dfc3896f4583fe20e6f12b3c20c2828039e495581e2fe021145f6cf272d1ccb"]},"offset":"270398"},"src.rar":{"size":1390923,"integrity":{"algorithm":"SHA256","hash":"fd786f9c88d4b6534e2e263ebbd27101a3df5f6e579b02b2e98652c1fb1a6998","blockSize":4194304,"blocks":["fd786f9c88d4b6534e2e263ebbd27101a3df5f6e579b02b2e98652c1fb1a6998"]},"offset":"271500"},"src":{"files":{"alien.png":{"size":184182,"integrity":{"algorithm":"SHA256","hash":"61d672610d6b7e83fe83142c2f90b355343f8c9b14ba76efb829d855d0df33c9","blockSize":4194304,"blocks":["61d672610d6b7e83fe83142c2f90b355343f8c9

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\bug_report.md

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):693
                                                                                                  Entropy (8bit):4.817317048900465
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:D1D38ECC8B3A869312B3EEDC6A376201
                                                                                                  SHA1:4AA1D47AB0558E86F5A86629D0A1D99BA1AF336D
                                                                                                  SHA-256:A25704529F0D5D89309743F5CA52189FDB16A770885C0DBE8EDB3EA9D54A6A90
                                                                                                  SHA-512:CB77AEA773F82E95FC593AE67B31CAAB164E101205EB68F6BCE0103DF9EAADC7C1D9DC6D0083AE6420E82027B21925C55593A7033AE9B4203E9970FFF732C84F
                                                                                                  Malicious:false
                                                                                                  Preview:---.name: Bug report.about: Create a report to help us improve.title: ''.labels: bug.assignees: ''..---..**Describe the bug**.A clear and concise description of what the bug is...**To Reproduce**.Steps to reproduce the behavior:.1. Go to '...'.2. Click on '....'.3. Scroll down to '....'.4. See error..**Expected behavior**.A clear and concise description of what you expected to happen...**Screenshots**.If applicable, add screenshots to help explain your problem...**Environment (please complete the following information):**. - OS: [e.g. Window 10, Ubuntu 19.04]. - Engine [e.g. Node, Electron]. - Version [e.g. 12.0.3]..**Additional context**.Add any other context about the problem here..

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\ISSUE_TEMPLATE\feature_request.md

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):595
                                                                                                  Entropy (8bit):4.548493521051999
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:174545E1D9DAFF8020525FDD1E020411
                                                                                                  SHA1:F6867A2F0417FE89A0F2008730EE19DD38422021
                                                                                                  SHA-256:1F48C52F209A971B8E7EAE4120144D28FCF8EE38A7778A7B4D8CF1AB356617D2
                                                                                                  SHA-512:B18005CFE7409FDE541B934131C32C2EECDC4A8FD62CD558F274A25262C0E6B0B8FD27674EE55D6D4E4C435D49D580A077181FE8B15B095C39736B01FF4EE537
                                                                                                  Malicious:false
                                                                                                  Preview:---.name: Feature request.about: Suggest an idea for this project.title: ''.labels: ''.assignees: ''..---..**Is your feature request related to a problem? Please describe.**.A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]..**Describe the solution you'd like**.A clear and concise description of what you want to happen...**Describe alternatives you've considered**.A clear and concise description of any alternative solutions or features you've considered...**Additional context**.Add any other context or screenshots about the feature request here..

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\ci.yml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):635
                                                                                                  Entropy (8bit):4.474759295028999
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:D1F842C537B6B450FCDDED865831BCA9
                                                                                                  SHA1:6A95E32F6A599BE8D03B33CAC14F9DC776DBD44F
                                                                                                  SHA-256:72C6BF0A7A66C94D54E5792BDC808A6BA2107E692230CBCEBF6DECD46BBE11CA
                                                                                                  SHA-512:89CAF43140242FFBAD2D808EAC44095A3F072A0441DEF37ADF32E55209DF27498B800D57028E51BE4319DE1A0CE3BB26DAFC0CE0B218175605C91A107D1E6CFF
                                                                                                  Malicious:false
                                                                                                  Preview:name: CI..on:. push:. branches: [ master ]. pull_request:. branches: [ master ]..jobs:. build:.. strategy:. fail-fast: false. matrix:. os: [ubuntu-latest, windows-latest, macos-latest]. node-version: [10.x, 12.x, 14.x].. runs-on: ${{ matrix.os }}.. steps:. - uses: actions/checkout@v2. - name: Use Node.js ${{ matrix.node-version }}. uses: actions/setup-node@v1. with:. node-version: ${{ matrix.node-version }}. - run: npm ci. - name: Run headless test. uses: GabrielBB/xvfb-action@v1. with:. working-directory: ./ #optional. run: npm test.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\lint.yml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):606
                                                                                                  Entropy (8bit):4.416871000371482
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:2659061B249572AF5E432F2C070FAC7F
                                                                                                  SHA1:437C3A1F784BD2E4B403D8CB71E177E9F4D07015
                                                                                                  SHA-256:7CD6D0C254B0B431D1842AD1B12A9B633AB41D378073B935996DE5C1AEE79A6E
                                                                                                  SHA-512:F054B3E7E97D6CD07A533878FF9E0FE1A8AC08295ED0962C0D41BBAFE30703A18BE1A3723094C4CD22625857704B479A7232C3007656C297081E7A014E28BF7D
                                                                                                  Malicious:false
                                                                                                  Preview:name: Style Check..on:. push:. branches: [ master ]. pull_request:. branches: [ master ]..jobs:. build:.. strategy:. fail-fast: false. matrix:. os: [ubuntu-latest]. node-version: [14.x].. runs-on: ${{ matrix.os }}.. steps:. - uses: actions/checkout@v2. - name: Use Node.js ${{ matrix.node-version }}. uses: actions/setup-node@v1. with:. node-version: ${{ matrix.node-version }}. - run: npm ci. - name: Run headless test. uses: GabrielBB/xvfb-action@v1. with:. working-directory: ./ #optional. run: npm run lint.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\.github\workflows\release.yml

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):549
                                                                                                  Entropy (8bit):4.289671930448028
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:F6D0E9B28417057E6685B1789D91E225
                                                                                                  SHA1:27F0D718D3557A12B925E23CB0B14B93B8A6AE6F
                                                                                                  SHA-256:C893BE9E533BC188F9039A9E24623C620DAB2BD863B419A44F93CD397A10AF1F
                                                                                                  SHA-512:D298DFFB5B5539E20EC4540BF96184F5E8F90A68B2B17127844CD5F02DCBA48BB62A8EE68711416A2730C155DCCE00B1FCEA9211F73E0AC61D0CD562E547F2BD
                                                                                                  Malicious:false
                                                                                                  Preview:name: Release.on:. push:. branches:. - master.jobs:. release:. name: Release. runs-on: ubuntu-18.04. steps:. - name: Checkout. uses: actions/checkout@v2. with:. fetch-depth: 0. - name: Setup Node.js. uses: actions/setup-node@v1. with:. node-version: 12. - name: Install dependencies. run: npm ci. - name: Release. env:. GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}. NPM_TOKEN: ${{ secrets.NPM_TOKEN }}. run: npx semantic-release

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):420
                                                                                                  Entropy (8bit):4.6764683698176395
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:394A6022C9E7AA401B3C992C4B92EA94
                                                                                                  SHA1:CAE58C8959C078B24484148A0D09DA816D350699
                                                                                                  SHA-256:125C1A517628169F4E66E0E237D201BE226AFB5C704A684AEE5155DE69281685
                                                                                                  SHA-512:CBD75168E3054A8412EEC7FC1415AD1906D8A3228A16A486674909BEC0F3A8B177F02E4C9C3419598E13FB0676D87132E82EE1182549C69C6BCF59FB59AAF0CE
                                                                                                  Malicious:false
                                                                                                  Preview:'strict mode'..if (process.platform === 'linux') {. module.exports = require('./lib/linux').} else if (process.platform === 'darwin') {. module.exports = require('./lib/darwin').} else if (process.platform === 'win32') {. module.exports = require('./lib/win32').} else {. module.exports = function unSupported () {. return Promise.reject(new Error('Currently unsupported platform. Pull requests welcome!')). }.}.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\darwin\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5920
                                                                                                  Entropy (8bit):4.76870843435311
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:78C9024198B8933BA47FD22220CCD12C
                                                                                                  SHA1:AE8E968A89E954DD31B5C1827D8BC1EA632CBE83
                                                                                                  SHA-256:E364425FEC6FB780C1FB00615014A0D5E39F65517848A12371B8934C5BB35E8D
                                                                                                  SHA-512:0E06A3B4684B7275491691329150FEDE20B253AEAFEB3307FB19F88D1477533AC20B028A73F61D32DEB41592414D95AC73C703AC016C8CEAEA4739F2A008CC36
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const exec = require('child_process').exec.const temp = require('temp').const fs = require('fs').const utils = require('../utils').const path = require('path')..const { unlinkP, readAndUnlinkP } = utils..function darwinSnapshot (options = {}) {. const performScreenCapture = displays => new Promise((resolve, reject) => {. // validate displayId. const totalDisplays = displays.length. if (totalDisplays === 0) {. return reject(new Error('No displays detected try dropping screen option')). }. const maxDisplayId = totalDisplays - 1. const displayId = options.screen || 0. if (!Number.isInteger(displayId) || displayId < 0 || displayId > maxDisplayId) {. const validChoiceMsg = (maxDisplayId === 0) ? '(valid choice is 0 or drop screen option altogether)' : `(valid choice is an integer between 0 and ${maxDisplayId})`. return reject(new Error(`Invalid choice of displayId: ${displayId} ${validChoiceMsg}`)). }.. con

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\linux\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5482
                                                                                                  Entropy (8bit):4.701522267659056
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:3B9999E65606270A0FE405AA1BB32FD1
                                                                                                  SHA1:B090AD8054A7384C01203962E94776B9134F42E2
                                                                                                  SHA-256:F0CF780D0DEA403121F30FCF11096C48A4A0DC2B0393D41EBBB664FF7C89EC3A
                                                                                                  SHA-512:0A09384372A32C723AC8E8324DD2F93D57467D2E8B53DBE3231EE37CCAE9AAA5C91363BE4366E8C2A5495F607EA96782C11363DAB7097FCF27FE3645C403F141
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const exec = require('child_process').exec.const path = require('path').const defaultAll = require('../utils').defaultAll..const EXAMPLE_DISPLAYS_OUTPUT = `Screen 0: minimum 320 x 200, current 5760 x 1080, maximum 8192 x 8192.eDP-1 connected (normal left inverted right x axis y axis). 2560x1440 60.00 +. 1920x1440 60.00. 1856x1392 60.01. 1792x1344 60.01. 1920x1200 59.95. 1920x1080 59.93. 1600x1200 60.00. 1680x1050 59.95 59.88. 1600x1024 60.17. 1400x1050 59.98. 1280x1024 60.02. 1440x900 59.89. 1280x960 60.00. 1360x768 59.80 59.96. 1152x864 60.00. 1024x768 60.04 60.00. 960x720 60.00. 928x696 60.05. 896x672 60.01. 960x600 60.00. 960x540 59.99. 800x600 60.00 60.32 56.25. 840x525 60.01 59.88. 800x512 60.17. 700x525 59.98. 640x512 60.02. 720x450 59.89. 640x480 60.00

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\utils.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1118
                                                                                                  Entropy (8bit):4.361193968809056
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:A2F2486EFFFAA9BE30B2EF58E24D49A1
                                                                                                  SHA1:8AC5C529C227ADAAFBF43ABD917A44B87C92CE46
                                                                                                  SHA-256:F1065090CE89B14C76D533D11040556759C58679C0EB89A1E59337D318E16A6C
                                                                                                  SHA-512:D1283A5663AA62B2262283B1A611E002602F869DCF006DD336D742272F14D98791C35A5C32AF92884692A62FEF0942E6C99D0646AADBD6582E418EB4497A4C66
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const fs = require('fs')..function unlinkP (path) {. return new Promise((resolve, reject) => {. fs.unlink(path, function (err) {. if (err) {. return reject(err). }. return resolve(). }). }).}..function readFileP (path) {. return new Promise((resolve, reject) => {. fs.readFile(path, function (err, img) {. if (err) {. return reject(err). }. resolve(img). }). }).}..function readAndUnlinkP (path) {. return new Promise((resolve, reject) => {. readFileP(path). .then((img) => {. unlinkP(path). .then(() => resolve(img)). .catch(reject). }). .catch(reject). }).}..function defaultAll (snapshot) {. return new Promise((resolve, reject) => {. snapshot.listDisplays(). .then((displays) => {. const snapsP = displays. .map(({ id }) => snapshot({ screen: id })). Promise.all(snapsP). .then(resolve). .catch(reje

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\app.manifest

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):350
                                                                                                  Entropy (8bit):4.888222365859566
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:8951565428AA6644F1505EDB592AB38F
                                                                                                  SHA1:9C4BEE78E7338F4F8B2C8B6C0E187F43CFE88BF2
                                                                                                  SHA-256:8814DB9E125D0C2B7489F8C7C3E95ADF41F992D4397ED718BDA8573CB8FB0E83
                                                                                                  SHA-512:7577BAD37B67BF13A0D7F9B8B7D6C077ECDFB81A5BEE94E06DC99E84CB20DB2D568F74D1BB2CEF906470B4F6859E00214BEACCA7D82E2B99126D27820BF3B8F5
                                                                                                  Malicious:false
                                                                                                  Preview:<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >. <asmv3:application>. <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">. <dpiAware>True/PM</dpiAware>. </asmv3:windowsSettings>. </asmv3:application>.</assembly>

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\index.js

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2677
                                                                                                  Entropy (8bit):5.056770966151904
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:AB2229F48309619A42E98F617F5D26EE
                                                                                                  SHA1:81671593FF9C5C85A09F23E5A7CCE3A4C80C3A2F
                                                                                                  SHA-256:ED1A0F3E590BD553451ED06FD24A4D34407DD5FC63EB93787A53EA51D20827CC
                                                                                                  SHA-512:520F5F82100F2CF70D5F2C8406D83BE30B8104197AA0A4DD1B45A9B6C1C15F2F3EAB4E578DB1C2FB41D2E2BBBE70A0F937CD6E8E3B6CD177F2444140DF35DB89
                                                                                                  Malicious:false
                                                                                                  Preview:const Promise = require('pinkie-promise').const exec = require('child_process').exec.const temp = require('temp').const path = require('path').const utils = require('../utils')..const {. readAndUnlinkP,. defaultAll.} = utils..function windowsSnapshot (options = {}) {. return new Promise((resolve, reject) => {. const displayName = options.screen. const format = options.format || 'jpg'. const tmpPath = temp.path({. suffix: `.${format}`. }). const imgPath = path.resolve(options.filename || tmpPath).. const displayChoice = displayName ? ` /d "${displayName}"` : ''.. exec('"' + path.join(__dirname.replace('app.asar', 'app.asar.unpacked'), 'screenCapture_1.3.2.bat') + '" "' + imgPath + '" ' + displayChoice, {. cwd: __dirname.replace('app.asar', 'app.asar.unpacked'),. windowsHide: true. }, (err, stdout) => {. if (err) {. return reject(err). } else {. if (options.filename) {. resolve(imgPath). } else {.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):14246
                                                                                                  Entropy (8bit):4.755441316440423
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:DA0F40D84D72AE3E9324AD9A040A2E58
                                                                                                  SHA1:4CA7F6F90FB67DCE8470B67010AA19AA0FD6253F
                                                                                                  SHA-256:818350A4FB4146072A25F0467C5C99571C854D58BEC30330E7DB343BCECA008B
                                                                                                  SHA-512:30B7D4921F39C2601D94A3E3BB0E3BE79B4B7B505E52523D2562F2E2F32154D555A593DF87A71CDDB61B98403265F42E0D6705950B37A155DC1D64113C719FD9
                                                                                                  Malicious:false
                                                                                                  Preview:// 2>nul||@goto :batch./*.:batch.@echo off.setlocal enableDelayedExpansion..:: find csc.exe.set "csc=".for /r "%SystemRoot%\Microsoft.NET\Framework\" %%# in ("*csc.exe") do set "csc=%%#"..if not exist "%csc%" (. echo no .net framework installed. exit /b 10.)..if not exist "%~n0.exe" (. call %csc% /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"%~n0.exe" "%~dpsfnx0" || (. exit /b !errorlevel!. ).).%~n0.exe %*.endlocal & exit /b %errorlevel%..*/..// reference.// https://gallery.technet.microsoft.com/scriptcenter/eeff544a-f690-4f6b-a586-11eea6fc5eb8..using System;.using System.Runtime.InteropServices;.using System.Drawing;.using System.Drawing.Imaging;.using System.Collections.Generic;.using Microsoft.VisualBasic;..../// Provides functions to capture the entire screen, or a particular window, and save it to a file...public class ScreenCapture.{.. static String deviceName = "";. static Image capturedImage = null;.. /// Creates an Image obje

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12800
                                                                                                  Entropy (8bit):4.6904661074095575
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:BEFA2810B15D065C0095292F1DD4734B
                                                                                                  SHA1:2F2A776C7A8A6F1B7D8EFDAABE09F290385B24DD
                                                                                                  SHA-256:AB1FF81275C7B402863B9CCC599E0EE6E0E5C3C54E4F8D5EE49E8FC22A009A7A
                                                                                                  SHA-512:AF98A54B2F62667AD689BFF2290A341585B37CC1C314A877B342B67AE8E104DB034C74B31B9C8413413B9FD1E2117BD648318CD1957128B78EDDE57E5155B906
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yl.b.................(..........>G... ...`....@.. ....................................@..................................F..W....`..x............................................................................ ............... ..H............text...D'... ...(.................. ..`.rsrc...x....`.......*..............@..@.reloc...............0..............@..B................ G......H........*...............................................................0............(....(.....+..*....0..L........~....r...po......-(.(.....~.........-..~.....+.r...p(.......(....(.....+..*.0..0.........(................(....&...(.......(....&..+..*.0.............{......{....Y...{......{....Y..(........(.......(..............{......{.... ...(....&...(....&.(....&.(.......(....&....+...*....0............(........o.....*...0............(........o.....*...0...........(......

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\package.json

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):598
                                                                                                  Entropy (8bit):4.785292668201288
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:E5DF4E3B7058C914E5048223A6C79F1D
                                                                                                  SHA1:AB75EBFCF8D669DA6C0B54AD2E5F5D73A466CB1E
                                                                                                  SHA-256:101C15C05C78832BC02635E6E2252F1ED23367D22411B51518A1775FF6E972FC
                                                                                                  SHA-512:A316798409C568E5CDD07A34A838D0B9842F65C03DED19853678A30EA3024E9F649AFA8B5D4093F5C0C811A33BF513FF1FE4AA33F60BAD7553FBFA6584327B29
                                                                                                  Malicious:false
                                                                                                  Preview:{. "name": "screenshot-desktop",. "version": "1.12.7",. "description": "Capture a screenshot of your local machine",. "main": "index.js",. "dependencies": {. "pinkie-promise": "^2.0.1",. "temp": "^0.9.4". },. "devDependencies": {. "ava": "^3.15.0",. "semantic-release": "^17.4.4",. "standard": "^16.0.3". },. "repository": {. "type": "git",. "url": "https://github.com/bencevans/screenshot-desktop.git". },. "author": "Ben Evans <ben@bensbit.co.uk> (https://bencevans.io)",. "license": "MIT",. "homepage": "https://github.com/bencevans/screenshot-desktop#readme".}

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\app.asar.unpacked\node_modules\screenshot-desktop\renovate.json

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):103
                                                                                                  Entropy (8bit):4.117332978228041
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:63823BF8BE61361CBD13BF183E201BF1
                                                                                                  SHA1:4658400152C61EDEE1555BB86CB6DA13E2FE4401
                                                                                                  SHA-256:CBA2CBD76811A1B8E808000D073D04F657AAF0551C73A805CA3A4B492F21BD47
                                                                                                  SHA-512:8703CCA6F04DA47E5376730CF993665F7DB1FB854F8509C0B831F189BF4A4C396808ECA7949123E334E42A407A6AA84CDAD34E5BD1B00D0A4C30F07A80CC9A68
                                                                                                  Malicious:false
                                                                                                  Preview:{. "extends": [. "config:base". ],. "automerge": true,. "major": {. "automerge": false. }.}.

