bfa4ad675cdcd773b7b1c899e0a5e193d05d055d93e001271f06756c8185a28a

Analysis

max time kernel
43s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2023, 14:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

osu!install.exe
Size

4.3MB
MD5

2485b8963d5316b6b17e483ba8a806fb
SHA1

3bc5f8dad0f8a59cf84fade8835ef7f7486af564
SHA256

bfa4ad675cdcd773b7b1c899e0a5e193d05d055d93e001271f06756c8185a28a
SHA512

c671b7e1b2fbb4f84820aff5f93287e2ed9b70f212ffb44c1253e68a3936c976e87dd17f454ea7af3276a0cf9b20e0d7198f9ce77bb22440433cb2fbe2f4f1af
SSDEEP

98304:NpR3HMRtiRyxNu38ufK7IPmOMaV4HRsxRxpDOh:NpRsQRyxNu38uf3et44HRgi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Executes dropped EXE 1 IoCs

pid	Process
4804	osu!.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-618519468-4027732583-1827558364-1000\{98D380B6-7580-4ADE-A487-7FED5F3BD984}	svchost.exe

Modifies system certificate store 2 TTPs 10 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	osu!install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	osu!install.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	osu!.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	osu!.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!install.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	osu!install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	osu!install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!install.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3812	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3640	osu!install.exe
Token: SeDebugPrivilege	4804	osu!.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3812	OpenWith.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 4804	3640	osu!install.exe	90
PID 3640 wrote to memory of 4804	3640	osu!install.exe	90
PID 3640 wrote to memory of 4804	3640	osu!install.exe	90

C:\Users\Admin\AppData\Local\Temp\osu!install.exe
"C:\Users\Admin\AppData\Local\Temp\osu!install.exe"
1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Users\Admin\AppData\Local\osu!\osu!.exe
  "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:4804
- - C:\Users\Admin\AppData\Local\osu!\osu!.exe
    "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
    3⤵
    PID:5100

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:60

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Modifies registry class
PID:2644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:3124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
59937ae1f8b2d6de7c0eee46e4eb9dc5

SHA1
5874c2d7e310e53814a7777f0fba6ad71cf8ec57

SHA256
0b259fb4e7bee6ce89510751eb4fd100d53e320372644c8568a561c6b3cfb8c9

SHA512
4a8deccdadc9db559a85934663b2caaf8014cf30563254574964bc508d37d5a1e187991b4eae8c16e3fc5bb46816df943a88983fec1272714b3e87fc54b64928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
637B

MD5
6f30a33e5b62735bbf45c0be6829cb39

SHA1
c576d9948ddb3e9842786ac2cf4ff10be90288ac

SHA256
f5ff166cc33a6137edb6bee70a2c1881d6cb580e7d36d87c19c5de5b971fc82e

SHA512
1ae3ec06545853e9883bd85ce334907b635744c0f969968e9407ba8ac92786c236050c76ec57b34d0bc32b6c8e78d296089025cd41872a172c60b9508fbd9505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
baa0f9cd31b254aaca03b15e702b8f8a

SHA1
8258082815a7c189c4aac230245be4a60834a242

SHA256
991ccd25547f2cff1f62dda2e098ef20a2a7650b80cba742b6f4aa1dc24884ec

SHA512
fddc5aa368d6d6c75cabfe157cd3aa33aa813b9ba971deb09ec6a56b5d996ac4710d0d81064ad18ef2d8f9b3e7994097568de047000896c5e0a672a14b736165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
c780c1e7e08077848e8a139370be49d7

SHA1
760e3bd9299553e7dffe91b85173d71b477c9e66

SHA256
96b40477e56538a60bef7fdbe568702db1062ce989788fe77d31502fb0208f2d

SHA512
22557e94d29a7bd0e9320a6295a649392ea5cd99263ddb7562db1ed2708038c4f56a988f834aa0e543389b17dea8b94e6fdfa6b0d93b892fb5b9ef59d8c939a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
488B

