hxxps://drive[.]google[.]com/file/d/1dTQWrRiK1ZiKPXMxpxM31z50XG2HBFoX/view

Analysis

max time kernel
328s
max time network
330s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
18/02/2024, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1dTQWrRiK1ZiKPXMxpxM31z50XG2HBFoX/view

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4100	osu!install.exe
2280	osu!.exe
5140	osu!.exe

Loads dropped DLL 10 IoCs

pid	Process
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com
7	drive.google.com

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
5140	osu!.exe
5140	osu!.exe
5140	osu!.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1002246581-1510179080-2205450789-1000\{DD18475E-2BEC-480F-8A68-C449263CDF6D}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1002246581-1510179080-2205450789-1000\{5025AF7E-F537-4A39-BA9F-CBF9FABCE31E}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1002246581-1510179080-2205450789-1000\{608FB104-3E29-4DB5-919B-FD3CFD4C76BD}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1002246581-1510179080-2205450789-1000\{051FF16B-1259-4E31-B9B3-D23C99415781}	svchost.exe

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	osu!.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	osu!.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\AhegaoCenteral.osk:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 490069.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\osu!install.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
2492	msedge.exe
2492	msedge.exe
1072	identity_helper.exe
1072	identity_helper.exe
4896	msedge.exe
4896	msedge.exe
3120	msedge.exe
3120	msedge.exe
2336	msedge.exe
2336	msedge.exe
1964	msedge.exe
1964	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5140	osu!.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4100	osu!install.exe
Token: SeDebugPrivilege	2280	osu!.exe
Token: SeDebugPrivilege	5140	osu!.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe
2492	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2208	OpenWith.exe
1508	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1632	2492	msedge.exe	22
PID 2492 wrote to memory of 1632	2492	msedge.exe	22
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 2056	2492	msedge.exe	81
PID 2492 wrote to memory of 1572	2492	msedge.exe	80
PID 2492 wrote to memory of 1572	2492	msedge.exe	80
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82
PID 2492 wrote to memory of 3220	2492	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1dTQWrRiK1ZiKPXMxpxM31z50XG2HBFoX/view
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc7db43cb8,0x7ffc7db43cc8,0x7ffc7db43cd8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Users\Admin\Downloads\osu!install.exe
  "C:\Users\Admin\Downloads\osu!install.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4100
- - C:\Users\Admin\AppData\Local\osu!\osu!.exe
    "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    PID:2280
  - - C:\Users\Admin\AppData\Local\osu!\osu!.exe
      "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1924,13510487280061555580,9521223723532209262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7968 /prefetch:8
  2⤵
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:1556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:1544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
94c75d27c0a7689e635db8d47b18be4e

SHA1
6c77622163dedb373aa40829e54c507cbc6bff54

SHA256
04f2e4c8d9d3a4ab5413b1bac7b6d1c1ca592d6d74b76a5b890bc50edfb2b0c9

SHA512
1ec1bb941f49f1ad82a170a9355a2342610aa9dc7a9c788c1b2500c26eeabb758894dfeefe134ff7aefafcf2a4f952422a9a34ada2dfcc03665386bc7f3e1032

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
637B

MD5
ef63bb88927557c97273a2d6f9f4263c

SHA1
657cbdbe5ac6cecf8dc7e86a4bd83d8deaa5efd0

SHA256
17189a5afe388cb9bc4a583d34f00f56dfd58aa56bc0eac3c073f5079c1a690a

SHA512
9842ae0556c1f94fb795121aff1f9c09a0ecf02b4a82d76f0793100766e8a0665f9fce253a5b5b9fcb70fcc5fce00c1a7ea091eeb0c6a03e35e466125fc99fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
06dbcf9b80a6ca75c303f1bedf313d8f

SHA1
ee749d123035dae09222adc995494a2cc2c17036

SHA256
fe7e59fe9eaad39f0bc82d0872827e17dff89f74aa0587fd5af6111ac3dbd3dc

SHA512
a8dab717b8931b8798d9493823df356ee755bb9369ee84425fce5ea0acf9bd98903b55471ababcbf194306b403384ba22bb517bb3d68b66096ae8c57f9c6ab5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
93c6d15b4bfc156e4a9af1fb47f54e77

SHA1
a16f5f8a852912d151a684a4f210de4824f37e8b

SHA256
87657408fe4a6b3af950709bcb878b1cdee2fe7510dbaec7967607d0c83da41b

SHA512
bb642afda9fa396797d7dea16aa2d5422710d8024715090bd3b0284a7621b80906feead1f48f14428071f86d43c8c1213727e5759efc4472f21dd359a4686993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
488B