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\resources\elevate.exe

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):107520
                                                                                                  Entropy (8bit):6.442687067441468
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                  SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                  SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                  SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\snapshot_blob.bin

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):405456
                                                                                                  Entropy (8bit):3.3151721500305027
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:F14A9115EDBCC4697515DB49CDAF5B08
                                                                                                  SHA1:9C43D69BA11A03278885DC7F285584278DE9CA11
                                                                                                  SHA-256:F25DDF52F68DE295BF1CDBD4F7FC6AA9D8F882A16A2F97B4E08E322B6B90546E
                                                                                                  SHA-512:3C646B258A2BA7CD3E1D878D3009D181302D790F324C4C2B10A9EEEBBEAB9C49AB43B15B3154AE99749410DEBB2F3AD8D121979EC11E44AD074E1F675CF05DC0
                                                                                                  Malicious:false
                                                                                                  Preview:........#..<10.0.139.17-electron.0..........................................h....n......M.......a........a........a........at.......a........a.......... ....9.`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ....`....D..W.....W.....W...D. ..).`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D.(Jb....!.....@..F^.....U`....`.....(Jb....B.....@..F^...`.....D...IDa........D`....D`....D`.......`.....D].......D`.......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L`.....HD...%.D...L.....................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\swiftshader\libEGL.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):459776
                                                                                                  Entropy (8bit):6.292318384263477
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:29AE8BEF0CF8B6A26F4BEBC5A20900DA
                                                                                                  SHA1:515ABE76943288D531B35C1B4C764D1DBDB281DB
                                                                                                  SHA-256:711CF342B3A008C9116F6138358A67007A29D281D09CF23D20A5E17AA503EE9B
                                                                                                  SHA-512:99981E7074B580ACE154C36D0AA1542DCDB979F36476B680EF19C3FD8A9126B5A808E6E1CF2224D20BA22C328B9A621C280C4FFA74638E358297809001D737AD
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." ......................................................................`A........................................`.......q#..P....p...........=..............p...............................(....3..0............&..(............................text...f........................... ..`.rdata..L.... ......................@..@.data....M....... ..................@....pdata...=.......>..................@..@.00cfg..(....@......................@..@.tls.........P......................@..._RDATA.......`......................@..@.rsrc........p......................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\swiftshader\libGLESv2.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3189760
                                                                                                  Entropy (8bit):6.423659291721246
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:DC060F0BE506DC5B48402C2FFD62C3A1
                                                                                                  SHA1:3988BB810D92B2E317767F8E25D3D1E43F0A6F68
                                                                                                  SHA-256:A97834A44A1E28B574C967F1CB93B97CD19E26616439133C11C9DDA4B26D605B
                                                                                                  SHA-512:04CF84033462A521C45B71F31AB007F712C6B2F5CFBFC97CE7DBF60074D525933AF6388D9EDE366A00A0983BA4E34A1B318A759CFBBB520ED621DF9979BB315B
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....R+..V.......]'.......................................6...........`A............................................. ......d.....5.......4...............5.x1..<...........................(.....+.0............................................text....P+......R+................. ..`.rdata..<....p+......V+.............@..@.data........./.. ...p/.............@....pdata........4......./.............@..@.00cfg..(.....5......p0.............@..@.tls....).....5......r0.............@..._RDATA........5......t0.............@..@.rsrc.........5......v0.............@..@.reloc..x1....5..2...z0.............@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\v8_context_snapshot.bin

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):726296
                                                                                                  Entropy (8bit):4.668258384826135
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:DD0D4997DFAB65B96AAD66D035F6029C
                                                                                                  SHA1:65FAA1DBB7CCD902F1F1AF544F6941234FF679D3
                                                                                                  SHA-256:F033FB86FA92DF1BE464DE590AA312CC016BC5D6BEA26672C896BF4D3F1261CD
                                                                                                  SHA-512:86B06BD0F91F50BD13B3AF179F3F498F10A225D25BA5CA32258F75567E601C3F48F7A3FB436C3B0D2BA53CC9EAAA8F74C95B44458628B0EA716563694A3C7002
                                                                                                  Malicious:false
                                                                                                  Preview:.........lrz10.0.139.17-electron.0..........................................x....v...C......P...M.......a........a........aR.......at.......a........a.......... ....9.`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ....`....D..W.....W.....W...D. ..).`H...D..W.....W.....W...D. ....`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D. ..Y.`H...D..W.....W.....W...D. ..`H...D..W.....W.....W...D.(Jb....!.....@..F^.....U`....`.....(Jb....B.....@..F^...`.....D...IDa........D`....D`....D`.......`.....D].......D`.......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L`.....HD...%.D...L.............................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\vk_swiftshader.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4654592
                                                                                                  Entropy (8bit):6.2751649857298615
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:6B40CE4AF617399536D0EA6EDC84BAAD
                                                                                                  SHA1:55C91309FE49AF121DD3DE9C24F60B8CFEA680F1
                                                                                                  SHA-256:C64B87D7CEBDAEE8B779859059A6C63FB47C8102A4F7311D678895F87B825C59
                                                                                                  SHA-512:9C4CADDB2F6BA7D17683D662A1D9ECD2EFCDF1FC081E0127260F0266EDA78B42C684BCAD5BCCBDC03A06619B9AE4960CCEA67472D7650C53E67A5A70BE6E36C6
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." .....":......... .2.......................................H...........`A........................................xeD.....o.D.P.....H.......F..1............H.Pi...6D......................5D.(....S:.0.............D.H............................text....!:......":................. ..`.rdata..L....@:......&:.............@..@.data....,...`E..&...8E.............@....pdata...1....F..2...^E.............@..@.00cfg..(.....G.......F.............@..@.tls....A.....G.......F.............@..._RDATA........G.......F.............@..@.rsrc.........H.......F.............@..@.reloc..Pi....H..j....F.............@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):106
                                                                                                  Entropy (8bit):4.724752649036734
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                  SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                  SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                  SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                  Malicious:false
                                                                                                  Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\7z-out\vulkan-1.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):850432
                                                                                                  Entropy (8bit):6.547858375062584
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:4783D34314EF4FEB241F4FDF36499521
                                                                                                  SHA1:89296D6AC36CD005045DB7307BF31005D0CF29A7
                                                                                                  SHA-256:6E8BEB4E9DA77313F40E75C4FFAEEAA522B6F054FD792631EC1EFCF8248CA63B
                                                                                                  SHA-512:7EF1B0E89590B4AF20F182BED9D82D5175D1C8C675FC3D05DC0EB2F834052124C877135FC68B2988683CF35E8B25870E45F7C126349D28125C021C8EEB4998AC
                                                                                                  Malicious:false
                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....{b.........." ......... .......n....................................................`A........................................X...@!......P....p..........|e.............................................(.......0............................................text...v........................... ..`.rdata.............................@..@.data....M....... ...\..............@....pdata..|e.......f...|..............@..@.00cfg..(....@......................@..@.tls.........P......................@..._RDATA.......`......................@..@.rsrc........p......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\StdUtils.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):102400
                                                                                                  Entropy (8bit):6.729923587623207
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:C6A6E03F77C313B267498515488C5740
                                                                                                  SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                  SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                  SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\System.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):12288
                                                                                                  Entropy (8bit):5.719859767584478
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                  SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                  SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                  SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\app-64.7z

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:7-zip archive data, version 0.4
                                                                                                  Category:dropped
                                                                                                  Size (bytes):62702520
                                                                                                  Entropy (8bit):7.999989467039101
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:
                                                                                                  MD5:05203D22B3FCA0E1B5696DAC266A0A0A
                                                                                                  SHA1:91C510083D8BA5A6C78C8D5B4781FE0B476C5089
                                                                                                  SHA-256:FF899BB54DF69D10048350BA9D15CED4A7CEBF469BCEE4E4AEBE880F39C3AE69
                                                                                                  SHA-512:BA4F93E5F47157B5A6E234F8131BF3A7BACD2B4686E520D36CB90D45FA75C3BD4A02E045FC60A45A962466A1384002D8C5DD8A58289E63B24B208F2B09C12EF5
                                                                                                  Malicious:false
                                                                                                  Preview:7z..'.....ves......%..........p.....]...6...7p.........l.{e/-X,.7..7.......uN...4.G\.q......pWE......'.....<}...%w..1b......F.Ze.-.D..*....i.K.)..J.h:...&..:Hyo\.~...8w.1.X.Bm.$d..k..3:.....T.-Z'....E9.O#.@od.j:..s....!.......M.C..*L....08!v...^....kk......rRm....|D. }SdeO.cpw.N.5'...*s.~T.F.\u.L2.c<.....*..H.K.?m..,..1A.C....]wK..$......+...a.`..@.....~~K..g.Dq..9G."......u.c...A....z.Qh.m..r..W.). ..R.a.x......O....< ...lT..2.Q......+.I...Q.=uQ..3e.....u.d!X..<z.=..q0.'ys..%..Y-..fQ(_..Y.d.2.I-.nq>BIS...._ .]h.6d.+..[el...)BL`.....gW.?.`S...J..Yn.7.-di........ .J.Qw.!m...#..r...kM.I....'<.Z..../....H.Xi..vd.y..:..._.;b...9C.jf..O.O...H."......c.d....)/ML...(F...*.*4......m...M.a.&..[l..^..j..e.4......... ....m.bg.{.m.>......q..t....B..FmI..Df....`c...3J5+....R....>.@..........jF..*|...l.q..V...I...C..WU...r~. .<Xy?.dv.MP+..Rf...3T.ivK....{.I4....:~...a[E...]q.1V{.......W...Z.8i."....^|....$w...[..D......Tz.j.$.....S....;.C..S..T.g..-

                                                                                                  C:\Users\user\AppData\Local\Temp\nsw9A59.tmp\nsis7z.dll

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):434176
                                                                                                  Entropy (8bit):6.584811966667578
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                  SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                  SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                  SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\places.sqlite

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:SQLite 3.x database, user version 57, last written using SQLite version 3036000
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5242880
                                                                                                  Entropy (8bit):0.035631294721445904
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:59E4A8110FA2BCC012E341B93E96E93D
                                                                                                  SHA1:EE08810B0CE857F01170C08A24B9D438B64D577D
                                                                                                  SHA-256:3A85F2FC349A7E431EA6F1FC4568C99C1918D478AD6FE6445D560EF00395DB40
                                                                                                  SHA-512:2AD00B0FCBE4FC37ECAA68C16BE32A904D682A23ACF5B39BCECF5DC280E23933FDD5A0D2A92A45F2C77618CA7466334AFEB1EAA7EA07BF4E043282B31039E8FF
                                                                                                  Malicious:false
                                                                                                  Preview:SQLite format 3......@ .......)...........!...................9..................................S`....(e......}$|.|N{.{sz.z{z.yAx.x!w.v.wZu7tNt.s.s\r.rJq.p.q.p.o.o.o.m.mal&k.k.g.g3f.f.e.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\places.sqlite-shm

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                  Malicious:false
                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\3eb4c4fa-1bc5-4aa5-b4af-263c628961ad.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):57
                                                                                                  Entropy (8bit):4.283088322451805
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:58127C59CB9E1DA127904C341D15372B
                                                                                                  SHA1:62445484661D8036CE9788BAEABA31D204E9A5FC
                                                                                                  SHA-256:BE4B8924AB38E8ACF350E6E3B9F1F63A1A94952D8002759ACD6946C4D5D0B5DE
                                                                                                  SHA-512:8D1815B277A93AD590FF79B6F52C576CF920C38C4353C24193F707D66884C942F39FF3989530055D2FADE540ADE243B41B6EB03CD0CC361C3B5D514CCA28B50A
                                                                                                  Malicious:false
                                                                                                  Preview:{"spellcheck":{"dictionaries":["en-US"],"dictionary":""}}

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\7fd7e3e2-ce3d-4d0f-a2ea-34801747f45e.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):389
                                                                                                  Entropy (8bit):5.622495445356194
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:765C81A5DDAFB5B8AD4CFEECCE2B180F
                                                                                                  SHA1:ADE6394743398449756AAC910FDE4B88FABAB062
                                                                                                  SHA-256:9653CF24DA341D43D480A89C4A9EB5C6186EEAC3FB2BD776ACFDC8EAEC1E85ED
                                                                                                  SHA-512:14A1AFCD384A73054684952BA8E52258A72CDA8DDEB05BFFDEEBE5F425C00DCD3D6F3CA188C92F7158B9818FD053A4BA0F59D16F03C69D959862C16EB0A3AB92
                                                                                                  Malicious:false
                                                                                                  Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADGlNUcyBIhTKN7OLH5xavYAAAAAAIAAAAAABBmAAAAAQAAIAAAAKkvCmpA+ZqZ3SIXrICxoV/qI526d9SVayY6yjsk9lwgAAAAAA6AAAAAAgAAIAAAAHwEQbnoAGtU+CR7OgbmPSLbaUrJ3Uty0dsT1wGtNW3oMAAAAIE4KNNxnpVz9dHwTJz8jcAHX/5f9a2+MYAP9UaFFeqVGeYhuKh7cC/tdeNb2cWoWkAAAAAkJJVgVN7YJyLel2Y9BHMtK18LGz6lTiMwqgd+9CrK0+5ZKQmmjibIlUcwLSKNumuw14eWyJIlXpqnaB3tnwMx"}}

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Cache\Cache_Data\data_0

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                  Malicious:false
                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Cache\Cache_Data\data_1

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.012096502606932763
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:259E7ED5FB3C6C90533B963DA5B2FC1B
                                                                                                  SHA1:DF90EABDA434CA50828ABB039B4F80B7F051EC77
                                                                                                  SHA-256:35BB2F189C643DCF52ECF037603D104035ECDC490BF059B7736E58EF7D821A09
                                                                                                  SHA-512:9D401053AC21A73863B461B0361DF1A17850F42FD5FC7A77763A124AA33F2E9493FAD018C78CDFF63CA10F6710E53255CE891AD6EC56EC77D770C4630F274933
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Cache\Cache_Data\data_2

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Cache\Cache_Data\data_3

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Cache\Cache_Data\f_000001

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with very long lines
                                                                                                  Category:dropped
                                                                                                  Size (bytes):89501
                                                                                                  Entropy (8bit):5.289893677458563
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                                                                                  SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                                                                                  SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                                                                                  SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                                                                                  Malicious:false
                                                                                                  Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Cache\Cache_Data\index

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                  Category:dropped
                                                                                                  Size (bytes):524656
                                                                                                  Entropy (8bit):4.989325630401085E-4
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:1642EDEE48F3B5FDE40917448444C069
                                                                                                  SHA1:B1C4D180C38BA0E4A2A430915BD729367E6F75AE
                                                                                                  SHA-256:93AFF70DF7CF9E2FFA3B6521653E8ABA8EDBF63F8C1CDD2F31F7C7BDD12C7821
                                                                                                  SHA-512:644C83671A11330002067D16F0230D21CD1C758B25169105C400B1878957695BFDEBE0CBAB83A1CBCD86F907D277AC6BA8F9B2F49FEF20497DFA90ABB4BD5E60
                                                                                                  Malicious:false
                                                                                                  Preview:...........................................+.C/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\js\index

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ISO-8859 text, with no line terminators, with escape sequences
                                                                                                  Category:dropped
                                                                                                  Size (bytes):24
                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                  Malicious:false
                                                                                                  Preview:0\r..m..................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\js\index-dir\temp-index

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):48
                                                                                                  Entropy (8bit):2.868671614087538
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:E0221AC0F5A72BCC972367B60E5DF512
                                                                                                  SHA1:AA5FC7DEEBF02EC6E318628FA6ACB6C40929E3DD
                                                                                                  SHA-256:BCCCFDB49BE08F55CD2D4B48FB269F3BE720EA1E04107219FF83334554CF2F00
                                                                                                  SHA-512:33B12D1B5501CB9A196A64B8155B5ABFE5E1176BE1D2145B969CF12231811877247A797B42BB5015CB89DF3A1331C24B03453A3C96A40DE78EDC52D896C0922C
                                                                                                  Malicious:false
                                                                                                  Preview:(.......oy retne........................'..*.C/.

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):48
                                                                                                  Entropy (8bit):2.868671614087538
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:E0221AC0F5A72BCC972367B60E5DF512
                                                                                                  SHA1:AA5FC7DEEBF02EC6E318628FA6ACB6C40929E3DD
                                                                                                  SHA-256:BCCCFDB49BE08F55CD2D4B48FB269F3BE720EA1E04107219FF83334554CF2F00
                                                                                                  SHA-512:33B12D1B5501CB9A196A64B8155B5ABFE5E1176BE1D2145B969CF12231811877247A797B42BB5015CB89DF3A1331C24B03453A3C96A40DE78EDC52D896C0922C
                                                                                                  Malicious:false
                                                                                                  Preview:(.......oy retne........................'..*.C/.

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\wasm\index

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ISO-8859 text, with no line terminators, with escape sequences
                                                                                                  Category:dropped
                                                                                                  Size (bytes):24
                                                                                                  Entropy (8bit):2.1431558784658327
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                  SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                  SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                  SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                  Malicious:false
                                                                                                  Preview:0\r..m..................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\wasm\index-dir\temp-index

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):48
                                                                                                  Entropy (8bit):2.868671614087538
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:E0221AC0F5A72BCC972367B60E5DF512
                                                                                                  SHA1:AA5FC7DEEBF02EC6E318628FA6ACB6C40929E3DD
                                                                                                  SHA-256:BCCCFDB49BE08F55CD2D4B48FB269F3BE720EA1E04107219FF83334554CF2F00
                                                                                                  SHA-512:33B12D1B5501CB9A196A64B8155B5ABFE5E1176BE1D2145B969CF12231811877247A797B42BB5015CB89DF3A1331C24B03453A3C96A40DE78EDC52D896C0922C
                                                                                                  Malicious:false
                                                                                                  Preview:(.......oy retne........................'..*.C/.

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):48
                                                                                                  Entropy (8bit):2.868671614087538
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:E0221AC0F5A72BCC972367B60E5DF512
                                                                                                  SHA1:AA5FC7DEEBF02EC6E318628FA6ACB6C40929E3DD
                                                                                                  SHA-256:BCCCFDB49BE08F55CD2D4B48FB269F3BE720EA1E04107219FF83334554CF2F00
                                                                                                  SHA-512:33B12D1B5501CB9A196A64B8155B5ABFE5E1176BE1D2145B969CF12231811877247A797B42BB5015CB89DF3A1331C24B03453A3C96A40DE78EDC52D896C0922C
                                                                                                  Malicious:false
                                                                                                  Preview:(.......oy retne........................'..*.C/.

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\GPUCache\data_0

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                  Malicious:false
                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\GPUCache\data_1

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.012096502606932763
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:259E7ED5FB3C6C90533B963DA5B2FC1B
                                                                                                  SHA1:DF90EABDA434CA50828ABB039B4F80B7F051EC77
                                                                                                  SHA-256:35BB2F189C643DCF52ECF037603D104035ECDC490BF059B7736E58EF7D821A09
                                                                                                  SHA-512:9D401053AC21A73863B461B0361DF1A17850F42FD5FC7A77763A124AA33F2E9493FAD018C78CDFF63CA10F6710E53255CE891AD6EC56EC77D770C4630F274933
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\GPUCache\data_2

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\GPUCache\data_3

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8192
                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\GPUCache\index

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                  Category:dropped
                                                                                                  Size (bytes):262512
                                                                                                  Entropy (8bit):8.888592939060574E-4
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:2A6CD104423CC3608AF5C6F5B5309552
                                                                                                  SHA1:696B2FB328C0591B3EAA7D4F7AF0EF94D8E069FA
                                                                                                  SHA-256:5413CBE1806F021A4C3F1C589F6811A6E9EFB2735C197BF5A37EF30B880057D9
                                                                                                  SHA-512:D193D9B7957263E8B68B09DAF5B69DE2D1840FC40BBD3082F5FD08148660278656F232ED3148C330A0DFEB90E46DD5FBA8E4DD84567DA5FADD98E5488D62CBF2
                                                                                                  Malicious:false
                                                                                                  Preview:...........................................*.C/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Local State (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):389
                                                                                                  Entropy (8bit):5.622495445356194
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:765C81A5DDAFB5B8AD4CFEECCE2B180F
                                                                                                  SHA1:ADE6394743398449756AAC910FDE4B88FABAB062
                                                                                                  SHA-256:9653CF24DA341D43D480A89C4A9EB5C6186EEAC3FB2BD776ACFDC8EAEC1E85ED
                                                                                                  SHA-512:14A1AFCD384A73054684952BA8E52258A72CDA8DDEB05BFFDEEBE5F425C00DCD3D6F3CA188C92F7158B9818FD053A4BA0F59D16F03C69D959862C16EB0A3AB92
                                                                                                  Malicious:false
                                                                                                  Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADGlNUcyBIhTKN7OLH5xavYAAAAAAIAAAAAABBmAAAAAQAAIAAAAKkvCmpA+ZqZ3SIXrICxoV/qI526d9SVayY6yjsk9lwgAAAAAA6AAAAAAgAAIAAAAHwEQbnoAGtU+CR7OgbmPSLbaUrJ3Uty0dsT1wGtNW3oMAAAAIE4KNNxnpVz9dHwTJz8jcAHX/5f9a2+MYAP9UaFFeqVGeYhuKh7cC/tdeNb2cWoWkAAAAAkJJVgVN7YJyLel2Y9BHMtK18LGz6lTiMwqgd+9CrK0+5ZKQmmjibIlUcwLSKNumuw14eWyJIlXpqnaB3tnwMx"}}

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Local Storage\leveldb\000001.dbtmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16
                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                  Malicious:false
                                                                                                  Preview:MANIFEST-000001.

