be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

Analysis

max time kernel
100s
max time network
87s
platform
windows7_x64
resource
win7-20220812-es
resource tags

arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
submitted
31-01-2023 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

osu!.exe
Size

4.3MB
MD5

58aed0b0330ca0b78ae291c6d17d890c
SHA1

f1957608185dbc3086e0e1e1c7dec1d3aea92654
SHA256

be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf
SHA512

f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d
SSDEEP

98304:CWLZg3h2kgwD6JkgIVzLUDQWvnUlNVKsEXXjZzLpxRxpDOhL:CWLZg3h2kgwD6JkgIBUDVnWNVKsEXXj4

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
536	osu!.exe
560	osu!.exe

Loads dropped DLL 14 IoCs

pid	Process
1736	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe
560	osu!.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
560	osu!.exe
560	osu!.exe
560	osu!.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 8 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	osu!.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a11800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	osu!.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	osu!.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	osu!.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
560	osu!.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1736	osu!.exe
Token: SeDebugPrivilege	536	osu!.exe
Token: SeDebugPrivilege	560	osu!.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 536	1736	osu!.exe	28
PID 1736 wrote to memory of 536	1736	osu!.exe	28
PID 1736 wrote to memory of 536	1736	osu!.exe	28
PID 1736 wrote to memory of 536	1736	osu!.exe	28
PID 536 wrote to memory of 560	536	osu!.exe	29
PID 536 wrote to memory of 560	536	osu!.exe	29
PID 536 wrote to memory of 560	536	osu!.exe	29
PID 536 wrote to memory of 560	536	osu!.exe	29

C:\Users\Admin\AppData\Local\Temp\osu!.exe
"C:\Users\Admin\AppData\Local\Temp\osu!.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\osu!\osu!.exe
  "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Users\Admin\AppData\Local\osu!\osu!.exe
    "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
41d6f6a2484acac005dd897acbb8b513

SHA1
03f030ad184c2e8c8a72b956f517054d850bdf57

SHA256
d261b935332a18706116de550c081bbc590fd5f0540ebd89b600d1016732c93a

SHA512
b974f154ac229f408e6d19414a0379d8c6afa118349b38333c6abad3dd1adb42b2c2115d9a0045b83f3c2ad66c1679eac49a383796066295a8ca949f7aa09660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
637B

MD5
c8be0ed856bdd09f38e9284b8472e455

SHA1
ad624ea233ecfb7091cf18c9a44b89e541b3fb3a

SHA256
98bf31534cd43c36a6a758abe77120d0d9151bf539de3c6bbe137bb3e8905c82

SHA512
763d8368b5fe242123468fe2d3d7bf52ab3a2bcf756611b6472f34a8322ab74ca053c0fd0d59a3ea96b5b5aca4f655e5d8789b67aa48076916f52a62d50b4132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
2ba38f38e1bbf7a0b86e4513488af1c9

SHA1
fdd898035a413a99a331733240d8a55779d2cedb

SHA256
eea4e560cfd565e1ccd40b747e56dea4f40953484c4dab34e346931c1f96365e

SHA512
43270b976acd9510871d19695aa14ee9ffec6a1ec900d33afc9bed6f18d56d9d52295379b6b2afba2d3d8dd5467bc5f08566156647b502489fe523913ef7d03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
a990281a750b5cf0b1a4743771c70a86

SHA1
3f724c24ec8fe3b86aa3fa3185a9c36f939a7f3d

SHA256
109e7dbdca0cfe34e1c0e055b47e2d777d58df5304420ff3c977a5f7fa8dc801

SHA512
6e58d09d3e1c68932ffd5796dddbb6bd84e5b8f80836df1ff32e62cf7702e3455dd740245f5b29219f3fa18cbd4ce9a2b812e486ed95b29f06ee5eedbcad91d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
709d5d683218d518e962d384010cde8c

SHA1
3b1c5f3f9ff82569f1bf3b13176acee75fbcc6d5

SHA256
b7aefaac81d0915d45f3ed29c5bf4d70df71dd90530e763c14ee82f217850fd5

SHA512
dafe9cea7b006eda533718c4ee67f053271f90a017d3013bed8672eddf4d8c1cd80879a499b9ce15f31e31f87c3bd615535fc7c3fca41285f160979699c7080e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
488B