MD5
ca8890321f571a091b1b3c30e4e2fd4e

SHA1
b4b9411fa58456198a4132a0f7a5e773ad91207d

SHA256
83058a0511d70faa656cb3213b4e3c3be338d10c7bed90221c7d50b078ff1d38

SHA512
3f980db21d213aef2d983bee0a3ee85a69b89ed63f91eaf834fb6af7e26a494a97c3c803e6bf71358f673fadd91caedcd44035d21f0ec5755df7d2d2c2e41c80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
8d5c22b7744b57aa4e2f33484d43d0ce

SHA1
b41bb4fb60739dcc3d1ee3c12a2b9ae8733b5daf

SHA256
c0f9bdee698d9a256c2d313a9c7408ac9752ab9d22b9bfa295894b74224ef641

SHA512
54fdc6ca34cdb40dd51479140769bfebed02457c45ede5b2c2f64b94b4cbb317f1619795706f86c1ead3a97c97128de4618ab7440c1c7ed1d4c50839ad6eb6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\osu!.exe.log

Filesize
1KB

MD5
c1425d6dfa5be883104e80c2c7399e7b

SHA1
67326bc7f42c77f09281145df71e9cbd05dcad73

SHA256
8645a008b05a3b6c0f8005eedfd22609b4ecb3339fe70246a01d76a0734fa898

SHA512
9da0880f3be4b9198b5d487800017acaae57861c26f8815b80cf37be22084123d92769b3e8baa29e7814c637e2c992391f8e3e0aab8e6695087b7f1ee8da93e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
90bbaa873cb1024ace83f887dfde38ae

SHA1
922416490e14f9098df969a56b75e7523f108e53

SHA256
2ff8abbbdad2acf5f04a3b47624055a0f2c36a09b0db3945b494f7eb92ae87bc

SHA512
60587031845ee5ae354c760bd2714a47ff561d3bd6e8aab7b2073d1b9c6b544c7eca94078d9cdefcd87b44adce4e814852c1e8f6af8ca3bdd5b0ddd0312e57b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
30KB

MD5
8d3260c7158092028aae869c9721b9b8

SHA1
7327cf2f5e713754d618246fa79a514baa29c69b

SHA256
96d480600f4436e05af6336a79ccb7f831181590297848d715ef0f50a73fdc96

SHA512
01c6313a8462c5e850924d101abd02cbf1d62165e36f56549cd1e599e2bf6ff9951502f39c82629a7d1e44ac3cb998e7676ce6bb40d383b4567f30d9f0d9ba1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
412KB

MD5
3ebe46d88df49ed9f70cc498b6900b4a

SHA1
9d6853e3cb73d2b7fef800b29dc917528e335f94

SHA256
a379562223ea4728570f3980a8a2ed03ce968b05f306abd1df9030b6eea3ad25

SHA512
7dc93748284da1b12bd741d5a9ba662630e1af489aeb8b96e381e47e58b007415157e4724ffe5f04f95bb5e94f523ae04bf787dad04eda85b479298ba6b0b8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
1024KB

MD5
09c44d7d3fe021b80c0c6983d43e7879

SHA1
62ef901550bb1438f574378cdcce94aaf37249f7

SHA256
3fc829a2ad9ef1ded5449ed209d27c613bb1dfb1226d8512e411594f50a5699e

SHA512
5c2422cb651ca203ab60b8b140fff001fe598835f4f7aa96c72c90680ed89c836a436b86337f9673426635468a7ff26655df2fe0ba3d20ea091e5d57d5e2c431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
46a6b889af02af82ba549c24789b3561

SHA1
7fbe2343f381f884a6d5ecaaf63e76f155dd774c

SHA256
b2b15060daa81f419ad4eef040f6d376292e772dd7dc140a31f20c21e69e2b28

SHA512
1179d236f019307c2f5d806476d60154a68c7c7887780023a045bdb6860f9863edfc9573ce5634f33576e2a0c1d4f1120d83ffc544c36e0265b9d7ae6964ae83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
216facf4ea1be487a00c7d360ca3b332

SHA1
9f7c4a3043c4240040eefe79961366c14a31051a

SHA256
04de9d837741b619cc7217e35e79859338c94553ec4e6357eab5c5cc7c188560

SHA512
9b645b09c7dfc91c09da5e569045e3a22bfbdc60ad544f82694719d1da3a93871923769299d7090bcb478f8159637e32e8e578e231795b1027bbbbdbde0c8b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8aa36c6d7b6f0a17b9678ba43f082d90