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Local Storage\leveldb\CURRENT (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):16
                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                  Malicious:false
                                                                                                  Preview:MANIFEST-000001.

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Local Storage\leveldb\MANIFEST-000001

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:PGP\011Secret Key -
                                                                                                  Category:dropped
                                                                                                  Size (bytes):41
                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                  Malicious:false
                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Network\17c5a9e5-5410-4dc8-9fb7-71cc2d7791e5.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):59
                                                                                                  Entropy (8bit):4.619434150836742
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                  SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                  SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                  SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                  Malicious:false
                                                                                                  Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Network\6ea2c39e-46f0-4197-9ec1-640e893996cd.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):383
                                                                                                  Entropy (8bit):5.001078516300516
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:4B83EEBE6E2EA2A146C68474D3DABF02
                                                                                                  SHA1:0D886C4DB2FABE1990E823E80773C325D04C7B56
                                                                                                  SHA-256:FBEA7364532D6649297FE11C0CBB073FD01C1C58204AC112B88C24F93A63B317
                                                                                                  SHA-512:2EE11F0B072D90B09CC19E5936029AE2624F37DA524E38CF6C2E5EA9614AF4E8CECE47582B552A679D418CA84EC4B3949A7729057CCBD43818D4EE295E54B493
                                                                                                  Malicious:false
                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13306554589862982","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13306554589862983","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ajax.googleapis.com"}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Network\Network Persistent State (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with very long lines, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):383
                                                                                                  Entropy (8bit):5.001078516300516
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:4B83EEBE6E2EA2A146C68474D3DABF02
                                                                                                  SHA1:0D886C4DB2FABE1990E823E80773C325D04C7B56
                                                                                                  SHA-256:FBEA7364532D6649297FE11C0CBB073FD01C1C58204AC112B88C24F93A63B317
                                                                                                  SHA-512:2EE11F0B072D90B09CC19E5936029AE2624F37DA524E38CF6C2E5EA9614AF4E8CECE47582B552A679D418CA84EC4B3949A7729057CCBD43818D4EE295E54B493
                                                                                                  Malicious:false
                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13306554589862982","port":443,"protocol_str":"quic"},{"advertised_alpns":["h3-Q050"],"expiration":"13306554589862983","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ajax.googleapis.com"}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                  C:\Users\user\AppData\Roaming\GalacticFever\Preferences (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):57
                                                                                                  Entropy (8bit):4.283088322451805
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:58127C59CB9E1DA127904C341D15372B
                                                                                                  SHA1:62445484661D8036CE9788BAEABA31D204E9A5FC
                                                                                                  SHA-256:BE4B8924AB38E8ACF350E6E3B9F1F63A1A94952D8002759ACD6946C4D5D0B5DE
                                                                                                  SHA-512:8D1815B277A93AD590FF79B6F52C576CF920C38C4353C24193F707D66884C942F39FF3989530055D2FADE540ADE243B41B6EB03CD0CC361C3B5D514CCA28B50A
                                                                                                  Malicious:false
                                                                                                  Preview:{"spellcheck":{"dictionaries":["en-US"],"dictionary":""}}

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2
                                                                                                  Entropy (8bit):1.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                  Malicious:false
                                                                                                  Preview:..

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2
                                                                                                  Entropy (8bit):1.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                  Malicious:false
                                                                                                  Preview:..

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2
                                                                                                  Entropy (8bit):1.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                  SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                  SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                  SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                  Malicious:false
                                                                                                  Preview:..

                                                                                                  \Device\Null

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\cmd.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):93
                                                                                                  Entropy (8bit):4.271218378323433
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:
                                                                                                  MD5:D097D4A505F65CC2EE9D32FD7FD41B9D
                                                                                                  SHA1:219FE92E87A4735ED357B4930E6EEEB6C30FBEB6
                                                                                                  SHA-256:718466249FB3C0CB0685D9AAD717FD4B6B0CE66A95ECE85CF1384E4B8CB7F21F
                                                                                                  SHA-512:C2280016B7F27E28E0893B3E2AECCE764B54AB8CBB6BD5F50C8DD50955B48CEFE6C53575DEF33063B1CBC2EE8868C641DD86B1E86625ACED0AC5082C8E69B151
                                                                                                  Malicious:false
                                                                                                  Preview:'//' is not recognized as an internal or external command,..operable program or batch file...

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                  Entropy (8bit):7.999356875048671
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:GalacticFever.exe
                                                                                                  File size:63310848
                                                                                                  MD5:33c8ea1dd93deaaede1f0bd3e0a42063
                                                                                                  SHA1:4ed5fcbd7b9daeaa5c0efd0779c2eab2e2961052
                                                                                                  SHA256:25430e59e4fe75f23e8f1f5a11b7b104eaa045db2494122383746fbcdb374cdf
                                                                                                  SHA512:b7856b0cc4b74bbcf4006296166b9ba12fd7c1de87e63b6512067a58352af8217d0bddee9c9e5d56a734e14ae2f51f47a93f2b6844f8c9c2f2185a17b17d9e3a
                                                                                                  SSDEEP:1572864:Utve/JYrUzV2LyuNewezMLEsXAXHn/isxg39sCz/Qm7a7:UlkWSVpIoMLEsXg/2s0a7
                                                                                                  TLSH:53D73311FC359A37E4E2827B0BF9EBEC5C8027860740EB67276DF7E5A6065D2069181F
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                  File Icon

                                                                                                  Icon Hash:100c1232b2320c10

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x40338f
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:false
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:4
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:4
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:4
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  sub esp, 000002D4h
                                                                                                  push ebx
                                                                                                  push esi
                                                                                                  push edi
                                                                                                  push 00000020h
                                                                                                  pop edi
                                                                                                  xor ebx, ebx
                                                                                                  push 00008001h
                                                                                                  mov dword ptr [esp+14h], ebx
                                                                                                  mov dword ptr [esp+10h], 0040A2E0h
                                                                                                  mov dword ptr [esp+1Ch], ebx
                                                                                                  call dword ptr [004080A8h]
                                                                                                  call dword ptr [004080A4h]
                                                                                                  and eax, BFFFFFFFh
                                                                                                  cmp ax, 00000006h
                                                                                                  mov dword ptr [0047AEECh], eax
                                                                                                  je 00007F3940534C73h
                                                                                                  push ebx
                                                                                                  call 00007F3940537F25h
                                                                                                  cmp eax, ebx
                                                                                                  je 00007F3940534C69h
                                                                                                  push 00000C00h
                                                                                                  call eax
                                                                                                  mov esi, 004082B0h
                                                                                                  push esi
                                                                                                  call 00007F3940537E9Fh
                                                                                                  push esi
                                                                                                  call dword ptr [00408150h]
                                                                                                  lea esi, dword ptr [esi+eax+01h]
                                                                                                  cmp byte ptr [esi], 00000000h
                                                                                                  jne 00007F3940534C4Ch
                                                                                                  push 0000000Ah
                                                                                                  call 00007F3940537EF8h
                                                                                                  push 00000008h
                                                                                                  call 00007F3940537EF1h
                                                                                                  push 00000006h
                                                                                                  mov dword ptr [0047AEE4h], eax
                                                                                                  call 00007F3940537EE5h
                                                                                                  cmp eax, ebx
                                                                                                  je 00007F3940534C71h
                                                                                                  push 0000001Eh
                                                                                                  call eax
                                                                                                  test eax, eax
                                                                                                  je 00007F3940534C69h
                                                                                                  or byte ptr [0047AEEFh], 00000040h
                                                                                                  push ebp
                                                                                                  call dword ptr [00408044h]
                                                                                                  push ebx
                                                                                                  call dword ptr [004082A0h]
                                                                                                  mov dword ptr [0047AFB8h], eax
                                                                                                  push ebx
                                                                                                  lea eax, dword ptr [esp+34h]
                                                                                                  push 000002B4h
                                                                                                  push eax
                                                                                                  push ebx
                                                                                                  push 00440208h
                                                                                                  call dword ptr [00408188h]
                                                                                                  push 0040A2C8h

                                                                                                  Rich Headers

                                                                                                  Programming Language:
                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x10b0000x42a38.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x66270x6800False0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                  .rdata0x80000x14a20x1600False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .data0xa0000x70ff80x600False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .ndata0x7b0000x900000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .rsrc0x10b0000x42a380x42c00False0.08932803721910113data3.0421560069069686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                  RT_ICON0x10b1d80x42028dataEnglishUnited States
                                                                                                  RT_DIALOG0x14d2000x100dataEnglishUnited States
                                                                                                  RT_DIALOG0x14d3000xf8dataEnglishUnited States
                                                                                                  RT_DIALOG0x14d3f80x60dataEnglishUnited States
                                                                                                  RT_GROUP_ICON0x14d4580x14dataEnglishUnited States
                                                                                                  RT_VERSION0x14d4700x288dataEnglishUnited States
                                                                                                  RT_MANIFEST0x14d6f80x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                  USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                  ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                  COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Aug 3, 2022 02:09:12.096823931 CEST49803443192.168.11.2034.117.59.81
                                                                                                  Aug 3, 2022 02:09:12.096843004 CEST4434980334.117.59.81192.168.11.20
                                                                                                  Aug 3, 2022 02:09:12.097189903 CEST49803443192.168.11.2034.117.59.81
                                                                                                  Aug 3, 2022 02:09:12.113044024 CEST49803443192.168.11.2034.117.59.81
                                                                                                  Aug 3, 2022 02:09:12.113050938 CEST4434980334.117.59.81192.168.11.20
                                                                                                  Aug 3, 2022 02:09:12.136508942 CEST4434980334.117.59.81192.168.11.20
                                                                                                  Aug 3, 2022 02:09:12.139934063 CEST49803443192.168.11.2034.117.59.81
                                                                                                  Aug 3, 2022 02:09:12.140758038 CEST4434980334.117.59.81192.168.11.20
                                                                                                  Aug 3, 2022 02:09:12.141067982 CEST49803443192.168.11.2034.117.59.81
                                                                                                  Aug 3, 2022 02:09:12.147336960 CEST49803443192.168.11.2034.117.59.81
                                                                                                  Aug 3, 2022 02:09:12.147447109 CEST4434980334.117.59.81192.168.11.20
                                                                                                  Aug 3, 2022 02:09:12.147711039 CEST49803443192.168.11.2034.117.59.81
                                                                                                  Aug 3, 2022 02:09:16.621756077 CEST49804443192.168.11.2045.154.253.153
                                                                                                  Aug 3, 2022 02:09:16.621831894 CEST4434980445.154.253.153192.168.11.20
                                                                                                  Aug 3, 2022 02:09:16.622112036 CEST49804443192.168.11.2045.154.253.153
                                                                                                  Aug 3, 2022 02:09:16.622426033 CEST49804443192.168.11.2045.154.253.153
                                                                                                  Aug 3, 2022 02:09:16.622462034 CEST4434980445.154.253.153192.168.11.20
                                                                                                  Aug 3, 2022 02:09:16.680421114 CEST4434980445.154.253.153192.168.11.20
                                                                                                  Aug 3, 2022 02:09:16.681080103 CEST49804443192.168.11.2045.154.253.153
                                                                                                  Aug 3, 2022 02:09:16.681113958 CEST4434980445.154.253.153192.168.11.20
                                                                                                  Aug 3, 2022 02:09:16.681852102 CEST4434980445.154.253.153192.168.11.20
                                                                                                  Aug 3, 2022 02:09:16.682097912 CEST49804443192.168.11.2045.154.253.153
                                                                                                  Aug 3, 2022 02:09:16.682934046 CEST49804443192.168.11.2045.154.253.153
                                                                                                  Aug 3, 2022 02:09:16.683017969 CEST4434980445.154.253.153192.168.11.20
                                                                                                  Aug 3, 2022 02:09:16.683300018 CEST49804443192.168.11.2045.154.253.153
                                                                                                  Aug 3, 2022 02:09:42.168420076 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.168437958 CEST44349808172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.168704987 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.169080019 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.169090986 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.169209957 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.169651985 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.169663906 CEST44349808172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.170022964 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.170031071 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.183413029 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.184120893 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.184950113 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.185178041 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.193104029 CEST44349808172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.193974018 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.194840908 CEST44349808172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.195053101 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.291146994 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.291246891 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.291450024 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.291459084 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.291634083 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.291712046 CEST44349808172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.291877985 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.309997082 CEST44349808172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.310209990 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.310730934 CEST49808443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.310740948 CEST44349808172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.337871075 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.338143110 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.338423014 CEST49809443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.338429928 CEST443498099.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.423219919 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.423240900 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.423382044 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.423885107 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.423896074 CEST44349811172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.424032927 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.424127102 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.424137115 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.424499035 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.424511909 CEST44349811172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.432944059 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.433353901 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.434190989 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.434392929 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.435966015 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.436039925 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.436110973 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.443557024 CEST44349811172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.443974972 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.444783926 CEST44349811172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.444967985 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.446187973 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.446233988 CEST44349811172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.446325064 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.461308956 CEST44349811172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.461488008 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.461684942 CEST49811443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:42.461705923 CEST44349811172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.478471994 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.480087996 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.480097055 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.482623100 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.482821941 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.483011961 CEST49810443192.168.11.209.9.9.9
                                                                                                  Aug 3, 2022 02:09:42.483021021 CEST443498109.9.9.9192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.114155054 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.114254951 CEST44349812172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.114483118 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.114875078 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.114938021 CEST44349812172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.139717102 CEST44349812172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.140254021 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.141272068 CEST44349812172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.141927004 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.142003059 CEST44349812172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.142083883 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.156857014 CEST44349812172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.157128096 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.157352924 CEST49812443192.168.11.20172.64.145.85
                                                                                                  Aug 3, 2022 02:09:50.157370090 CEST44349812172.64.145.85192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.158194065 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.158255100 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.158412933 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.158736944 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.158756971 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.207442999 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.207982063 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.208041906 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.211416960 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.211606026 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.213275909 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.213445902 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.213459969 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.224849939 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.224961042 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.225023985 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.225169897 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.225193024 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.225199938 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.225305080 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.225361109 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.225511074 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.225542068 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.225676060 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.225708008 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.226113081 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.226217985 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.226588011 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.226608038 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.233666897 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.233773947 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.233844995 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.233901024 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.234067917 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.234096050 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.234106064 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.234271049 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.234452963 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.234702110 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.234816074 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.235093117 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.235121965 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.235812902 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.235872984 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.236114979 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.236135960 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.236450911 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.236468077 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.236483097 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.236644030 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.236665010 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.237639904 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.237700939 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.237931013 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.237948895 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.238173008 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.238198996 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.238317013 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.238540888 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.238560915 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.239186049 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.239254951 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.239362001 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.239381075 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.239675045 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.242624044 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.242799997 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.242897034 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.242997885 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.243097067 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.243130922 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.243140936 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.243313074 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.243860006 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.244441032 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.244570017 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.244642019 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.244676113 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.244802952 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.244966984 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.244988918 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.245011091 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.245189905 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.245429993 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.245630026 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.245824099 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.245851994 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.246104002 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.246205091 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.246283054 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.246310949 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.246457100 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.246649027 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.246696949 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.246958971 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.246994972 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.247476101 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.247601032 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.247662067 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.247699022 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.248007059 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.248034000 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.248050928 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.248235941 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.248327971 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.248392105 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.248416901 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.248486996 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.249707937 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.249840021 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.249922037 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.249955893 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.250039101 CEST44349813216.58.212.170192.168.11.20
                                                                                                  Aug 3, 2022 02:09:50.250207901 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.250232935 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.250396967 CEST49813443192.168.11.20216.58.212.170
                                                                                                  Aug 3, 2022 02:09:50.250430107 CEST44349813216.58.212.170192.168.11.20

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Aug 3, 2022 02:08:56.859442949 CEST5114553192.168.11.201.1.1.1
                                                                                                  Aug 3, 2022 02:08:56.868643999 CEST53511451.1.1.1192.168.11.20
                                                                                                  Aug 3, 2022 02:09:16.440419912 CEST6401953192.168.11.201.1.1.1
                                                                                                  Aug 3, 2022 02:09:16.620126963 CEST53640191.1.1.1192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.154122114 CEST5564653192.168.11.201.1.1.1
                                                                                                  Aug 3, 2022 02:09:42.154140949 CEST5421753192.168.11.201.1.1.1
                                                                                                  Aug 3, 2022 02:09:42.163024902 CEST53556461.1.1.1192.168.11.20
                                                                                                  Aug 3, 2022 02:09:42.163108110 CEST53542171.1.1.1192.168.11.20

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                  Aug 3, 2022 02:08:56.859442949 CEST192.168.11.201.1.1.10xf330Standard query (0)ipinfo.ioA (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:16.440419912 CEST192.168.11.201.1.1.10x5c39Standard query (0)api.anonfile.comA (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:42.154122114 CEST192.168.11.201.1.1.10x95f8Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:42.154140949 CEST192.168.11.201.1.1.10xf876Standard query (0)dns.quad9.netA (IP address)IN (0x0001)

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                  Aug 3, 2022 02:08:56.868643999 CEST1.1.1.1192.168.11.200xf330No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:16.620126963 CEST1.1.1.1192.168.11.200x5c39No error (0)api.anonfile.com45.154.253.153A (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:42.163024902 CEST1.1.1.1192.168.11.200x95f8No error (0)chrome.cloudflare-dns.com172.64.145.85A (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:42.163024902 CEST1.1.1.1192.168.11.200x95f8No error (0)chrome.cloudflare-dns.com104.18.42.171A (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:42.163108110 CEST1.1.1.1192.168.11.200xf876No error (0)dns.quad9.net9.9.9.9A (IP address)IN (0x0001)
                                                                                                  Aug 3, 2022 02:09:42.163108110 CEST1.1.1.1192.168.11.200xf876No error (0)dns.quad9.net149.112.112.112A (IP address)IN (0x0001)

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • dns.quad9.net
                                                                                                  • chrome.cloudflare-dns.com
                                                                                                  • ajax.googleapis.com

                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  0192.168.11.20498099.9.9.9443C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2022-08-03 00:09:42 UTC0OUTPOST /dns-query HTTP/1.1
                                                                                                  Host: dns.quad9.net
                                                                                                  Connection: keep-alive
                                                                                                  Content-Length: 128
                                                                                                  Accept: application/dns-message
                                                                                                  Accept-Language: *
                                                                                                  User-Agent: Chrome
                                                                                                  Accept-Encoding: identity
                                                                                                  Content-Type: application/dns-message
                                                                                                  2022-08-03 00:09:42 UTC0OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                  2022-08-03 00:09:42 UTC1INHTTP/1.1 200 OK
                                                                                                  Date: Wed, 03 Aug 2022 00:09:42 GMT
                                                                                                  Connection: close
                                                                                                  Content-Length: 60
                                                                                                  Server: h2o/dnsdist
                                                                                                  content-type: application/dns-message
                                                                                                  cache-control: max-age=10
                                                                                                  2022-08-03 00:09:42 UTC1INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 0a 00 04 8e fa cb 63 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcomc)


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  1192.168.11.2049808172.64.145.85443C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2022-08-03 00:09:42 UTC0OUTPOST /dns-query HTTP/1.1
                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                  Connection: keep-alive
                                                                                                  Content-Length: 128
                                                                                                  Accept: application/dns-message
                                                                                                  Accept-Language: *
                                                                                                  User-Agent: Chrome
                                                                                                  Accept-Encoding: identity
                                                                                                  Content-Type: application/dns-message
                                                                                                  2022-08-03 00:09:42 UTC0OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                  2022-08-03 00:09:42 UTC0INHTTP/1.1 200 OK
                                                                                                  Server: cloudflare
                                                                                                  Date: Wed, 03 Aug 2022 00:09:42 GMT
                                                                                                  Content-Type: application/dns-message
                                                                                                  Connection: close
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Content-Length: 468
                                                                                                  CF-RAY: 734ad377583e9b57-FRA
                                                                                                  2022-08-03 00:09:42 UTC0INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 14 00 04 d8 3a d0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcom:)