MD5
78a60552e1edaf022485adf8f68b7e98

SHA1
c048e9704fd05bafb795b704b41114cf504c8296

SHA256
93dd9adcf74d76ea0a90315296dda32e2b8685358f0af92903654a80fdc12087

SHA512
b96f9a0383b10f088a89153c65a8003cd80fe8456e9a2bcc1cb74708d9d226edf5b40abb492d717fdc6e1d9462845267226fd7149ee32fc0f0523d13f7ff0b4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
9e15598faae4aca35f341fb43eb247bf

SHA1
190c410c64a7b689e3094fbf731ae874a6e7c073

SHA256
decde08468ecc1443beb759e621a2517527427c9dfa191361853d7c3f797e4b6

SHA512
7f9924fdc2d47cb6c0be30a52265f87e46e5d0990e48238717bbcb34b839655cb8ce6348e7ea6882510f2813d1b592aae428921d7ebcdd80cba49467c7727944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\osu!.exe.log

Filesize
1KB

MD5
d7851eb8e6db261d609ce656b3c44dc6

SHA1
62f1d2b78d143a336fe6779a17b6400f95dadb2a

SHA256
079dc4c2a07c1e17851a6bfc41130e0771c6b8063a2f6dcc807f9b525e1ced72

SHA512
1bb23aba0d00f7bfaee06b0e9fdd9d1d54a454d62308a88cd964728c568c7ec5a91a68817d4b5c93e3e3c5ad4232106af44eb1eee94679aa51396c1872af1037

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
325B

MD5
9ce3d2b919557adec3635a787be53407

SHA1
fa4b742c9188ad6a05f28a6a29c1802c203bee0b

SHA256
ce90d6d1ce3a76d927e2e8f30d9bcddc36195207232c4c56dba028e72a4756b1

SHA512
d2b59597d72faa00f05fa327639ff7eae71c8c4cac31d4a7beaa0a23fa10606d0501f3a47f594ee8a5e80a45d8dfddce0708ed13e75dc1ebccf7d7515fccd58d

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
370B

MD5
88386d36be2573fdf251917562daefb8

SHA1
d01708e67e7923603e0ef8cfdfbafbfab6582bcd

SHA256
da25d30b2a15dea486af462926d82a963137549f510d40d05cc43d68568c4a4e

SHA512
c5029f0c5cd565a779457348eab363b35a291dc184232a6ab8e5df7b40d30bda49231a38126e8be43bbd53882b5d4735e2d49d72cb20466b291c0b11b984b90d

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
1KB

MD5
dc443e988775aa00342f60e00840908d

SHA1
38e0a7e6cec903beefbc3bcca6fda06f84d7f264

SHA256
97e1b130fa3e046237628893e0531d3628d8f037cfcbe9141f79008c9cba6cd7

SHA512
a223dcf8d611959a68403525d2d7b1e89efe98d2f01993f9973ec330544787b85ff0f5ad39c84242c596862e9ac2c5af22629491e7f4a2120b918a72b76ee9e0

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
1KB

MD5
dc443e988775aa00342f60e00840908d

SHA1
38e0a7e6cec903beefbc3bcca6fda06f84d7f264

SHA256
97e1b130fa3e046237628893e0531d3628d8f037cfcbe9141f79008c9cba6cd7

SHA512
a223dcf8d611959a68403525d2d7b1e89efe98d2f01993f9973ec330544787b85ff0f5ad39c84242c596862e9ac2c5af22629491e7f4a2120b918a72b76ee9e0

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
3KB

MD5
76d25db6c52fc50c65d7c6bb634e6a04

SHA1
70b3e9689bbd4c3ba29f8fd152509d0e3129b01b

SHA256
d8b00c13985f42ad1824c531c585262f03da1a5a04d4c72435090c3cd91c03b9

SHA512
c2371523da97a1acd79c1fbdbfbe3455e5d74d4febd6846c161dcb9e1399c4e55ca4bfce63fe39d792da2172f4858ad099beb7a5a33ab7523c11904fd4446d7f

