zloader | ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2

max time kernel
843s
max time network
1692s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

psr.exe
Size

13.4MB
MD5

33c9518c086d0cca4a636bc86728485e
SHA1

2420ad25e243ab8905b49f60fe7fb96590661f50
SHA256

ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2
SHA512

6c2c470607b88e7cd79411b7a645b395cee3306a23e6ba50b8ac57f7d5529a1b350c34e19da69aeb1ffade44d5187b4a1ef209a53d21a83e9e35add10fc7867d
SSDEEP

49152:W/XzWTJmbjeHLKLpyNpaQ+69tPvGUmskDXs4Awd9CBqcUiInvlT2hPnXiwzYJ33S:W/EmGrKL2pllzP+UNkEARmzY1C

Score

10^/10

zloader botnet discovery persistence privilege_escalation trojan

Malware Config

Signatures

Zloader family
zloader
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Executes dropped EXE 3 IoCs

pid	Process
896	far_foodselsdag.exe
1732	UnityCrashHandler64.exe
2184	UnityCrashHandler64.exe

Loads dropped DLL 36 IoCs

pid	Process
2680	MsiExec.exe
2680	MsiExec.exe
2680	MsiExec.exe
2680	MsiExec.exe
2680	MsiExec.exe
1044	MsiExec.exe
1044	MsiExec.exe
1044	MsiExec.exe
1044	MsiExec.exe
2028	msiexec.exe
2028	msiexec.exe
2028	msiexec.exe
1044	MsiExec.exe
1216	Process not Found
1216	Process not Found
1216	Process not Found
2680	MsiExec.exe
896	far_foodselsdag.exe
896	far_foodselsdag.exe
896	far_foodselsdag.exe
896	far_foodselsdag.exe
896	far_foodselsdag.exe
1216	Process not Found
2196	MsiExec.exe
2196	MsiExec.exe
2196	MsiExec.exe
2196	MsiExec.exe
2196	MsiExec.exe
2272	MsiExec.exe
2272	MsiExec.exe
2272	MsiExec.exe
624	MsiExec.exe
624	MsiExec.exe
624	MsiExec.exe
624	MsiExec.exe
624	MsiExec.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	msiexec.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	msiexec.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BikeEscape\desktop.ini	msiexec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	psr.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	psr.exe
File opened (read-only)	\??\S:	psr.exe
File opened (read-only)	\??\V:	psr.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	psr.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	psr.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	psr.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	psr.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\M:	psr.exe
File opened (read-only)	\??\N:	psr.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	psr.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	psr.exe
File opened (read-only)	\??\A:	msiexec.exe

Drops file in Windows directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI3600.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7a340c.ipi	msiexec.exe
File created	C:\Windows\Installer\f7a340f.ipi	msiexec.exe
File created	C:\Windows\Installer\f7a340b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3498.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7a340f.ipi	msiexec.exe
File created	C:\Windows\Installer\f7a340e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI40A3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI36CB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI41D7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4073.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7a340b.msi	msiexec.exe
File created	C:\Windows\Installer\f7a340c.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3FC7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4160.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3768.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3815.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	psr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2132	SnippingTool.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	psr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	psr.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000005dbd5a82bae874d48dc5375d2d69c479ae752d9e03c7ee99591aa831d88af41b000000000e80000000020000200000003ea5bf2da5c3398d42cbd435ef9f7170a22cbdd7b6200e9bf125213c9f39a0ba20000000beddb9febf6967c4cc4bdc50f73f00602e54f967ec47dad471596317a6f558fd400000002b2e5d953725ae6b93392f1be054b000c444150ce6c90cc0063805fe468bc14bcfceb72f1243c4f291d4e7e6093e2b4f73a0341e8dfba2165e094adeef750f7c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8EB78B1-A5B0-11EF-972C-F245C6AC432F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000000059b33ea569fa633a0156e43e1f0982b9c9b99622f1d471e8c2e719250fda7f000000000e8000000002000020000000ff15b337c05bd0dc3b7f4b8c1263c91fdcc0823e2bbe2aa29c4c9a63cbd87d679000000020396c1648f1814e2939d268ff5c9035b4c9061b96e9cf1555fe3a2360ac7625de7b8ebc30747204c341d504e5d149b08013f4722fa390df6b420fba944afeda6b11c46085cac239b6079e968237ceec362a57b59b484bcca25c9086ca71aae0144cb69f840bbc24b6b083b3eb573267b4f489fd96cfc6dad002130ae1ab0a071487ea47a321d5d1add91ac448a00248400000002cdfbc7d8a7eb3a2196a5ab7be73242ddcca08167a6398a0f8a5c65113c052264c8b3780aec973c5d733ca9641c600f3c33d0ffd7c1ea01242b83f916e97f4a2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09d937dbd39db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Modifies registry class 27 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	psr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	psr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	psr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8acc2016-04a3-4343-b8e1-1870e35d6a41}	osk.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	psr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib	osk.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	psr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	psr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	psr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	psr.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	psr.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	psr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000	psr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8acc2016-04a3-4343-b8e1-1870e35d6a41}\1.0\0\win64	osk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8acc2016-04a3-4343-b8e1-1870e35d6a41}\1.0\0	osk.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	psr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	psr.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	psr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "5"	psr.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_Classes\Local Settings	psr.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	psr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	psr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8acc2016-04a3-4343-b8e1-1870e35d6a41}\1.0	osk.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	psr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	psr.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	psr.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	psr.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1736	chrome.exe
1736	chrome.exe
2028	msiexec.exe
2028	msiexec.exe
1736	chrome.exe
1736	chrome.exe
2028	msiexec.exe
2028	msiexec.exe
2976	chrome.exe
2976	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
1292	chrome.exe
1292	chrome.exe
1516	chrome.exe
1516	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3000	psr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1616	osk.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1996	DllHost.exe
1616	osk.exe
1996	DllHost.exe
1616	osk.exe
1616	osk.exe
1616	osk.exe
1996	DllHost.exe
1616	osk.exe
1996	DllHost.exe
1616	osk.exe
1616	osk.exe
3000	psr.exe
3000	psr.exe
896	far_foodselsdag.exe
3000	psr.exe
2424	iexplore.exe
2424	iexplore.exe
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
1800	IEXPLORE.EXE
2292	WISPTIS.EXE
2132	SnippingTool.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 288 wrote to memory of 1616	288	utilman.exe	37
PID 288 wrote to memory of 1616	288	utilman.exe	37
PID 288 wrote to memory of 1616	288	utilman.exe	37
PID 1832 wrote to memory of 3000	1832	cmd.exe	39
PID 1832 wrote to memory of 3000	1832	cmd.exe	39
PID 1832 wrote to memory of 3000	1832	cmd.exe	39
PID 1736 wrote to memory of 1092	1736	chrome.exe	42
PID 1736 wrote to memory of 1092	1736	chrome.exe	42
PID 1736 wrote to memory of 1092	1736	chrome.exe	42
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2700	1736	chrome.exe	44
PID 1736 wrote to memory of 2768	1736	chrome.exe	45
PID 1736 wrote to memory of 2768	1736	chrome.exe	45
PID 1736 wrote to memory of 2768	1736	chrome.exe	45
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46
PID 1736 wrote to memory of 2676	1736	chrome.exe	46

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\psr.exe
"C:\Users\Admin\AppData\Local\Temp\psr.exe"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:3068

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:764

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\system32\psr.exe
  psr
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3000

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
PID:2124

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
- Suspicious use of WriteProcessMemory
PID:288
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1616

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:2
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1508 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:2
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3040 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3700 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3324 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3320 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2616 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3780 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3960 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4044 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2768 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1264,i,13956977512713803650,12776907558833391128,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BikeEscape_0.0.2_setup.msi"
  2⤵
  - Enumerates connected drives
  PID:692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3028

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2028
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F3B654D04DE9B23424D0D4C1A1DFCEDB C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2680
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 892729537D247471D04315738959BB38
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1044
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A737100381512421A80ECF5E81650F15 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2196
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding AD9CA4F85FA5848665480EAD220F515C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2272
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3DE6B742D7ACBEF5C10020E4D9278565 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:624
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 85B61808225229996C27129A33A1B171 C
  2⤵
  PID:2920
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 568128013999760E0D0FFCF4E1DC2785
  2⤵
  PID:1560

C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag.exe
"C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:896
- C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe
  "C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe" --attach 896 2101248
  2⤵
  - Executes dropped EXE
  PID:1732
- - C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe
    "C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe" "896" "2101248"
    3⤵
    - Executes dropped EXE
    PID:2184

