9e1311d48d21c98d6849502ec3c95458bce047b77ddd5477aff7e82e02ec1407

Resubmissions

27/05/2024, 13:51

240527-q52k1sef3s 7

27/05/2024, 13:50

240527-q5kx9sfg35 1

Analysis

max time kernel
940s
max time network
839s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

osumaple
Size

248KB
MD5

fb250175faed3a3c2da7700c1046f5db
SHA1

a252d97ba23dfce73d5a10bf024698f1e54cda8f
SHA256

9e1311d48d21c98d6849502ec3c95458bce047b77ddd5477aff7e82e02ec1407
SHA512

68904c500a95cdefba0cba30b348af4cf87fca15843fe172bd57c904adfd06a3db5f7f774afe3632b4a71f61db70961c81ffa68e7b6a2c829a42d8d8f42c48c6
SSDEEP

6144:sCoGV2n9ddKM2vkm0aWyRv3Q9OvZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi0Z+3T:doGV2n9ddKM2vkm0aWyRv3Q9OvZJT3C6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
2756	osu!install.exe
2984	osu!.exe
2520	osu!.exe
3996	osu!.exe
4024	osu!.exe
2448	osu!.exe

Loads dropped DLL 40 IoCs

pid	Process
2756	osu!install.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs

pid	Process
2520	osu!.exe
2520	osu!.exe
2520	osu!.exe
4024	osu!.exe
4024	osu!.exe
4024	osu!.exe
2448	osu!.exe
2448	osu!.exe
2448	osu!.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66D5BC11-1C30-11EF-B69B-6AA5205CD920} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!install.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	osu!install.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf1800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	osu!install.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	osu!.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a11800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	osu!.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	osu!install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!install.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	osu!install.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3744	vlc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1728	chrome.exe
1728	chrome.exe
2520	osu!.exe
4024	osu!.exe
2448	osu!.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3744	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeDebugPrivilege	2756	osu!install.exe
Token: SeDebugPrivilege	2984	osu!.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe
Token: SeShutdownPrivilege	1728	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2016	iexplore.exe
2016	iexplore.exe
3752	IEXPLORE.EXE
3752	IEXPLORE.EXE
2016	iexplore.exe
3744	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 3004	1388	chrome.exe	30
PID 1388 wrote to memory of 3004	1388	chrome.exe	30
PID 1388 wrote to memory of 3004	1388	chrome.exe	30
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 2704	1388	chrome.exe	32
PID 1388 wrote to memory of 1184	1388	chrome.exe	33
PID 1388 wrote to memory of 1184	1388	chrome.exe	33
PID 1388 wrote to memory of 1184	1388	chrome.exe	33
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34
PID 1388 wrote to memory of 2472	1388	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\osumaple
1⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5199758,0x7fef5199768,0x7fef5199778
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1000 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2336 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2348 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:2
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3260 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3528 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3692 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3864 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2516 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1492 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4200 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4584 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4608 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4784 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4736 --field-trial-handle=1368,i,14523250421232425592,11656014074755789487,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Users\Admin\Downloads\osu!install.exe
  "C:\Users\Admin\Downloads\osu!install.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:2756
- - C:\Users\Admin\AppData\Local\osu!\osu!.exe
    "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    PID:2984
  - - C:\Users\Admin\AppData\Local\osu!\osu!.exe
      "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Suspicious behavior: EnumeratesProcesses
      PID:2520
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" https://osu.ppy.sh/forum/viewtopic.php?f=5&t=576
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\osu!\osu!.exe
        
        "C:\Users\Admin\AppData\Local\osu!\osu!.exe" -repair
        5⤵
        Executes dropped EXE
        
        PID:3996
      - C:\Users\Admin\AppData\Local\osu!\osu!.exe
        
        "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:4024

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5199758,0x7fef5199768,0x7fef5199778
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:2
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2208 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2216 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1216 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:2
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1264 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3332 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3476 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3416 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1256 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3264 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3760 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3984 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2516 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3640 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3660 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3832 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3820 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2492 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3760 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4120 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2288 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=1760 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2216 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4024 --field-trial-handle=1140,i,14862286241803146333,1161155069137443587,131072 /prefetch:1
  2⤵
  PID:3828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1044

C:\Users\Admin\AppData\Local\osu!\osu!.exe
"C:\Users\Admin\AppData\Local\osu!\osu!.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2448

