be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

Resubmissions

31-01-2023 19:12

230131-xwpy7abf5y 8

31-01-2023 19:10

230131-xvlkdabf5w 8

Analysis

max time kernel
86s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20221111-es
resource tags

arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
31-01-2023 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

osu!.exe
Size

4.3MB
MD5

58aed0b0330ca0b78ae291c6d17d890c
SHA1

f1957608185dbc3086e0e1e1c7dec1d3aea92654
SHA256

be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf
SHA512

f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d
SSDEEP

98304:CWLZg3h2kgwD6JkgIVzLUDQWvnUlNVKsEXXjZzLpxRxpDOhL:CWLZg3h2kgwD6JkgIBUDVnWNVKsEXXj4

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3204	osu!.exe
1616	osu!.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	osu!.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	osu!.exe

Loads dropped DLL 9 IoCs

pid	Process
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
1616	osu!.exe
1616	osu!.exe
1616	osu!.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2386679933-1492765628-3466841596-1000\{C24B3CA3-E80D-4E70-9DC6-C74820D69A23}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2386679933-1492765628-3466841596-1000\{7F86AD6B-98BD-4C6F-BE71-A54AB416041A}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2386679933-1492765628-3466841596-1000\{B5BB9C0A-836E-4476-8EFC-780C3721273F}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2386679933-1492765628-3466841596-1000\{435CE81D-36BF-4DA3-9AF7-D1125414B9E3}	svchost.exe

Modifies system certificate store 2 TTPs 11 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	osu!.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	osu!.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	osu!.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1616	osu!.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4452	OpenWith.exe
2340	OpenWith.exe
2204	7zG.exe
2752	7zG.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	3708	osu!.exe
Token: SeDebugPrivilege	3204	osu!.exe
Token: SeDebugPrivilege	1616	osu!.exe
Token: SeRestorePrivilege	2204	7zG.exe
Token: 35	2204	7zG.exe
Token: SeSecurityPrivilege	2204	7zG.exe
Token: SeRestorePrivilege	2752	7zG.exe
Token: 35	2752	7zG.exe
Token: SeSecurityPrivilege	2752	7zG.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2204	7zG.exe
2752	7zG.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4452	OpenWith.exe
2784	OpenWith.exe
4532	OpenWith.exe
2340	OpenWith.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 3204	3708	osu!.exe	93
PID 3708 wrote to memory of 3204	3708	osu!.exe	93
PID 3708 wrote to memory of 3204	3708	osu!.exe	93
PID 3204 wrote to memory of 1616	3204	osu!.exe	96
PID 3204 wrote to memory of 1616	3204	osu!.exe	96
PID 3204 wrote to memory of 1616	3204	osu!.exe	96

C:\Users\Admin\AppData\Local\Temp\osu!.exe
"C:\Users\Admin\AppData\Local\Temp\osu!.exe"
1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Users\Admin\AppData\Local\osu!\osu!.exe
  "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3204
- - C:\Users\Admin\AppData\Local\osu!\osu!.exe
    "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1616

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:4624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4532

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:1360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:3248

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" h -scrcSHA256 -i#7zMap8867:88:7zEvent6697
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2204

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" h -scrcCRC64 -i#7zMap6713:88:7zEvent11407
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
41d6f6a2484acac005dd897acbb8b513

SHA1
03f030ad184c2e8c8a72b956f517054d850bdf57

SHA256
d261b935332a18706116de550c081bbc590fd5f0540ebd89b600d1016732c93a

SHA512
b974f154ac229f408e6d19414a0379d8c6afa118349b38333c6abad3dd1adb42b2c2115d9a0045b83f3c2ad66c1679eac49a383796066295a8ca949f7aa09660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
637B

MD5
c8be0ed856bdd09f38e9284b8472e455

SHA1
ad624ea233ecfb7091cf18c9a44b89e541b3fb3a

SHA256
98bf31534cd43c36a6a758abe77120d0d9151bf539de3c6bbe137bb3e8905c82

SHA512
763d8368b5fe242123468fe2d3d7bf52ab3a2bcf756611b6472f34a8322ab74ca053c0fd0d59a3ea96b5b5aca4f655e5d8789b67aa48076916f52a62d50b4132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
2ba38f38e1bbf7a0b86e4513488af1c9

SHA1
fdd898035a413a99a331733240d8a55779d2cedb

SHA256
eea4e560cfd565e1ccd40b747e56dea4f40953484c4dab34e346931c1f96365e

SHA512
43270b976acd9510871d19695aa14ee9ffec6a1ec900d33afc9bed6f18d56d9d52295379b6b2afba2d3d8dd5467bc5f08566156647b502489fe523913ef7d03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
2b56d172ac45584f77c38aa19703f538