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_psr.zip\Problem_20241118_1325.mht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2424
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1800

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1396

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BikeEscape_0.0.2_setup.msi"
1⤵
- Enumerates connected drives
PID:296

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2804

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of SetWindowsHookEx
PID:2132
- C:\Windows\SYSTEM32\WISPTIS.EXE
  "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1328,i,7778601674100523736,13520923634776126991,131072 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1328,i,7778601674100523736,13520923634776126991,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1328,i,7778601674100523736,13520923634776126991,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1480 --field-trial-handle=1328,i,7778601674100523736,13520923634776126991,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1328,i,7778601674100523736,13520923634776126991,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1164 --field-trial-handle=1328,i,7778601674100523736,13520923634776126991,131072 /prefetch:2
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1256 --field-trial-handle=1328,i,7778601674100523736,13520923634776126991,131072 /prefetch:1
  2⤵
  PID:2632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:2
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1076 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3776 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2620 --field-trial-handle=1340,i,8757113709113789189,4533738966154375936,131072 /prefetch:1
  2⤵
  PID:2780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=1372,i,14159219792203682629,17514100686599859089,131072 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1372,i,14159219792203682629,17514100686599859089,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1372,i,14159219792203682629,17514100686599859089,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2344 --field-trial-handle=1372,i,14159219792203682629,17514100686599859089,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2368 --field-trial-handle=1372,i,14159219792203682629,17514100686599859089,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1464 --field-trial-handle=1372,i,14159219792203682629,17514100686599859089,131072 /prefetch:2
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1372,i,14159219792203682629,17514100686599859089,131072 /prefetch:1
  2⤵
  PID:1104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1204,i,14984358476700004916,9997067415533295802,131072 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1204,i,14984358476700004916,9997067415533295802,131072 /prefetch:8
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1204,i,14984358476700004916,9997067415533295802,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1204,i,14984358476700004916,9997067415533295802,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1204,i,14984358476700004916,9997067415533295802,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1552 --field-trial-handle=1204,i,14984358476700004916,9997067415533295802,131072 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3280 --field-trial-handle=1204,i,14984358476700004916,9997067415533295802,131072 /prefetch:1
  2⤵
  PID:2256

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:2
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1524 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1808 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1464 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3752 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2492 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BikeEscape_0.0.2_setup.msi"
  2⤵
  - Enumerates connected drives
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3356 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3900 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 --field-trial-handle=1256,i,12431569079963468892,10383978650426884387,131072 /prefetch:8
  2⤵
  PID:2128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1996

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2320

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4
1⤵
PID:804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1224,i,5881183841455444515,3434750905424672249,131072 /prefetch:2
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1224,i,5881183841455444515,3434750905424672249,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1224,i,5881183841455444515,3434750905424672249,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1588 --field-trial-handle=1224,i,5881183841455444515,3434750905424672249,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1224,i,5881183841455444515,3434750905424672249,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1444 --field-trial-handle=1224,i,5881183841455444515,3434750905424672249,131072 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1336 --field-trial-handle=1224,i,5881183841455444515,3434750905424672249,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1660
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fd37688,0x13fd37698,0x13fd376a8
    3⤵
    PID:1420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5da9758,0x7fef5da9768,0x7fef5da9778
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:2
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1652 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1268 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2216 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2424 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1200,i,1581294231995308825,2294807783444827256,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BikeEscape_0.0.2_setup.msi"
  2⤵
  PID:2408

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:916

C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag.exe
"C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag.exe"
1⤵
PID:2084
- C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe
  "C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe" --attach 2084 4198400
  2⤵
  PID:2692
- - C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe
    "C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe" "2084" "4198400"
    3⤵
    PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f7a340d.rbs

Filesize
47KB

MD5
aa1e6afb814bb4c11c585416b45916ff

SHA1
0f1258de85ac6746d4bed32ad28c304bf0b53b07

SHA256
65cb07eb7245c7b5d0346676668ba8eea5cd2f58b549e7517cf999b98b1ab3d2

SHA512
5585d788a077a04fd397462cd4d3d9b99e9510f634bf71bcc258c83b16717b03b35f732b4e4fcde73143524e14ec9a6f924ea725b93565e423c13720b1a2828c

Download Submit
C:\Config.Msi\f7a3410.rbs

Filesize
90KB

MD5
58c79bbd35a4e956f55f2bd12216fa66

SHA1
e3bc2c38c700c9d33c9ed85678fd5cd497d1359f

SHA256
00adfcc72c61f561b99c6e00d6190c1b945150ddc3ad6b56332ee81806848545

SHA512
d645853257753bbe2e2fa87d553d915c713b0888a5c0ff64696dec70d9f521f7ec8edcde774a0e9aefb3ab226f88452bb970fc2e80e3554c07a8a6e1e63229a8

Download Submit
C:\Config.Msi\f7a3413.rbf

Filesize
1KB

MD5
00f99def2957e7450ff4b5d4003572d1

SHA1
16b122550966622c6345fea2b4372cfa2912234b

SHA256
e79cd3124290773b5dcc6c771ee66cefc8fea693fcc8d5c3c97876d6d151df88

SHA512
98ac62fa0ed422925a97f8be85cce7d0b714d82ec31a916b2f83bd7ed89ef8d32e87087f18db55ad52be896bbd576d0bb6cecdf37da09210a531deafa03874dc

Download Submit
C:\Config.Msi\f7a3502.rbs

Filesize
47KB

MD5
cee9f63c29d359f470aa81b7d2ea908c

SHA1
4a40c4bfddf5ea8c6ba754726af958f53c682c47

SHA256
ce1d4ebd8d33729f494c7e9bb96c05a8da906e6fd1658dfe5ce8c2495fc0168b

SHA512
694afd89a13c2c8b282523aea3437025721a45b32a55513801a1ebd976465415adc043b48c919fb9ff15a0cdda01d3f1a90a29cd526c641848de4a206e0caa8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da88c04df171898c7a2c3d24a873964c

SHA1
7016f57a6ef0e53db56cc50dc5ac0adf49ad6e16

SHA256
21dd915e4885bcbda9eb40de52932211207a0b5470f8ccd83144c340804f6419

SHA512
410380c1c21b661658a8053fab18e78b2ec2bacb004e2c3c4fdeae7d1ae66cbbafdd90eadef42695d5806ac043f635a755c8a687be639d1f7f925ed5f0c23cdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39872b764ebfc56003dd8af2b932d8d3

SHA1
09e8e274db6c19f7e56544186e03246dee49ffc8

SHA256
d310958ca60819dc3aaf1ed1ce746f0300fd298b51de9c3cb94eb192344f4b0f

SHA512
c5b5d483794692e9689e6436a9e19f734549af4dbbb29d63bc3aa4f3d5959f5c16d7d139e72f45a9b6647d6cf5fc2e27c70e573298f7b162fdf214b6d24eb1d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ee98a3520fd97e3a9bb7071c5430749

SHA1
5daed81efd50260f4a446ea1ea117040dc5b0966

SHA256
56e9f2918f5f10e41aa055f74da15ae179c26251f4c03ba4fedd5df9c77f6886

SHA512
c7ff3eb152d3aa670ba7130218f44d854170b09fb38c4c846cb239ab97f004152a27bcbf10f394467a77b510380c70f8332675e6d35f8cc7c870e30360c5ecfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ff5a3e31e9e345ce03e3fce8f012a4d

SHA1
9ec88736730987dbff4936cf4195f25685b1a4a6

SHA256
53fc2456345ef67e762a9ce39fa9a34a483f4b7f6fd2ca3faacd67ad6c6b7825

SHA512
a9ee12a58d6f8a95a1bb67be463fc7a4204a8a5110336036bb191492bd0299aac6dd33597731fccf03c9bcd5d9c016a864efb80a0beda7861e8ef1792e6e7fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da2659fa92169b9c42486aab82dbc866

SHA1
5f93b9450a2f5e6c5c02fae4411dbc6b1651a67e

SHA256
d5605a204d25bd1cdf32dccca5406e25bfd224d6df9a2b60187e170924a2302e

SHA512
92748f42888dab881715c64943249db4b0a53bb347c2f37c230b87e2d550d8e8a52e76d98efbc3beec39f49b1a66c3d923dec0951e00bc0758c56cd343aa7bf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
399837ff8cc087835e999c2aed7613bb

SHA1
996518e4d73e78fffa427470f18d0c44e593b145

SHA256
c1cfff0ec59b1f22f84b28541872ebcb5b3f5bba494875757a7c1638d2393216

SHA512
fb22bd7dc03b7164ac8e2d8580ce248d8992a57ab6eee0274641e4c4357bb0ff19d0e6e08a52864606529302a408f3f81a54704bf3d3a3ee225d4a48f37679aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a08d53a4d1bc2c5689053efe017b40e