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ProtectWatch.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
7129a1c8e2d16ebddce0602f794cc98d

SHA1
9d77f567e849734597d58c7f14df4906e4d2fbf3

SHA256
c7626df395bba847bf909e56d1f79f5c24df82e0b586d7183eb6c625eeb8741c

SHA512
efd3b594ca4e436be51a7607eb8bd5a953f92c39933f7997c33b944e135913b10c6300042d9dd45bde892298d317ad8846e3a65ee7ec61bc9fa4d8e56ff8f6f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
637B

MD5
1e22d21321fff02f5ca64aa23740ac7c

SHA1
20663d785cdf786502f888b708470c69297a14a4

SHA256
a940217bb81ff6b34277abd474bc3af486a6f92ce0fe9c8f6bbdeca150ee5fe4

SHA512
5c7443574648a7298c3bc3a145e7132474e122df6bb09f0428375953cca6504bd9d3f6edd72bab32bfa59a3b67c101900c149bfe2a146017d24fa2ae709e7825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
8e65db4253b2a136b4dfdfb63f864fc5

SHA1
08290a6aa976eb4f2eeec3054d65f424b1d6a815

SHA256
59efb97c6799ec0fa31fe72ed0a35b22caf960e11561147352e717a81553cf39

SHA512
9c9a0fd4581682f1e3645df14f3ef2fc7b2c751637bd3a5fb9e1aabd7414d3c86517204a5971636fc96c8f4364b72f931082a493bca3cedf636dc984e72d56cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
760879e3885cc4d0e14c100320602887

SHA1
d0205f18aa10abcbaea6719ff8ddc30bad2280ce

SHA256
1896499382b8cdc28a890598c9b4b1a1e05e088da0b6f3c9dfa002643a56887e

SHA512
1b971a0897ccb062fd3a5352bfa1796976eeab787994849da6ca3f5695f7feeddf9a8cd103691ac04972c6fb708c3e275475591a8fe1f801023d29f261e1d094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
73d6d8229c9b251bb0b967a42420b370

SHA1
7338e133cff2c14d9788d6289cf0867f2de243ba

SHA256
3f9e0102850a83486711ce074f606c05c41d68c721584302f29a8d82d0a67f59

SHA512
69416c874e50ae095c12c7b772c433ad7ca6f390afe2cdb902fba2defd26ffa2d84dc6344926c190dbbe9ecca7080cca720c9345f192ee312af9d2d0bd7aaaf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bed954562bc6ef6dde9122eaffdd97ee

SHA1
5bc0164df3747d5718efe497013a5aae7c40e60a

SHA256
5f44594b03b13833033855126f1665a3795d45303aa239108b124cf18e8ba2f1

SHA512
7866966a82063fe145d7829e713c97d54ab30b7adecd3fecd4fb22ac96468f20b1d3e2874e967d06c6297079942bad9b5f597fb7d5563de15a3d6b8485f419ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2271559a32e0ed14e490fb7ff011f9e

SHA1
62b70336806859214e7d165a8ca3131acf894dae

SHA256
dd748a1a187ed35663ceef152c011650bb96cd40b4ac8266348e42f4575806ab

SHA512
070903d68ef63d1752f60163542017f3e3083a40beda9da4687eaa604789537e83daa786da2f43e4760c08c22a7bd21b0f89e5b3ebe67f912ef6e113eaf05528

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31641df68670d59e3f1c5a51d5f1fb5e

SHA1
f35c2162803510dfb05ab98c57b8fb2443dd4246

SHA256
b691fa50e2599ba6be53e542c970a84dd8fe121c544d4f57551e8ca64e9f5713

SHA512
84038a2e734895b12b08da20eb41784d587f0717ea77374da304114ab88a2a6133f43d062e3aa498d30e60c2dd63ce74b7fa6e5994bd385fa12b5721e967b79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd87b13e9c3c2333e431f24033bc8c60

SHA1
11ee7f526690dae830146e8ed469508b3f9b1190

SHA256
227adf2d6f9f712cc3898b66d097eaf4fa2ddad085b1f29b56c44511c9c52695

SHA512
9a19be765babc04d93330d1883f0396b2b789195e82353eda9b0245d5b59361dadd387a85a4b910fa385865386287e9dafcbdec443c8ce367d3f9660e6b442b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
525a4cf9661325117d5a5d44481516c6