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
4KB

MD5
b3c4be941d5ba085e7bca0ca7ba6b796

SHA1
6a1affc3c3cfe406932258e7d8751cd137ebe160

SHA256
381a2efd163830d6b7acb580997397d961f8b4094d60cb65936a8e16b3b3072b

SHA512
dac36503e09ec7115fa465e2936cd1ab1307f71de6e91cd24be67cc2b22de9d23a6b2f986fc93e045bcb8e21ce9f5e450c19483a842fdb2a3aebb7aaa204abea

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
4.2MB

MD5
b66478cc0f9ec50810489a039ced642b

SHA1
992ede70f0fee5cb323b4b810cc960bf2531875e

SHA256
e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702

SHA512
ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
4.2MB

MD5
b66478cc0f9ec50810489a039ced642b

SHA1
992ede70f0fee5cb323b4b810cc960bf2531875e

SHA256
e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702

SHA512
ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

Download Submit
C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

Filesize
711KB

MD5
c00b30289cc427caff97af5aa3d43e03

SHA1
8e70885a62b0fe510422c2367b1f6de489b67e6c

SHA256
b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867

SHA512
3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

Download Submit
C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

Filesize
711KB

MD5
c00b30289cc427caff97af5aa3d43e03

SHA1
8e70885a62b0fe510422c2367b1f6de489b67e6c

SHA256
b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867

SHA512
3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

Download Submit
C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

Filesize
77KB

MD5
47c83b958951331ba409d6b80316250c

SHA1
ce14566676a27a0899079781a41888a2f1303127

SHA256
e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064

SHA512
58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

Download Submit
C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

Filesize
77KB

MD5
47c83b958951331ba409d6b80316250c

SHA1
ce14566676a27a0899079781a41888a2f1303127

SHA256
e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064

SHA512
58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

Filesize
3.3MB

MD5
c5b362bce86bb0ad3149c4540201331d

SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd

SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

Download Submit
C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

Filesize
3.3MB

MD5
c5b362bce86bb0ad3149c4540201331d

SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd

SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.cfg

Filesize
856B

MD5
26eeef6bd6fcdf91d6a259f42b72a1dd

SHA1
65b4ea42176ed9d3dc32c6fd2cd77a7718694763

SHA256
beb65cae0b5198566042c9a05f7a983fe82827b971cb11b15297868374b1cf60

SHA512
54688d4305c89df29aa818a7a030c43c0955dfe9500923f6b72f0ed923a583661eb61b77e67cb600564253eb95da9f087d76f0fcf60ee1cb6340bf29d962c18d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
2485b8963d5316b6b17e483ba8a806fb

SHA1
3bc5f8dad0f8a59cf84fade8835ef7f7486af564

SHA256
bfa4ad675cdcd773b7b1c899e0a5e193d05d055d93e001271f06756c8185a28a

SHA512
c671b7e1b2fbb4f84820aff5f93287e2ed9b70f212ffb44c1253e68a3936c976e87dd17f454ea7af3276a0cf9b20e0d7198f9ce77bb22440433cb2fbe2f4f1af

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
2485b8963d5316b6b17e483ba8a806fb

SHA1
3bc5f8dad0f8a59cf84fade8835ef7f7486af564

SHA256
bfa4ad675cdcd773b7b1c899e0a5e193d05d055d93e001271f06756c8185a28a

SHA512
c671b7e1b2fbb4f84820aff5f93287e2ed9b70f212ffb44c1253e68a3936c976e87dd17f454ea7af3276a0cf9b20e0d7198f9ce77bb22440433cb2fbe2f4f1af

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
2485b8963d5316b6b17e483ba8a806fb