SHA1
7dc5d0487e08ff18b7d12e558b70626b2f89c4a4

SHA256
2e4dbdffc43053321e3d71b0e8dd90728ab2c133cbf10675fb7b1fb6878990f5

SHA512
7690ed0e873b2043009f860af15e8cb5a5d1da99f389749e03027cad4eb1635199ce04e2fd53cb9ea1aec8bdaf94ace07ec0971de46321adecaf9dfefa23ddf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03fd1d83d581233ae7b05a89ef7d2bf1

SHA1
adb97c358926e2214388fb47b507203b6c106406

SHA256
f1dafc8e60023449a33fec48c42f1cd423020c3889d08af54dc83bd55c085258

SHA512
c7b4b494384b431705cca808a5a4545d96522ad44ef59ab775e5543e5fd16abe0c1b3b43f52b0fa220a53e09692b4e7a37a5766bbe078e3141e52b51b26ff140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a1771879a80f0d3d236c7151f58d23a

SHA1
e3b5f70e54c7d90ecc5cee63852f5c01c2556cd0

SHA256
79af8a3a0b26e7fa124c63d8ab2bf3fc2810e8b9afbebbf2b3302a1061d7dcfd

SHA512
c8e910134853dc060c1bb425904f2a820ec3c304cdd6c92ae7639e452d5faae3007e9392b2a3f95acdf8c3ff787941d4126b3adbe4f513a48353a709934f4522

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7db8904cf6d8b81e4033693b4d3c33bd

SHA1
a6de1ef04f16e74547a135a258550d7587d75809

SHA256
a867b63a1e6552126073a3f7b749155a054ecd4cdbb0d47185e2fcf35c258f2e

SHA512
6798de3a2f770b4265614324c26df31108f63b650ac906dc3678d9db3ef3244654a11384de10b91266785c289789cf7ebe127ea672e799e21c77ad0e78e32590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0ab9b61d-217b-4cd9-9e63-e95892745f29.tmp

Filesize
180KB

MD5
664b1703fb9202b83c6c23a8a801af08

SHA1
834320c5bc0cf71f6f99d57320089c7f98fe03a6

SHA256
21e32d9cd307fe65204537f88d6adacf428a6487bc0be124d1465af36642bb2b

SHA512
adb4240273a146acb1aa3fcba69a2e18accb725cb3f15b60938e6c1463443bf0f267cb3200b4f96b642bd7ad20ee795f7f05c184ea72a3edf0f39bc28cca000e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\32a0a6da-3dcf-4dbe-91b8-0f128fc8edfd.tmp

Filesize
180KB

MD5
73c5d4886e822fe9bc0c92ee32b91538

SHA1
cfe9bad24df7c57b6fd9d3a3d3d28014cd65661a

SHA256
ff3b8853ba9d644e01cabf1da3f267d87c650480e71d4b1a85caa63c78758fa7

SHA512
b36f5d7ba863c7142330e0e11a85596b75f07ee539bdc7ae530db77be81d5ab80d71d38f9cdb9c8b3254e01f813eb5884748c253096f29661203e35fa483b1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7bce877d-f47d-4f59-a755-950b017e4e6a.tmp

Filesize
180KB

MD5
d52e1a58c32fc5c7d5fdb78f192d62b7

SHA1
faa687c6f997ec3070a6abe1d14257bd1118cb02

SHA256
8b243ba462a39a22acd456f20dcadbd9d87b3ddb7d528dd0adfa3f8c5faef2b1

SHA512
9c47eae4d35768c11151d469113bc1bc869d348f9159df959b97c6e3b2498bf82cab619108af067ff51101c0c36c908a6bc5f630db8d66266f9dd9a4c58d3dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9ebf42f7-adc0-43b0-8919-a6e13bd06e4f.tmp

Filesize
180KB

MD5
a76675cb104ad406dc39ed9efe28e19f

SHA1
765211d80130300e1f5243b83d9f68852229aaf5

SHA256
7d095fbfc62aaedb8533df379c171302d6127d1a315517edd73bdfca3d78ed8f

SHA512
33db5c78e687144db538181d208b674aaa213c74c51cef54f9ae86a2a2a82cadecea942ab573b0ec58b3781e7ed39221e89f5f5c3e3f92e6d2a071871fe7f04b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
29acc7d11d4391748f3d1253849a2e0b

SHA1
3ff5749dfe8a28085a4a40cb88a60e498cbd9175

SHA256
8e133e9d24921ee093ae9b9b18270faa284d0adb2d88ee326ec85cb0642ba8e5

SHA512
0a6eec4b96e4f9f9886f5607684d94a603f240d5a2964e9f5698bdb8c93eada7c7c6959d0a339c2ebc5c21069412074199b26ef82969222ae1700150134eeaac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0442df02-bf26-429e-8674-361deaf4abe0.tmp

Filesize
7KB

MD5
de2daa0925e3fcaa18263f825b8e5d9f

SHA1
02626d56d381ade4bc6965d0ff08c906f262591c

SHA256
0de601a68f929c33ea065c14fb1d2515099e4a55024c132583740b33ea332f4c

SHA512
2c17f3c49af2a283ccca5a9b0997cc2c2e09c5de88747cddf33bee33a551b80e179aefa728227ab8d52e75d12d7f104666eeac2e7f6a9b5bd0eed7d81fa515ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\07b8afbf-1dc4-4656-9e5f-60b8e7d25d4e.tmp

Filesize
7KB

MD5
90290f5bc36cf38d9d1836e7dd170159

SHA1
2b578ad214715e90b8dbb30b1677b05696033acc

SHA256
6eb2303360c655059efd76246668fd082270472c0db6b6f72f606fe9bde70f87

SHA512
c8e2e8666a17dc0f0f2e92bf858ca247471951790080d3434a8fc41845d65d99bcc065b191f1115c8b539e7eaaaacab2284250157988eac83bbc85d29b3c0764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\26a4411d-aac3-46e6-86a6-11fbcad4d231.tmp

Filesize
7KB

MD5
664fd04dd4cf63274053c2910b7a0e33

SHA1
9d84f05b7555b27585512829fff4f1fbe7880c72

SHA256
011b5af9c6f8dd617bcbcd839929487e46db15862062d1846d8c9e99f071a165

SHA512
aa5a850d49a198ba5f4a55207fce2c8483450f286f33289d3fab7c991285665ffab197fef5e4d11ff7e8f4b351b81e0647d8e29abf19e240b6a26a8225d1897e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\36ddb925-d3e1-4ab9-9fb6-e6a473b74a3b.tmp

Filesize
7KB

MD5
432d0d4fe3777b63f898a1feaca6b4f1

SHA1
a81390a3214476587368dc663c0c5c506d711ced

SHA256
871c824b47253e824ca7739d5eaec9beb3e425b6b89492617f98b56190f934a7

SHA512
387b188e5f0a2414b657ee9cce9b0eb315ca7b3709b1750847aebc78eb25d05fc5619a758bfae72c4f946ca73a5d0432ecdbc8739f16b5b170d52aff35a9e75e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\77bd1897-08bd-4c30-82f4-14dff5c1e215.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8829b44d-c8bc-45a2-8c36-72fe2a346f08.tmp

Filesize
7KB

MD5
0aacc46ab36124c2b3a9094ec76a8e3e

SHA1
f36fae460fb162466739190d23e32a543ba56c91

SHA256
25e86028f6f4a0a1107a263095846f037d164245a1e88f81e7d7464d4bb93058

SHA512
299b5e0ecd4541a0b33171f482c69890bf8fbab86e45ec2ffabe24719ef3a7f79f4c9f31c7f024571a62755a7686ae70720690d07a07e1747ab941723e099127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
fee7d5849a1c36d2ca2212dbd6a040c4

SHA1
779e531159b2900c74a88cd65611a9bb9f9ab6a0

SHA256
8d38d02abffbaac5fdebd8046525ceb005702772b52b2b955c530a8c46e68c8d

SHA512
695d64c5c502f080eef9d7bc863b1e3ab5e3fb29fedc28bca5d4e80eecf4e6167095553337be5345debc50ab7c07c4316c0e1bd1ac529725a3c84d32c70c6f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
33266a2dd0af60a59dbac39dddf7a4d4