SHA1
77925e25985658ee0b1291852472e0fb35955e32

SHA256
6315e57e8e3d33baac5d22ecc54ae35478396bdc352c1350ca301b045abf2103

SHA512
8662f3a32da00ff8ec5212643ba644c59cdcff51af4034bfe1fada8c800422fa52c387a51d50e65ee48e7f125f5307f6313096fa075b215e4f895c2b5a888f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
488B

MD5
09435eff6bd29462f5c3152ab79e1bc7

SHA1
ddae770ed680bf60296cbae37cd6ab88f0883194

SHA256
bb4872096e7c42d9b2e7301eac944d5dc75ab5f0bc9d7df9a66220b537d8461f

SHA512
54b028c3d7f5a442b2f316799ce8797cf29cf109d1e84a3e8503c6aca298f9b725f74495b3633d12595cf8bbbe462ceadf6089cc4a28874908de012e823311e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
2c7fe99bad09d8e98e9d1f18341e5497

SHA1
cbf11b03f51934380c763893b7e73c17b1594365

SHA256
2e9e67bd9fee9685351dfcd5df68c92f7e91bb105a0ad733e7d2ad77bd44c18d

SHA512
eca86a6b705a67d73c61cee91d44b8a25b73f104dd2ba7a5d5d5b855bfff683eaf8c7ad5609309e8e8ab7278db56b206182de0934013f05cb6a3ce76a477698b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
10b1333763884d3ee74bfd726cc84c1e

SHA1
05ce3f86a19b61880298ae37d96d174dc43dac52

SHA256
3493a22cb4f3a05ef4e95289cc554e1a12735db2eb548825a21b05f354dd521d

SHA512
24481c01dce336e990c34bf694501df86e458e66fc4f519973ac7d8eb0f94c13135c0bf95563319212784002b034a8226bec8c89a7c93718418c7f4c87b1aa9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
cc224701d3988dd5549f5d4adbf10fe4

SHA1
bf7837f102c82b785f087208d907c86f3de96bb4

SHA256
ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21

SHA512
da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
89KB

MD5
6fe203db3291330b26aa805756c30ea4

SHA1
fc1f686ee497b5c3716588061f7355facd8cfdad

SHA256
00ef5cbd69821a91ab06bfd485b55aa231e2f1d1e41844db14bd20868ad34973

SHA512
83eb6f80c7113cbe16842e34059fbfc54dcb633f62258d5227c1b7b932457e6ed4ec13e8be70ecd915677b2d8543ee67aa3b9ed046374f4819af061cd75ce7ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
176KB

MD5
8e0edfa2405e035c84e0a9c9a1dfb8c5

SHA1
79bbfd9a8c73506a49cf8e9cd72c8b9d8d388fc8

SHA256
de5442c294e1f68aad2c9e1a9558f26eeb0a5e5b773f6186ec111e000fc300f8

SHA512
25dc7c5cc86555a08994d01d146045d6cc555a2c252a7fde59328a2c7647c2307b87e6af7e40e4e0ecb28b77ae367a78d1ee8d1dc6ffcb5756707787be3fe3c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
27KB

MD5
4cab6f7eb180f0d16b149b179b634df0

SHA1
310fe40e7b369b6fbcaeeafb4f8f8e3664c4675a

SHA256
f92e865c82d32759615095cbd355d337c656afdf903ef9946099237a58c76f6d

SHA512
19d025cc713ef1f9add870f8b188ed7c058e2f03f0bbb9ab071e97b319c78a2f8760f73927073d3d04182c870f176fb9721334107c54687e7d53777d2ed7f755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
46KB

MD5
b4e4c40ba1b021933f86142b1010c253

SHA1
8901690b1040e46b360f7b39ecb9f9e342bd20af

SHA256
a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae

SHA512
452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
19KB

MD5
16c0a2c82dc0ab50f23123f7ecb11f51

SHA1
fbaef7794f352126af25aedaa99f1bc22d131f71

SHA256
5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d

SHA512
0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
95KB

MD5
0f978383950b924d31b77aad56c0ae79

SHA1
4481f7635c1cf3d98c542542d0106cfe498446e1

SHA256
afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77

SHA512
b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
800KB

MD5
f941c2c08f149ec278a55f7db3bdfee7

SHA1
24b15cb166be8be824361ba53180cdb1d292af9e

SHA256
0f6c0b2a6d8a24a748eb606d40d97cebe53b9a8dd07c65ad07cc8e2ae190cbe0

SHA512
64b7d47cd96af8ee27036de1ef430372e4950a9b75d0b2ea6d040e941fa22cbe515f8a2dcea6415eb129fa00b6f277ad51cf376e82ef2256aad78d04707dc75d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
32KB