SHA1
ee7565aef5a3117f98735087c352245f9d8964b6

SHA256
894b636d627a4a9c75fe9bfab6cb159c5cf806c44387783873ca43fd0caf53ec

SHA512
68f4e787ffdbf760f17ce466ed8fe58c308b192c68fb940e2d247f77a5877783df8ec6f46f299720e1a884a6ab89c23e19f312d282eab467d59bab119a23a503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
eb6ffa5735f93e60beeca26b2b0871e1

SHA1
bf8160f60d63a1c252c6d99aaa8bef9cd6125d46

SHA256
46ed521149be066d88ec425438b4c629278f665701ccad1e35a23d736907db2f

SHA512
1a509aea07f80b03b1a55286978a20ee827fa155919fbca09e7b55ec9e4b46d393092092b5fc8085bd8c54c3c8f61324bb1ded6233549b53e9e3bd2be48f7163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
2ef53ea0e92a42bf49cb508cb3128078

SHA1
c09f9be1e465cd34ba87cc2add1cb37c3a5ed4ca

SHA256
5b1aa8acc1120fff5178526685d55794ba98948ee16c11e43dc40029eb30033c

SHA512
3b3936b9268c41e643fe2857c87e9c497a63035056cec0e43897553439226232fa2e52ee00f22c3fce3e5bd5579550aef0340256158e9790a14e61a3673bfa69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
061389a34ffb42494fa0ea80c6fd941d

SHA1
0466c223a885a8a3c05809b5f12a75ba288b4c4c

SHA256
2cadbb462984c5b4a6044b556cd09399db1cb7400aa07ce69481be43e0e4fd26

SHA512
682d9c688dd38a9de48b832c569187f54aa843498cca4e390988acf4d75455332697f9c3b3ceba807f72e37384e5ae00b26612fd55fe9ec70563eb979e8a134d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
add883a614d76bc2ea278853056800b3

SHA1
b5dd98408d1b68622c79fb28f21ecf1084de5853

SHA256
b0c657bd45cd0921ca7bf0abdde5c04c028c0f873709ad3953cfbb87f9895e3a

SHA512
2d05bd99943c240b5a9ad54aeacff6b7e1f61d5c23b3945f2955f6131080459212ac1252d60c916c27673806a3b285fa2468d7ee8219e92ddca2fb2e2efb1178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
58afbb9f5ead2c3d0ce34a823fe1f791

SHA1
05355085e086d1161fd14a691f7520e6959e26f6

SHA256
f118e80a3381e038b87f31ddc371ee93ff34a9b86bb2347a24e413471b882d3a

SHA512
e859985a21ef78ede374239d688545e0857a5c89458ed089d4fe981a5c44d50c30ef9442b3bc2c8740af279106e5d67d67505442b6c4453d60603aac91864bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
df5c2cb4d5e456df7778aebfe3afe50a

SHA1
caf04771414e2e9dc384d86284c028e5ad7e4e72

SHA256
2e5c53253e78a75f30e1d41be8c10e49d7b6e41d32aff4166aa06616dc31ccfa

SHA512
4ce4ee45bb0deba28ce38a1a8a46a290a43fc32da0357451fae607acf87c43f4b50efdce228c4b2bc7875d15359388f167b9cf9ccdccf34e3b4d1ea1a832ab88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
476eb14a9109f661d443b9884229b892

SHA1
eecdd8ac423b7420e8f78bdd82b03fcdef56465a

SHA256
86cd30a910c93eb0ec164899dc4cc414f8196a30e4427fcae90c960a3d712daa

SHA512
a873e8fb4111032b36a9a549fd7cde8c5d8dc0f4b8a48c1bfd74a50148800f33c2a688c887898c25971aff71cabf577822d5854dda16c9065eea672056462d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
36c0313eb820478948fcc741aeb9f330

SHA1
5477221fcdf3faf85090074734dcca851cd4732d

SHA256
d9d882d09c4d142ec98967e4498c2b43c6667b7b3b1274d5c1944adfa9f08649

SHA512
df86ba121aa929d1b1878c8a0046a0094f1c767eab8bc0db84b57f07b4b9112ca486e9350f7b9bacc6177ac1e6345c087a48daf928e06b3f10dbb66d622a758c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
816362c34e947bfb38c4dcafb73ebfb4

SHA1
d5c4065c4575cdbb6d7c8e53259b159004ba93a1

SHA256
0846f29607d11381789bb199e435885673899f8283f7cb348054bd5f130f8ada

SHA512
352c9ed2d2924d48f508c7c22834b65e8da540a67935dc5c50c579269626c619522953693da5e7fdeeff941caf3e68b4eaf43728ca13c4eff8e1874a9a706023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
38e0f825a71c236dde48aa2f551fc800