SHA1
0697745f78c27cf4286df95aa99d9dd2f564d37e

SHA256
1559002777567da03a46a927db5ad6b15a4ee7ee7baabe206ad05e2dd6b5b380

SHA512
1ea4f03b8347ed6db3665f7d18e6f1244668591739ade44c1f9826e128ea3a4ca2938cafe5150a88cb7181a9bf038b5a35560c101d8f7bfe3f7e298e6d805610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000021.dbtmp

Filesize
16B

MD5
ebcd69498f83b8ae4375f81e15c103bf

SHA1
daf1ca1d1c24bd0d776a8b608f4ceb247ef07e1c

SHA256
48f34d554286463a41c71dcdcbd2989dc8475936fa8f313d0e1b2531aa9c257c

SHA512
288159ad2ba3efc44f5870c6dbf66f908131eb8e303606e40b405549f8626b9bc553bdfc2cd9b56e9343d36750a618f343d5f90e7be02a8674a9d234541d19e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000018.dbtmp

Filesize
16B

MD5
904754a73eb4f8a75410a92b2b7a920c

SHA1
208f9e70a93742e8ca1f5e2537690172971209be

SHA256
c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db

SHA512
cb251f3f6679b9f339c3697f64ed056ae53caf22aedbf37fb57dfe47e8c0e95f295cb180c342e415bc540a9332c0aa9253af7fd2ac17b3e80ad94bcf2cf29469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000012.dbtmp

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000014.dbtmp

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
984B

MD5
30b48a8699e6f65e8493a8201c6217ff

SHA1
82fb9f241e621689fcb941c1a2803694e94ff948

SHA256
83343aa48a182ba3747dab76980458c05d0b75d6fe2fbbe1355ea59f5c893a0e

SHA512
0b613d8db0f328a68d6f6ca60262631dea8c05ab74313932ba342fb2414b53db8e33a03552d39c54fea249e6ec95f17ce5f4322d238e92eaa511b11e218571c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
788B

MD5
776df5a32b36b3fffa0c6c8973554ee4

SHA1
660e16beb6ac4b43dd4aa0a42df2134b7e231e43

SHA256
9e76d1c7fcffae72db1e30739a080a9c49d663e254a7f0e5ab0c4b229cd5819b

SHA512
6d17bb270e0e5cb5e2a2382da1d7209b48af054faa2851549bc476fd0f4c67f9e094badc988c5c457457ad230b015908024cb52fce66cc09ab15583ae4a6f9fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1015B

MD5
d0e0b1ae324edeffd600ccef4736f95c

SHA1
8066fb91ead489fdca80cc55f32f5fbe2ad8ce02

SHA256
dfba47242c987577c65bbb342f983b4f3b5e9bf3987975d6d088dfe2674b1b73

SHA512
088a52facb65c6b3a9cc1721060192825c2520c9a6afc55a49946c483cb93827aebcddf1cf8d34320ae84f8f452958eb1ecacc1e8f807ea200d36bb1e6d125e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1015B

MD5
d1dd040b0ec6be244d78628e0de1a13e

SHA1
dddcec73909c32137d7d8703ec7313609ce6dcbf

SHA256
00706b5d4e411b00e17c086b11d8fe31492fd91708662c65609191d5c72ed3ca

SHA512
4b412598a3e65bff69ccd51e1bed9d7ac93df313658d482344523779ef0f83e88fe148ca9ec69077298088bded17e963859553e19d5625d3c4b90f74f73bb605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1015B

MD5
1f3f4e21970e66f0c29aed4257cb82cb

SHA1
4dc86ca0663649e616d3bf8e4abd469acc0e6ded

SHA256
e75e20e57c57413049de8767f1ff1057e499881a9179d9db81f8edcd246104e2

SHA512
132112162e4f95c343fceeaba2f4aa963b6c195819f67e630eb06a30254f5920dc8df28fecf5c2c76fde0929ad1b97c58247f98763dda25d85d8f960a2847d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1015B

MD5
bfd79ccd9a0a6031ce99727b8b1d90eb

SHA1
d66c6b75afee821f8ce5f9e7bfb162368adbb588

SHA256
0e59e390ef1b1fa328907e338e824584af56d8d3a84f613cfcaff1da8ae75fd7

SHA512
c2d56dbe9b562c4ae06f1359ddf75535813e734a5bd4cd2e21546fc7512fe0d0eb31bbfd23f3a8db955f102716d0f4c6bd5f6895ee98a78d29a385aa2f01f4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c8754076d26a1909142f43d1057b3298

SHA1
0eb84ddf6c09fb3b0d5fb2a07bb5fe56ec05832f

SHA256
a0abeefcbab7841fcaa4e995a957a76e49aadadf7e32ef66b17b7d7363618c2f

SHA512
07cf77d881928a531023be127afa9f66e5ae54643ca84ee943f41a4f3bcf6bd3e965eb59cea282706c6175e4b80f8cd581eaec28c9e38e9313b8bc88a0a26d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
48b1335ee625498125beec893ce38147

SHA1
2649be233dceb2e4d5ff33b1d94219a8bb7cd680

SHA256
adbced91745816c0424b7b6b7925f1a5eb5425b8a24ee63a36c7a6e031a7350b

SHA512
f56a86f33b3d3d060f93a82c3a288886cc9fcfe5bed4b7beca68f65870d091b174269fea0cc7f792948fec6d69dda44ac4355ee57e95fd17c50e8e6325333623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
decce36eb3176bfd22ccb8bff63ca225

SHA1
d13c79dd282acc2fd18fcd662366280cad0188af

SHA256
e17ba98b8630d14d952d65624bc11dbfc7a3aa7958ba41eaa8721e0b50adcbb6

SHA512
5c089b6033f865eb889f4e3daf302d902ad502622018937eb2f7b659e1cfbbeaf66a3d140ca12b336552ee46598024120b6fcd48783c7332820ed841e3f21627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
b1fe0fe3558ebc8d521474a616e7c244

SHA1
d7c184935e8ade3a5ff91c384658fd10e7b725bd

SHA256
29f46119f4ee314eb58c2eeb2eef360eca249defb394ea5592d0510b07ea7838

SHA512
dbf99626475ec822c3f8ab56af8616b2a869e690307b2b5b8c0ac3c27454aa30459af223467c2ff38b28f0f9ade4b9a12e32c5aa8a5670c3a356ea63a8c69f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
2a070d364507c7dd18e5d9fa542db262

SHA1
b8f791c23910706f2dafaf51bccd597d7a735640

SHA256
2e61d7bd31adabccc2c99ccd9462d3710d72e085160e113ea32c3583df7a7047

SHA512
bd81f170bac25e7563eade46ecaee1549f9e6fe6ecf9d15764ede9d796773543d6a93e084ef6c02e681256fe3e0a9f270600f7fe3146f4a2e100f03b8aa1db2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
89db8e1d4241ee0231c6129870a3fc0c

SHA1
84c7546898491dbd0439a8bfb7227edd59ffc32c

SHA256
7f103b769fc7f6f6e0e3f438390e6e6f4b057cdd4d1f92c6c433c96ef8a77ec8

SHA512
2a6fc9c94f82f0644686ce092e399c87c43801f26c99bef9bed070aa3d4538ddef414ec9729661bbf1433fb343bd3ca7962d926b8137125292b2b09c61cfd46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8298f12ce7be017d8f31d0ebba5323f8

SHA1
14ff9591d735b0c6af4caf9945abd8a7ff3716c2

SHA256
a5a892ff5fdadaca25af2cff49e001d3606b20018a6fe50b51d31688dd62deec

SHA512
aecb0c158d7e906ccab51f3404ed9b53e57a2f4b1e931a4cd3b315fe1dbbf8e69a709b1159f24312724684235f60ef66aa0ae5d89add96f5ded382cff60523e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76a3f681bd91956c4adc1e7e547c4696

SHA1
79ab85591d292abd0e3aa7f2639f37abc1246975

SHA256
f5cd53b26c9c5586f15f8c5f46f0c2c782a02143b644777efb6db780c47bd028

SHA512
d145951e170fef7f42cb01dd15a7fae9f156a92c65b53612ddf3595e39f848411fd4237d9d9378aacfd1402dbe95f2258459f2c2dbc6de3458c707c9bb632c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3a686dafe5187dbe6c6319e59510a77c

SHA1
0e7ba778626800a11f57d9c987aaac2740ad122e

SHA256
8c7a4127e90243cac406ad3b180df781cf361a1c2ae3fd07b04fc76ccdfc345a

SHA512
adc6f85eb8c84c6716d0c43b624c4d88fcad8c0542825430ade8bf28e1658f6b3719c1b7a22c9d0d32a18f47621d8fe98864926ae5d3b9a1cf9fcd13f3c176de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
da7bc68d8d26541e3e492ecd1917f0d6