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  2192.168.11.20498109.9.9.9443C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2022-08-03 00:09:42 UTC1OUTPOST /dns-query HTTP/1.1
                                                                                                  Host: dns.quad9.net
                                                                                                  Connection: keep-alive
                                                                                                  Content-Length: 128
                                                                                                  Accept: application/dns-message
                                                                                                  Accept-Language: *
                                                                                                  User-Agent: Chrome
                                                                                                  Accept-Encoding: identity
                                                                                                  Content-Type: application/dns-message
                                                                                                  2022-08-03 00:09:42 UTC1OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                  2022-08-03 00:09:42 UTC3INHTTP/1.1 200 OK
                                                                                                  Date: Wed, 03 Aug 2022 00:09:42 GMT
                                                                                                  Connection: close
                                                                                                  Content-Length: 60
                                                                                                  Server: h2o/dnsdist
                                                                                                  content-type: application/dns-message
                                                                                                  cache-control: max-age=86
                                                                                                  2022-08-03 00:09:42 UTC3INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 56 00 04 8e fa cb 63 00 00 29 02 00 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcomVc)


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  3192.168.11.2049811172.64.145.85443C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2022-08-03 00:09:42 UTC1OUTPOST /dns-query HTTP/1.1
                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                  Connection: keep-alive
                                                                                                  Content-Length: 128
                                                                                                  Accept: application/dns-message
                                                                                                  Accept-Language: *
                                                                                                  User-Agent: Chrome
                                                                                                  Accept-Encoding: identity
                                                                                                  Content-Type: application/dns-message
                                                                                                  2022-08-03 00:09:42 UTC2OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                  2022-08-03 00:09:42 UTC2INHTTP/1.1 200 OK
                                                                                                  Server: cloudflare
                                                                                                  Date: Wed, 03 Aug 2022 00:09:42 GMT
                                                                                                  Content-Type: application/dns-message
                                                                                                  Connection: close
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Content-Length: 468
                                                                                                  CF-RAY: 734ad3785b399214-FRA
                                                                                                  2022-08-03 00:09:42 UTC2INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 39 00 04 8e fa b9 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: wwwgstaticcom9)


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  4192.168.11.2049812172.64.145.85443C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2022-08-03 00:09:50 UTC3OUTPOST /dns-query HTTP/1.1
                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                  Connection: keep-alive
                                                                                                  Content-Length: 128
                                                                                                  Accept: application/dns-message
                                                                                                  Accept-Language: *
                                                                                                  User-Agent: Chrome
                                                                                                  Accept-Encoding: identity
                                                                                                  Content-Type: application/dns-message
                                                                                                  2022-08-03 00:09:50 UTC3OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 61 6a 61 78 0a 67 6f 6f 67 6c 65 61 70 69 73 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 50 00 0c 00 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: ajaxgoogleapiscom)PL
                                                                                                  2022-08-03 00:09:50 UTC3INHTTP/1.1 200 OK
                                                                                                  Server: cloudflare
                                                                                                  Date: Wed, 03 Aug 2022 00:09:50 GMT
                                                                                                  Content-Type: application/dns-message
                                                                                                  Connection: close
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Content-Length: 468
                                                                                                  CF-RAY: 734ad3a879e79290-FRA
                                                                                                  2022-08-03 00:09:50 UTC3INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 04 61 6a 61 78 0a 67 6f 6f 67 6c 65 61 70 69 73 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e8 00 04 d8 3a d4 aa 00 00 29 04 d0 00 00 00 00 01 94 00 0c 01 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Data Ascii: ajaxgoogleapiscom:)