SHA1
3bc5f8dad0f8a59cf84fade8835ef7f7486af564

SHA256
bfa4ad675cdcd773b7b1c899e0a5e193d05d055d93e001271f06756c8185a28a

SHA512
c671b7e1b2fbb4f84820aff5f93287e2ed9b70f212ffb44c1253e68a3936c976e87dd17f454ea7af3276a0cf9b20e0d7198f9ce77bb22440433cb2fbe2f4f1af

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
4.3MB

MD5
2485b8963d5316b6b17e483ba8a806fb

SHA1
3bc5f8dad0f8a59cf84fade8835ef7f7486af564

SHA256
bfa4ad675cdcd773b7b1c899e0a5e193d05d055d93e001271f06756c8185a28a

SHA512
c671b7e1b2fbb4f84820aff5f93287e2ed9b70f212ffb44c1253e68a3936c976e87dd17f454ea7af3276a0cf9b20e0d7198f9ce77bb22440433cb2fbe2f4f1af

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
6.2MB

MD5
42045c2fd5e358adad4b17848bcf884e

SHA1
04ec6bf43a2ececdd4302138de6ac09775135e62

SHA256
1d03ab2b1d26cc98e28856dd0a321a0ab3df4337fdf6179b372e6f67c9e4bfcb

SHA512
c1e3fce7e834583f2e02f3c0f25847c2df96beacfb0b31a1a9d209e6aad9b6c2e6f12037da920fb1db2ee6a677cd3fd2169883865e0fc53c4e556ed442bfd4c7

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
6.2MB

MD5
42045c2fd5e358adad4b17848bcf884e

SHA1
04ec6bf43a2ececdd4302138de6ac09775135e62

SHA256
1d03ab2b1d26cc98e28856dd0a321a0ab3df4337fdf6179b372e6f67c9e4bfcb

SHA512
c1e3fce7e834583f2e02f3c0f25847c2df96beacfb0b31a1a9d209e6aad9b6c2e6f12037da920fb1db2ee6a677cd3fd2169883865e0fc53c4e556ed442bfd4c7

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
6.2MB

MD5
42045c2fd5e358adad4b17848bcf884e

SHA1
04ec6bf43a2ececdd4302138de6ac09775135e62

SHA256
1d03ab2b1d26cc98e28856dd0a321a0ab3df4337fdf6179b372e6f67c9e4bfcb

SHA512
c1e3fce7e834583f2e02f3c0f25847c2df96beacfb0b31a1a9d209e6aad9b6c2e6f12037da920fb1db2ee6a677cd3fd2169883865e0fc53c4e556ed442bfd4c7

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
30.4MB

MD5
4cb98d63f1b2b9dc38e10e9901ec52d8

SHA1
42c0e8b8e5c7a4113e38a977221f845ef8406722

SHA256
ba3467a8db908d81a0729f78fdc5c8f1d1595d3da4e5a9a34be9a16e06da9f87

SHA512
d351b9ff851490187b003c675047b6a20a2519df3818bcd18a674d6edab1d211c9661acc98403b562ff3268576ea203b4e0f10e962467b9849b72431c92735a4

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
30.4MB

MD5
4cb98d63f1b2b9dc38e10e9901ec52d8

SHA1
42c0e8b8e5c7a4113e38a977221f845ef8406722

SHA256
ba3467a8db908d81a0729f78fdc5c8f1d1595d3da4e5a9a34be9a16e06da9f87

SHA512
d351b9ff851490187b003c675047b6a20a2519df3818bcd18a674d6edab1d211c9661acc98403b562ff3268576ea203b4e0f10e962467b9849b72431c92735a4

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
6.0MB

MD5
7fc82aa1c66c25cc6bc662d239523f5e

SHA1
8d004867dc40cbc751e3c5b835581e3f3794def6

SHA256
c13e260cdded9be21b85252c7313620a533761eb5e9cb63ec2b71ca949b96ae7

SHA512
5dde225eadbf33dc6938f3e0fee0c24427ed06a5f042e00286473ac8af0bd13f0967efc8ad06a232c638c8b5814adf3f1289d9bc4e29254a41ee663ba68c565d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
6.0MB