SHA1
1aff06111b765ed4e382b9216101e1f54a09d73e

SHA256
8018002d860e6370cd760a83b61d41f77cfb9473aeafbf630b27e4b4a7c100bf

SHA512
28fc9207402287a3742a8b409aa0db3d570cbd8e456c4ece1ced7b34b6d22f8fd0a2f699142090a9fe54062b35082560012ae80aa9785ce2b21da0aa9bd40399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
64d9a49c656deb51b263c92d4355fb98

SHA1
6cb15f328bc47174c2d50dd8c99ffcf268e24820

SHA256
94e3ed2d0777745eab022036e163e63e220826f3568cf1f6e11282c33fa9500c

SHA512
4050a070c8be1bd88ecca08a16808f56d9db8f5ca3dd31404c09129e76688e2432550580533d0e736157e4d8087b27914e83f0fbee2eb8af30b6056c813eec1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59c402.TMP

Filesize
48B

MD5
08fe0d1bfddfc6abc1ff998ffa4c4894

SHA1
4915ab17c710019aef606cb6a9aba6cc2a57573f

SHA256
670c885f6e69a2c435779695c63135d04223a077aa9d2bdb4b824855eb3d6c7e

SHA512
df417f0c070722aaf486acc72f71060d5fcbf8248456858fb4eb88f0c3d73f5024122259ef522e56e7fafb5390cb326f9c819e0318f2240460a522b2d4f0c4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e718704fcb8732e31ea8fb547efee14f

SHA1
4586131d6b1d2e27dcfb35f181c9054a09787de9

SHA256
e8c0e96f85bb2a86d0bdda63ec5b9fc3dee153d8ccf727cd687058137a4b060e

SHA512
7879dc2624c9f0b3a219616c5fa5bb12bf6dcdc6d30ec655988b68fa25aee8919a624d2688e219fc574b6beac46d3ec437c77ae62e9da9b335a0a6f8f13aa5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e106b901b3b07c166e00446eff8613a4

SHA1
c261ba2523b022ffb6d7b7865728e9032d9f9126

SHA256
96965c452698999c1e869b1cc9670c20ef9784c62aa5c0b6040663c12190b7d6

SHA512
409a1c797cab6832bb2a15bec2ea45606d42f07302daa5a1cdacc04ada9bb15741a567e164a7916a93e15935f689e2e5c2dde7c4b0faff0ac73485344a23293e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b863.TMP

Filesize
1KB

MD5
2d6e4baccc9e76e4984cb371ae18ebae

SHA1
cc2f94652999b384dedbd1e8078097af8375302a

SHA256
cdd2c6dc72307dd104e18aa306ad18b30fb0026b36e0739b332d8544cca9e674

SHA512
0008fe042ccaee1c961d8903e7313518ed0a7cf0d522877e07b6a494effb2c269aec391505edc5c7150e4568209a18f3688920beeb6d24f4c36c25da6f0deecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5452a707fe65899d2b00d6c85c7552d6

SHA1
198ee9dd85a1aefabc6f87ab81cf4ca139216574

SHA256
3f7d61802b82b6b2b588c8a00271891d8638ea8a3d6fae183d3176e2e6f9694e

SHA512
9e0395f84a0abdd8825900666379efd2a16d24fdb8dd831acc59ef3c7436fd11426c6ef07a2afb732b071d50126f8482b150e4082c460584d069b7d3d43ec44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bbf2879001311da0281dfe99c5e3ec48

SHA1
4c132138e34eebb0e375b27187a2c3e3fb7eb311

SHA256
d78d2ffc337402c7e04f8058db335ca55a0ff99fdffa68162dc715f60f3262a0

SHA512
31ca659770d402ef8c4895ce3661d1b1753aabcdf3dd6b61e5b88f049ef2855204c2a8e74303f018332157416449d5e861503dcd3cf58d17787a90c9e8eb9333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25ec0f3a038f95b965fa32eed9cd334a

SHA1
d011aac2e1f875fad0c1c6530c4f07cec3c57b7a

SHA256
051436873a2d7252e602c605f3e77659db91d865b6a1a662cea93a083f459eba

SHA512
986fa7a13c92f0c6e46ac7bc01a6cf1543f784295654882ff730dbcba75b52cc936482cdc5adb9e10deb7990b9332a7fcff748f0a31d11093da09f889fe66964

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
370B

MD5
fe58cabf179119fa06d4d6b257e80076

SHA1
01fa9519aabbd57acdbefef7c40f72033479f26d

SHA256
4d6460b61c9f9e60863418faa017f80f899fcf041f0850c376904108ba6624a1

SHA512
044ca26e8f06245de9675be579bb05032b9bc22a67404fe6fa86cf177f57104b437c648f4fe77e722a45b5e086539c339c757fa57ce8875da97e160e264efe26