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                  5192.168.11.2049813216.58.212.170443C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                  2022-08-03 00:09:50 UTC4OUTGET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
                                                                                                  Host: ajax.googleapis.com
                                                                                                  Connection: keep-alive
                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) GalacticFever/1.0.0 Chrome/100.0.4896.143 Electron/18.2.3 Safari/537.36
                                                                                                  Accept: */*
                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                  Sec-Fetch-Dest: script
                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                  Accept-Language: en-US
                                                                                                  2022-08-03 00:09:50 UTC4INHTTP/1.1 200 OK
                                                                                                  Accept-Ranges: bytes
                                                                                                  Vary: Accept-Encoding
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                  Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
                                                                                                  Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
                                                                                                  Timing-Allow-Origin: *
                                                                                                  Content-Length: 89501
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Server: sffe
                                                                                                  X-XSS-Protection: 0
                                                                                                  Date: Tue, 02 Aug 2022 21:43:59 GMT
                                                                                                  Expires: Wed, 02 Aug 2023 21:43:59 GMT
                                                                                                  Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
                                                                                                  Last-Modified: Wed, 10 Mar 2021 14:28:09 GMT
                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                  Age: 8751
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                  Connection: close
                                                                                                  2022-08-03 00:09:50 UTC5INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64
                                                                                                  Data Ascii: /*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.d
                                                                                                  2022-08-03 00:09:50 UTC5INData Raw: 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e 74 22 29 3b 72 65 74 75 72 6e 20 74 28 65 29 7d 3a 74 28 65 29 7d 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 3f 77 69 6e 64 6f 77 3a 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 43 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 74 3d 5b 5d 2c 72 3d 4f 62 6a 65 63 74 2e 67 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 2c 73 3d 74 2e 73 6c 69 63 65 2c 67 3d 74 2e 66 6c 61 74 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 2e 66 6c 61 74 2e 63 61 6c 6c 28 65 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74
                                                                                                  Data Ascii: ocument)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){ret
                                                                                                  2022-08-03 00:09:50 UTC7INData Raw: 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 53 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 2e 6d 61 70 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6e 2e 63 61 6c 6c 28 65 2c 74 2c 65 29 7d 29 29 7d 2c 73 6c 69 63 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 73 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 29 7d 2c 66 69 72 73 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 71 28 30 29 7d 2c 6c 61 73 74 3a 66 75 6e 63 74 69 6f 6e 28
                                                                                                  Data Ascii: ect=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(
                                                                                                  2022-08-03 00:09:50 UTC8INData Raw: 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 76 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f 6e 63 65 7d 2c 6e 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 30 3b 69 66 28 70 28 65 29 29 7b 66 6f 72 28 6e 3d 65 2e 6c 65 6e 67 74 68 3b 72 3c 6e 3b 72 2b 2b 29 69 66 28 21 31 3d 3d 3d 74
                                                                                                  Data Ascii: "==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t
                                                                                                  2022-08-03 00:09:50 UTC9INData Raw: 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74 5c 5c 72 5c 5c
                                                                                                  Data Ascii: .pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\
                                                                                                  2022-08-03 00:09:50 UTC11INData Raw: 5c 64 24 2f 69 2c 4b 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65
                                                                                                  Data Ascii: \d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode
                                                                                                  2022-08-03 00:09:50 UTC12INData Raw: 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 69 29 29 2c 6e 7d 69 66 28 64 2e 71 73 61 26 26 21 4e 5b 74 2b 22 20 22 5d 26 26 28 21 76 7c 7c 21 76 2e 74 65 73 74 28 74 29 29 26 26 28 31 21 3d 3d 70 7c 7c 22 6f 62 6a 65 63 74 22 21 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 29 7b 69 66 28 63 3d 74 2c 66 3d 65 2c 31 3d 3d 3d 70 26 26 28 55 2e 74 65 73 74 28 74 29 7c 7c 7a 2e 74 65 73 74 28 74 29 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 79 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65
                                                                                                  Data Ascii: sByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute
                                                                                                  2022-08-03 00:09:50 UTC13INData Raw: 69 6e 20 65 3f 22 6c 61 62 65 6c 22 69 6e 20 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3f 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 65 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 74 7c 7c 65 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 74 26 26 61 65 28 65 29 3d 3d 3d 74 3a 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 3a 22 6c 61 62 65 6c 22 69 6e 20 65 26 26 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 76 65 28 61 29 7b 72 65 74 75 72 6e 20 6c 65 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 2b 6f 2c 6c 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e
                                                                                                  Data Ascii: in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.
                                                                                                  2022-08-03 00:09:50 UTC14INData Raw: 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 7c 7c 21 43 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 4e 61 6d 65 28 53 29 2e 6c 65 6e 67 74 68 7d 29 2c 64 2e 67 65 74 42 79 49 64 3f 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 74 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 45 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b
                                                                                                  Data Ascii: tElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);
                                                                                                  2022-08-03 00:09:50 UTC16INData Raw: 63 74 65 64 3d 27 27 3e 3c 2f 6f 70 74 69 6f 6e 3e 3c 2f 73 65 6c 65 63 74 3e 22 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6d 73 61 6c 6c 6f 77 63 61 70 74 75 72 65 5e 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 26 26 76 2e 70 75 73 68 28 22 5b 2a 5e 24 5d 3d 22 2b 4d 2b 22 2a 28 3f 3a 27 27 7c 5c 22 5c 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 52 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 53 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 76 2e 70 75 73 68 28 22 7e 3d 22 29 2c 28 74 3d 43 2e 63 72 65 61 74
                                                                                                  Data Ascii: cted=''></option></select>",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.creat
                                                                                                  2022-08-03 00:09:50 UTC17INData Raw: 67 74 68 26 26 6e 65 77 20 52 65 67 45 78 70 28 76 2e 6a 6f 69 6e 28 22 7c 22 29 29 2c 73 3d 73 2e 6c 65 6e 67 74 68 26 26 6e 65 77 20 52 65 67 45 78 70 28 73 2e 6a 6f 69 6e 28 22 7c 22 29 29 2c 74 3d 4b 2e 74 65 73 74 28 61 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 29 2c 79 3d 74 7c 7c 4b 2e 74 65 73 74 28 61 2e 63 6f 6e 74 61 69 6e 73 29 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 3f 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3a 65 2c 72 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69
                                                                                                  Data Ascii: gth&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contai
                                                                                                  2022-08-03 00:09:50 UTC18INData Raw: 75 72 6e 20 6e 7d 63 61 74 63 68 28 65 29 7b 4e 28 74 2c 21 30 29 7d 72 65 74 75 72 6e 20 30 3c 73 65 28 74 2c 43 2c 6e 75 6c 6c 2c 5b 65 5d 29 2e 6c 65 6e 67 74 68 7d 2c 73 65 2e 63 6f 6e 74 61 69 6e 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 21 3d 43 26 26 54 28 65 29 2c 79 28 65 2c 74 29 7d 2c 73 65 2e 61 74 74 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 28 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 7c 7c 65 29 21 3d 43 26 26 54 28 65 29 3b 76 61 72 20 6e 3d 62 2e 61 74 74 72 48 61 6e 64 6c 65 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 2c 72 3d 6e 26 26 44 2e 63 61 6c 6c 28 62 2e 61 74 74 72 48 61 6e 64 6c 65 2c 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29
                                                                                                  Data Ascii: urn n}catch(e){N(t,!0)}return 0<se(t,C,null,[e]).length},se.contains=function(e,t){return(e.ownerDocument||e)!=C&&T(e),y(e,t)},se.attr=function(e,t){(e.ownerDocument||e)!=C&&T(e);var n=b.attrHandle[t.toLowerCase()],r=n&&D.call(b.attrHandle,t.toLowerCase()
                                                                                                  2022-08-03 00:09:50 UTC19INData Raw: 20 22 2b 65 5b 33 5d 2b 22 20 22 29 2c 65 2e 73 6c 69 63 65 28 30 2c 34 29 7d 2c 43 48 49 4c 44 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 5b 31 5d 3d 65 5b 31 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 22 6e 74 68 22 3d 3d 3d 65 5b 31 5d 2e 73 6c 69 63 65 28 30 2c 33 29 3f 28 65 5b 33 5d 7c 7c 73 65 2e 65 72 72 6f 72 28 65 5b 30 5d 29 2c 65 5b 34 5d 3d 2b 28 65 5b 34 5d 3f 65 5b 35 5d 2b 28 65 5b 36 5d 7c 7c 31 29 3a 32 2a 28 22 65 76 65 6e 22 3d 3d 3d 65 5b 33 5d 7c 7c 22 6f 64 64 22 3d 3d 3d 65 5b 33 5d 29 29 2c 65 5b 35 5d 3d 2b 28 65 5b 37 5d 2b 65 5b 38 5d 7c 7c 22 6f 64 64 22 3d 3d 3d 65 5b 33 5d 29 29 3a 65 5b 33 5d 26 26 73 65 2e 65 72 72 6f 72 28 65 5b 30 5d 29 2c 65 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28
                                                                                                  Data Ascii: "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(
                                                                                                  2022-08-03 00:09:50 UTC21INData Raw: 65 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 3d 79 21 3d 3d 6d 3f 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 3a 22 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 22 2c 63 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 78 26 26 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 70 3d 21 6e 26 26 21 78 2c 64 3d 21 31 3b 69 66 28 63 29 7b 69 66 28 79 29 7b 77 68 69 6c 65 28 6c 29 7b 61 3d 65 3b 77 68 69 6c 65 28 61 3d 61 5b 6c 5d 29 69 66 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 72 65 74 75 72 6e 21 31 3b 75 3d 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74
                                                                                                  Data Ascii: e}:function(e,t,n){var r,i,o,a,s,u,l=y!==m?"nextSibling":"previousSibling",c=e.parentNode,f=x&&e.nodeName.toLowerCase(),p=!n&&!x,d=!1;if(c){if(y){while(l){a=e;while(a=a[l])if(x?a.nodeName.toLowerCase()===f:1===a.nodeType)return!1;u=l="only"===h&&!u&&"next
                                                                                                  2022-08-03 00:09:50 UTC22INData Raw: 61 5d 29 26 26 28 65 5b 61 5d 3d 21 28 74 5b 61 5d 3d 69 29 29 7d 29 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 72 5b 30 5d 3d 65 2c 73 28 72 2c 6e 75 6c 6c 2c 6e 2c 69 29 2c 72 5b 30 5d 3d 6e 75 6c 6c 2c 21 69 2e 70 6f 70 28 29 7d 7d 29 2c 68 61 73 3a 6c 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 30 3c 73 65 28 74 2c 65 29 2e 6c 65 6e 67 74 68 7d 7d 29 2c 63 6f 6e 74 61 69 6e 73 3a 6c 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 2d 31 3c 28 65 2e 74 65 78 74 43 6f 6e 74 65 6e 74 7c 7c 6f 28 65 29 29 2e 69 6e 64 65 78 4f 66
                                                                                                  Data Ascii: a])&&(e[a]=!(t[a]=i))}):function(e,t,n){return r[0]=e,s(r,null,n,i),r[0]=null,!i.pop()}}),has:le(function(t){return function(e){return 0<se(t,e).length}}),contains:le(function(t){return t=t.replace(te,ne),function(e){return-1<(e.textContent||o(e)).indexOf
                                                                                                  2022-08-03 00:09:50 UTC23INData Raw: 26 22 62 75 74 74 6f 6e 22 3d 3d 3d 65 2e 74 79 70 65 7c 7c 22 62 75 74 74 6f 6e 22 3d 3d 3d 74 7d 2c 74 65 78 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 22 69 6e 70 75 74 22 3d 3d 3d 65 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 26 26 22 74 65 78 74 22 3d 3d 3d 65 2e 74 79 70 65 26 26 28 6e 75 6c 6c 3d 3d 28 74 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 29 29 7c 7c 22 74 65 78 74 22 3d 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7d 2c 66 69 72 73 74 3a 76 65 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 5b 30 5d 7d 29 2c 6c 61 73 74 3a 76 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 5b 74 2d 31 5d 7d 29 2c 65 71 3a 76 65 28 66 75 6e
                                                                                                  Data Ascii: &"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||"text"===t.toLowerCase())},first:ve(function(){return[0]}),last:ve(function(e,t){return[t-1]}),eq:ve(fun
                                                                                                  2022-08-03 00:09:50 UTC25INData Raw: 65 28 69 29 7b 72 65 74 75 72 6e 20 31 3c 69 2e 6c 65 6e 67 74 68 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 69 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 72 2d 2d 29 69 66 28 21 69 5b 72 5d 28 65 2c 74 2c 6e 29 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3a 69 5b 30 5d 7d 66 75 6e 63 74 69 6f 6e 20 54 65 28 65 2c 74 2c 6e 2c 72 2c 69 29 7b 66 6f 72 28 76 61 72 20 6f 2c 61 3d 5b 5d 2c 73 3d 30 2c 75 3d 65 2e 6c 65 6e 67 74 68 2c 6c 3d 6e 75 6c 6c 21 3d 74 3b 73 3c 75 3b 73 2b 2b 29 28 6f 3d 65 5b 73 5d 29 26 26 28 6e 26 26 21 6e 28 6f 2c 72 2c 69 29 7c 7c 28 61 2e 70 75 73 68 28 6f 29 2c 6c 26 26 74 2e 70 75 73 68 28 73 29 29 29 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 43 65 28 64 2c 68 2c 67 2c 76 2c
                                                                                                  Data Ascii: e(i){return 1<i.length?function(e,t,n){var r=i.length;while(r--)if(!i[r](e,t,n))return!1;return!0}:i[0]}function Te(e,t,n,r,i){for(var o,a=[],s=0,u=e.length,l=null!=t;s<u;s++)(o=e[s])&&(n&&!n(o,r,i)||(a.push(o),l&&t.push(s)));return a}function Ce(d,h,g,v,
                                                                                                  2022-08-03 00:09:50 UTC26INData Raw: 65 28 30 2c 73 2d 31 29 2e 63 6f 6e 63 61 74 28 7b 76 61 6c 75 65 3a 22 20 22 3d 3d 3d 65 5b 73 2d 32 5d 2e 74 79 70 65 3f 22 2a 22 3a 22 22 7d 29 29 2e 72 65 70 6c 61 63 65 28 24 2c 22 24 31 22 29 2c 74 2c 73 3c 6e 26 26 45 65 28 65 2e 73 6c 69 63 65 28 73 2c 6e 29 29 2c 6e 3c 72 26 26 45 65 28 65 3d 65 2e 73 6c 69 63 65 28 6e 29 29 2c 6e 3c 72 26 26 78 65 28 65 29 29 7d 63 2e 70 75 73 68 28 74 29 7d 72 65 74 75 72 6e 20 77 65 28 63 29 7d 72 65 74 75 72 6e 20 6d 65 2e 70 72 6f 74 6f 74 79 70 65 3d 62 2e 66 69 6c 74 65 72 73 3d 62 2e 70 73 65 75 64 6f 73 2c 62 2e 73 65 74 46 69 6c 74 65 72 73 3d 6e 65 77 20 6d 65 2c 68 3d 73 65 2e 74 6f 6b 65 6e 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 61 2c 73 2c 75 2c 6c
                                                                                                  Data Ascii: e(0,s-1).concat({value:" "===e[s-2].type?"*":""})).replace($,"$1"),t,s<n&&Ee(e.slice(s,n)),n<r&&Ee(e=e.slice(n)),n<r&&xe(e))}c.push(t)}return we(c)}return me.prototype=b.filters=b.pseudos,b.setFilters=new me,h=se.tokenize=function(e,t){var n,r,i,o,a,s,u,l
                                                                                                  2022-08-03 00:09:50 UTC27INData Raw: 6e 67 74 68 26 26 31 3c 75 2b 79 2e 6c 65 6e 67 74 68 26 26 73 65 2e 75 6e 69 71 75 65 53 6f 72 74 28 72 29 7d 72 65 74 75 72 6e 20 69 26 26 28 6b 3d 68 2c 77 3d 70 29 2c 63 7d 2c 6d 3f 6c 65 28 72 29 3a 72 29 29 29 2e 73 65 6c 65 63 74 6f 72 3d 65 7d 72 65 74 75 72 6e 20 61 7d 2c 67 3d 73 65 2e 73 65 6c 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 76 61 72 20 69 2c 6f 2c 61 2c 73 2c 75 2c 6c 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 65 2c 63 3d 21 72 26 26 68 28 65 3d 6c 2e 73 65 6c 65 63 74 6f 72 7c 7c 65 29 3b 69 66 28 6e 3d 6e 7c 7c 5b 5d 2c 31 3d 3d 3d 63 2e 6c 65 6e 67 74 68 29 7b 69 66 28 32 3c 28 6f 3d 63 5b 30 5d 3d 63 5b 30 5d 2e 73 6c 69 63 65 28 30 29 29 2e 6c 65 6e 67 74 68 26 26 22 49 44 22 3d
                                                                                                  Data Ascii: ngth&&1<u+y.length&&se.uniqueSort(r)}return i&&(k=h,w=p),c},m?le(r):r))).selector=e}return a},g=se.select=function(e,t,n,r){var i,o,a,s,u,l="function"==typeof e&&e,c=!r&&h(e=l.selector||e);if(n=n||[],1===c.length){if(2<(o=c[0]=c[0].slice(0)).length&&"ID"=
                                                                                                  2022-08-03 00:09:50 UTC28INData Raw: 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 72 65 74 75 72 6e 20 65 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 7d 29 2c 63 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 69 73 61 62 6c 65 64 22 29 7d 29 7c 7c 66 65 28 52 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3b 69 66 28 21 6e 29 72 65 74 75 72 6e 21 30 3d 3d 3d 65 5b 74 5d 3f 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3a 28 72 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 74 29 29 26 26 72 2e 73 70 65 63 69 66 69 65 64 3f 72 2e 76 61 6c 75 65 3a 6e 75 6c 6c 7d 29 2c 73 65 7d 28 43 29 3b 53 2e 66 69 6e 64 3d 64 2c 53 2e 65 78 70 72 3d 64 2e 73 65 6c 65 63
                                                                                                  Data Ascii: .nodeName.toLowerCase())return e.defaultValue}),ce(function(e){return null==e.getAttribute("disabled")})||fe(R,function(e,t,n){var r;if(!n)return!0===e[t]?t.toLowerCase():(r=e.getAttributeNode(t))&&r.specified?r.value:null}),se}(C);S.find=d,S.expr=d.selec
                                                                                                  2022-08-03 00:09:50 UTC30INData Raw: 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 53 28 65 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 74 3d 30 3b 74 3c 72 3b 74 2b 2b 29 69 66 28 53 2e 63 6f 6e 74 61 69 6e 73 28 69 5b 74 5d 2c 74 68 69 73 29 29 72 65 74 75 72 6e 21 30 7d 29 29 3b 66 6f 72 28 6e 3d 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 5b 5d 29 2c 74 3d 30 3b 74 3c 72 3b 74 2b 2b 29 53 2e 66 69 6e 64 28 65 2c 69 5b 74 5d 2c 6e 29 3b 72 65 74 75 72 6e 20 31 3c 72 3f 53 2e 75 6e 69 71 75 65 53 6f 72 74 28 6e 29 3a 6e 7d 2c 66 69 6c 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 6a 28 74 68 69 73 2c 65 7c 7c 5b 5d 2c 21 31 29 29 7d 2c 6e 6f 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65
                                                                                                  Data Ascii: n this.pushStack(S(e).filter(function(){for(t=0;t<r;t++)if(S.contains(i[t],this))return!0}));for(n=this.pushStack([]),t=0;t<r;t++)S.find(e,i[t],n);return 1<r?S.uniqueSort(n):n},filter:function(e){return this.pushStack(j(this,e||[],!1))},not:function(e){re
                                                                                                  2022-08-03 00:09:50 UTC31INData Raw: 69 66 28 53 2e 63 6f 6e 74 61 69 6e 73 28 74 68 69 73 2c 74 5b 65 5d 29 29 72 65 74 75 72 6e 21 30 7d 29 7d 2c 63 6c 6f 73 65 73 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 30 2c 69 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 6f 3d 5b 5d 2c 61 3d 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 65 26 26 53 28 65 29 3b 69 66 28 21 6b 2e 74 65 73 74 28 65 29 29 66 6f 72 28 3b 72 3c 69 3b 72 2b 2b 29 66 6f 72 28 6e 3d 74 68 69 73 5b 72 5d 3b 6e 26 26 6e 21 3d 3d 74 3b 6e 3d 6e 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 6e 2e 6e 6f 64 65 54 79 70 65 3c 31 31 26 26 28 61 3f 2d 31 3c 61 2e 69 6e 64 65 78 28 6e 29 3a 31 3d 3d 3d 6e 2e 6e 6f 64 65 54 79 70 65 26 26 53 2e 66 69 6e 64 2e 6d 61 74 63 68 65 73 53 65 6c 65 63 74 6f 72 28 6e
                                                                                                  Data Ascii: if(S.contains(this,t[e]))return!0})},closest:function(e,t){var n,r=0,i=this.length,o=[],a="string"!=typeof e&&S(e);if(!k.test(e))for(;r<i;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(n.nodeType<11&&(a?-1<a.index(n):1===n.nodeType&&S.find.matchesSelector(n
                                                                                                  2022-08-03 00:09:50 UTC32INData Raw: 6d 65 6e 74 26 26 72 28 65 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 29 3f 65 2e 63 6f 6e 74 65 6e 74 44 6f 63 75 6d 65 6e 74 3a 28 41 28 65 2c 22 74 65 6d 70 6c 61 74 65 22 29 26 26 28 65 3d 65 2e 63 6f 6e 74 65 6e 74 7c 7c 65 29 2c 53 2e 6d 65 72 67 65 28 5b 5d 2c 65 2e 63 68 69 6c 64 4e 6f 64 65 73 29 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 72 2c 69 29 7b 53 2e 66 6e 5b 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 53 2e 6d 61 70 28 74 68 69 73 2c 69 2c 65 29 3b 72 65 74 75 72 6e 22 55 6e 74 69 6c 22 21 3d 3d 72 2e 73 6c 69 63 65 28 2d 35 29 26 26 28 74 3d 65 29 2c 74 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 53 2e 66 69 6c 74 65 72 28 74 2c 6e 29 29 2c 31 3c 74 68 69 73 2e 6c 65 6e 67 74 68
                                                                                                  Data Ascii: ment&&r(e.contentDocument)?e.contentDocument:(A(e,"template")&&(e=e.content||e),S.merge([],e.childNodes))}},function(r,i){S.fn[r]=function(e,t){var n=S.map(this,i,e);return"Until"!==r.slice(-5)&&(t=e),t&&"string"==typeof t&&(n=S.filter(t,n)),1<this.length
                                                                                                  2022-08-03 00:09:50 UTC33INData Raw: 29 2c 74 68 69 73 7d 2c 64 69 73 61 62 6c 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 3d 75 3d 5b 5d 2c 73 3d 74 3d 22 22 2c 74 68 69 73 7d 2c 64 69 73 61 62 6c 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 73 7d 2c 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 3d 75 3d 5b 5d 2c 74 7c 7c 69 7c 7c 28 73 3d 74 3d 22 22 29 2c 74 68 69 73 7d 2c 6c 6f 63 6b 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 21 61 7d 2c 66 69 72 65 57 69 74 68 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 61 7c 7c 28 74 3d 5b 65 2c 28 74 3d 74 7c 7c 5b 5d 29 2e 73 6c 69 63 65 3f 74 2e 73 6c 69 63 65 28 29 3a 74 5d 2c 75 2e 70 75 73 68 28 74 29 2c 69 7c 7c 63 28 29 29 2c 74 68 69 73 7d
                                                                                                  Data Ascii: ),this},disable:function(){return a=u=[],s=t="",this},disabled:function(){return!s},lock:function(){return a=u=[],t||i||(s=t=""),this},locked:function(){return!!a},fireWith:function(e,t){return a||(t=[e,(t=t||[]).slice?t.slice():t],u.push(t),i||c()),this}
                                                                                                  2022-08-03 00:09:50 UTC35INData Raw: 65 6f 66 20 65 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 29 26 26 65 2e 74 68 65 6e 2c 6d 28 74 29 3f 73 3f 74 2e 63 61 6c 6c 28 65 2c 6c 28 75 2c 6f 2c 52 2c 73 29 2c 6c 28 75 2c 6f 2c 4d 2c 73 29 29 3a 28 75 2b 2b 2c 74 2e 63 61 6c 6c 28 65 2c 6c 28 75 2c 6f 2c 52 2c 73 29 2c 6c 28 75 2c 6f 2c 4d 2c 73 29 2c 6c 28 75 2c 6f 2c 52 2c 6f 2e 6e 6f 74 69 66 79 57 69 74 68 29 29 29 3a 28 61 21 3d 3d 52 26 26 28 6e 3d 76 6f 69 64 20 30 2c 72 3d 5b 65 5d 29 2c 28 73 7c 7c 6f 2e 72 65 73 6f 6c 76 65 57 69 74 68 29 28 6e 2c 72 29 29 7d 7d 2c 74 3d 73 3f 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 65 28 29 7d 63 61 74 63 68 28 65 29 7b 53 2e 44 65 66 65 72 72 65 64 2e 65 78 63 65 70 74 69 6f 6e 48 6f 6f 6b 26 26 53 2e 44 65 66 65 72
                                                                                                  Data Ascii: eof e||"function"==typeof e)&&e.then,m(t)?s?t.call(e,l(u,o,R,s),l(u,o,M,s)):(u++,t.call(e,l(u,o,R,s),l(u,o,M,s),l(u,o,R,o.notifyWith))):(a!==R&&(n=void 0,r=[e]),(s||o.resolveWith)(n,r))}},t=s?e:function(){try{e()}catch(e){S.Deferred.exceptionHook&&S.Defer