MD5
7fc82aa1c66c25cc6bc662d239523f5e

SHA1
8d004867dc40cbc751e3c5b835581e3f3794def6

SHA256
c13e260cdded9be21b85252c7313620a533761eb5e9cb63ec2b71ca949b96ae7

SHA512
5dde225eadbf33dc6938f3e0fee0c24427ed06a5f042e00286473ac8af0bd13f0967efc8ad06a232c638c8b5814adf3f1289d9bc4e29254a41ee663ba68c565d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
24.6MB

MD5
6ec9279bd875d6581579f69cdb06fef9

SHA1
f4935867f88edb1c699df647d274f79aa9a33b94

SHA256
a48f314c7ff381dfdd4fa16122accce45a397d0eb92afe5230aa999636358632

SHA512
9764ba54d259b5ae4cb852aa031f445d959df5b4a4fd2875055d61f5ea3d955c91df0d56b940730e53cf2b2e51af558640ccf006d480cb2aad26839d5f735400

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
24.6MB

MD5
6ec9279bd875d6581579f69cdb06fef9

SHA1
f4935867f88edb1c699df647d274f79aa9a33b94

SHA256
a48f314c7ff381dfdd4fa16122accce45a397d0eb92afe5230aa999636358632

SHA512
9764ba54d259b5ae4cb852aa031f445d959df5b4a4fd2875055d61f5ea3d955c91df0d56b940730e53cf2b2e51af558640ccf006d480cb2aad26839d5f735400

Download Submit
C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

Filesize
75KB

MD5
00678eb6be3b52d562b66218c93e21a8

SHA1
ba583d1520da22f3d3b89196c981279ecda58648

SHA256
b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f

SHA512
58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

Download Submit
C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

Filesize
75KB

MD5
00678eb6be3b52d562b66218c93e21a8

SHA1
ba583d1520da22f3d3b89196c981279ecda58648

SHA256
b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f

SHA512
58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3640-165-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/3640-136-0x0000000004EE0000-0x0000000004F72000-memory.dmp

Filesize
584KB

Download
memory/3640-133-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/3640-135-0x0000000005560000-0x0000000005B04000-memory.dmp

Filesize
5.6MB

Download
memory/3640-148-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/3640-149-0x00000000065E0000-0x00000000065EA000-memory.dmp

Filesize
40KB

Download
memory/3640-134-0x0000000000030000-0x0000000000476000-memory.dmp

Filesize
4.3MB

Download
memory/3640-150-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/3640-151-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/3640-153-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/3640-152-0x0000000004FA0000-0x0000000004FB0000-memory.dmp

Filesize
64KB

Download
memory/4804-312-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/4804-183-0x0000000009B40000-0x000000000A06C000-memory.dmp

Filesize
5.2MB

Download
memory/4804-166-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/4804-198-0x0000000009A90000-0x0000000009AB2000-memory.dmp

Filesize
136KB

Download
memory/4804-443-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/4804-311-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/4804-173-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/5100-476-0x000000000B7C0000-0x000000000B8F0000-memory.dmp

Filesize
1.2MB

Download
memory/5100-442-0x0000000074650000-0x0000000074E00000-memory.dmp

Filesize
7.7MB

Download
memory/5100-459-0x0000000006D30000-0x0000000006D86000-memory.dmp

Filesize
344KB

Download
memory/5100-471-0x000000006F140000-0x000000006F150000-memory.dmp

Filesize
64KB

Download
memory/5100-477-0x0000000008100000-0x0000000008101000-memory.dmp

Filesize
4KB

Download
memory/5100-475-0x0000000070090000-0x00000000706BA000-memory.dmp

Filesize
6.2MB

Download
memory/5100-474-0x000000000AB20000-0x000000000AF4C000-memory.dmp

Filesize
4.2MB

Download
memory/5100-460-0x0000000005420000-0x0000000005430000-memory.dmp

Filesize
64KB

Download