SHA1
45e255a05553e4d9ff5125d9f54302cbe0d3a4c5

SHA256
2a8681018bfe439a9e8718a596c1bc133dd9fc1724b6e9cb95821e8140f4ea16

SHA512
d23667455ce47d8bcbfb67f09b62f214954471fc54f272e2d00d59fef0c9b19ade7089491d1ca4549f5138b75b849742b71714e47d6cc2879b34e81803cd5475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
488B

MD5
75345fe294392854bdb7ae5e5f94ad59

SHA1
9bf7f8b913de1d630cd1f4d9933546763fcb3251

SHA256
1de9a5476a6086ef7525b51c46f033375ab82df114ac6c5b5480831ae893d22d

SHA512
064b731d1b2d944719945266c927d8bf4e5ad47c5afbf8134d06d3f190e4fc6c1119933f3a0da76dc526adce8e8462cb0d9e89b762e66db51f904333932c79ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
6d06fb20e4ea29defd61236484a22101

SHA1
83900b48e589b4d62cfdd978cec02d1f9520149f

SHA256
eb5c3daef7af441b223d7de6525c585d11bd10ff34f36199b526aeb6f726aaaf

SHA512
0ae17b459a1cb1f2910d73e92ca35eba9d329be081cac05770db7dd04aa90776075cc7158d7d14193ee93c07853a1f245142f5ca043e79143182b114b2c6726d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\osu!.exe.log

Filesize
1KB

MD5
d7851eb8e6db261d609ce656b3c44dc6

SHA1
62f1d2b78d143a336fe6779a17b6400f95dadb2a

SHA256
079dc4c2a07c1e17851a6bfc41130e0771c6b8063a2f6dcc807f9b525e1ced72

SHA512
1bb23aba0d00f7bfaee06b0e9fdd9d1d54a454d62308a88cd964728c568c7ec5a91a68817d4b5c93e3e3c5ad4232106af44eb1eee94679aa51396c1872af1037

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update_success.log

Filesize
6KB

MD5
2d55dafae5e25a6f52bc1367a27e1519

SHA1
e6a689677cd7be8d3fbacf18befa79e83125cf03

SHA256
08a74834feea6444bbf239589a064c6e015324fe88bc048395a50d73079a8942

SHA512
e18a42fb9c27800980e38411dbb143e4da9bcbce7e156ec16a3a7f98b56a417d125dddec208aac7edf3c164ccfc201242d686b76c5c596d2a3a03cea6bb0f4a1

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
4.2MB

MD5
b66478cc0f9ec50810489a039ced642b

SHA1
992ede70f0fee5cb323b4b810cc960bf2531875e

SHA256
e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702

SHA512
ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

Download Submit
C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

Filesize
711KB

MD5
c00b30289cc427caff97af5aa3d43e03

SHA1
8e70885a62b0fe510422c2367b1f6de489b67e6c

SHA256
b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867

SHA512
3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

Download Submit
C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

Filesize
77KB

MD5
47c83b958951331ba409d6b80316250c

SHA1
ce14566676a27a0899079781a41888a2f1303127

SHA256
e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064

SHA512
58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

Filesize
3.3MB

MD5
c5b362bce86bb0ad3149c4540201331d

SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd

SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.cfg

Filesize
856B

MD5
de92276e79caeb45da57a33cc5c50ba1

SHA1
ac289a9007b3117da3343df91128649050cf6da5

SHA256
cb95117169143e2e8c5b0fbff5919503b451147336778aa277f1ddf5de138040

SHA512
6d129d69c10d63f3b377658feabf2961198e94e679d9ae090f36e9817d25da57d895f667ea9aa22b33e83dccf400dec80d03a64c0f0b8eb577a4df49f49ca859

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
58aed0b0330ca0b78ae291c6d17d890c

SHA1
f1957608185dbc3086e0e1e1c7dec1d3aea92654

SHA256
be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

SHA512
f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
58aed0b0330ca0b78ae291c6d17d890c

SHA1
f1957608185dbc3086e0e1e1c7dec1d3aea92654

SHA256
be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

SHA512
f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
58aed0b0330ca0b78ae291c6d17d890c

SHA1
f1957608185dbc3086e0e1e1c7dec1d3aea92654

SHA256
be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

SHA512
f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
5.4MB

MD5
3fcde42adced9a782e93db966354c157

SHA1
2f61b3f2ec6e7fe57ad942ebaf7ef4b12a1eb438

SHA256
3a1c15f9c776e2eedcb7428d1b8b18f4b2c81bc4dc0221ab08a841a9a5328146

SHA512
25bad3d74bdeec4f140aba6e06a465de202d9e7d6e92ae9c41aac4cabdf1c227ea8da36f292641a94b5ed9a288423278dc745cdc1c2509211c5e3ed3f8a85502