                                                                                                  2022-08-03 00:09:50 UTC36INData Raw: 76 61 72 20 57 3d 2f 5e 28 45 76 61 6c 7c 49 6e 74 65 72 6e 61 6c 7c 52 61 6e 67 65 7c 52 65 66 65 72 65 6e 63 65 7c 53 79 6e 74 61 78 7c 54 79 70 65 7c 55 52 49 29 45 72 72 6f 72 24 2f 3b 53 2e 44 65 66 65 72 72 65 64 2e 65 78 63 65 70 74 69 6f 6e 48 6f 6f 6b 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 43 2e 63 6f 6e 73 6f 6c 65 26 26 43 2e 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 26 26 65 26 26 57 2e 74 65 73 74 28 65 2e 6e 61 6d 65 29 26 26 43 2e 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 6a 51 75 65 72 79 2e 44 65 66 65 72 72 65 64 20 65 78 63 65 70 74 69 6f 6e 3a 20 22 2b 65 2e 6d 65 73 73 61 67 65 2c 65 2e 73 74 61 63 6b 2c 74 29 7d 2c 53 2e 72 65 61 64 79 45 78 63 65 70 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 43 2e 73 65 74 54 69 6d 65 6f 75
                                                                                                  Data Ascii: var W=/^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/;S.Deferred.exceptionHook=function(e,t){C.console&&C.console.warn&&e&&W.test(e.name)&&C.console.warn("jQuery.Deferred exception: "+e.message,e.stack,t)},S.readyException=function(e){C.setTimeou
                                                                                                  2022-08-03 00:09:50 UTC37INData Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e
                                                                                                  Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType||9===e.nodeType||!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t||(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
                                                                                                  2022-08-03 00:09:50 UTC39INData Raw: 65 74 28 65 2c 74 2c 6e 29 7d 65 6c 73 65 20 6e 3d 76 6f 69 64 20 30 3b 72 65 74 75 72 6e 20 6e 7d 53 2e 65 78 74 65 6e 64 28 7b 68 61 73 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 51 2e 68 61 73 44 61 74 61 28 65 29 7c 7c 59 2e 68 61 73 44 61 74 61 28 65 29 7d 2c 64 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 51 2e 61 63 63 65 73 73 28 65 2c 74 2c 6e 29 7d 2c 72 65 6d 6f 76 65 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 51 2e 72 65 6d 6f 76 65 28 65 2c 74 29 7d 2c 5f 64 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 59 2e 61 63 63 65 73 73 28 65 2c 74 2c 6e 29 7d 2c 5f 72 65 6d 6f 76 65 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b
                                                                                                  Data Ascii: et(e,t,n)}else n=void 0;return n}S.extend({hasData:function(e){return Q.hasData(e)||Y.hasData(e)},data:function(e,t,n){return Q.access(e,t,n)},removeData:function(e,t){Q.remove(e,t)},_data:function(e,t,n){return Y.access(e,t,n)},_removeData:function(e,t){
                                                                                                  2022-08-03 00:09:50 UTC40INData Raw: 20 6e 3d 74 2b 22 71 75 65 75 65 48 6f 6f 6b 73 22 3b 72 65 74 75 72 6e 20 59 2e 67 65 74 28 65 2c 6e 29 7c 7c 59 2e 61 63 63 65 73 73 28 65 2c 6e 2c 7b 65 6d 70 74 79 3a 53 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2e 61 64 64 28 66 75 6e 63 74 69 6f 6e 28 29 7b 59 2e 72 65 6d 6f 76 65 28 65 2c 5b 74 2b 22 71 75 65 75 65 22 2c 6e 5d 29 7d 29 7d 29 7d 7d 29 2c 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 32 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 74 26 26 28 6e 3d 74 2c 74 3d 22 66 78 22 2c 65 2d 2d 29 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 65 3f 53 2e 71 75 65 75 65 28 74 68 69 73 5b 30 5d 2c 74 29 3a 76
                                                                                                  Data Ascii: n=t+"queueHooks";return Y.get(e,n)||Y.access(e,n,{empty:S.Callbacks("once memory").add(function(){Y.remove(e,[t+"queue",n])})})}}),S.fn.extend({queue:function(t,n){var e=2;return"string"!=typeof t&&(n=t,t="fx",e--),arguments.length<e?S.queue(this[0],t):v
                                                                                                  2022-08-03 00:09:50 UTC41INData Raw: 53 2e 63 73 73 28 65 2c 74 2c 22 22 29 7d 2c 75 3d 73 28 29 2c 6c 3d 6e 26 26 6e 5b 33 5d 7c 7c 28 53 2e 63 73 73 4e 75 6d 62 65 72 5b 74 5d 3f 22 22 3a 22 70 78 22 29 2c 63 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 28 53 2e 63 73 73 4e 75 6d 62 65 72 5b 74 5d 7c 7c 22 70 78 22 21 3d 3d 6c 26 26 2b 75 29 26 26 74 65 2e 65 78 65 63 28 53 2e 63 73 73 28 65 2c 74 29 29 3b 69 66 28 63 26 26 63 5b 33 5d 21 3d 3d 6c 29 7b 75 2f 3d 32 2c 6c 3d 6c 7c 7c 63 5b 33 5d 2c 63 3d 2b 75 7c 7c 31 3b 77 68 69 6c 65 28 61 2d 2d 29 53 2e 73 74 79 6c 65 28 65 2c 74 2c 63 2b 6c 29 2c 28 31 2d 6f 29 2a 28 31 2d 28 6f 3d 73 28 29 2f 75 7c 7c 2e 35 29 29 3c 3d 30 26 26 28 61 3d 30 29 2c 63 2f 3d 6f 3b 63 2a 3d 32 2c 53 2e 73 74 79 6c 65 28 65 2c 74 2c 63 2b 6c 29 2c 6e 3d 6e 7c 7c
                                                                                                  Data Ascii: S.css(e,t,"")},u=s(),l=n&&n[3]||(S.cssNumber[t]?"":"px"),c=e.nodeType&&(S.cssNumber[t]||"px"!==l&&+u)&&te.exec(S.css(e,t));if(c&&c[3]!==l){u/=2,l=l||c[3],c=+u||1;while(a--)S.style(e,t,c+l),(1-o)*(1-(o=s()/u||.5))<=0&&(a=0),c/=o;c*=2,S.style(e,t,c+l),n=n||
                                                                                                  2022-08-03 00:09:50 UTC42INData Raw: 22 74 79 70 65 22 2c 22 72 61 64 69 6f 22 29 2c 66 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 63 68 65 63 6b 65 64 22 2c 22 63 68 65 63 6b 65 64 22 29 2c 66 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 74 22 29 2c 63 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 66 65 29 2c 79 2e 63 68 65 63 6b 43 6c 6f 6e 65 3d 63 65 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 2e 6c 61 73 74 43 68 69 6c 64 2e 63 68 65 63 6b 65 64 2c 63 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 3c 74 65 78 74 61 72 65 61 3e 78 3c 2f 74 65 78 74 61 72 65 61 3e 22 2c 79 2e 6e 6f 43 6c 6f 6e 65 43 68 65 63 6b 65 64 3d 21 21 63 65 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 30 29 2e 6c 61 73 74 43 68 69 6c 64 2e 64 65 66 61 75 6c 74 56 61
                                                                                                  Data Ascii: "type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="<textarea>x</textarea>",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultVa
                                                                                                  2022-08-03 00:09:50 UTC44INData Raw: 5d 2b 53 2e 68 74 6d 6c 50 72 65 66 69 6c 74 65 72 28 6f 29 2b 75 5b 32 5d 2c 63 3d 75 5b 30 5d 3b 77 68 69 6c 65 28 63 2d 2d 29 61 3d 61 2e 6c 61 73 74 43 68 69 6c 64 3b 53 2e 6d 65 72 67 65 28 70 2c 61 2e 63 68 69 6c 64 4e 6f 64 65 73 29 2c 28 61 3d 66 2e 66 69 72 73 74 43 68 69 6c 64 29 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 22 22 7d 65 6c 73 65 20 70 2e 70 75 73 68 28 74 2e 63 72 65 61 74 65 54 65 78 74 4e 6f 64 65 28 6f 29 29 3b 66 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 22 22 2c 64 3d 30 3b 77 68 69 6c 65 28 6f 3d 70 5b 64 2b 2b 5d 29 69 66 28 72 26 26 2d 31 3c 53 2e 69 6e 41 72 72 61 79 28 6f 2c 72 29 29 69 26 26 69 2e 70 75 73 68 28 6f 29 3b 65 6c 73 65 20 69 66 28 6c 3d 69 65 28 6f 29 2c 61 3d 76 65 28 66 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6f
                                                                                                  Data Ascii: ]+S.htmlPrefilter(o)+u[2],c=u[0];while(c--)a=a.lastChild;S.merge(p,a.childNodes),(a=f.firstChild).textContent=""}else p.push(t.createTextNode(o));f.textContent="",d=0;while(o=p[d++])if(r&&-1<S.inArray(o,r))i&&i.push(o);else if(l=ie(o),a=ve(f.appendChild(o
                                                                                                  2022-08-03 00:09:50 UTC45INData Raw: 61 75 6c 74 28 29 2c 6e 26 26 6e 2e 76 61 6c 75 65 7d 65 6c 73 65 20 72 2e 6c 65 6e 67 74 68 26 26 28 59 2e 73 65 74 28 74 68 69 73 2c 69 2c 7b 76 61 6c 75 65 3a 53 2e 65 76 65 6e 74 2e 74 72 69 67 67 65 72 28 53 2e 65 78 74 65 6e 64 28 72 5b 30 5d 2c 53 2e 45 76 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 29 2c 72 2e 73 6c 69 63 65 28 31 29 2c 74 68 69 73 29 7d 29 2c 65 2e 73 74 6f 70 49 6d 6d 65 64 69 61 74 65 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 7d 7d 29 29 3a 76 6f 69 64 20 30 3d 3d 3d 59 2e 67 65 74 28 65 2c 69 29 26 26 53 2e 65 76 65 6e 74 2e 61 64 64 28 65 2c 69 2c 77 65 29 7d 53 2e 65 76 65 6e 74 3d 7b 67 6c 6f 62 61 6c 3a 7b 7d 2c 61 64 64 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 72 2c 69 29 7b 76 61 72 20 6f 2c 61 2c 73 2c 75 2c 6c 2c 63
                                                                                                  Data Ascii: ault(),n&&n.value}else r.length&&(Y.set(this,i,{value:S.event.trigger(S.extend(r[0],S.Event.prototype),r.slice(1),this)}),e.stopImmediatePropagation())}})):void 0===Y.get(e,i)&&S.event.add(e,i,we)}S.event={global:{},add:function(t,e,n,r,i){var o,a,s,u,l,c
                                                                                                  2022-08-03 00:09:50 UTC46INData Raw: 6c 65 28 6c 2d 2d 29 69 66 28 64 3d 67 3d 28 73 3d 62 65 2e 65 78 65 63 28 74 5b 6c 5d 29 7c 7c 5b 5d 29 5b 31 5d 2c 68 3d 28 73 5b 32 5d 7c 7c 22 22 29 2e 73 70 6c 69 74 28 22 2e 22 29 2e 73 6f 72 74 28 29 2c 64 29 7b 66 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 5b 64 5d 7c 7c 7b 7d 2c 70 3d 75 5b 64 3d 28 72 3f 66 2e 64 65 6c 65 67 61 74 65 54 79 70 65 3a 66 2e 62 69 6e 64 54 79 70 65 29 7c 7c 64 5d 7c 7c 5b 5d 2c 73 3d 73 5b 32 5d 26 26 6e 65 77 20 52 65 67 45 78 70 28 22 28 5e 7c 5c 5c 2e 29 22 2b 68 2e 6a 6f 69 6e 28 22 5c 5c 2e 28 3f 3a 2e 2a 5c 5c 2e 7c 29 22 29 2b 22 28 5c 5c 2e 7c 24 29 22 29 2c 61 3d 6f 3d 70 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 63 3d 70 5b 6f 5d 2c 21 69 26 26 67 21 3d 3d 63 2e 6f 72 69 67 54 79 70 65 7c
                                                                                                  Data Ascii: le(l--)if(d=g=(s=be.exec(t[l])||[])[1],h=(s[2]||"").split(".").sort(),d){f=S.event.special[d]||{},p=u[d=(r?f.delegateType:f.bindType)||d]||[],s=s[2]&&new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),a=o=p.length;while(o--)c=p[o],!i&&g!==c.origType|
                                                                                                  2022-08-03 00:09:50 UTC47INData Raw: 65 66 61 75 6c 74 28 29 2c 75 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 29 7d 72 65 74 75 72 6e 20 63 2e 70 6f 73 74 44 69 73 70 61 74 63 68 26 26 63 2e 70 6f 73 74 44 69 73 70 61 74 63 68 2e 63 61 6c 6c 28 74 68 69 73 2c 75 29 2c 75 2e 72 65 73 75 6c 74 7d 7d 2c 68 61 6e 64 6c 65 72 73 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 61 2c 73 3d 5b 5d 2c 75 3d 74 2e 64 65 6c 65 67 61 74 65 43 6f 75 6e 74 2c 6c 3d 65 2e 74 61 72 67 65 74 3b 69 66 28 75 26 26 6c 2e 6e 6f 64 65 54 79 70 65 26 26 21 28 22 63 6c 69 63 6b 22 3d 3d 3d 65 2e 74 79 70 65 26 26 31 3c 3d 65 2e 62 75 74 74 6f 6e 29 29 66 6f 72 28 3b 6c 21 3d 3d 74 68 69 73 3b 6c 3d 6c 2e 70 61 72 65 6e 74 4e 6f 64 65 7c 7c 74 68 69 73 29 69 66 28 31 3d
                                                                                                  Data Ascii: efault(),u.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,u),u.result}},handlers:function(e,t){var n,r,i,o,a,s=[],u=t.delegateCount,l=e.target;if(u&&l.nodeType&&!("click"===e.type&&1<=e.button))for(;l!==this;l=l.parentNode||this)if(1=
                                                                                                  2022-08-03 00:09:50 UTC49INData Raw: 6c 6f 61 64 3a 7b 70 6f 73 74 44 69 73 70 61 74 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 6f 69 64 20 30 21 3d 3d 65 2e 72 65 73 75 6c 74 26 26 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 26 26 28 65 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 65 2e 72 65 73 75 6c 74 29 7d 7d 7d 7d 2c 53 2e 72 65 6d 6f 76 65 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 65 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 65 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 6e 29 7d 2c 53 2e 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 28 74 68 69 73 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 2e 45 76 65 6e 74 29 29 72 65 74 75 72 6e 20 6e 65 77 20 53
                                                                                                  Data Ascii: load:{postDispatch:function(e){void 0!==e.result&&e.originalEvent&&(e.originalEvent.returnValue=e.result)}}}},S.removeEvent=function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n)},S.Event=function(e,t){if(!(this instanceof S.Event))return new S
                                                                                                  2022-08-03 00:09:50 UTC50INData Raw: 4b 65 79 3a 21 30 2c 70 61 67 65 58 3a 21 30 2c 70 61 67 65 59 3a 21 30 2c 73 68 69 66 74 4b 65 79 3a 21 30 2c 76 69 65 77 3a 21 30 2c 22 63 68 61 72 22 3a 21 30 2c 63 6f 64 65 3a 21 30 2c 63 68 61 72 43 6f 64 65 3a 21 30 2c 6b 65 79 3a 21 30 2c 6b 65 79 43 6f 64 65 3a 21 30 2c 62 75 74 74 6f 6e 3a 21 30 2c 62 75 74 74 6f 6e 73 3a 21 30 2c 63 6c 69 65 6e 74 58 3a 21 30 2c 63 6c 69 65 6e 74 59 3a 21 30 2c 6f 66 66 73 65 74 58 3a 21 30 2c 6f 66 66 73 65 74 59 3a 21 30 2c 70 6f 69 6e 74 65 72 49 64 3a 21 30 2c 70 6f 69 6e 74 65 72 54 79 70 65 3a 21 30 2c 73 63 72 65 65 6e 58 3a 21 30 2c 73 63 72 65 65 6e 59 3a 21 30 2c 74 61 72 67 65 74 54 6f 75 63 68 65 73 3a 21 30 2c 74 6f 45 6c 65 6d 65 6e 74 3a 21 30 2c 74 6f 75 63 68 65 73 3a 21 30 2c 77 68 69 63 68 3a
                                                                                                  Data Ascii: Key:!0,pageX:!0,pageY:!0,shiftKey:!0,view:!0,"char":!0,code:!0,charCode:!0,key:!0,keyCode:!0,button:!0,buttons:!0,clientX:!0,clientY:!0,offsetX:!0,offsetY:!0,pointerId:!0,pointerType:!0,screenX:!0,screenY:!0,targetTouches:!0,toElement:!0,touches:!0,which:
                                                                                                  2022-08-03 00:09:50 UTC51INData Raw: 73 63 72 69 70 74 7c 3c 73 74 79 6c 65 7c 3c 6c 69 6e 6b 2f 69 2c 41 65 3d 2f 63 68 65 63 6b 65 64 5c 73 2a 28 3f 3a 5b 5e 3d 5d 7c 3d 5c 73 2a 2e 63 68 65 63 6b 65 64 2e 29 2f 69 2c 4e 65 3d 2f 5e 5c 73 2a 3c 21 28 3f 3a 5c 5b 43 44 41 54 41 5c 5b 7c 2d 2d 29 7c 28 3f 3a 5c 5d 5c 5d 7c 2d 2d 29 3e 5c 73 2a 24 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 6a 65 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 41 28 65 2c 22 74 61 62 6c 65 22 29 26 26 41 28 31 31 21 3d 3d 74 2e 6e 6f 64 65 54 79 70 65 3f 74 3a 74 2e 66 69 72 73 74 43 68 69 6c 64 2c 22 74 72 22 29 26 26 53 28 65 29 2e 63 68 69 6c 64 72 65 6e 28 22 74 62 6f 64 79 22 29 5b 30 5d 7c 7c 65 7d 66 75 6e 63 74 69 6f 6e 20 44 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 74 79 70 65 3d 28 6e 75 6c 6c 21 3d 3d 65 2e 67 65
                                                                                                  Data Ascii: script|<style|<link/i,Ae=/checked\s*(?:[^=]|=\s*.checked.)/i,Ne=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.ge
                                                                                                  2022-08-03 00:09:50 UTC53INData Raw: 2c 7b 6e 6f 6e 63 65 3a 75 2e 6e 6f 6e 63 65 7c 7c 75 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 29 7d 2c 6c 29 3a 62 28 75 2e 74 65 78 74 43 6f 6e 74 65 6e 74 2e 72 65 70 6c 61 63 65 28 4e 65 2c 22 22 29 2c 75 2c 6c 29 29 7d 72 65 74 75 72 6e 20 6e 7d 66 75 6e 63 74 69 6f 6e 20 4f 65 28 65 2c 74 2c 6e 29 7b 66 6f 72 28 76 61 72 20 72 2c 69 3d 74 3f 53 2e 66 69 6c 74 65 72 28 74 2c 65 29 3a 65 2c 6f 3d 30 3b 6e 75 6c 6c 21 3d 28 72 3d 69 5b 6f 5d 29 3b 6f 2b 2b 29 6e 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 53 2e 63 6c 65 61 6e 44 61 74 61 28 76 65 28 72 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 28 6e 26 26 69 65 28 72 29 26 26 79 65 28 76 65 28 72 2c 22 73 63 72 69 70 74 22 29 29 2c 72 2e 70 61 72 65 6e 74 4e 6f
                                                                                                  Data Ascii: ,{nonce:u.nonce||u.getAttribute("nonce")},l):b(u.textContent.replace(Ne,""),u,l))}return n}function Oe(e,t,n){for(var r,i=t?S.filter(t,e):e,o=0;null!=(r=i[o]);o++)n||1!==r.nodeType||S.cleanData(ve(r)),r.parentNode&&(n&&ie(r)&&ye(ve(r,"script")),r.parentNo
                                                                                                  2022-08-03 00:09:50 UTC54INData Raw: 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 65 29 7d 29 7d 2c 6e 75 6c 6c 2c 65 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 48 65 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 31 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 26 26 31 31 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 6a 65 28 74 68 69 73 2c 65 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 48 65 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75
                                                                                                  Data Ascii: ==this.nodeType||(this.textContent=e)})},null,e,arguments.length)},append:function(){return He(this,arguments,function(e){1!==this.nodeType&&11!==this.nodeType&&9!==this.nodeType||je(this,e).appendChild(e)})},prepend:function(){return He(this,arguments,fu
                                                                                                  2022-08-03 00:09:50 UTC55INData Raw: 65 6e 74 4e 6f 64 65 3b 53 2e 69 6e 41 72 72 61 79 28 74 68 69 73 2c 6e 29 3c 30 26 26 28 53 2e 63 6c 65 61 6e 44 61 74 61 28 76 65 28 74 68 69 73 29 29 2c 74 26 26 74 2e 72 65 70 6c 61 63 65 43 68 69 6c 64 28 65 2c 74 68 69 73 29 29 7d 2c 6e 29 7d 7d 29 2c 53 2e 65 61 63 68 28 7b 61 70 70 65 6e 64 54 6f 3a 22 61 70 70 65 6e 64 22 2c 70 72 65 70 65 6e 64 54 6f 3a 22 70 72 65 70 65 6e 64 22 2c 69 6e 73 65 72 74 42 65 66 6f 72 65 3a 22 62 65 66 6f 72 65 22 2c 69 6e 73 65 72 74 41 66 74 65 72 3a 22 61 66 74 65 72 22 2c 72 65 70 6c 61 63 65 41 6c 6c 3a 22 72 65 70 6c 61 63 65 57 69 74 68 22 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 61 29 7b 53 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 5b 5d 2c 72 3d 53 28 65 29
                                                                                                  Data Ascii: entNode;S.inArray(this,n)<0&&(S.cleanData(ve(this)),t&&t.replaceChild(e,this))},n)}}),S.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,a){S.fn[e]=function(e){for(var t,n=[],r=S(e)
                                                                                                  2022-08-03 00:09:50 UTC56INData Raw: 61 75 74 6f 3b 62 6f 72 64 65 72 3a 31 70 78 3b 70 61 64 64 69 6e 67 3a 31 70 78 3b 77 69 64 74 68 3a 36 30 25 3b 74 6f 70 3a 31 25 22 2c 72 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 75 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6c 29 3b 76 61 72 20 65 3d 43 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 6c 29 3b 6e 3d 22 31 25 22 21 3d 3d 65 2e 74 6f 70 2c 73 3d 31 32 3d 3d 3d 74 28 65 2e 6d 61 72 67 69 6e 4c 65 66 74 29 2c 6c 2e 73 74 79 6c 65 2e 72 69 67 68 74 3d 22 36 30 25 22 2c 6f 3d 33 36 3d 3d 3d 74 28 65 2e 72 69 67 68 74 29 2c 72 3d 33 36 3d 3d 3d 74 28 65 2e 77 69 64 74 68 29 2c 6c 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 2c 69 3d 31 32 3d 3d 3d 74 28 6c 2e 6f 66 66 73 65 74 57 69 64 74 68 2f 33 29 2c
                                                                                                  Data Ascii: auto;border:1px;padding:1px;width:60%;top:1%",re.appendChild(u).appendChild(l);var e=C.getComputedStyle(l);n="1%"!==e.top,s=12===t(e.marginLeft),l.style.right="60%",o=36===t(e.right),r=36===t(e.width),l.style.position="absolute",i=12===t(l.offsetWidth/3),
                                                                                                  2022-08-03 00:09:50 UTC58INData Raw: 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 2e 73 74 79 6c 65 2c 5f 65 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 7a 65 28 65 29 7b 76 61 72 20 74 3d 53 2e 63 73 73 50 72 6f 70 73 5b 65 5d 7c 7c 5f 65 5b 65 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 65 20 69 6e 20 24 65 3f 65 3a 5f 65 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 30 5d 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 2b 65 2e 73 6c 69 63 65 28 31 29 2c 6e 3d 42 65 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6e 2d 2d 29 69 66 28 28 65 3d 42 65 5b 6e 5d 2b 74 29 69 6e 20 24 65 29 72 65 74 75 72 6e 20 65 7d 28 65 29 7c 7c 65 29 7d 76 61 72 20 55 65 3d 2f 5e 28 6e 6f 6e 65 7c 74 61 62 6c 65 28 3f 21 2d 63 5b 65 61 5d 29 2e 2b 29 2f 2c 58 65 3d 2f 5e 2d 2d 2f 2c
                                                                                                  Data Ascii: E.createElement("div").style,_e={};function ze(e){var t=S.cssProps[e]||_e[e];return t||(e in $e?e:_e[e]=function(e){var t=e[0].toUpperCase()+e.slice(1),n=Be.length;while(n--)if((e=Be[n]+t)in $e)return e}(e)||e)}var Ue=/^(none|table(?!-c[ea]).+)/,Xe=/^--/,
                                                                                                  2022-08-03 00:09:50 UTC59INData Raw: 78 22 3d 3d 3d 53 2e 63 73 73 28 65 2c 22 62 6f 78 53 69 7a 69 6e 67 22 2c 21 31 2c 72 29 2c 28 6f 3d 73 20 69 6e 20 65 29 26 26 28 61 3d 65 5b 73 5d 29 29 2c 28 61 3d 70 61 72 73 65 46 6c 6f 61 74 28 61 29 7c 7c 30 29 2b 51 65 28 65 2c 74 2c 6e 7c 7c 28 69 3f 22 62 6f 72 64 65 72 22 3a 22 63 6f 6e 74 65 6e 74 22 29 2c 6f 2c 72 2c 61 29 2b 22 70 78 22 7d 66 75 6e 63 74 69 6f 6e 20 4b 65 28 65 2c 74 2c 6e 2c 72 2c 69 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 4b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 69 74 28 65 2c 74 2c 6e 2c 72 2c 69 29 7d 53 2e 65 78 74 65 6e 64 28 7b 63 73 73 48 6f 6f 6b 73 3a 7b 6f 70 61 63 69 74 79 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 74 29 7b 76 61 72 20 6e 3d 57 65 28 65 2c 22 6f 70 61 63 69 74 79 22
                                                                                                  Data Ascii: x"===S.css(e,"boxSizing",!1,r),(o=s in e)&&(a=e[s])),(a=parseFloat(a)||0)+Qe(e,t,n||(i?"border":"content"),o,r,a)+"px"}function Ke(e,t,n,r,i){return new Ke.prototype.init(e,t,n,r,i)}S.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=We(e,"opacity"
                                                                                                  2022-08-03 00:09:50 UTC60INData Raw: 74 28 69 29 2c 21 30 3d 3d 3d 6e 7c 7c 69 73 46 69 6e 69 74 65 28 6f 29 3f 6f 7c 7c 30 3a 69 29 3a 69 7d 7d 29 2c 53 2e 65 61 63 68 28 5b 22 68 65 69 67 68 74 22 2c 22 77 69 64 74 68 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 75 29 7b 53 2e 63 73 73 48 6f 6f 6b 73 5b 75 5d 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 69 66 28 74 29 72 65 74 75 72 6e 21 55 65 2e 74 65 73 74 28 53 2e 63 73 73 28 65 2c 22 64 69 73 70 6c 61 79 22 29 29 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 26 26 65 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2e 77 69 64 74 68 3f 4a 65 28 65 2c 75 2c 6e 29 3a 4d 65 28 65 2c 56 65 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4a 65 28 65 2c 75
                                                                                                  Data Ascii: t(i),!0===n||isFinite(o)?o||0:i):i}}),S.each(["height","width"],function(e,u){S.cssHooks[u]={get:function(e,t,n){if(t)return!Ue.test(S.css(e,"display"))||e.getClientRects().length&&e.getBoundingClientRect().width?Je(e,u,n):Me(e,Ve,function(){return Je(e,u
                                                                                                  2022-08-03 00:09:50 UTC61INData Raw: 53 2e 54 77 65 65 6e 3d 4b 65 29 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 6f 6e 73 74 72 75 63 74 6f 72 3a 4b 65 2c 69 6e 69 74 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 69 2c 6f 29 7b 74 68 69 73 2e 65 6c 65 6d 3d 65 2c 74 68 69 73 2e 70 72 6f 70 3d 6e 2c 74 68 69 73 2e 65 61 73 69 6e 67 3d 69 7c 7c 53 2e 65 61 73 69 6e 67 2e 5f 64 65 66 61 75 6c 74 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 3d 74 2c 74 68 69 73 2e 73 74 61 72 74 3d 74 68 69 73 2e 6e 6f 77 3d 74 68 69 73 2e 63 75 72 28 29 2c 74 68 69 73 2e 65 6e 64 3d 72 2c 74 68 69 73 2e 75 6e 69 74 3d 6f 7c 7c 28 53 2e 63 73 73 4e 75 6d 62 65 72 5b 6e 5d 3f 22 22 3a 22 70 78 22 29 7d 2c 63 75 72 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 4b 65 2e 70 72 6f 70 48 6f 6f 6b 73 5b 74 68 69
                                                                                                  Data Ascii: S.Tween=Ke).prototype={constructor:Ke,init:function(e,t,n,r,i,o){this.elem=e,this.prop=n,this.easing=i||S.easing._default,this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=o||(S.cssNumber[n]?"":"px")},cur:function(){var e=Ke.propHooks[thi
                                                                                                  2022-08-03 00:09:50 UTC63INData Raw: 6f 74 79 70 65 2e 69 6e 69 74 2c 53 2e 66 78 2e 73 74 65 70 3d 7b 7d 3b 76 61 72 20 5a 65 2c 65 74 2c 74 74 2c 6e 74 2c 72 74 3d 2f 5e 28 3f 3a 74 6f 67 67 6c 65 7c 73 68 6f 77 7c 68 69 64 65 29 24 2f 2c 69 74 3d 2f 71 75 65 75 65 48 6f 6f 6b 73 24 2f 3b 66 75 6e 63 74 69 6f 6e 20 6f 74 28 29 7b 65 74 26 26 28 21 31 3d 3d 3d 45 2e 68 69 64 64 65 6e 26 26 43 2e 72 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 3f 43 2e 72 65 71 75 65 73 74 41 6e 69 6d 61 74 69 6f 6e 46 72 61 6d 65 28 6f 74 29 3a 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 6f 74 2c 53 2e 66 78 2e 69 6e 74 65 72 76 61 6c 29 2c 53 2e 66 78 2e 74 69 63 6b 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 61 74 28 29 7b 72 65 74 75 72 6e 20 43 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69
                                                                                                  Data Ascii: otype.init,S.fx.step={};var Ze,et,tt,nt,rt=/^(?:toggle|show|hide)$/,it=/queueHooks$/;function ot(){et&&(!1===E.hidden&&C.requestAnimationFrame?C.requestAnimationFrame(ot):C.setTimeout(ot,S.fx.interval),S.fx.tick())}function at(){return C.setTimeout(functi
                                                                                                  2022-08-03 00:09:50 UTC64INData Raw: 65 65 6e 73 5b 74 5d 2e 72 75 6e 28 31 29 3b 72 65 74 75 72 6e 20 65 3f 28 73 2e 6e 6f 74 69 66 79 57 69 74 68 28 6f 2c 5b 6c 2c 31 2c 30 5d 29 2c 73 2e 72 65 73 6f 6c 76 65 57 69 74 68 28 6f 2c 5b 6c 2c 65 5d 29 29 3a 73 2e 72 65 6a 65 63 74 57 69 74 68 28 6f 2c 5b 6c 2c 65 5d 29 2c 74 68 69 73 7d 7d 29 2c 63 3d 6c 2e 70 72 6f 70 73 3b 66 6f 72 28 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 61 3b 66 6f 72 28 6e 20 69 6e 20 65 29 69 66 28 69 3d 74 5b 72 3d 58 28 6e 29 5d 2c 6f 3d 65 5b 6e 5d 2c 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6f 29 26 26 28 69 3d 6f 5b 31 5d 2c 6f 3d 65 5b 6e 5d 3d 6f 5b 30 5d 29 2c 6e 21 3d 3d 72 26 26 28 65 5b 72 5d 3d 6f 2c 64 65 6c 65 74 65 20 65 5b 6e 5d 29 2c 28 61 3d 53 2e 63 73 73 48
