ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2

max time kernel
130s
max time network
371s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 23:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

psr.exe
Size

13.4MB
MD5

33c9518c086d0cca4a636bc86728485e
SHA1

2420ad25e243ab8905b49f60fe7fb96590661f50
SHA256

ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2
SHA512

6c2c470607b88e7cd79411b7a645b395cee3306a23e6ba50b8ac57f7d5529a1b350c34e19da69aeb1ffade44d5187b4a1ef209a53d21a83e9e35add10fc7867d
SSDEEP

49152:W/XzWTJmbjeHLKLpyNpaQ+69tPvGUmskDXs4Awd9CBqcUiInvlT2hPnXiwzYJ33S:W/EmGrKL2pllzP+UNkEARmzY1C

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	psr.exe
File opened (read-only)	\??\M:	psr.exe
File opened (read-only)	\??\Q:	psr.exe
File opened (read-only)	\??\V:	psr.exe
File opened (read-only)	\??\X:	psr.exe
File opened (read-only)	\??\Z:	psr.exe
File opened (read-only)	\??\B:	psr.exe
File opened (read-only)	\??\G:	psr.exe
File opened (read-only)	\??\U:	psr.exe
File opened (read-only)	\??\Y:	psr.exe
File opened (read-only)	\??\J:	psr.exe
File opened (read-only)	\??\T:	psr.exe
File opened (read-only)	\??\R:	psr.exe
File opened (read-only)	\??\S:	psr.exe
File opened (read-only)	\??\E:	psr.exe
File opened (read-only)	\??\H:	psr.exe
File opened (read-only)	\??\L:	psr.exe
File opened (read-only)	\??\N:	psr.exe
File opened (read-only)	\??\O:	psr.exe
File opened (read-only)	\??\P:	psr.exe
File opened (read-only)	\??\W:	psr.exe
File opened (read-only)	\??\A:	psr.exe
File opened (read-only)	\??\I:	psr.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
69	raw.githubusercontent.com
70	raw.githubusercontent.com
71	raw.githubusercontent.com
68	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	psr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe
Token: SeShutdownPrivilege	2868	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2636	2868	chrome.exe	31
PID 2868 wrote to memory of 2636	2868	chrome.exe	31
PID 2868 wrote to memory of 2636	2868	chrome.exe	31
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2080	2868	chrome.exe	33
PID 2868 wrote to memory of 2884	2868	chrome.exe	34
PID 2868 wrote to memory of 2884	2868	chrome.exe	34
PID 2868 wrote to memory of 2884	2868	chrome.exe	34
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35
PID 2868 wrote to memory of 1032	2868	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\psr.exe
"C:\Users\Admin\AppData\Local\Temp\psr.exe"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:2188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef84f9758,0x7fef84f9768,0x7fef84f9778
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2140 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1192 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:2
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2948 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3696 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=580 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=896 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1508 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3452 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2320 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3012 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1956 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2188 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4016 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BikeEscape_1.0_setup.msi"
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3036 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3964 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1216,i,3507776794535204482,3712724669012999642,131072 /prefetch:8
  2⤵
  PID:2568

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1648

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:1920
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DB5F517103AA9F31F381D05127B6D063 C
  2⤵
  PID:2224
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DCC1A4A7B6DF24DB5420448174F1DC5E
  2⤵
  PID:536

C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape.exe
"C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape.exe"
1⤵
PID:1236
- C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe
  "C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe" --attach 1236 1052672
  2⤵
  PID:828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x148
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f7a37d5.rbs

Filesize
37KB

MD5
88c97e85fd3042163f32a8bd3a646991

SHA1
46d89a3cd01d6fe1d187924661f532ad9382e07a

SHA256
fce33965331d7f3829a6a8df22b1600bded5091c846d8e8b46c887b8e6e01ccd

SHA512
9cd06cd7a2f071613e563b66f01443daff5a259ac56ae537c59ffba34ae771d58dd4346adc6cc98118d8da015e67707764b17b7927e013bb6abd8cf127866e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
835986a846335b06da171e2aa4ed83a2