MD5
0845e55181803db9a29184c81f5c5404

SHA1
b14056f0c177f20ed3e736bb1437fdde0bdb105b

SHA256
7ad7690afa61e08d87161e48d49d8633f9a83de2ad1a37749227b5b8e8a016d8

SHA512
12b01e3ad1ba6c9a60cda87946d970add7b44846a983679219e77fe2129a79eea7e722615a588ec7e0300522f99bb0d8eedd59691c6e2eb7783b5a072cc2ebe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
c3dba33cc05cfc1da4df9239128737b6

SHA1
c15df6340de3c772b43247974e7b4f973ed920ac

SHA256
75005dfab02c5f72146baa2d0c7b00e3fb9012163ee849aa7ddc367f59d0c4f6

SHA512
ade5a73542314ab5d60e3c0a5588451de627d0df2d022c24bd29ba4fcdc626c24d6faa825291a9420964726cff7a6146c0cac056d84c50300198beb09d359a1c

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update_success.log

Filesize
6KB

MD5
59bdb61a4cc6a39a8a3eb16f99397647

SHA1
ba61cc9e71ddb5370133ba74f764e3dc641e5de5

SHA256
c2412a1c3302c8ac9a9d32e419fc878c6a3b36e5cb3e77d73503b57a19144cda

SHA512
c22b22e8944a20c759a3e11f6f8aca00b61032871f8d8db8e25faa8094163313a084cc44ff28be45c1bb85f95670c120a46681bf637cf16222543368476ced79

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
4.2MB

MD5
b66478cc0f9ec50810489a039ced642b

SHA1
992ede70f0fee5cb323b4b810cc960bf2531875e

SHA256
e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702

SHA512
ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

Download Submit
C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

Filesize
711KB

MD5
c00b30289cc427caff97af5aa3d43e03

SHA1
8e70885a62b0fe510422c2367b1f6de489b67e6c

SHA256
b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867

SHA512
3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

Download Submit
C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

Filesize
77KB

MD5
47c83b958951331ba409d6b80316250c

SHA1
ce14566676a27a0899079781a41888a2f1303127

SHA256
e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064

SHA512
58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

Filesize
3.3MB

MD5
c5b362bce86bb0ad3149c4540201331d

SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd

SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.cfg

Filesize
856B

MD5
de92276e79caeb45da57a33cc5c50ba1

SHA1
ac289a9007b3117da3343df91128649050cf6da5

SHA256
cb95117169143e2e8c5b0fbff5919503b451147336778aa277f1ddf5de138040

SHA512
6d129d69c10d63f3b377658feabf2961198e94e679d9ae090f36e9817d25da57d895f667ea9aa22b33e83dccf400dec80d03a64c0f0b8eb577a4df49f49ca859

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
58aed0b0330ca0b78ae291c6d17d890c

SHA1
f1957608185dbc3086e0e1e1c7dec1d3aea92654

SHA256
be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

SHA512
f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
58aed0b0330ca0b78ae291c6d17d890c

SHA1
f1957608185dbc3086e0e1e1c7dec1d3aea92654

SHA256
be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

SHA512
f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
58aed0b0330ca0b78ae291c6d17d890c

SHA1
f1957608185dbc3086e0e1e1c7dec1d3aea92654

SHA256
be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

SHA512
f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
5.4MB

MD5
3fcde42adced9a782e93db966354c157

SHA1
2f61b3f2ec6e7fe57ad942ebaf7ef4b12a1eb438

SHA256
3a1c15f9c776e2eedcb7428d1b8b18f4b2c81bc4dc0221ab08a841a9a5328146

SHA512
25bad3d74bdeec4f140aba6e06a465de202d9e7d6e92ae9c41aac4cabdf1c227ea8da36f292641a94b5ed9a288423278dc745cdc1c2509211c5e3ed3f8a85502

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
30.4MB

MD5
4cb98d63f1b2b9dc38e10e9901ec52d8

SHA1
42c0e8b8e5c7a4113e38a977221f845ef8406722

SHA256
ba3467a8db908d81a0729f78fdc5c8f1d1595d3da4e5a9a34be9a16e06da9f87

SHA512
d351b9ff851490187b003c675047b6a20a2519df3818bcd18a674d6edab1d211c9661acc98403b562ff3268576ea203b4e0f10e962467b9849b72431c92735a4