SHA1
afc787f96e80769ba8068c98d3e3c8cbd7e958ea

SHA256
7bf0992763cdea435092884ad0a35fe1dd23a4e25b7a023355486434bff39f54

SHA512
85076bdd4e68d6dd88fcc8b95bda7649298a9a26f68b2c82c7183a02775493c46986083820e342b2e9688b891df693874bef692e1c2af6114e22cd2a381f5327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f05f333a8e3dbc07ffaf3d3599b17d55

SHA1
0f9a65c0d29884f58aee3467de37b10f8b28ca11

SHA256
ae6ac9d2f7722d6ee2c60138d384812bfa5ea5da8e740c93ba70a8845be7720a

SHA512
521135949a283399534b42fffd2fac798cfa501c48dbc5b06f20b4167ec3d2fe10c81b7ad9e74fbe15da8926ed95ae93b174e3ed48747942e8e4590b43e76145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e7734c06ad76735b8470d0f55d5801f1

SHA1
d354cf29501ab6c3866260d5a33d14c405327af4

SHA256
d3775b4065d48108dba4bfe6aa32c47b7532663b140d8dc56b3bd850238849fd

SHA512
1f2a3bf1d23f4e51682ab88082028c1710d661813c6f3fe07c677bdedfd48c24e667cce84d1cd6ad8ac79074c3a00ba3afcebdee6447aea9d89dd5809daaf320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c86b69deabff56e416e2f72df5f990f0

SHA1
11c98ee5ff8f13b8b887810ec4f2fe62a3e62276

SHA256
9f4e6eaa0c1a4c6649ba93bda58ed71283382a24d5d9e2ff83e3d993b1f9faf6

SHA512
903fa65e1a57ce9104f824c4c1f17e672bfdb90f3028a6d94b1aa99b6d01c34d32ea3ea839cee1070d2d2a1febc6d0d397e69a40394bba03bf0c71002921569a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4fca05ac5317d69aecc62074e86f8727

SHA1
423c84c679cfe37c887f06f94a308b4395b76538

SHA256
386e3a45cbba65b1000467c6dfd85360fff2df0dd21ce0e1be52a97f52231b81

SHA512
b9c9c198338901fe000d11220396ec767f00563e8ad839d7dffa0015ee457c19a2eebcb9c4939970774ed2a4a4c2d55464c64ce907f7fc9bbb1e033ecbd4a945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
27628be9e5c3c1a115b0cf3ce9d658ec

SHA1
e58c175c2576fd78a76a3d10dc07d538e828e11a

SHA256
f7fab519f6698f5e434842d20cd2587d4c3f38d79d341bceedfa4138c594e07c

SHA512
8752b6284fb5eb2d0f681c1230f70f66ddcaf20f62c4f3dfdbc38bd16cc8a3554db66a92a2914bc1471834d2c118fb760988b119112162f025b6e278c8e69859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8323deca33b97a05403277298828c7d3

SHA1
67364e86e3056846827bc0ccfdda350ad455ea9e

SHA256
8e1c4b947619cf6baa9817afecb1886bce77ab2651f560fb9f2fe22a4f840ef6

SHA512
c6ddceb148d3cdd77896ec33ea5a75eb0547f705a5ea9eb60e1a5080931c28896d2d17acbb42471fe49f50d4bb09845cda2344c77ccd97a80a2c60bd9ab28692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9862c61153fbdc8588f00b356b1ee9a2

SHA1
5c6ada583db7390aa8ef39703e90c98e41731773

SHA256
f6ea86e147b884cfc6d0455278a6e1e2faa301579834f2773e8299db02b8e669

SHA512
071f1aa25ab65bc940d07f3bbb7c2af30febbb231a184fee3bb0206fea59e70bf72f438ce9b4f4f8edb548162acc87729d89834a6739ab92ee835e87b98a70bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9bc44955b0cf752557ea8c10254f606d

SHA1
d901fe2d56705042f9d407b23f13a59e889f361a

SHA256
00e4209fdf6f2d4bcc04339fbf9a1477ef8629e292252bdbf7ab34ae374a5e31

SHA512
fed73fb58a78ae5062833faa22407b55fed1a371cdc4c12b59cd54d2b285ece52f83b03dd056d9222732a15f813ce1fc77a8b5f2f8ec0754ec658a3f154add99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf8394c1.TMP

Filesize
8KB

MD5
c18e990022581c660d9b64202e6472ba

SHA1
b24b9a12082c19a8c816cfb9ca1b24b3091e5db6

SHA256
f0adcdd30b9be293f793f608cd9af6b1ab37904f126368d03068780b42d82c90

SHA512
ae132c4862d3f2d39285f857aa6322aa10e77ffdffed44da5dadf6f27b91e894d7bfb25977af7b64e60ae8b73ab8ae8e5f42cb44a2d74e1976a7f9dc3ee026f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000016.dbtmp

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000025.dbtmp

Filesize
16B

MD5
20558702f92f2b0ebef7726830fe9d9f

SHA1
afc84aedb33d5342e2d0e9873293b846d3ff5c33

SHA256
0d13868aecf007c9c949ef1e6bb7106686cd4f449c92cf1ebcdca54db7b24b33

SHA512
67e023324bd327d0d065d4254e3a67bc8c233bf2db9384231318effee5125fe47ef46235c14a2246b4fbdcad992a3060ea394e16023265b4828d86cf1d119780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000029.dbtmp

Filesize
16B

MD5
a3d99fa13d5ed116eef9950d4fbe65a1

SHA1
d9ffcf00c3f44e9581a362802c4c3dad47aefa4d

SHA256
5855fa6fb152d4af37b0cf30717521c5f635730152f099d08c3d88b902bb828e

SHA512
e84c165987fb5300ddd60466c6bc18f0906d743073bb9595a2c63945be2fc4a0c433867c7013b2a83ed970a6b37c081ddf861a00a26ec41d34a2e251cc20e89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000019.dbtmp

Filesize
16B

MD5
e5ad213c1d147e06198eec1980e7d918

SHA1
8169b54541b0613052e7dfbdb27ded2d89c26632

SHA256
300feb3870e7d5e43b28bd6b7826d9e0c21e0e81ac1b44e9c4e35957ad0fa023

SHA512
326fa42ae471094fcddb19198fead059669f457b81aa462d93c83df47102c664bd6d4c83f069c0da06450e971ee62efe8d22a2db5aaff356a2a5591455dfd8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000026.dbtmp

Filesize
16B

MD5
509013020cd5cf3f4edb5ca4560e8300

SHA1
43c9c51700a273d818e7332421203541697cba4c

SHA256
765840776810ca47da891b5f31a5cc323d27d1a41d3a4e32f1cd7126a95c0361

SHA512
25761de615ce7296906f0513fcfaee3d09a76885180b8fe0c0a12d265ab9576ff78cea2e2c36b13dba225b57cedcd82013c844eaab7489cc447f620eff23eb46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000017.dbtmp

Filesize
16B

MD5
d8c7ce61e1a213429b1f937cae0f9d7c

SHA1
19bc3b7edcd81eace8bff4aa104720963d983341

SHA256
7d3d7c3b6e16591b894a5ce28f255cb136bb6c45f5038c3b120b44b413082e35

SHA512
ffc1854cccbd5a5c1740df9d3ba48994d48ef9a585bd513f00371c68086629d45ee293336af0f27ff350614f68ee660890920773f9ebdf1c327f20a620860a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000020.dbtmp

Filesize
16B

MD5
a874f3e3462932a0c15ed8f780124fc5

SHA1
966f837f42bca5cac2357cff705b83d68245a2c2

SHA256
01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d

SHA512
382716d6fc0791ca0ccfa1efba318cff92532e04038e9b9aa4c27447ac2cac26c79da8ee7dbafae63278df240f0a8cab5efea2ee34eef2e54e884784147e6d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000023.dbtmp

Filesize
16B

MD5
2091e7af40368b8a9183a08a62efc8f9

SHA1
c552e8726cfab57eeb03d5e176cedd0771382530

SHA256
368b5cdab2ff128767296bb4f19bfcd39baa627eaaf43cafba54fc223feec47f

SHA512
c4d0d89ab6ca7ed48f10c8bc3211a3a1a8776a54ff58bf79940921d6e1b06fdccb9b593ac8d4b7cc2cb80f320f72cbd3104fe2ed67b1462b9d59356c75b4b4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
e914a761ca0e3a27f92aae9f2a75922d