SHA1
4829ed0ee5959145710a629b1f91dba1a9b99352

SHA256
07e31795d4fa001a638c062fd762a489573b4fa18f38037204f14c1d818bffb8

SHA512
82d69647934cf748f9a80b635176b6ab49cc85d9830ec24f107f62768937b25af2a4203a698e56480892fb3aeb069c7c0d18964ef20ad52a253cdc2dd25b9dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dc7a33f670c3a586cae5b66fd0d3e648

SHA1
98458753c51520b09ee98741954be2c2d4dad411

SHA256
7d7b6a94d4e2ed168b73dfaac7a0ff4d3d7559de47bff2980ab4ba21f53c47c6

SHA512
ddadae239215b0e10314bdf7e117a2384a4ffad93c7a6e4c3f7707db124125b62323ca5d5040f80a7bb68d31a6dfb55d0d6eb967114a38c0398c53ff59a728c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c7f9c26fbbfd52d2b925f91836549514

SHA1
bb94c9ad72df8ea54ec69537f6fe7284c7ad6ad7

SHA256
00ebfdd0e26a2b93bb536ae46bda8079cad4dfd37330978a915969b38a59719a

SHA512
b90a27e0ff9fff7ad56c5df5afbc12c94515371b9069a785bd3b20a378c773e663aec297f2bbef06c6ce2733ef66d67cc3940d74af6fc6418ded91cf106b332d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c3c7a2b6d775c747dd0f9179c957a4bf

SHA1
9aea4e870ef9b09c4a01fde670792aa207a55d7d

SHA256
c956fe015188331f511577f23aa08130d78ce567f9f34702f8ccaf5463bd94b2

SHA512
74f4e72160d1344c82802ba6b6dce601501d8ac3c4c7e5c26989f0080df89182bf396e087531d52870ee91ee868e0bb8671713b0e78bc3441a7267afcb43d0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
676b0f5d529e274f14df5991a5ec315c

SHA1
f3d15d0301c863d18b9decf98e76ad59e6236dd6

SHA256
774d5521396f8ee3466379bb3c24b25d1fc36421f6a827d11232c333b281b53f

SHA512
adfa6d7b5722202a9fbf8e6fedc2d629f44dbf1bc24020b922ad0bdb78deb191a084ac5b4b23076078e37d9c8005260c7c86488bd21e1d13965d3dd4ea1de5b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ad1f3c1c148f53bb2b227f5f236966e2

SHA1
9dad99b1921d577eb7beaa3961c3b82bfad61785

SHA256
2fe408513cc0885d36a415511ea2a8965fa4dae46c3ffcd0699ec1b894a325e6

SHA512
844ddd965818fef1377bc64756f48767caaed581f16c8d8813aa8609d9c0af889eb7729f799986ec7ee12a0d64cf601a85dead0526998848bb3a92b9ced0f8ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
938506dab873d1af2f393ebfc2774fcf

SHA1
79ce9ec0daced752da927e45fead0232847ed130

SHA256
70529e0f6eccb02b40c26e618c1e0403912d21cf7686e96b8c0c59bc7aac2851

SHA512
037c06392398ebc65dd56ed5f16250f792250b8d328a986b7a19703f9340543fb6401b26e1f1ff2afe43ce7346507fef7b1831d0d5a7d9ed18b95200d7095932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
d0c99b1533922d0e464e89fc04721a9d

SHA1
66299ec9855d3dccc534a6fe83d5f96f5dbe272a

SHA256
795c5d37f42f612ed5c267be1796c27d38bb8b7b3d3cd1f5fb9e6d7299c744ce

SHA512
561f1504540e2c44e044a92f78c9a0f5382a14ca519343733ee400a9d62497a409d4e5ed8f4c1968e621933ced98755ff4d7cdcb8405d4372afe085be4d9eef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
dca5e552aa3bba1d176de2c8476edc05

SHA1
8bcf62d1e6c30d545f79b83299b1208180e0b4a6

SHA256
c66a102a7c35a3257689ea1433651c70c448a9ca427bffe33419e581f904f339

SHA512
3593cc80d9098f9e2597ddef34cca5c4797df3a51a620bf51cd2855824e846b7c72ed81964cc9b24eab33540aeeba2521f91bf4af14148afefc98a9abdf6e47b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
916e64f1e42b246c4f2b797a6d342bb3