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
3KB

MD5
e67fc371c34b2774fa9a46af904bd116

SHA1
59a7cf496a7d371c7f97b6f91186bddbc6ff3144

SHA256
c0c7d75d08a1950e6a04b1a935c386b896f97a0792a665f3a07f07d1d8e41194

SHA512
278a9f88c7f5fbaa31dd36dd308d8ea6d3bf8c6aca19f82c010efbd7c5d2f585ae8660dd5ab137c52e16aed26ec096d72ab726fdea2e7cfe2e5705822b7229a9

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
3KB

MD5
0497e0320f24889038cc4303f4150ed8

SHA1
6a41e883c36b3d6648309291cfb69bbdcd230158

SHA256
ef0c69260c2cd1070aad976999daea1aaf9607bf59825d03740b4b0061a178e8

SHA512
39de1023f6704d014f1cf0a5c8610f34e6fc01e0bad5f2ac74548405f600605ab4f884ecd0f04f94afba6ef3a7a8843ea2d3bdc1b1c152f131bfb307b57ee16c

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
4KB

MD5
8c03d880209b4e314f401f742ab6b3cd

SHA1
047232395ddea4e905383c96b77a1d3547e62b93

SHA256
4fefa8917262150425c560b3f4f8225690a5badcc05099153768d68d27410b24

SHA512
e171da372bedf1a5dc6b34bb3fea668f8bbbce6319ac9fea2696e33e8e4ebafcd5df9d75d09e7cf839fc15386439ed9d6ae648eb5278c3a3c463a49aaf397008

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
325B

MD5
ad95ac12e8aaf04e87ed35643fac3b00

SHA1
db7ed49159799ee62e4149395ace2a7c0a83d889

SHA256
aa7b7d0d9300bb2c9b1017ce606f75c9740342a3b3812b7a796ff0c44dc92c74

SHA512
864bb52ab57c5631dc7c787d616799d0183f35720332ac526212a0e1e805776bcf19089bf3cd095d5a714ffffdbfd3c4019df2a91b96f253539fd9f8e77f2ed1

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
583B

MD5
25835f4c0a5e575300b71c95d37cbefe

SHA1
6a9c776f26c47d4c6b78c783d996ea17da9b0b9d

SHA256
5a395f18ad48008cc3b70e362ac72ae1b99689100de5a25a9830caf21794f03f

SHA512
c1cc09c3a0d60736c0dbf53070708963349202d815e8b8bdfca6606d0d68ec4a9c17ff865df7cefdf27af20b20e48f88a6fd2530dbedd0e6a2dd2413ef09f2d1

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update_success.log

Filesize
6KB

MD5
c3bfb829b04b9ec2d91e87fbb2b16bcc

SHA1
a7c947b0a8e03a8d971b95c10976a036f028a1a2

SHA256
f85b3980e57802a26e99fda0ce4c4f77a2901da8251c6f6743f9890724821211

SHA512
e3a58f90da4541049375fad105ec8b0f842805cd2318c610b16e3463b18b786d1fd3142989b254934e9ba4cde3121b7769e33702e898802d2d37d60d068bf2d0

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
1.8MB

MD5
e5bd005e91e3ec33c74fd51e1af5c2aa

SHA1
8bdb4b22ced012a4e2a491ef7088b3d76c1966e7

SHA256
0597c36618d5ea989af4ab3ba08eac73ac4af4eb0bbd3a291ead5e03a07d71f1

SHA512
d9e494a2fbff8b796fe6b68007c3e800932e728bb0394a82dfb98bfac25db474de56e75dbe1c1e8b1f44b4c221fe2dce3530fcaefd0a610a27f667f7e5f826a9

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
3.3MB

MD5
10bf9e3bcf31db4a4c0f29b52496859e

SHA1
1eb84332634ec4f8723d3264429e9a44037d7157

SHA256
24d3f63241448598c01a6fb00e6f23a01d1d223241e9b946f54ad1492ee8ca3c

SHA512
15ddebe575c9208e18917debf4e39f54a1e10776ef05d825d44c3ec584b7b226e0c600f083eec0460391dc1caf5f6192eecdab5ed011081080b540a32e6014d0

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
4.2MB

MD5
b66478cc0f9ec50810489a039ced642b

SHA1
992ede70f0fee5cb323b4b810cc960bf2531875e

SHA256
e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702

SHA512
ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
1.9MB

MD5
2cd244badfe81bfe47daa797a0994ec1

SHA1
650817fed4ba098cfc6710e3986ca80f0cc62a89

SHA256
0a310c3835816b1c315b869afb3abcdf6f09dda1108427cbb40f85e876847e56

SHA512
e8cd937a25eba8f003c7a89572c58d9d166c982935e78b8efa9876d6996647bb36a2f8c7f5e3d6b7eb5dcdf56052cdd32614c68f30ddbe99cb30f965738303b7