SHA1
d43358c7b4abd3cd5ef2dc34bcfd4059f91c27f5

SHA256
55f8d996eed21dd23d1ea34ac7ebc26439888e84a3f06f01a9553b2a816cd0a6

SHA512
5ed770ff870442caf40224c20f19cda1e20f446444a8d20569b089707357effac4bbe4ec5f5a58f72fc478dbe6b09f2daf8b48631e9c2a5ae771ac4ff6b07085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
345KB

MD5
21c6a0959c7be4bdad246cfbe1641d12

SHA1
82b79766efa82f00ea2b1e00b02790998b49aa1c

SHA256
bd4d37ba30ff5d9518729d8bc1ff075b7cc02f467a0b250fec3e789e561e8fd7

SHA512
8f2abba5ad92903678f711d56d755dfefdee2e76815d7fc255d233d26efc220cd40f58ea03b325da6477cae735708dbfa608d8067536310c8194a978760c4d92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
fde1e1dfdf3f885f8199dbaa456d44de

SHA1
5487558db94e2003de998fabe74bafe3beef3c5c

SHA256
3b36276ad7522474a274a3053ca9b9e902edf87dca9acf3dac50f780a3730a55

SHA512
75ba7ef8ca7b7b22074dce1676657700f0b4cbdb661b8c2d7b83f578f5cfff1b88ad135d8ece275855cde86252de4657b5d5214d52ae11fd24c9a2321b23bbad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
6087f392723cfc12acd22b4fe31c703f

SHA1
ec6215d0874411b79e173bb76962dff5582f8d4c

SHA256
412e06e91638c6e21d8159e8db38b93b02fb3e4dcb89fa720f54e5f0e828a109

SHA512
29d309c8ebb74d61a56a5aa0da92279a43e7eb0aa47499fa91d3472e24583989d217fe99330322cf0a37d93427745c6ac03bf11a32c06fa3c45a72641469b3b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
ed3fe62f1029c260cab2f6c7a0f4d12c

SHA1
dcef3c77a92d24aaa10b9772d5521c0b985958c4

SHA256
afda85e3ba3d9012960bff0da2e2c6a82752d6141eb07ad0e9750e8d3a8a8192

SHA512
a4cb621389efee68f496ff01abe6fa5a35d165e94652731983b0903246d99687b5140475f3dda996f28ff01a7b5ab074de04a517075afc1aaa0922caa558b40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
3522214bb3242b7cc2689a516d930295

SHA1
d89a195295aad267883d482f0aeaf5ad18eff9ea

SHA256
49a8ab82fbd32b191c96fc5c040ffafb06b940927c0badd58df41bf67bbb4b9d

SHA512
c3db32901157003108f1e828b18b1b1a4cee602e3cb427e1fc9207b56e523361535c419d40f86b58af756098b8c2b0c8a611f1d90335055a6205f0933838c086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
e807bd74bf00d4eda818b7d1488297f7

SHA1
317371de71595cebb74e28a99898bd7c3726bbb1

SHA256
e99b726c9c1f9781ca50a850cddd31b956399f60cd7e67cc509e2be9977db54f

SHA512
e3ad997062843a06cfb59a2bafe2a22129f9089814aea9ddc68326c856f18912ec7d1718d88b0c6aa7c3f40585327009965fb1dc72f5bbb1eaebcf2de43155a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
5d60c8265c1ffb482c3cd3ea4e109f9f

SHA1
ebe27851dbc37cda4fa6204085811f88fedce27b

SHA256
6dfd2e12011a710772596233719443f19adf696ead8954e1be58479244c93cb2

SHA512
530aec24b9c42a8f9fc6560776381b793ee8bb2350554785b1bb77f1c0d2ae9a62bf5c775f5a51b2a95bcdb6853a72101f15a8841ac6efd677a8e7507d95d110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
4a8d195c57713f85fd948efc9b39280f

SHA1
f2691668009157cd80197823e58a6d5259c74bfe

SHA256
ff2b1282b79638545f288f17b4d6aeb3ddb287cdeb7f2241e868fab03297d08c

SHA512
7a0fec5dbc4a3857c73f9f936eb6d6e944b830f994400d55e344623ef823ec8d88138a03d1e82c3e1a54ae25b5a70bcf8a1370991904e73a80de810fa013476c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c32255b4-9d52-4953-adbc-561b35c2d1ae.tmp

Filesize
180KB

MD5
fe19b277269f03005ed0b13f080e4ea1

SHA1
34f3038d40063d6606c77c808e9d1c02b6d7a1f5

SHA256
68ad61bdced836fd3ca80815640953e3e7fd12c0f2dc697b0adc99009b32b7e3

SHA512
3df5273c753d9d0a42db70c278f045d661a0c7a4eed16a84656a715b5edfeeee8af3ed72205ee2d900115c5b889c85941a2152373fb4d495ac2fbfabc3b5a9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e0a31286-7c68-40e9-816f-5f714d89fb6c.tmp

Filesize
180KB

MD5
3add28b6701c42a5ab749c3a6d960bd7

SHA1
4d252827dfa2a071ebde28849cc30bb7a947096f

SHA256
0de1c16713d7a64e6dd3c2f9706352ff9c1c4474e09da192e7f4fad6ed8bc5ef

SHA512
9fb3e3560182e6ac6ac7e168613eda81e6ce83675d8d0519f6fad0d64d12caa510489af1ed91bfbab1de71d9495fddd76bb05ba6f1d2b7d00857bca665e11d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e3c6b26b-901a-4fcb-9fd2-18c2d693258e.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fa688881-7887-4a6a-9f69-7664d105a36d.tmp

Filesize
345KB

MD5
96d5b09ede877b9dd315ed79677ec95c

SHA1
4f1fb028fa8d4f587bdff715a2572e35436c438e

SHA256
804aa1999b28c70faefac233d12211af56e46658010d3c9f5f2f3b929edf80d8

SHA512
f802d396f6c80073ead111965aaf7e0f8d0545781f4b913ecb277937a8c874d108e8f06906a831991aca7ccadc7a5ed36aea4d6d33596691a8a792b65cb8adce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\UAR\{C4D12051-75E6-446E-9065-5DE17DE7FF6D}\screenshot0014.jpeg

Filesize
40KB

MD5
b4ef80ee95f10ea98b67f18be01654fb

SHA1
d558b45b9ab0043fe9d43a7319175d453f9960c5

SHA256
ab1911c9dccf6818347f81bb1296252538089ead1a341a65c7f8b96a552368ee

SHA512
f62c88fb1a9e5619a20330f331943e7a448e18e23a98fe02346d240a435bd27af727f25f71404640194e6d39c0d31899208933e52d0451e4f4cf6bd49803f755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\UAR\{C4D12051-75E6-446E-9065-5DE17DE7FF6D}\screenshot0019.jpeg

Filesize
45KB

MD5
8f2f12681d03e1653c085c4fff5a2b0d

SHA1
79a0e1440127de35db0433c22530011d4d64789a

SHA256
04ee9a46d179f492032bcee7ba290e1591bc38d104d9077c113bea9fc50a090d

SHA512
84286b7c4e85adf46fa2f4ed1355ce19012ddd36943cd1b2924283e02ffe765d20cd69b6eb0a5cfefee1aa1889dbed13175564021bc6f66772d0277a9a6ed791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\UAR\{C4D12051-75E6-446E-9065-5DE17DE7FF6D}\screenshot_0004.jpeg

Filesize
33KB

MD5
1552a01269f25ee37a544d2fa98a20bb

SHA1
82d1a3cbf4a65e2c5ead16acb6f13d7a64e9a56a

SHA256
fab812082de0708a6bcbf3beee4d4350b2c99987f42e755024cc4391daa044bf

SHA512
4a66211cb54816dbfe3a0cc1b1141bc1e000e0871277f5a84673bbc946432504af907cc4ca91d2701dae27a942222725f1e5547faf8d8f9e68f86209fa92f10a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\UAR\{C4D12051-75E6-446E-9065-5DE17DE7FF6D}\screenshot_0007.jpeg

Filesize
40KB

MD5
f7eceb29d75081c99d29f16b8a99f260

SHA1
73faf5ec99448aa54b72aa796e203b2c8eed7c11

SHA256
e2768212db9e2a04b14719da3c65287a56d38d1d56662af094511f95ea503faf

SHA512
b4fc1cab3180754b636a697f67101d5b0d5ab1c9d12e03ad3efef2ed6c31ed6529a744446d003545c21cc49305ec3fcb707cfca4772b3cddf4ca9e80449a4afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\wbkDCDD.tmp