SHA1
6abb5fa7c463c67159d2d67c197866446792bf0d

SHA256
e987015bb8c0e1762b39f1ebe87293ae34842b24126831236300ba6a6b28f28b

SHA512
e36cc0c3f110e450c31647e2646f120fe09e9da9555eff99a0736dca92e3a8362590e4cf58f027a3e43672d95209607c39d4409e0b2747f3b2d2e9d2e424f844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
8d86ba53ab3c9d537c7d6996baaf9d4a

SHA1
6e4df01904d343b0285d8f3ae7eb790627d49996

SHA256
46ef1be83aeaf0d792ff18c441e3b15fe3ba4523ff93e453f07feeeca81d2a74

SHA512
66fdd44db7a2f85d47b3915e49292ce6fa4f1ec652f4df7adffd56574583374b5d7b48ae64ab090b938bad5f74aa9285dff930c28a2da599010fa54273a58276

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
974f69111a00a69f55ab7fd0be2e1775

SHA1
4e4af6575300ec4ebdf1aa698c5b22df2a9551e4

SHA256
4314a866b6dcd3ce374f351ad56511437b61afbe2129abb360952dd25c51cf0f

SHA512
4a42f7d54b16f8871543119222a3daff46f79a6371950b512304cbde5596c63b173cd802cc7ac29a6539e44f18b78c8401121f43d36f2d4ba0fad20bbf060bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5bcded6360ebc631583ae1cb39bc0778

SHA1
a93687f64ec9bb90cf95b60b8b7c5e3d4f8c83af

SHA256
3897252ad683fc71d7edff270e2dded8c7866aa19fb5d0a6881113094434b452

SHA512
ffced39c186393b879a0da06f8a16cf7047134fd3f8c2fbd6be0f1bfb13fb342e77f027e6f77c38bd58957dc459114bce69fd61f076f58c439e1e69531f6d214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
980374e13c765fb3d9cbe983e26d08cd

SHA1
eca9445e4c3313b841178c033be73ca8ef0d436a

SHA256
dcc207a75e402357c637b45db85ccb7211ae90423f38c8800906036495d9559b

SHA512
b5e753f9f9574b7276d42dd35c6c4d6e15db2318350d4dd488373b052d2415632c671b3527ce48b22093eebefff72fe235b434332d0236c9fa3adaa50c66d8cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
092512754928f5283d701cf3800adbca

SHA1
e1a6cc30ea0fc950460a8865783cd9b44e4729d9

SHA256
1a0d61beec69a9df8bc8678c03dcaa553119824b75b99fcae54228785071bf11

SHA512
cc7f1cc3447d74d3fb52ebd9bac56d16e1b235f717537d3f491baf5454950d16ff04bc4b2d1cdccbddb1adc9dc52046ad9f9b8781b1e11a9558fba9e797552fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a68cd67492d26420fa4d6a5f71129adf

SHA1
70781a2c8c8bf2c9272ce2ed50ae56dbd0645e21

SHA256
a2ed5b86013166d2b2239d4d3aa42ab27e81785d8b6b34c541bbaf4809847df3

SHA512
2e7e8d875c5c742b5397f0d7668d5c4015590304facfb143c84ec4cffe023b50f3994bb678f5bdbb7a1a17de3b9d2dfb70bf1f0107087566da83f3d9600f4113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f8dac1bbff1b3bd2860e4f1a4ad204f8

SHA1
26bf5b25aeae9c11b267780f7b81a0a60e0853d7

SHA256
467c66a7afbdee529e7728a6be32562f37306783f8bc09630e3a05caacd51ce6

SHA512
dd8dbf1580d85e0b514d346be73b5d3d134d9abc600efb1ea5235190c00429770b8583e7fc034843eaf9661a3de7acd2d8b8e1f9455b7060a9ccba0ebb0ad57c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aed31e0762bd1b5519a46da0a1153f77

SHA1
2ae1091c3bd29a0eaabccee467171d24de8c669a

SHA256
717a299f8bb4d784d0a114cde7d4df8d8754c278171b788c12313104ac883a57

SHA512
0e3d32e4202a279301c0d375bcc04e48d4a60659ae676e2df34f6a7664fcd1124ef4c6836bc13c027d91534ebceac07feb2b1b3d59bab4ea5ad11223e5b2fcef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
97478eed1f2377e62561eecdc65ea9b7