Download Submit
C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

Filesize
711KB

MD5
c00b30289cc427caff97af5aa3d43e03

SHA1
8e70885a62b0fe510422c2367b1f6de489b67e6c

SHA256
b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867

SHA512
3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

Download Submit
C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

Filesize
77KB

MD5
47c83b958951331ba409d6b80316250c

SHA1
ce14566676a27a0899079781a41888a2f1303127

SHA256
e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064

SHA512
58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

Filesize
3.3MB

MD5
c5b362bce86bb0ad3149c4540201331d

SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd

SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

Download Submit
C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

Filesize
2.0MB

MD5
330a52b36b0f7bacd1d2e7ae5a5a43bf

SHA1
b7de8ef699718459870d8e826971e17c80038f3d

SHA256
4cb3be6f13b07ed5de70ec2245fdd98f9a502c1f6ba78db305586019ecabc72c

SHA512
6a30c091f83067a2715d3e2a27f3ac63b64a8e0de12ca9d3e84a5bb1cbb9a096fbe8078985b324e73546db0c840eff3cc6363aa64ed90ca5d505a38ebcc6fc0c

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
1.9MB

MD5
257de3494d4c76657e4c5f48947a8f1b

SHA1
7cfc484c03f5103bec276d11d499ef813b382217

SHA256
26b3e59d5914b8aa65dce76a2c764c0f8bd1aa1a984a24358f9318e5f3f1636a

SHA512
61f275b20ff5820ba29e3bba63995161c056ae604031c518220f850ae28601ffb7e5f0d1bcada85c372e103d71b364129f75ffa3b7e0abb7e8a14e7819295a5d

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.cfg

Filesize
856B

MD5
06615bc6f543d0268f77141b1e170f63

SHA1
edd0283096e32f7f47701e22665ac77816771fc7

SHA256
a0d09609122d6830a795928482315660156ed588b094593485c1939edc533f52

SHA512
6f5871f3079450a82593b4e0486e5d45b1044d1dfd7a41a9afc0842cfdb87ce6ea274f7acd61aead5d1ba963380036acc799dc7a7e83cf549f56dfe1486b2ece

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!.exe

Filesize
3.9MB

MD5
0a018c9a69beadd730a2033c44d57103

SHA1
18826e006b425939ae915edb0d0eacbe0be8c450

SHA256
210085b330f4a4e0ef5578708d98254532f11b9d87d7849afd2f7f43cd7a2912

SHA512
098b1b5a609af3718e5dfa59d46fe29ec8fa81e76a3c5cdcfabb11e196ca2a1cbc98e280c15ad11605bc1e8cf933fabc78d24f5e249002cac9d431087079a559

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
8.7MB

MD5
6705cf7a9c139b3d50d7ca51a1f9e739

SHA1
8b7649db6c5f7a1a34ed10626c89eb037ee7b20d

SHA256
5f570c7fe465a47800400fde8e8c4797dba2e39960555cbf5878b0089ef179f2

SHA512
56878d3a9c23512afd4729be73e4ff2f7231d4681116fd8f3a25a2b50f0c574aa779f1c1864d9857ac8d1d080f5dd1ac7b632974edc633999c75eb4fda713c32

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
1.4MB

MD5
21cdd2fbfbc84a0a44420867367d23e9

SHA1
1243640af57a70121eba13ead5c9896424a774c4

SHA256
3d400941e2ce851afc74878462f65dbb7ad76dff8a4d204a337cf80b320ffac7

SHA512
3baa86901bf06994fefad2bf6a18b62d7034903a3701a08f313846184f4989c18573d68d3810c9a4655997bf5fe462eb8ff66a10260598b7e51b5de312ebbde1

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
6.3MB

MD5
400b424bf9f286d26d3b15a4170c00b3

SHA1
fc0bbc135de7994dba13b862d5debe62ee6e95cb

SHA256
b3fe374a2b3ed71cc8982c0ea6584e9097d8688171264400c0bad581130ff582

SHA512
a46d9c8c8d070c5630397e00aa052951fe456cb455062a83806424e45d32d46a9edfc8a77f6769f98dd636809ddfedcbc7ada7f5341d5773358d92127da0cc5e