Filesize
47KB

MD5
938b4a074e591e401330e83e03d0fa15

SHA1
9329f583360782456adea6f76a1c9d86514fdb16

SHA256
8b32ce125987f2317d8dbed2882d49530853e811f4df6f5ee36e008bc9aafdc2

SHA512
40350994e2bcaa33b2f35fc1aa55b30bc7105816f246b4703236d2b0050fa5bce644c099da103c54ebb12d76a944b4e2fe39a0df260f424005cd88b04e82705c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\wbkDCDF.tmp

Filesize
36KB

MD5
42216c542dabfa853b04c3c250fd59c6

SHA1
98258cb761bca34ae48d00556b5470dcc79c9642

SHA256
56c0b604eab15fe38d32bbc4bb18e329504aea62d3e86fb77bb33db915891b1c

SHA512
38e97fde90ced74039f93639a421db27db7be2ee2d6945cd64dfcf919821754efab141441e36641bf87f35488456b76be609cae5bb6aa753f4ceb184f54effbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\wbkDCE1.tmp

Filesize
34KB

MD5
3e91653bcbf133bcf41849736f72b980

SHA1
67f4fcb83277a8731ff1b846a526773cf6dcd09c

SHA256
0cd47e9fd78bdad955e6ae9a9092e92bbb8611297f4597e45e7025c15d86aab1

SHA512
3f3dff9f9df095bba63816b6dad88632347ebfa7c4a4cf18f82bf6bc186e19d6982fd6adde9a758325ba81e748a779bbbc4a84c1daebb7aff47c2cd111fe0f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\wbkDD2B.tmp

Filesize
50KB

MD5
f0f7010130b87d107828810fb4caee4b

SHA1
4bf4e544213a7b281ac3cbb716a0cb27d8d1221d

SHA256
2b0ea02357aa873fb2b4aab5b6bb433afd8f1b762bae835757541ad5d6137eff

SHA512
eb1d7fdfd2446d77d7325f66a2e758f863ca4b20182d79551d2f637082d07c1100a2ac5aa43ea1dc995ab80a53f7e1417e505a7bd80faa15ce3e16b50e445313

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4BF1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE14.tmp

Filesize
997KB

MD5
ec6ebf65fe4f361a73e473f46730e05c

SHA1
01f946dfbf773f977af5ade7c27fffc7fe311149

SHA256
d3614d7bece53e0d408e31da7d9b0ff2f7285a7dd544c778847ed0c5ded5d52f

SHA512
e4d7aafa75d07a3071d2739d18b4c2b0a3798f754b339c349db9a6004d031bf02f3970b030cec4a5f55b4c19f03794b0ce186a303d936c222e7e6e8726fffff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4C22.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFDBFBF06169D80ABF.TMP

Filesize
16KB

MD5
961648dc1d6e0546c019c528b09a8d62

SHA1
5c4d9f61baed92a78522a2703585d42a780ff7d3

SHA256
99ff722f8d1b37b1d192cee5e097a66efec197fa695d7a8519182a89d23475a3

SHA512
4c429db55424eeb36fa9d032fa1bb68b4f0fbe4fdc773586d4a979e4e30b7eb63b1b3c20731c830533c81adfbc6295bc84dc894327367374c20e9418765947c5

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\MonoBleedingEdge\etc\mono\4.0\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\MonoBleedingEdge\etc\mono\4.0\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\MonoBleedingEdge\etc\mono\config

Filesize
3KB

MD5
67611b783439b35abfe05a97413bba46

SHA1
52795ffda8b88701793acc05e87897bdba99a633

SHA256
5776169973a26a387b8b3e5c0f2301a7ab9a6dd7c7d3efa22a96abc47fbf8662

SHA512
046dc9fe5cb46bea23668eb0d9742d32ddad30a6ee85c20839b68cb022f9e2ae6a38b87b9e267edb152b29420e3d169348cd9d3bcd4a7c7d82b3d50ac24b4748

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\WinPixEventRuntime.dll

Filesize
32KB

MD5
e697f3f1b02990cc4cfe6f666b40dc5d

SHA1
5c47ea92f2129ffb811cb93577669e46129fbfed

SHA256
23ef5b23f1cf6f1b7132542c4063b5e9da532572634afa41f27139bbf02468fc

SHA512
98953628f01a2ea2a3d68bc08d922f6d434fc8d4c140821af7fe96c953caf03bdac6da12afdb63e1303fd4829d374aadae3098b082010dd00bf1bec9f625bc33

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag_Data\Managed\UnityEngine.GIModule.pdb

Filesize
8KB

MD5
2aa8ce53b77b9472951a717c7233eb5f

SHA1
dcc98fc1c0a2a6b66655f57e18099d1df97e2033

SHA256
84bb70ba687437620019f715244449ceffa5f171bdcd35cb9c3e0e35e267180b

SHA512
937b3491464902fa23d50ff1ce8d4c82331c1bad46b2d26ddd94548cd0c3a3b2e508d336c6012f3f7c3942b862fbaba3382c5f88aa73d7f74fd786d6ed114063

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag_Data\Managed\mscorlib.dll

Filesize
4.4MB

MD5
017bb89a5889ec7bd4bed67328bb780d

SHA1
887fa8930dba9a74c3165249dd7c37ec6c7303f4

SHA256
0113edfb285335bafe75f56e3e2f76598672e1649ece100d7b9b3049fd916d02

SHA512
547c74e113cae987a7a6ba29066670622551810825d3f4cd5163801356bc09cbc6d8337cb7b65f8923756166a687ef4f4635b835be897732d02c98070c88a347

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag_Data\RuntimeInitializeOnLoads.json

Filesize
700B

MD5
d2579a071fb2371024bc3689fc8e82a3

SHA1
598625b1377b0a9580d2ae1bf0df3230d8662073

SHA256
1f24ac55efc1eca154804c4c4c5b10b13ea8064b2203cd502d715b0da083fc82

SHA512
3f2ca4800b8aed29d574ed9ebdfe6b0648b9dbdeb6b962812c06fe17ff8170303e7d0e29ecb6947d34cdc1bc5f9e2c6711d1119669e6955f30c80b953430afc6

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag_Data\ScriptingAssemblies.json

Filesize
3KB

MD5
bb3bb5c664c51a27fda941a5f42f5c3b

SHA1
7fba9310db60046a05ad03c371ddf349a603f440

SHA256
f48f2df80621ab84383f5cf4b296cfd7bcdd454866f04ccd936e9c7e835ae011

SHA512
6047f5739d4c2905221d9e662bf62597e701741ae186e30d76b713e9a31403a8a97b0557d66a0c8c2953b24225161f28c41c37c78df910b8e0cbb9afd503a1bc

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag_Data\app.info

Filesize
30B

MD5
ad428d8b95cda61fcfb5f3f839bb1a2d

SHA1
25b843a16302c834daf9bfa7e7b2ef3917caf5fa

SHA256
6f37eb75486f7a524fdc218223f0663efc39a5a3c8672624e925e8a46a1cc87d

SHA512
df8db34e1d82c51b24a891f280d4f0c2e8eb10c45d520b2b5017335503e6cb4f9dfe632cedae45955788f3c38dad57f4aca3cd7435adb220dc33a912983544cf

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag_Data\boot.config

Filesize
417B

MD5
e5974082145c46d858e47b7c306447b0

SHA1
8daa3fbdaf11b220f44c97da654ba8de97596570

SHA256
29e93afb6c59909ae2f86e15e475237b63ae493626aa73c312f09f65f93aa629

SHA512
02a39b960eb8fe54f98608aabad2541f1b7d1576be55ee9bfb23932fb2e92427809c93b9c15b896e3e07959324a7089cc184f669d3ba23fbb24e8e7f3ad40bed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{E529F93B-4D41-43FF-A068-BA2A5F57CEE1}\logo.exe

Filesize
4KB

MD5
b2121f59bcd6c09997754436ccc5fd5b

SHA1
216e552e861293ae07d17630a146242c5291c324

SHA256
2790e9ab56dad9348e3a3cc4aa37ec1d7f400539dac506dce05808de1ecaa474

SHA512
c72380a200403afa528e3b59dfe787a6866fdde8252cc509ac0680c6973c7a30329eed785bbbf3479f4baa05de3f24be1ef5f6dd25541fbb7cf34e8b9517fa56

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
e34073026bac7e2ac03be9606c1f2d53

SHA1
8a221964edd4507e163a492a1330075bc238bb51

SHA256
b6b6c481855421698b212a18043d70a79070fcfad6b8363df6ea2366ae3b4879

SHA512
a7657df088b75c5cddc06ad02d153574a5f6f00fd807e0acdab409f864f30d947de8c0aee45661fe4e034c53faddaa0cc8f186b6fe7453c63e0f5c0a4bfbb3a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\BikeEscape.lnk