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
5.4MB

MD5
3fcde42adced9a782e93db966354c157

SHA1
2f61b3f2ec6e7fe57ad942ebaf7ef4b12a1eb438

SHA256
3a1c15f9c776e2eedcb7428d1b8b18f4b2c81bc4dc0221ab08a841a9a5328146

SHA512
25bad3d74bdeec4f140aba6e06a465de202d9e7d6e92ae9c41aac4cabdf1c227ea8da36f292641a94b5ed9a288423278dc745cdc1c2509211c5e3ed3f8a85502

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
30.4MB

MD5
4cb98d63f1b2b9dc38e10e9901ec52d8

SHA1
42c0e8b8e5c7a4113e38a977221f845ef8406722

SHA256
ba3467a8db908d81a0729f78fdc5c8f1d1595d3da4e5a9a34be9a16e06da9f87

SHA512
d351b9ff851490187b003c675047b6a20a2519df3818bcd18a674d6edab1d211c9661acc98403b562ff3268576ea203b4e0f10e962467b9849b72431c92735a4

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
3.7MB

MD5
524344f96189d2cc72123312351c6a79

SHA1
0629eb1003562fe3b59631d74d6c8c77ffa4b25f

SHA256
b128940413b25180e0ac22a75bc09b2912a24b93fd4880f10b18d4020b8fc112

SHA512
d13bb6ed8247093cd6d7b55cd19fa17ee75bde20a0a2011de04c649da064ccf947ccd0487320ca87f1437717da1711e2a3f33a7158759e620244d7818df3a188

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
24.6MB

MD5
450935f9812f0336e7968ec110548de6

SHA1
52a238343d521106c29b11b71b6546fdbc21ab90

SHA256
7c5b5834977a3d6cf853c3db28492399721004e36e8ecc09c0f475d759e4c557

SHA512
0f21b22fdba847b8b696fd40f34c26c89fa22e52d0abd342b67530609441fb7ec3ea12ad8badfca410c1f924ee9cfe401bc69ca645bf78371c48803f1d830b72

Download Submit
C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

Filesize
75KB

MD5
00678eb6be3b52d562b66218c93e21a8

SHA1
ba583d1520da22f3d3b89196c981279ecda58648

SHA256
b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f

SHA512
58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/1616-177-0x0000000070C00000-0x0000000071162000-memory.dmp

Filesize
5.4MB

Download
memory/1616-193-0x0000000007A50000-0x0000000007A6D000-memory.dmp

Filesize
116KB

Download
memory/1616-167-0x0000000006A60000-0x0000000006A6C000-memory.dmp

Filesize
48KB

Download
memory/1616-166-0x0000000006600000-0x0000000006656000-memory.dmp

Filesize
344KB

Download
memory/1616-175-0x0000000008230000-0x00000000082A4000-memory.dmp

Filesize
464KB

Download
memory/1616-172-0x000000000BC40000-0x000000000C06C000-memory.dmp

Filesize
4.2MB

Download
memory/1616-185-0x000000006F230000-0x000000006F287000-memory.dmp

Filesize
348KB

Download
memory/1616-192-0x0000000070C00000-0x0000000071162000-memory.dmp

Filesize
5.4MB

Download
memory/1616-179-0x000000006CFA0000-0x000000006CFB0000-memory.dmp

Filesize
64KB

Download
memory/1616-191-0x000000006CFA0000-0x000000006CFB0000-memory.dmp

Filesize
64KB

Download
memory/1616-180-0x0000000074EB0000-0x0000000075660000-memory.dmp

Filesize
7.7MB

Download
memory/1616-190-0x0000000004F3A000-0x0000000004F3F000-memory.dmp

Filesize
20KB

Download
memory/1616-189-0x0000000007A50000-0x0000000007A6D000-memory.dmp

Filesize
116KB

Download
memory/1616-188-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3204-147-0x000000000ABC0000-0x000000000ACC2000-memory.dmp

Filesize
1.0MB

Download
memory/3204-146-0x000000000A400000-0x000000000A422000-memory.dmp

Filesize
136KB

Download
memory/3708-133-0x0000000005860000-0x0000000005E04000-memory.dmp

Filesize
5.6MB

Download
memory/3708-134-0x00000000052B0000-0x0000000005342000-memory.dmp

Filesize
584KB

Download
memory/3708-135-0x0000000006A70000-0x0000000006A7A000-memory.dmp

Filesize
40KB

Download
memory/3708-136-0x000000000ACF0000-0x000000000B21C000-memory.dmp

Filesize
5.2MB

Download
memory/3708-132-0x0000000000550000-0x0000000000996000-memory.dmp

Filesize
4.3MB

Download