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
7.7MB

MD5
1ae5b119a725a9f03dc3c98df9a2976e

SHA1
ed4aa6d1ba9c7bc3d532d30af7b89fcfa252bcc0

SHA256
99e439df7c6a3158e13973c1b2a473efe4608f26abb4de94509e582bfec741b2

SHA512
be51885299f876c77fba07b7e37d4d152ba18dbb13d08b8e74c656e58411bb25cd892b6dc50f193e700ec58e9fd9d805c0b0f71f57ca38e11da210101c58a28f

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
1.4MB

MD5
2e43fce873ac101c0917f80b4c9ee839

SHA1
1860b4d7bfb3210903bc59342018d6fd880fd4ef

SHA256
c18a69d2dad81ffbbba94d3c0a9e195d678f98935c4fdfd54dccd786c9b8d0e3

SHA512
2951f7ed3e9a91053b99edf4c35b64484c2e3c4c079e9112d85543e4cad209fbc2610755a9ad3b1fe5848e484eb3779a6b98dab00a22db47bdadcb8be1d2c9dc

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
2.8MB

MD5
20082752d6c5fae8d08071aaf242b739

SHA1
70e8c7499507e8275c2ac06c372bde3b84f4c763

SHA256
1fae9cd8610a6d666c9b42d91440b493a257adab2126dd7c77f5d5098d678b8b

SHA512
6d9778f29ab522e45cee8a3d5aad6f4e65606675479cdf782844f5d162e13a8d42837ffe6d7533d8a29c71f10ce648cd2f859db55e7f8d00a4638ebea0b8ba46

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
1.4MB

MD5
3aec73a2bab03c01196e0de9199360c3

SHA1
4a4d98b53a3a4e3e6334913e2508cd9433dfac57

SHA256
1280a447b2eb960bd4f84fc0da29fb75b7c382593ecddc0ce3f0416ee7cb497a

SHA512
b37049e1f6ae54ccf358f290e33bb9dc190350875666d1c9d58db521b5fe3a36fd98f6a95cad94a1560a2d1ba19a551b2882f0bd2e25213739ce6fd53aed6a79

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
5.1MB

MD5
ebb56281a7aabf937ea19636bc54605d

SHA1
5d579f90ed9c0598f6dae05de596ab9fdc2b0d90

SHA256
87c20363c947410b037174f7de9620e53cb6dd7c873f540448e674d614480b4c

SHA512
c689be3803e10ec1bc9ef27b3f420d6e5705d17d23ac15b6dd2cd157e7235d1f484b747a2612f242070b3a2a583a4b415d5b8730193afc6e352225c3767cabd0

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
1.8MB

MD5
59cdf77587d6ceda086dadb3eca1449b

SHA1
dc110ee21a5ebb7851a5b4f16d800a03634e3570

SHA256
680d712205b8a54b473476b1139d1bc00319f3ae31f3949e225f8654d03aa125

SHA512
7f93e53bab6e45081c1be8e7a6a6e0703784a91556e9117957865d0db4578c6fc28b0713901c1030abc337a43f9b1868ecbc69ede653db989719adc2a13cd9cf

Download Submit
C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

Filesize
75KB

MD5
00678eb6be3b52d562b66218c93e21a8

SHA1
ba583d1520da22f3d3b89196c981279ecda58648

SHA256
b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f

SHA512
58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

Download Submit
C:\Users\Admin\Downloads\AhegaoCenteral.osk:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 450496.crdownload

Filesize
13.3MB

MD5
401358b702dba63b5607c7a6a4b9fe94

SHA1
5a414ab1f1d49f9258650dc866c850944236547c

SHA256
143cca88c602ab96dcbfddd517f315ee687e82976b00375c87f6afca0afa0084

SHA512
f8111e32af65e33da8949ab8d66c4e31f08cfb99d7de9718f18de363751c28e417d9d35f16e0aa06075488579f6062f7aa74e9a75e71bbd64d474635cd0356a1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 490069.crdownload

Filesize
2.4MB

MD5
913a983c7d97ef538264a2210b095ae4

SHA1
87365aa113cfad217e4cf3d6af9c66053c8c4148

SHA256
95447b9fd9e6da276dcd88ccad87ddf0a13e513e25a44f8af248a30f9d6d6e87

SHA512
ad0326ba6c1d1a5a0679191ad63e8c7ad020f91ba4ae838665b82e9b2852a32977fc2c07e120a8d2c04ef84358f65286b5dd3fcb6187e57582ab3c3c0bc16ea4

Download Submit
C:\Users\Admin\Downloads\osu!install.exe

Filesize
4.3MB

MD5
3c14c93d40877ae816cc8ed03d38bdaa

SHA1
418b808bbe42066f4d25fdd37593426b014a0b9a

SHA256
8d73e298cbfd2ab3a3748c3512b6ad6ce4784aeaedc3f050b5bc48d51bddd651

SHA512
40cc3b757a24312793457a582411a721a7997a32a1b75cdf548d74dfb9a72985e3b6b8c7bebefaf8e12f4dd25b1827c4f28d1330fac86bc74ae570ea4c7de3ff