Filesize
1KB

MD5
05eca995b9e10e3e5cb811c07c4b6230

SHA1
af6281e169e373c5f93ba29cfd1cbb4bf883a9ef

SHA256
b742be3f27b10fc19621e2eaa92241acf79594b93a25c5a592a5d94e24abe3ef

SHA512
df493829b5c0f814cb6edb4ff38df22b6ecda01dd56d8d05249fb75fe05b7a276385ce3d293058015d97ccd4b2701f89b2a8db5749c6f7ca3e1edf2a3dd23075

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\BikeEscape.lnk

Filesize
1KB

MD5
cada7b9b8eb57102945de7f804c9f4a0

SHA1
0205dc27402cf1b02f109a53abe3dea1f7b52603

SHA256
9bd46ff40ffb52ba530843cbcc7fdcfc733204fad967d9f9d0ee953967886a4f

SHA512
24651bcaf8a9e81e009a81784309efea68056ce290e0e10b4c4050674fd951d8e8965f09eb6a424adbe9543f0b76b26558a8ec4342db524c00c193eb5d5f73e7

Download Submit
C:\Users\Admin\Desktop\BikeEscape.lnk

Filesize
1KB

MD5
1199bbba7079386e93b4c08c673d14a5

SHA1
630648c0e42e0313278f970656ed4fcb4c747822

SHA256
f7671148bca0ac4078bf12bd4ee66424721ecebf8fbb8fa43bab582cc44e5cad

SHA512
197230ba31121b84783b81858ed7e8f467e0fce475ae1ed7ae084a5bf75d109aefc61628d58975b0d032e31cdddb247ebbc9f809e02d118045bde75d5301ee5f

Download Submit
C:\Users\Admin\Desktop\BikeEscape.lnk

Filesize
1KB

MD5
e5dfa449499726bcf1187baf5282dd5d

SHA1
d38ed4f2bcd351af00156273d6cd3edae9088749

SHA256
fb739538cbb387cd0cc680de1d2a7a3c6275dce177e77b0ef3e9d838f0c6ee7d

SHA512
283ff1c6f65240d2b2ea91b957ef35029246ce0f97c79be4fdb2f836a72c4dcc975ed09342ca7aeaa76728746088c1510a0a29a462282e3d1d5066c42831d072

Download Submit
C:\Users\Admin\Desktop\psr.zip

Filesize
580KB

MD5
09675c71d52c104358db493f19fe5735

SHA1
b08b36ad390cc5fe9f47365b6d63bec989ac0075

SHA256
dbe6ef96a5c58eda912d6450f087fca4f59be2a6e60c32c1f66f3ba1f31f4414

SHA512
fbc4c32e67e46243053cb7548f82a417a05a67efcb0810dadaaffe713d0cd0833f164167f8cdb94acfcdf28b8d5c48f43e6b9e1e7fa5be591f79480ebfeefb50

Download Submit
C:\Users\Admin\Downloads\BikeEscape_0.0.2_setup.msi

Filesize
37.8MB

MD5
71fe6750762c0f02313ee237f9a5ca33

SHA1
cedf1d74db9ae23ceddaa4153984512b28cfdb62

SHA256
e16f8e380d91a2bdb9ccb07634b6133cbec62295094be020b212247c08cce679

SHA512
c949a4e3a483de3737b2ff7e038a0cdc2bc960daccc7184d47b0e562e28d61df1375b14c9d6bb93805832193ccee59afe9d87e998a16459f0b008d5296eb7257

Download Submit
C:\Windows\Installer\MSI3768.tmp

Filesize
413KB

MD5
3f733da2231e89b868995a206109f63d

SHA1
4b063ab891c0f399d91df8075ba72d5db576573f

SHA256
d3d0f373f906323073a04e7a807f2b26ac5694467cd60c5265f430bf31cec553

SHA512
6c36838e62f40d1e6ee0e0f0ece6c2da6afbb233594c65d42cb04910be44cd79780b14be360f3fb191f83e5664b5a363381ec709baa7fb888ecfe69cefa3f990

Download Submit
\Users\Admin\AppData\Roaming\BikeEscape\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll

Filesize
7.5MB

MD5
2218783796906d928f213314526737fc

SHA1
edf7552c1806172674f6280b3bd6508b1e713f04

SHA256
eca895b6b05207df7ee42cd0fba76afe5c504c9a349e723ce202f4f0027e5732

SHA512
0d18374c9d885147cbd684c909abb4513d3b16f6dc1e5764b2848d782bb99d2a7af4c0a1ef785df135e8f8180f6950bd9efae28934cced0a05e1f741053df527

Download Submit
\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe

Filesize
1.1MB

MD5
643e8c81fcf4f47e6d5526c7d2018819

SHA1
6a257b0242d82b10f8856287e0022fc5828f473e

SHA256
80c8da6c0449dba6879cb7bd1bff10234a2e7572303cb536cb1c4abacefa445a

SHA512
5c93aadef808e037a3373dfa87555b512c3378e34f2c93b87c7de1341867614c62d69bf6adc21a3728b2593557ec8c7773ed463c1999ba4c6ceb6146ee155077

Download Submit
\Users\Admin\AppData\Roaming\BikeEscape\UnityPlayer.dll

Filesize
47.4MB

MD5
c32579e332bd7aa72034a76ce20dff80

SHA1
3738cc6a537f389fe520d17921be68c728ae01b4

SHA256
ebb52b62db3c9e70ae553876c4efae52ee152d1edabf94a742a6d3f40bd939d6

SHA512
6e8273d105389a79ff6d731c2b8294462e2b95f23e69dec74cab98230580549a33bacac11a0e4a6a89de69cc8212082bffd9eaddf916359d2e9b7f29066ecc2b

Download Submit
\Users\Admin\AppData\Roaming\BikeEscape\far_foodselsdag.exe

Filesize
651KB

MD5
ffa4738fea0d6e2a0a2f7f5d58f08775

SHA1
0a5505749c7d302b665844530e584409712ad5f1

SHA256
edf357b5de2ce3c502db62471d1c247159d5edf83beb7de178a643e8fea90290

SHA512
105cdcc1338ce370ff237196b30a12591215c6a0b9be0bbc042d01fa5feae8580f9e98ec9c361d0fb1fad8c98a89d3e6b62de41123b64eaf3efc43e1e061134f

Download Submit
memory/896-853-0x000007FFFFEB0000-0x000007FFFFEC0000-memory.dmp

Filesize
64KB

Download
memory/896-773-0x000007FFFFEA0000-0x000007FFFFEB0000-memory.dmp

Filesize
64KB

Download
memory/2272-1394-0x0000000000390000-0x0000000000392000-memory.dmp

Filesize
8KB

Download
memory/2680-728-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/2920-3375-0x00000000005A0000-0x00000000005A2000-memory.dmp

Filesize
8KB

Download
memory/3000-21-0x0000000002060000-0x0000000002070000-memory.dmp

Filesize
64KB

Download
memory/3068-18-0x0000000073D1E000-0x0000000073D1F000-memory.dmp

Filesize
4KB

Download
memory/3068-12-0x0000000002EE0000-0x0000000002EEA000-memory.dmp

Filesize
40KB

Download
memory/3068-10-0x0000000002EE0000-0x0000000002EEA000-memory.dmp

Filesize
40KB

Download
memory/3068-11-0x0000000002EE0000-0x0000000002EEA000-memory.dmp

Filesize
40KB

Download
memory/3068-6-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download
memory/3068-14-0x0000000002EE0000-0x0000000002EEA000-memory.dmp

Filesize
40KB

Download
memory/3068-13-0x0000000002EE0000-0x0000000002EEA000-memory.dmp

Filesize
40KB

Download
memory/3068-9-0x0000000002EE0000-0x0000000002EEA000-memory.dmp

Filesize
40KB

Download
memory/3068-17-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download
memory/3068-19-0x0000000000480000-0x000000000048A000-memory.dmp

Filesize
40KB

Download
memory/3068-0-0x0000000073D1E000-0x0000000073D1F000-memory.dmp

Filesize
4KB

Download
memory/3068-3-0x0000000000480000-0x000000000048A000-memory.dmp

Filesize
40KB

Download
memory/3068-20-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download
memory/3068-4-0x0000000000480000-0x000000000048A000-memory.dmp

Filesize
40KB

Download
memory/3068-2-0x0000000073D10000-0x00000000743FE000-memory.dmp

Filesize
6.9MB

Download
memory/3068-1-0x0000000000AC0000-0x000000000182A000-memory.dmp

Filesize
13.4MB

Download