SHA1
0d4e199f76862fd89f08127d407f843923bff510

SHA256
bdb69896114dcc8e3d0a1859a4128d6f7faa105eb4c90d094197e705255a09d8

SHA512
fe1fa25fad52976544a83c8c0f8734733a8d5a0ce6665d2006e134641a374713483540b4f79b92c1f0d064bf690e87198a97066f519a988b41cbac31e7fd322a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f059cbab-c8d9-4b6f-a5f3-0f7240f8c8b4.tmp

Filesize
7KB

MD5
2c469d8b6b914e10c40a407fd382e220

SHA1
b96b71a5916e3e9297cb2d82d61f989e725c7b11

SHA256
6da9b80a133e57c9c337e433e94bd8d70a7afae81de63ac6c1cb8340ccbc03b8

SHA512
1042d245efabc3d24ae6476ee3f3cfc81cba9694cd2c1de1e88bd9ac297e57e695b8a30f0981c5a6c260a1c5f989ddfe4dbcb6d4d54260d7fd219af172993a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
82KB

MD5
c5aac7acdd7a4269a014ce2f2a977cc3

SHA1
cbf561218141258ed52b6c79e8f628d910d880e8

SHA256
b9e3a7b5b80ae063a6b4ec3cf4f2e7deb853cfee99ddda064c789dee3032b995

SHA512
9244b46460a0246cebdae8f73ca43f96a8576728f3391f5698bc743c8d202ec77c60d9bda593e4b196cf8fb9c565473693987676b96175dd6f91c1ccc295ebec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
9e813627e2deff10f9a308f058b789ca

SHA1
132778ca42dfdd2976822ce3bda9651fa00c2fd1

SHA256
46365fce5ad962c2434a3a3aff24715005859637d01c10d486b1281739cc8ed0

SHA512
846ac42e1949a6920972c00dc537c16c892d10ad241950fa0f94e41f48c1e3e147db20d1a8f40bb15bece7a907e14c6c61faa48cceb13579564704955eaf64ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7216.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7238.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape_Data\Managed\mscorlib.dll

Filesize
4.4MB

MD5
017bb89a5889ec7bd4bed67328bb780d

SHA1
887fa8930dba9a74c3165249dd7c37ec6c7303f4

SHA256
0113edfb285335bafe75f56e3e2f76598672e1649ece100d7b9b3049fd916d02

SHA512
547c74e113cae987a7a6ba29066670622551810825d3f4cd5163801356bc09cbc6d8337cb7b65f8923756166a687ef4f4635b835be897732d02c98070c88a347

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape_Data\Resources\unity default resources

Filesize
1.5MB

MD5
320641294b8add2538906ed41508b8f4

SHA1
183384d063327e6e2a336307e988b4ea30386be3

SHA256
cfec053f11e7933532225c8cfca6989dab5895d5f3a76a3cb1fec61057d4cc22

SHA512
e85125e63dbeda7884b97c0b274757506f15be202f1c853e714ada14dbcf5653ebda6f997eac2a717daf48450e4fa0f515468c20c358e6573c1fc96a04f0faa6

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape_Data\RuntimeInitializeOnLoads.json

Filesize
700B

MD5
d2579a071fb2371024bc3689fc8e82a3

SHA1
598625b1377b0a9580d2ae1bf0df3230d8662073

SHA256
1f24ac55efc1eca154804c4c4c5b10b13ea8064b2203cd502d715b0da083fc82

SHA512
3f2ca4800b8aed29d574ed9ebdfe6b0648b9dbdeb6b962812c06fe17ff8170303e7d0e29ecb6947d34cdc1bc5f9e2c6711d1119669e6955f30c80b953430afc6

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape_Data\ScriptingAssemblies.json

Filesize
3KB

MD5
bb3bb5c664c51a27fda941a5f42f5c3b

SHA1
7fba9310db60046a05ad03c371ddf349a603f440

SHA256
f48f2df80621ab84383f5cf4b296cfd7bcdd454866f04ccd936e9c7e835ae011

SHA512
6047f5739d4c2905221d9e662bf62597e701741ae186e30d76b713e9a31403a8a97b0557d66a0c8c2953b24225161f28c41c37c78df910b8e0cbb9afd503a1bc