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/2280-519-0x0000000009400000-0x000000000992C000-memory.dmp

Filesize
5.2MB

Download
memory/2280-509-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/2280-821-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/2280-508-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/2280-535-0x00000000093A0000-0x00000000093C2000-memory.dmp

Filesize
136KB

Download
memory/2280-820-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/2280-550-0x0000000009B20000-0x0000000009E77000-memory.dmp

Filesize
3.3MB

Download
memory/2280-697-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/4100-492-0x0000000006F40000-0x0000000006F4A000-memory.dmp

Filesize
40KB

Download
memory/4100-482-0x00000000062B0000-0x0000000006856000-memory.dmp

Filesize
5.6MB

Download
memory/4100-480-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/4100-481-0x0000000000CF0000-0x000000000113C000-memory.dmp

Filesize
4.3MB

Download
memory/4100-483-0x0000000005D00000-0x0000000005D92000-memory.dmp

Filesize
584KB

Download
memory/4100-491-0x0000000006A60000-0x0000000006A9C000-memory.dmp

Filesize
240KB

Download
memory/4100-490-0x0000000005BF0000-0x0000000005C00000-memory.dmp

Filesize
64KB

Download
memory/4100-493-0x0000000005BF0000-0x0000000005C00000-memory.dmp

Filesize
64KB

Download
memory/4100-507-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/5140-822-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/5140-879-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-883-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-885-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-887-0x000000000B5C0000-0x000000000B917000-memory.dmp

Filesize
3.3MB

Download
memory/5140-886-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/5140-876-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-888-0x000000000A4B0000-0x000000000A4C0000-memory.dmp

Filesize
64KB

Download
memory/5140-873-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-899-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-903-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-904-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-909-0x000000000C200000-0x000000000C213000-memory.dmp

Filesize
76KB

Download
memory/5140-911-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-910-0x000000000C600000-0x000000000C640000-memory.dmp

Filesize
256KB

Download
memory/5140-908-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-900-0x000000006D7F0000-0x000000006D847000-memory.dmp

Filesize
348KB

Download
memory/5140-912-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-918-0x000000000C200000-0x000000000C213000-memory.dmp

Filesize
76KB

Download
memory/5140-919-0x0000000074970000-0x0000000075121000-memory.dmp

Filesize
7.7MB

Download
memory/5140-920-0x000000006FE40000-0x00000000706EE000-memory.dmp

Filesize
8.7MB

Download
memory/5140-921-0x000000000ADA0000-0x000000000ADB0000-memory.dmp

Filesize
64KB

Download
memory/5140-868-0x000000000A4B0000-0x000000000A4C0000-memory.dmp

Filesize
64KB

Download
memory/5140-870-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-869-0x000000000A4B0000-0x000000000A4C0000-memory.dmp

Filesize
64KB

Download
memory/5140-866-0x00000000050A0000-0x00000000050B0000-memory.dmp

Filesize
64KB

Download
memory/5140-864-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-865-0x000000000ACD0000-0x000000000AD02000-memory.dmp

Filesize
200KB

Download
memory/5140-863-0x00000000050A0000-0x00000000050B0000-memory.dmp

Filesize
64KB

Download
memory/5140-858-0x0000000009A60000-0x0000000009A61000-memory.dmp

Filesize
4KB

Download
memory/5140-861-0x000000000AAD0000-0x000000000AB44000-memory.dmp

Filesize
464KB

Download
memory/5140-862-0x00000000050A0000-0x00000000050B0000-memory.dmp

Filesize
64KB

Download
memory/5140-857-0x000000006FE40000-0x00000000706EE000-memory.dmp

Filesize
8.7MB

Download
memory/5140-856-0x000000006CA60000-0x000000006CA70000-memory.dmp

Filesize
64KB

Download
memory/5140-854-0x000000000C980000-0x000000000CB70000-memory.dmp

Filesize
1.9MB

Download
memory/5140-850-0x000000006F5B0000-0x000000006F5C0000-memory.dmp

Filesize
64KB

Download
memory/5140-853-0x000000000A4C0000-0x000000000A8EC000-memory.dmp

Filesize
4.2MB

Download
memory/5140-839-0x00000000050A0000-0x00000000050B0000-memory.dmp

Filesize
64KB

Download
memory/5140-838-0x00000000066F0000-0x0000000006746000-memory.dmp

Filesize
344KB

Download