                                                                                                  Data Ascii: eens[t].run(1);return e?(s.notifyWith(o,[l,1,0]),s.resolveWith(o,[l,e])):s.rejectWith(o,[l,e]),this}}),c=l.props;for(!function(e,t){var n,r,i,o,a;for(n in e)if(i=t[r=X(n)],o=e[n],Array.isArray(o)&&(i=o[1],o=e[n]=o[0]),n!==r&&(e[r]=o,delete e[n]),(a=S.cssH
                                                                                                  2022-08-03 00:09:50 UTC65INData Raw: 28 29 7b 70 2e 61 6c 77 61 79 73 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 75 6e 71 75 65 75 65 64 2d 2d 2c 53 2e 71 75 65 75 65 28 65 2c 22 66 78 22 29 2e 6c 65 6e 67 74 68 7c 7c 61 2e 65 6d 70 74 79 2e 66 69 72 65 28 29 7d 29 7d 29 29 2c 74 29 69 66 28 69 3d 74 5b 72 5d 2c 72 74 2e 74 65 73 74 28 69 29 29 7b 69 66 28 64 65 6c 65 74 65 20 74 5b 72 5d 2c 6f 3d 6f 7c 7c 22 74 6f 67 67 6c 65 22 3d 3d 3d 69 2c 69 3d 3d 3d 28 67 3f 22 68 69 64 65 22 3a 22 73 68 6f 77 22 29 29 7b 69 66 28 22 73 68 6f 77 22 21 3d 3d 69 7c 7c 21 76 7c 7c 76 6f 69 64 20 30 3d 3d 3d 76 5b 72 5d 29 63 6f 6e 74 69 6e 75 65 3b 67 3d 21 30 7d 64 5b 72 5d 3d 76 26 26 76 5b 72 5d 7c 7c 53 2e 73 74 79 6c 65 28 65 2c 72 29 7d 69 66 28 28 75 3d 21 53 2e 69 73 45 6d 70 74 79 4f 62 6a 65 63
                                                                                                  Data Ascii: (){p.always(function(){a.unqueued--,S.queue(e,"fx").length||a.empty.fire()})})),t)if(i=t[r],rt.test(i)){if(delete t[r],o=o||"toggle"===i,i===(g?"hide":"show")){if("show"!==i||!v||void 0===v[r])continue;g=!0}d[r]=v&&v[r]||S.style(e,r)}if((u=!S.isEmptyObjec
                                                                                                  2022-08-03 00:09:50 UTC67INData Raw: 66 3f 72 2e 64 75 72 61 74 69 6f 6e 3d 30 3a 22 6e 75 6d 62 65 72 22 21 3d 74 79 70 65 6f 66 20 72 2e 64 75 72 61 74 69 6f 6e 26 26 28 72 2e 64 75 72 61 74 69 6f 6e 20 69 6e 20 53 2e 66 78 2e 73 70 65 65 64 73 3f 72 2e 64 75 72 61 74 69 6f 6e 3d 53 2e 66 78 2e 73 70 65 65 64 73 5b 72 2e 64 75 72 61 74 69 6f 6e 5d 3a 72 2e 64 75 72 61 74 69 6f 6e 3d 53 2e 66 78 2e 73 70 65 65 64 73 2e 5f 64 65 66 61 75 6c 74 29 2c 6e 75 6c 6c 21 3d 72 2e 71 75 65 75 65 26 26 21 30 21 3d 3d 72 2e 71 75 65 75 65 7c 7c 28 72 2e 71 75 65 75 65 3d 22 66 78 22 29 2c 72 2e 6f 6c 64 3d 72 2e 63 6f 6d 70 6c 65 74 65 2c 72 2e 63 6f 6d 70 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 6d 28 72 2e 6f 6c 64 29 26 26 72 2e 6f 6c 64 2e 63 61 6c 6c 28 74 68 69 73 29 2c 72 2e 71 75 65 75
                                                                                                  Data Ascii: f?r.duration=0:"number"!=typeof r.duration&&(r.duration in S.fx.speeds?r.duration=S.fx.speeds[r.duration]:r.duration=S.fx.speeds._default),null!=r.queue&&!0!==r.queue||(r.queue="fx"),r.old=r.complete,r.complete=function(){m(r.old)&&r.old.call(this),r.queu
                                                                                                  2022-08-03 00:09:50 UTC68INData Raw: 3d 3d 74 68 69 73 26 26 69 5b 65 5d 2e 71 75 65 75 65 3d 3d 3d 61 26 26 28 69 5b 65 5d 2e 61 6e 69 6d 2e 73 74 6f 70 28 21 30 29 2c 69 2e 73 70 6c 69 63 65 28 65 2c 31 29 29 3b 66 6f 72 28 65 3d 30 3b 65 3c 6f 3b 65 2b 2b 29 6e 5b 65 5d 26 26 6e 5b 65 5d 2e 66 69 6e 69 73 68 26 26 6e 5b 65 5d 2e 66 69 6e 69 73 68 2e 63 61 6c 6c 28 74 68 69 73 29 3b 64 65 6c 65 74 65 20 74 2e 66 69 6e 69 73 68 7d 29 7d 7d 29 2c 53 2e 65 61 63 68 28 5b 22 74 6f 67 67 6c 65 22 2c 22 73 68 6f 77 22 2c 22 68 69 64 65 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 76 61 72 20 69 3d 53 2e 66 6e 5b 72 5d 3b 53 2e 66 6e 5b 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 7c 7c 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66
                                                                                                  Data Ascii: ==this&&i[e].queue===a&&(i[e].anim.stop(!0),i.splice(e,1));for(e=0;e<o;e++)n[e]&&n[e].finish&&n[e].finish.call(this);delete t.finish})}}),S.each(["toggle","show","hide"],function(e,r){var i=S.fn[r];S.fn[r]=function(e,t,n){return null==e||"boolean"==typeof
                                                                                                  2022-08-03 00:09:50 UTC69INData Raw: 72 2e 61 74 74 72 48 61 6e 64 6c 65 3b 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 24 28 74 68 69 73 2c 53 2e 61 74 74 72 2c 65 2c 74 2c 31 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 72 65 6d 6f 76 65 41 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 53 2e 72 65 6d 6f 76 65 41 74 74 72 28 74 68 69 73 2c 65 29 7d 29 7d 7d 29 2c
                                                                                                  Data Ascii: r.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr,e,t,1<arguments.length)},removeAttr:function(e){return this.each(function(){S.removeAttr(this,e)})}}),
                                                                                                  2022-08-03 00:09:50 UTC69INData Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d
                                                                                                  Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)||(i=S.attrHooks[t.toLowerCase()]||(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
                                                                                                  2022-08-03 00:09:50 UTC71INData Raw: 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 74 68 69 73 5b 53 2e 70 72 6f 70 46 69 78 5b 65 5d 7c 7c 65 5d 7d 29 7d 7d 29 2c 53 2e 65 78 74 65 6e 64 28 7b 70 72 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 20 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 74 3d 53 2e 70 72 6f 70 46 69 78 5b 74 5d 7c 7c 74 2c 69 3d 53 2e 70 72 6f 70 48 6f 6f 6b 73 5b 74 5d 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 69 26 26 22 73 65 74 22 69 6e 20 69 26 26 76 6f 69 64 20 30 21 3d 3d 28 72 3d 69 2e 73 65 74 28 65 2c 6e 2c 74 29 29 3f 72 3a
                                                                                                  Data Ascii: eturn this.each(function(){delete this[S.propFix[e]||e]})}}),S.extend({prop:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return 1===o&&S.isXMLDoc(e)||(t=S.propFix[t]||t,i=S.propHooks[t]),void 0!==n?i&&"set"in i&&void 0!==(r=i.set(e,n,t))?r:
                                                                                                  2022-08-03 00:09:50 UTC72INData Raw: 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 53 28 74 68 69 73 29 2e 72 65 6d 6f 76 65 43 6c 61 73 73 28 74 2e 63 61 6c 6c 28 74 68 69 73 2c 65 2c 67 74 28 74 68 69 73 29 29 29 7d 29 3b 69 66 28 21 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 74 68 69 73 2e 61 74 74 72 28 22 63 6c 61 73 73 22 2c 22 22 29 3b 69 66 28 28 65 3d 76 74 28 74 29 29 2e 6c 65 6e 67 74 68 29 77 68 69 6c 65 28 6e 3d 74 68 69 73 5b 75 2b 2b 5d 29 69 66 28 69 3d 67 74 28 6e 29 2c 72 3d 31 3d 3d 3d 6e 2e 6e 6f 64 65 54 79 70 65 26 26 22 20 22 2b 68 74 28 69 29 2b 22 20 22 29 7b 61 3d 30 3b 77 68 69 6c 65 28 6f 3d 65 5b 61 2b 2b 5d 29 77 68 69 6c 65 28 2d 31 3c 72 2e 69 6e 64 65 78 4f 66 28 22 20 22 2b 6f 2b 22 20 22 29 29 72 3d 72 2e 72 65 70
                                                                                                  Data Ascii: is.each(function(e){S(this).removeClass(t.call(this,e,gt(this)))});if(!arguments.length)return this.attr("class","");if((e=vt(t)).length)while(n=this[u++])if(i=gt(n),r=1===n.nodeType&&" "+ht(i)+" "){a=0;while(o=e[a++])while(-1<r.indexOf(" "+o+" "))r=r.rep
                                                                                                  2022-08-03 00:09:50 UTC73INData Raw: 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 29 26 26 22 73 65 74 22 69 6e 20 72 26 26 76 6f 69 64 20 30 21 3d 3d 72 2e 73 65 74 28 74 68 69 73 2c 74 2c 22 76 61 6c 75 65 22 29 7c 7c 28 74 68 69 73 2e 76 61 6c 75 65 3d 74 29 29 7d 29 29 3a 74 3f 28 72 3d 53 2e 76 61 6c 48 6f 6f 6b 73 5b 74 2e 74 79 70 65 5d 7c 7c 53 2e 76 61 6c 48 6f 6f 6b 73 5b 74 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 29 26 26 22 67 65 74 22 69 6e 20 72 26 26 76 6f 69 64 20 30 21 3d 3d 28 65 3d 72 2e 67 65 74 28 74 2c 22 76 61 6c 75 65 22 29 29 3f 65 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 28 65 3d 74 2e 76 61 6c 75 65 29 3f 65 2e 72 65 70 6c 61 63 65 28 79 74 2c 22 22 29 3a 6e 75 6c 6c 3d 3d 65 3f 22 22 3a 65 3a 76 6f 69
                                                                                                  Data Ascii: odeName.toLowerCase()])&&"set"in r&&void 0!==r.set(this,t,"value")||(this.value=t))})):t?(r=S.valHooks[t.type]||S.valHooks[t.nodeName.toLowerCase()])&&"get"in r&&void 0!==(e=r.get(t,"value"))?e:"string"==typeof(e=t.value)?e.replace(yt,""):null==e?"":e:voi
                                                                                                  2022-08-03 00:09:50 UTC74INData Raw: 63 65 22 29 3f 65 2e 6e 61 6d 65 73 70 61 63 65 2e 73 70 6c 69 74 28 22 2e 22 29 3a 5b 5d 3b 69 66 28 6f 3d 66 3d 61 3d 6e 3d 6e 7c 7c 45 2c 33 21 3d 3d 6e 2e 6e 6f 64 65 54 79 70 65 26 26 38 21 3d 3d 6e 2e 6e 6f 64 65 54 79 70 65 26 26 21 6d 74 2e 74 65 73 74 28 64 2b 53 2e 65 76 65 6e 74 2e 74 72 69 67 67 65 72 65 64 29 26 26 28 2d 31 3c 64 2e 69 6e 64 65 78 4f 66 28 22 2e 22 29 26 26 28 64 3d 28 68 3d 64 2e 73 70 6c 69 74 28 22 2e 22 29 29 2e 73 68 69 66 74 28 29 2c 68 2e 73 6f 72 74 28 29 29 2c 75 3d 64 2e 69 6e 64 65 78 4f 66 28 22 3a 22 29 3c 30 26 26 22 6f 6e 22 2b 64 2c 28 65 3d 65 5b 53 2e 65 78 70 61 6e 64 6f 5d 3f 65 3a 6e 65 77 20 53 2e 45 76 65 6e 74 28 64 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 65 29 29 2e 69 73 54 72
                                                                                                  Data Ascii: ce")?e.namespace.split("."):[];if(o=f=a=n=n||E,3!==n.nodeType&&8!==n.nodeType&&!mt.test(d+S.event.triggered)&&(-1<d.indexOf(".")&&(d=(h=d.split(".")).shift(),h.sort()),u=d.indexOf(":")<0&&"on"+d,(e=e[S.expando]?e:new S.Event(d,"object"==typeof e&&e)).isTr
                                                                                                  2022-08-03 00:09:50 UTC76INData Raw: 6e 64 28 6e 65 77 20 53 2e 45 76 65 6e 74 2c 6e 2c 7b 74 79 70 65 3a 65 2c 69 73 53 69 6d 75 6c 61 74 65 64 3a 21 30 7d 29 3b 53 2e 65 76 65 6e 74 2e 74 72 69 67 67 65 72 28 72 2c 6e 75 6c 6c 2c 74 29 7d 7d 29 2c 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 74 72 69 67 67 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 53 2e 65 76 65 6e 74 2e 74 72 69 67 67 65 72 28 65 2c 74 2c 74 68 69 73 29 7d 29 7d 2c 74 72 69 67 67 65 72 48 61 6e 64 6c 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 68 69 73 5b 30 5d 3b 69 66 28 6e 29 72 65 74 75 72 6e 20 53 2e 65 76 65 6e 74 2e 74 72 69 67 67 65 72 28 65 2c 74 2c 6e 2c 21 30 29 7d 7d 29 2c 79 2e 66 6f 63 75 73 69
                                                                                                  Data Ascii: nd(new S.Event,n,{type:e,isSimulated:!0});S.event.trigger(r,null,t)}}),S.fn.extend({trigger:function(e,t){return this.each(function(){S.event.trigger(e,t,this)})},triggerHandler:function(e,t){var n=this[0];if(n)return S.event.trigger(e,t,n,!0)}}),y.focusi
                                                                                                  2022-08-03 00:09:50 UTC77INData Raw: 29 69 28 6e 2c 65 29 3b 65 6c 73 65 20 66 6f 72 28 74 20 69 6e 20 65 29 41 74 28 6e 2b 22 5b 22 2b 74 2b 22 5d 22 2c 65 5b 74 5d 2c 72 2c 69 29 7d 53 2e 70 61 72 61 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 5b 5d 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 6d 28 74 29 3f 74 28 29 3a 74 3b 72 5b 72 2e 6c 65 6e 67 74 68 5d 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 29 2b 22 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6e 75 6c 6c 3d 3d 6e 3f 22 22 3a 6e 29 7d 3b 69 66 28 6e 75 6c 6c 3d 3d 65 29 72 65 74 75 72 6e 22 22 3b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 7c 7c 65 2e 6a 71 75 65 72 79 26 26 21 53 2e 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 28
                                                                                                  Data Ascii: )i(n,e);else for(t in e)At(n+"["+t+"]",e[t],r,i)}S.param=function(e,t){var n,r=[],i=function(e,t){var n=m(t)?t():t;r[r.length]=encodeURIComponent(e)+"="+encodeURIComponent(null==n?"":n)};if(null==e)return"";if(Array.isArray(e)||e.jquery&&!S.isPlainObject(
                                                                                                  2022-08-03 00:09:50 UTC78INData Raw: 69 6f 6e 20 6c 28 65 29 7b 76 61 72 20 72 3b 72 65 74 75 72 6e 20 73 5b 65 5d 3d 21 30 2c 53 2e 65 61 63 68 28 74 5b 65 5d 7c 7c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 74 28 69 2c 6f 2c 61 29 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 6e 7c 7c 75 7c 7c 73 5b 6e 5d 3f 75 3f 21 28 72 3d 6e 29 3a 76 6f 69 64 20 30 3a 28 69 2e 64 61 74 61 54 79 70 65 73 2e 75 6e 73 68 69 66 74 28 6e 29 2c 6c 28 6e 29 2c 21 31 29 7d 29 2c 72 7d 72 65 74 75 72 6e 20 6c 28 69 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 7c 7c 21 73 5b 22 2a 22 5d 26 26 6c 28 22 2a 22 29 7d 66 75 6e 63 74 69 6f 6e 20 46 74 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 3d 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 66 6c 61 74 4f 70 74 69 6f
                                                                                                  Data Ascii: ion l(e){var r;return s[e]=!0,S.each(t[e]||[],function(e,t){var n=t(i,o,a);return"string"!=typeof n||u||s[n]?u?!(r=n):void 0:(i.dataTypes.unshift(n),l(n),!1)}),r}return l(i.dataTypes[0])||!s["*"]&&l("*")}function Ft(e,t){var n,r,i=S.ajaxSettings.flatOptio
                                                                                                  2022-08-03 00:09:50 UTC79INData Raw: 72 72 65 64 28 29 2c 62 3d 53 2e 43 61 6c 6c 62 61 63 6b 73 28 22 6f 6e 63 65 20 6d 65 6d 6f 72 79 22 29 2c 77 3d 76 2e 73 74 61 74 75 73 43 6f 64 65 7c 7c 7b 7d 2c 61 3d 7b 7d 2c 73 3d 7b 7d 2c 75 3d 22 63 61 6e 63 65 6c 65 64 22 2c 54 3d 7b 72 65 61 64 79 53 74 61 74 65 3a 30 2c 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 69 66 28 68 29 7b 69 66 28 21 6e 29 7b 6e 3d 7b 7d 3b 77 68 69 6c 65 28 74 3d 71 74 2e 65 78 65 63 28 70 29 29 6e 5b 74 5b 31 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 20 22 5d 3d 28 6e 5b 74 5b 31 5d 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2b 22 20 22 5d 7c 7c 5b 5d 29 2e 63 6f 6e 63 61 74 28 74 5b 32 5d 29 7d 74 3d 6e 5b 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65
                                                                                                  Data Ascii: rred(),b=S.Callbacks("once memory"),w=v.statusCode||{},a={},s={},u="canceled",T={readyState:0,getResponseHeader:function(e){var t;if(h){if(!n){n={};while(t=qt.exec(p))n[t[1].toLowerCase()+" "]=(n[t[1].toLowerCase()+" "]||[]).concat(t[2])}t=n[e.toLowerCase
                                                                                                  2022-08-03 00:09:50 UTC81INData Raw: 61 73 43 6f 6e 74 65 6e 74 3f 76 2e 64 61 74 61 26 26 76 2e 70 72 6f 63 65 73 73 44 61 74 61 26 26 30 3d 3d 3d 28 76 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 28 76 2e 64 61 74 61 3d 76 2e 64 61 74 61 2e 72 65 70 6c 61 63 65 28 4e 74 2c 22 2b 22 29 29 3a 28 6f 3d 76 2e 75 72 6c 2e 73 6c 69 63 65 28 66 2e 6c 65 6e 67 74 68 29 2c 76 2e 64 61 74 61 26 26 28 76 2e 70 72 6f 63 65 73 73 44 61 74 61 7c 7c 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 76 2e 64 61 74 61 29 26 26 28 66 2b 3d 28 54 74 2e 74 65 73 74 28 66 29 3f 22 26 22 3a 22 3f 22 29 2b 76 2e 64 61 74 61 2c 64 65 6c 65 74 65 20 76 2e 64 61 74 61
                                                                                                  Data Ascii: asContent?v.data&&v.processData&&0===(v.contentType||"").indexOf("application/x-www-form-urlencoded")&&(v.data=v.data.replace(Nt,"+")):(o=v.url.slice(f.length),v.data&&(v.processData||"string"==typeof v.data)&&(f+=(Tt.test(f)?"&":"?")+v.data,delete v.data
                                                                                                  2022-08-03 00:09:50 UTC82INData Raw: 2c 6e 26 26 28 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 2c 73 3d 65 2e 63 6f 6e 74 65 6e 74 73 2c 75 3d 65 2e 64 61 74 61 54 79 70 65 73 3b 77 68 69 6c 65 28 22 2a 22 3d 3d 3d 75 5b 30 5d 29 75 2e 73 68 69 66 74 28 29 2c 76 6f 69 64 20 30 3d 3d 3d 72 26 26 28 72 3d 65 2e 6d 69 6d 65 54 79 70 65 7c 7c 74 2e 67 65 74 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 28 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 29 29 3b 69 66 28 72 29 66 6f 72 28 69 20 69 6e 20 73 29 69 66 28 73 5b 69 5d 26 26 73 5b 69 5d 2e 74 65 73 74 28 72 29 29 7b 75 2e 75 6e 73 68 69 66 74 28 69 29 3b 62 72 65 61 6b 7d 69 66 28 75 5b 30 5d 69 6e 20 6e 29 6f 3d 75 5b 30 5d 3b 65 6c 73 65 7b 66 6f 72 28 69 20 69 6e 20 6e 29 7b 69 66 28 21 75 5b 30 5d
                                                                                                  Data Ascii: ,n&&(s=function(e,t,n){var r,i,o,a,s=e.contents,u=e.dataTypes;while("*"===u[0])u.shift(),void 0===r&&(r=e.mimeType||t.getResponseHeader("Content-Type"));if(r)for(i in s)if(s[i]&&s[i].test(r)){u.unshift(i);break}if(u[0]in n)o=u[0];else{for(i in n){if(!u[0]
                                                                                                  2022-08-03 00:09:50 UTC83INData Raw: 3d 73 2e 73 74 61 74 65 2c 6f 3d 73 2e 64 61 74 61 2c 69 3d 21 28 61 3d 73 2e 65 72 72 6f 72 29 29 29 3a 28 61 3d 6c 2c 21 65 26 26 6c 7c 7c 28 6c 3d 22 65 72 72 6f 72 22 2c 65 3c 30 26 26 28 65 3d 30 29 29 29 2c 54 2e 73 74 61 74 75 73 3d 65 2c 54 2e 73 74 61 74 75 73 54 65 78 74 3d 28 74 7c 7c 6c 29 2b 22 22 2c 69 3f 78 2e 72 65 73 6f 6c 76 65 57 69 74 68 28 79 2c 5b 6f 2c 6c 2c 54 5d 29 3a 78 2e 72 65 6a 65 63 74 57 69 74 68 28 79 2c 5b 54 2c 6c 2c 61 5d 29 2c 54 2e 73 74 61 74 75 73 43 6f 64 65 28 77 29 2c 77 3d 76 6f 69 64 20 30 2c 67 26 26 6d 2e 74 72 69 67 67 65 72 28 69 3f 22 61 6a 61 78 53 75 63 63 65 73 73 22 3a 22 61 6a 61 78 45 72 72 6f 72 22 2c 5b 54 2c 76 2c 69 3f 6f 3a 61 5d 29 2c 62 2e 66 69 72 65 57 69 74 68 28 79 2c 5b 54 2c 6c 5d 29 2c
                                                                                                  Data Ascii: =s.state,o=s.data,i=!(a=s.error))):(a=l,!e&&l||(l="error",e<0&&(e=0))),T.status=e,T.statusText=(t||l)+"",i?x.resolveWith(y,[o,l,T]):x.rejectWith(y,[T,l,a]),T.statusCode(w),w=void 0,g&&m.trigger(i?"ajaxSuccess":"ajaxError",[T,v,i?o:a]),b.fireWith(y,[T,l]),
                                                                                                  2022-08-03 00:09:50 UTC85INData Raw: 63 61 6c 6c 28 74 68 69 73 2c 65 29 29 7d 29 3a 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 53 28 74 68 69 73 29 2c 74 3d 65 2e 63 6f 6e 74 65 6e 74 73 28 29 3b 74 2e 6c 65 6e 67 74 68 3f 74 2e 77 72 61 70 41 6c 6c 28 6e 29 3a 65 2e 61 70 70 65 6e 64 28 6e 29 7d 29 7d 2c 77 72 61 70 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 6d 28 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 53 28 74 68 69 73 29 2e 77 72 61 70 41 6c 6c 28 6e 3f 74 2e 63 61 6c 6c 28 74 68 69 73 2c 65 29 3a 74 29 7d 29 7d 2c 75 6e 77 72 61 70 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 61 72 65 6e 74 28 65 29 2e 6e 6f 74 28 22 62 6f 64 79 22 29 2e 65 61 63
                                                                                                  Data Ascii: call(this,e))}):this.each(function(){var e=S(this),t=e.contents();t.length?t.wrapAll(n):e.append(n)})},wrap:function(t){var n=m(t);return this.each(function(e){S(this).wrapAll(n?t.call(this,e):t)})},unwrap:function(e){return this.parent(e).not("body").eac
                                                                                                  2022-08-03 00:09:50 UTC86INData Raw: 3d 3d 28 72 2e 72 65 73 70 6f 6e 73 65 54 79 70 65 7c 7c 22 74 65 78 74 22 29 7c 7c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 72 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 3f 7b 62 69 6e 61 72 79 3a 72 2e 72 65 73 70 6f 6e 73 65 7d 3a 7b 74 65 78 74 3a 72 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 7d 2c 72 2e 67 65 74 41 6c 6c 52 65 73 70 6f 6e 73 65 48 65 61 64 65 72 73 28 29 29 29 7d 7d 2c 72 2e 6f 6e 6c 6f 61 64 3d 6f 28 29 2c 61 3d 72 2e 6f 6e 65 72 72 6f 72 3d 72 2e 6f 6e 74 69 6d 65 6f 75 74 3d 6f 28 22 65 72 72 6f 72 22 29 2c 76 6f 69 64 20 30 21 3d 3d 72 2e 6f 6e 61 62 6f 72 74 3f 72 2e 6f 6e 61 62 6f 72 74 3d 61 3a 72 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 34 3d 3d 3d 72 2e 72 65 61 64 79 53
                                                                                                  Data Ascii: ==(r.responseType||"text")||"string"!=typeof r.responseText?{binary:r.response}:{text:r.responseText},r.getAllResponseHeaders()))}},r.onload=o(),a=r.onerror=r.ontimeout=o("error"),void 0!==r.onabort?r.onabort=a:r.onreadystatechange=function(){4===r.readyS
                                                                                                  2022-08-03 00:09:50 UTC87INData Raw: 73 6f 6e 70 22 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 2c 61 3d 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 55 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 2e 64 61 74 61 26 26 30 3d 3d 3d 28 65 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 55 74 2e 74 65 73 74 28 65 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 61 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 65 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 6d 28 65 2e 6a 73 6f 6e 70
                                                                                                  Data Ascii: sonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonp
                                                                                                  2022-08-03 00:09:50 UTC88INData Raw: 30 29 3a 74 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 69 3d 22 50 4f 53 54 22 29 2c 30 3c 61 2e 6c 65 6e 67 74 68 26 26 53 2e 61 6a 61 78 28 7b 75 72 6c 3a 65 2c 74 79 70 65 3a 69 7c 7c 22 47 45 54 22 2c 64 61 74 61 54 79 70 65 3a 22 68 74 6d 6c 22 2c 64 61 74 61 3a 74 7d 29 2e 64 6f 6e 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6f 3d 61 72 67 75 6d 65 6e 74 73 2c 61 2e 68 74 6d 6c 28 72 3f 53 28 22 3c 64 69 76 3e 22 29 2e 61 70 70 65 6e 64 28 53 2e 70 61 72 73 65 48 54 4d 4c 28 65 29 29 2e 66 69 6e 64 28 72 29 3a 65 29 7d 29 2e 61 6c 77 61 79 73 28 6e 26 26 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 61 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 2e 61 70 70 6c 79 28 74 68 69 73 2c 6f 7c 7c 5b 65 2e 72 65 73 70 6f 6e 73
                                                                                                  Data Ascii: 0):t&&"object"==typeof t&&(i="POST"),0<a.length&&S.ajax({url:e,type:i||"GET",dataType:"html",data:t}).done(function(e){o=arguments,a.html(r?S("<div>").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.respons
                                                                                                  2022-08-03 00:09:50 UTC90INData Raw: 3d 72 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2c 65 3d 72 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 7c 7c 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 3b 77 68 69 6c 65 28 65 26 26 28 65 3d 3d 3d 6e 2e 62 6f 64 79 7c 7c 65 3d 3d 3d 6e 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 26 26 22 73 74 61 74 69 63 22 3d 3d 3d 53 2e 63 73 73 28 65 2c 22 70 6f 73 69 74 69 6f 6e 22 29 29 65 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 65 26 26 65 21 3d 3d 72 26 26 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 26 26 28 28 69 3d 53 28 65 29 2e 6f 66 66 73 65 74 28 29 29 2e 74 6f 70 2b 3d 53 2e 63 73 73 28 65 2c 22 62 6f 72 64 65 72 54 6f 70 57 69 64 74 68 22 2c 21 30 29 2c 69 2e 6c 65 66 74 2b 3d 53 2e 63 73 73 28 65 2c 22 62 6f 72 64 65 72 4c 65 66 74 57 69 64 74
                                                                                                  Data Ascii: =r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidt
                                                                                                  2022-08-03 00:09:50 UTC91INData Raw: 63 6c 69 65 6e 74 22 2b 61 5d 3a 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 3f 28 72 3d 65 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 4d 61 74 68 2e 6d 61 78 28 65 2e 62 6f 64 79 5b 22 73 63 72 6f 6c 6c 22 2b 61 5d 2c 72 5b 22 73 63 72 6f 6c 6c 22 2b 61 5d 2c 65 2e 62 6f 64 79 5b 22 6f 66 66 73 65 74 22 2b 61 5d 2c 72 5b 22 6f 66 66 73 65 74 22 2b 61 5d 2c 72 5b 22 63 6c 69 65 6e 74 22 2b 61 5d 29 29 3a 76 6f 69 64 20 30 3d 3d 3d 6e 3f 53 2e 63 73 73 28 65 2c 74 2c 69 29 3a 53 2e 73 74 79 6c 65 28 65 2c 74 2c 6e 2c 69 29 7d 2c 73 2c 6e 3f 65 3a 76 6f 69 64 20 30 2c 6e 29 7d 7d 29 7d 29 2c 53 2e 65 61 63 68 28 5b 22 61 6a 61 78 53 74 61 72 74 22 2c 22 61 6a 61 78 53 74 6f 70 22 2c 22 61 6a 61 78 43 6f 6d 70 6c 65 74 65 22 2c 22 61 6a 61 78 45 72 72
                                                                                                  Data Ascii: client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxErr
                                                                                                  2022-08-03 00:09:50 UTC92INData Raw: 4f 4e 3d 4a 53 4f 4e 2e 70 61 72 73 65 2c 53 2e 6e 6f 64 65 4e 61 6d 65 3d 41 2c 53 2e 69 73 46 75 6e 63 74 69 6f 6e 3d 6d 2c 53 2e 69 73 57 69 6e 64 6f 77 3d 78 2c 53 2e 63 61 6d 65 6c 43 61 73 65 3d 58 2c 53 2e 74 79 70 65 3d 77 2c 53 2e 6e 6f 77 3d 44 61 74 65 2e 6e 6f 77 2c 53 2e 69 73 4e 75 6d 65 72 69 63 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 53 2e 74 79 70 65 28 65 29 3b 72 65 74 75 72 6e 28 22 6e 75 6d 62 65 72 22 3d 3d 3d 74 7c 7c 22 73 74 72 69 6e 67 22 3d 3d 3d 74 29 26 26 21 69 73 4e 61 4e 28 65 2d 70 61 72 73 65 46 6c 6f 61 74 28 65 29 29 7d 2c 53 2e 74 72 69 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 22 22 3a 28 65 2b 22 22 29 2e 72 65 70 6c 61 63 65 28 58 74 2c 22 22 29 7d 2c 22
                                                                                                  Data Ascii: ON=JSON.parse,S.nodeName=A,S.isFunction=m,S.isWindow=x,S.camelCase=X,S.type=w,S.now=Date.now,S.isNumeric=function(e){var t=S.type(e);return("number"===t||"string"===t)&&!isNaN(e-parseFloat(e))},S.trim=function(e){return null==e?"":(e+"").replace(Xt,"")},"