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape_Data\app.info

Filesize
26B

MD5
40abee745cca05ece5bc478734b5e1a5

SHA1
9810756f48d90fa1cf28621f8bdd91f0b26f46f1

SHA256
4c6be56d4ac9592f3847eb15f177aa4155f2b829205d2a56fc77cc449a68d798

SHA512
5917ab33053e8d7dc90ca8b9acb3a0fe220e484b2223c7549ffd6cbe325a87540750752de0adbbd69877e293cfe556fe724e18f9ca913a5c1a3194709e77531d

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape_Data\boot.config

Filesize
113B

MD5
ea970890ead28f27144536fce641ccc1

SHA1
06872a5110b9e3854b3348b27dd9425703d78277

SHA256
0d91ebd637bd3de4b9eea8dc29e70e67bafb4167b4e1d1c169e50ee7ba19ca99

SHA512
49e95423c13773995193d1f0c62a157fa7e78bf484e9ef0a7352cad90fc18889ffa4efe29ff2d5038a52d4d334b8b36bc26beaf463cfda635e72e78862eb63ce

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape_Data\data.unity3d

Filesize
3.3MB

MD5
f72ae47361f4abfdb68aff167881c45f

SHA1
a95163d3d156ff22678dc639bf48acb3aa6ed33e

SHA256
3e65dc1469c0b8d2c173e83a718c7c3428861e6b27ce673d434f4ef54e676626

SHA512
4ddddd41797b9c2ab611353c1c18f63acda40bb7681e2e7d6692d6ab8a298340f5d6d807ecaa9889575c5216e8cf16654612e71836fb19dfa0b0336952398949

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\MonoBleedingEdge\etc\mono\config

Filesize
3KB

MD5
67611b783439b35abfe05a97413bba46

SHA1
52795ffda8b88701793acc05e87897bdba99a633

SHA256
5776169973a26a387b8b3e5c0f2301a7ab9a6dd7c7d3efa22a96abc47fbf8662

SHA512
046dc9fe5cb46bea23668eb0d9742d32ddad30a6ee85c20839b68cb022f9e2ae6a38b87b9e267edb152b29420e3d169348cd9d3bcd4a7c7d82b3d50ac24b4748

Download Submit
C:\Users\Admin\AppData\Roaming\BikeEscape\UnityPlayer.dll

Filesize
29.5MB

MD5
6e5eabba564417d09033b03efe412c5f

SHA1
ebbe9864825c1d17a04ace6972f485617f5cb671

SHA256
3beae3d0ca0b56d0f6264694d6e197685e0b107ca18b7a48266315629d7c5652

SHA512
a3f2b8d9e63df87eccaa900f9427aa64a81afc1692e818fe94a19ca85238fe459821f4cf38ee1a6f22545144446026511435f5b70726e1c78be9acc1456dbd7c

Download Submit
\Users\Admin\AppData\Local\Temp\MSI18CE.tmp

Filesize
997KB

MD5
ec6ebf65fe4f361a73e473f46730e05c

SHA1
01f946dfbf773f977af5ade7c27fffc7fe311149

SHA256
d3614d7bece53e0d408e31da7d9b0ff2f7285a7dd544c778847ed0c5ded5d52f

SHA512
e4d7aafa75d07a3071d2739d18b4c2b0a3798f754b339c349db9a6004d031bf02f3970b030cec4a5f55b4c19f03794b0ce186a303d936c222e7e6e8726fffff7

Download Submit
\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape.exe

Filesize
651KB

MD5
b7fde0dbffef8900a750588a9b068759

SHA1
2e2e18d1629386fd2d99339e1eac92935b7786df

SHA256
2c49f83477625f5e2a8a84edba8a3e4686cf1579b7424f0ae0f685caeed60e6e

SHA512
ee9b31b5465bef3ae2ffb4ce68a158881aff69c0cc4f032423f584ffae366eff1c16f2120d38cbb73339431aae9f82872e2960a43d982be73847de428cb1929a