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
3.7MB

MD5
524344f96189d2cc72123312351c6a79

SHA1
0629eb1003562fe3b59631d74d6c8c77ffa4b25f

SHA256
b128940413b25180e0ac22a75bc09b2912a24b93fd4880f10b18d4020b8fc112

SHA512
d13bb6ed8247093cd6d7b55cd19fa17ee75bde20a0a2011de04c649da064ccf947ccd0487320ca87f1437717da1711e2a3f33a7158759e620244d7818df3a188

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
24.6MB

MD5
450935f9812f0336e7968ec110548de6

SHA1
52a238343d521106c29b11b71b6546fdbc21ab90

SHA256
7c5b5834977a3d6cf853c3db28492399721004e36e8ecc09c0f475d759e4c557

SHA512
0f21b22fdba847b8b696fd40f34c26c89fa22e52d0abd342b67530609441fb7ec3ea12ad8badfca410c1f924ee9cfe401bc69ca645bf78371c48803f1d830b72

Download Submit
C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

Filesize
75KB

MD5
00678eb6be3b52d562b66218c93e21a8

SHA1
ba583d1520da22f3d3b89196c981279ecda58648

SHA256
b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f

SHA512
58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

Download Submit
\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
58aed0b0330ca0b78ae291c6d17d890c

SHA1
f1957608185dbc3086e0e1e1c7dec1d3aea92654

SHA256
be5854f78c69dd6b519b618eb57d7572c4ea15ef2dbd66d45d78abf2c3c72baf

SHA512
f5938fa10ede164e80918020d97f8c4a7627bb9cae56980853f41b424e3d9977fd5b1795b1a9a3cd32d3c1bbf141931874e1ed102858d4f2e34d922d7aaa024d

Download Submit
\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
5.4MB

MD5
3fcde42adced9a782e93db966354c157

SHA1
2f61b3f2ec6e7fe57ad942ebaf7ef4b12a1eb438

SHA256
3a1c15f9c776e2eedcb7428d1b8b18f4b2c81bc4dc0221ab08a841a9a5328146

SHA512
25bad3d74bdeec4f140aba6e06a465de202d9e7d6e92ae9c41aac4cabdf1c227ea8da36f292641a94b5ed9a288423278dc745cdc1c2509211c5e3ed3f8a85502

Download Submit
memory/536-62-0x0000000000E40000-0x0000000001286000-memory.dmp

Filesize
4.3MB

Download
memory/536-72-0x0000000004E65000-0x0000000004E76000-memory.dmp

Filesize
68KB

Download
memory/536-73-0x0000000004E65000-0x0000000004E76000-memory.dmp

Filesize
68KB

Download
memory/536-59-0x0000000000000000-mapping.dmp

Download
memory/536-76-0x0000000004E65000-0x0000000004E76000-memory.dmp

Filesize
68KB

Download
memory/560-96-0x000000006E290000-0x000000006E7F2000-memory.dmp

Filesize
5.4MB

Download
memory/560-74-0x0000000000000000-mapping.dmp

Download
memory/560-99-0x00000000093E0000-0x000000000980C000-memory.dmp

Filesize
4.2MB

Download
memory/560-95-0x000000006E280000-0x000000006E290000-memory.dmp

Filesize
64KB

Download
memory/560-107-0x0000000004E05000-0x0000000004E16000-memory.dmp

Filesize
68KB

Download
memory/560-108-0x0000000006290000-0x00000000062C2000-memory.dmp

Filesize
200KB

Download
memory/560-121-0x0000000006940000-0x000000000695A000-memory.dmp

Filesize
104KB

Download
memory/560-120-0x0000000004E05000-0x0000000004E16000-memory.dmp

Filesize
68KB

Download
memory/560-118-0x000000006C0A0000-0x000000006C0B0000-memory.dmp

Filesize
64KB

Download
memory/560-104-0x0000000006EB0000-0x0000000006F24000-memory.dmp

Filesize
464KB

Download
memory/560-113-0x000000006D510000-0x000000006D567000-memory.dmp

Filesize
348KB

Download
memory/560-116-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/560-117-0x0000000006940000-0x000000000695A000-memory.dmp

Filesize
104KB

Download
memory/1736-54-0x0000000000CA0000-0x00000000010E6000-memory.dmp

Filesize
4.3MB

Download
memory/1736-55-0x0000000000C60000-0x0000000000C9C000-memory.dmp

Filesize
240KB

Download
memory/1736-57-0x00000000052A5000-0x00000000052B6000-memory.dmp

Filesize
68KB

Download
memory/1736-56-0x0000000075781000-0x0000000075783000-memory.dmp

Filesize
8KB

Download