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:1
                                                                                                  Start time:02:07:33
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Users\user\Desktop\GalacticFever.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Users\user\Desktop\GalacticFever.exe"
                                                                                                  Imagebase:0x400000
                                                                                                  File size:63310848 bytes
                                                                                                  MD5 hash:33C8EA1DD93DEAAEDE1F0BD3E0A42063
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:12
                                                                                                  Start time:02:08:26
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  Imagebase:0x7ff7de490000
                                                                                                  File size:146870272 bytes
                                                                                                  MD5 hash:7E0C6A869431C00542C18DF9C3105672
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:14
                                                                                                  Start time:02:08:57
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                  Imagebase:0x7ff7de490000
                                                                                                  File size:146870272 bytes
                                                                                                  MD5 hash:7E0C6A869431C00542C18DF9C3105672
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:15
                                                                                                  Start time:02:08:56
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                  Imagebase:0x7ff77c2c0000
                                                                                                  File size:4849904 bytes
                                                                                                  MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate

                                                                                                  General

                                                                                                  Target ID:16
                                                                                                  Start time:02:09:11
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\cmd.exe /d /s /c ""C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat" "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png" "
                                                                                                  Imagebase:0x7ff70d6d0000
                                                                                                  File size:289792 bytes
                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate

                                                                                                  General

                                                                                                  Target ID:17
                                                                                                  Start time:02:09:12
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff63b1d0000
                                                                                                  File size:875008 bytes
                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:18
                                                                                                  Start time:02:09:12
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:screenCapture_1.3.2.exe "C:\Users\user\AppData\Local\Temp\epsilon-user\screenshot.png"
                                                                                                  Imagebase:0x640000
                                                                                                  File size:12800 bytes
                                                                                                  MD5 hash:BEFA2810B15D065C0095292F1DD4734B
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:19
                                                                                                  Start time:02:09:14
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\cscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:cscript.exe
                                                                                                  Imagebase:0x7ff76ef80000
                                                                                                  File size:161280 bytes
                                                                                                  MD5 hash:B8454647EFC71192BF7B1572D18F7BD8
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:20
                                                                                                  Start time:02:09:14
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\cscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:cscript.exe
                                                                                                  Imagebase:0x7ff76ef80000
                                                                                                  File size:161280 bytes
                                                                                                  MD5 hash:B8454647EFC71192BF7B1572D18F7BD8
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:21
                                                                                                  Start time:02:09:14
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff63b1d0000
                                                                                                  File size:875008 bytes
                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:22
                                                                                                  Start time:02:09:15
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff63b1d0000
                                                                                                  File size:875008 bytes
                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:23
                                                                                                  Start time:02:09:15
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\cscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions"
                                                                                                  Imagebase:0x7ff76ef80000
                                                                                                  File size:161280 bytes
                                                                                                  MD5 hash:B8454647EFC71192BF7B1572D18F7BD8
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:24
                                                                                                  Start time:02:09:15
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff63b1d0000
                                                                                                  File size:875008 bytes
                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high

                                                                                                  General

                                                                                                  Target ID:25
                                                                                                  Start time:02:09:15
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\cscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:cscript.exe //Nologo C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar\node_modules\regedit\vbs\regList.wsf A HKCU\SOFTWARE\Valve\Steam
                                                                                                  Imagebase:0x7ff76ef80000
                                                                                                  File size:161280 bytes
                                                                                                  MD5 hash:B8454647EFC71192BF7B1572D18F7BD8
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low

                                                                                                  General

                                                                                                  Target ID:26
                                                                                                  Start time:02:09:15
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff63b1d0000
                                                                                                  File size:875008 bytes
                                                                                                  MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:27
                                                                                                  Start time:02:09:24
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --mojo-platform-channel-handle=2036 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                  Imagebase:0x7ff7de490000
                                                                                                  File size:146870272 bytes
                                                                                                  MD5 hash:7E0C6A869431C00542C18DF9C3105672
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:29
                                                                                                  Start time:02:09:37
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --app-path="C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=8531136591 --mojo-platform-channel-handle=2320 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
                                                                                                  Imagebase:0x7ff7de490000
                                                                                                  File size:146870272 bytes
                                                                                                  MD5 hash:7E0C6A869431C00542C18DF9C3105672
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  General

                                                                                                  Target ID:30
                                                                                                  Start time:02:10:57
                                                                                                  Start date:03/08/2022
                                                                                                  Path:C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\2Ci45pzFGytv5nzm98wKCl0qmls\GalacticFever.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=32902 --gpu-device-id=16024 --gpu-sub-system-id=1050155081 --gpu-revision=2 --gpu-driver-version=27.20.100.9415 --user-data-dir="C:\Users\user\AppData\Roaming\GalacticFever" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1884,i,767538444076131274,5591825107057143823,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                  Imagebase:0x7ff7de490000
                                                                                                  File size:146870272 bytes
                                                                                                  MD5 hash:7E0C6A869431C00542C18DF9C3105672
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:29.3%
                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:6
                                                                                                    Total number of Limit Nodes:0

                                                                                                    Callgraph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    • Opacity -> Relevance
                                                                                                    • Disassembly available
                                                                                                    callgraph 0 Function_00007FF9597A01E2 1 Function_00007FF9597A0064 2 Function_00007FF9597A04E8 3 Function_00007FF9597A015B 4 Function_00007FF9597A025B 5 Function_00007FF9597A0ADD 5->2 50 Function_00007FF9597A04B8 5->50 6 Function_00007FF9597A06E0 7 Function_00007FF9597A05E0 8 Function_00007FF9597A07E0 9 Function_00007FF9597A01F2 10 Function_00007FF9597A17F5 11 Function_00007FF9597A15EC 12 Function_00007FF9597A06F0 13 Function_00007FF9597A05F0 14 Function_00007FF9597A0102 15 Function_00007FF9597A0202 16 Function_00007FF9597A1081 37 Function_00007FF9597A0490 16->37 62 Function_00007FF9597A04D8 16->62 64 Function_00007FF9597A05D0 16->64 17 Function_00007FF9597A0A86 18 Function_00007FF9597A0208 19 Function_00007FF9597A0488 20 Function_00007FF9597A1279 21 Function_00007FF9597A08FD 41 Function_00007FF9597A04A8 21->41 47 Function_00007FF9597A04A0 21->47 54 Function_00007FF9597A04B0 21->54 22 Function_00007FF9597A0600 23 Function_00007FF9597A0700 24 Function_00007FF9597A0192 25 Function_00007FF9597A0112 26 Function_00007FF9597A1111 27 Function_00007FF9597A0118 28 Function_00007FF9597A0498 29 Function_00007FF9597A120A 29->7 29->13 29->22 29->28 30 Function_00007FF9597A038A 31 Function_00007FF9597A078A 32 Function_00007FF9597A080A 33 Function_00007FF9597A000B 34 Function_00007FF9597A150E 35 Function_00642EDA 36 Function_00007FF9597A0810 38 Function_00007FF9597A0710 39 Function_00007FF9597A01A2 40 Function_00007FF9597A1021 40->19 42 Function_00007FF9597A0A27 43 Function_00007FF9597A141C 43->6 43->12 43->23 43->38 46 Function_00007FF9597A0720 43->46 55 Function_00007FF9597A0730 43->55 44 Function_00642FA8 45 Function_00007FF9597A029D 48 Function_00007FF9597A01B2 49 Function_00007FF9597A07B5 51 Function_00007FF9597A032A 52 Function_00007FF9597A012D 53 Function_00007FF9597A06B0 56 Function_00007FF9597A01C2 57 Function_00007FF9597A16C4 58 Function_00007FF9597A133C 59 Function_00007FF9597A00BD 60 Function_00007FF9597A0740 61 Function_00007FF9597A01D2 63 Function_00007FF9597A034D

                                                                                                    Executed Functions

                                                                                                    Function 00007FF9597A150E Relevance: 1.6, APIs: 1, Instructions: 108windowCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000012.00000002.85138681193.00007FF9597A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9597A0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_18_2_7ff9597a0000_screenCapture_1.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: BitmapCompatibleCreate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1901715728-0
                                                                                                    • Opcode ID: 808954f384b93a29e8d6afc0186752b19c47fcf2d8a8015af3ba0de5b6f06705
                                                                                                    • Instruction ID: df038e050f135ebb2d961e6587c3465dfe03f51d1714c51898cf27b522da3f84
                                                                                                    • Opcode Fuzzy Hash: 808954f384b93a29e8d6afc0186752b19c47fcf2d8a8015af3ba0de5b6f06705
                                                                                                    • Instruction Fuzzy Hash: A931D63190CB488FEB1DEB68984A7F97BF0EB66321F04016FD08AC3592DB646446CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF9597A17F5 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000012.00000002.85138681193.00007FF9597A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF9597A0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_18_2_7ff9597a0000_screenCapture_1.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Delete
                                                                                                    • String ID:
                                                                                                    • API String ID: 1035893169-0
                                                                                                    • Opcode ID: c8f6486b4f0fc3c7ff27da57826cda15e14ae3c7df71e4ac3a7d942a7bb5ec8c
                                                                                                    • Instruction ID: e16949fd9b2206ef40e0616519d049884a616dd78010dca536788d0ed7caf9f5
                                                                                                    • Opcode Fuzzy Hash: c8f6486b4f0fc3c7ff27da57826cda15e14ae3c7df71e4ac3a7d942a7bb5ec8c
                                                                                                    • Instruction Fuzzy Hash: 8A31D13190CA4C8FEB59DF68C849BF9BBE0EB66321F04426FD049C3592CB64A456CB81
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%