Download Submit
\Users\Admin\AppData\Roaming\BikeEscape\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll

Filesize
7.5MB

MD5
57eba7c6dbdcb54053bb35d994f69b90

SHA1
94935c8726fc3245600194e6f381b73f3bec8279

SHA256
43b9e1109889582050282d7f956a6e6b27ffca78f361d6b781cb63e3da66af13

SHA512
ba3572fd307acbd03e7a2626b9dac69f183c2d5b0c64cfb2d34e3d2c9ce90b9a9b58dfeecd976e89978f22032807f1d5ae05bacb8e8416efab590762e37e4e8a

Download Submit
\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe

Filesize
1.1MB

MD5
83b7227dd846badcd1d7174669a3180d

SHA1
7552a3107caa989d98c1507edf0bd70af6e13ae0

SHA256
42972da4c9c50373418944a410f94b5d5d2eff245c35ae97a52db8d1eaf4f5a5

SHA512
57e44dd4d92840665f2f77a26ea7685048857eb9d7398aeebf9d634ca6a81f1eebc74da3c45103dd3b9fbcec22e28129cfa76fb5e2c5a558217b9d3f69fa85cc

Download Submit
\Windows\Installer\MSI3C29.tmp

Filesize
413KB

MD5
3f733da2231e89b868995a206109f63d

SHA1
4b063ab891c0f399d91df8075ba72d5db576573f

SHA256
d3d0f373f906323073a04e7a807f2b26ac5694467cd60c5265f430bf31cec553

SHA512
6c36838e62f40d1e6ee0e0f0ece6c2da6afbb233594c65d42cb04910be44cd79780b14be360f3fb191f83e5664b5a363381ec709baa7fb888ecfe69cefa3f990

Download Submit
memory/1236-1073-0x000007FFFFE90000-0x000007FFFFEA0000-memory.dmp

Filesize
64KB

Download
memory/1236-1054-0x000007FFFFEC0000-0x000007FFFFED0000-memory.dmp

Filesize
64KB

Download
memory/1236-1046-0x000007FFFFEB0000-0x000007FFFFEC0000-memory.dmp

Filesize
64KB

Download
memory/2188-56-0x00000000749F0000-0x00000000750DE000-memory.dmp

Filesize
6.9MB

Download
memory/2188-6-0x00000000749F0000-0x00000000750DE000-memory.dmp

Filesize
6.9MB

Download
memory/2188-1-0x0000000000DA0000-0x0000000001B0A000-memory.dmp

Filesize
13.4MB

Download
memory/2188-51-0x00000000749FE000-0x00000000749FF000-memory.dmp

Filesize
4KB

Download
memory/2188-9-0x0000000000B50000-0x0000000000B5A000-memory.dmp

Filesize
40KB

Download
memory/2188-77-0x0000000000B50000-0x0000000000B5A000-memory.dmp

Filesize
40KB

Download
memory/2188-10-0x0000000000B50000-0x0000000000B5A000-memory.dmp

Filesize
40KB

Download
memory/2188-11-0x0000000000B50000-0x0000000000B5A000-memory.dmp

Filesize
40KB

Download
memory/2188-12-0x0000000000B50000-0x0000000000B5A000-memory.dmp

Filesize
40KB

Download
memory/2188-0-0x00000000749FE000-0x00000000749FF000-memory.dmp

Filesize
4KB

Download
memory/2188-3-0x0000000000590000-0x000000000059A000-memory.dmp

Filesize
40KB

Download
memory/2188-4-0x0000000000590000-0x000000000059A000-memory.dmp

Filesize
40KB

Download
memory/2188-65-0x0000000000590000-0x000000000059A000-memory.dmp

Filesize
40KB

Download
memory/2188-66-0x0000000000590000-0x000000000059A000-memory.dmp

Filesize
40KB

Download
memory/2188-67-0x00000000749F0000-0x00000000750DE000-memory.dmp

Filesize
6.9MB

Download
memory/2188-2-0x00000000749F0000-0x00000000750DE000-memory.dmp

Filesize
6.9MB

Download
memory/2224-1012-0x00000000002A0000-0x00000000002A2000-memory.dmp

Filesize
8KB

Download