MD5
94fd864eff41d2466c55e3d0d47e92c7

SHA1
2c8ab5e8d1ac7f09af3c09de7575f8ad55706094

SHA256
b7b245e311013279605a274aacf18e2f9314ea6c275aa4c54f7676c63f9b9248

SHA512
4e1f2656222174c5442a5af47a63bc56acb71d8f34809aec6f33e15f6e15d6e8e81f72a8aff925c09bc2d4a0d9f55b408d7d8dcb7ec01519e431a3dd28e1f682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
a5761c4c7d8700d066742d0609abfd62

SHA1
b2638307295e8c441cb148f46954a253b392ccc8

SHA256
97441faed580f7df269a518adc5995bbe3e60bc569d884b54110a1ee66df4746

SHA512
d1610b8ec3f16efdb74ca1312d48539e803b900b19bd162738783745bb6679cce6541502ef5d2e01742ca8af31298111470e5851f1bbb226f2b64de591261157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
01254bf036b647ab5a2eadd2cf7c84de

SHA1
21e67788609c9be3396b05bd88a827dabad62fec

SHA256
e94350797c19e237c364ab099184b62de73391af75c0722a7951010d21479f9a

SHA512
ab82e01de01feaa3e4eb726a9b3b8efeedd0dfecce205696126fa2348be0000ba95ed70549c8769bead2ee8534fa4d5945a915409122e8fc70d8b427db5224d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
f0e310cecb3e1f1567ba12e9ec39998d

SHA1
cf55bdd034ad040acf6e1d3fd4ddd461b5f21795

SHA256
246c05e47aad7b2aca91453c5a99e1da62d2dde3d35be84ab567f3fe839cbaf3

SHA512
8a54b210d5b4026c0ffe7abd2bf7b5b1a69f2db0ac124f96395cd4a364864533dc13e5fd254d51eee085a53ceb1c7821ef0fd9380d19355cfe085d6bc4690091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf764376.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
b5616d3ca8e3894d37a372b4bc40165c

SHA1
d8ed6d39535c1a176184d51f5397dcc9d89f4235

SHA256
75f23b5e870f86384d8fcdd0d4be7e93a32b28f720d76aeebb68fc02ec225e8b

SHA512
52b5d58033e8a24dcd04c0305615ae4334768722ffb6e06d7d22e134319e8277830814430057bf13e81c2ab0af3b0e895cbf44e68bf5f1632cefb6c16ec97645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
755f84644e38216b156d0c7cba5ebf89

SHA1
d0a18385e791c814e619284436d01c59b0b5d6d2

SHA256
4cba8dbd6be4dfc54339b7e34ab1bfb108ecd99979bc20712fb1fcd004e616a7

SHA512
de401bda14e91dee51abd57c555e730f2a6847bae643203dc4f4a1fabf2fd2163da3bec3939790fe4bf75115a893e42d99a0469da0abf72e661b9e5bf989d860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf7706c4.TMP

Filesize
854B

MD5
17d8c1ed89d83093675f25a8908902cb

SHA1
51e957819d5adc4c8892ae09e895393458df2c3a

SHA256
7a2297f5abcb6432e5a3e35dbfc8bdc0d9c2687999325f2a9b66d2d72b7d58d1

SHA512
6e2442dbd2ea00f9a7446b8910acd192c0f8580ca436807b7667bdd49ad4cdca8ae15de86d9a2092467b78f40e7a78dc4f69c11eb28b9225795604ca8cf13861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
899ec4439ed2d75cdb2079acee0e0c1a

SHA1
4aee9bf4b65688474410910b42fa2112718cbd26

SHA256
fff3334c8fd4fd2490a0d91b5b679eabeab91421b682a6d86bb795f768dc9db9

SHA512
9f592ff75e22704c2e6adb5721133d5728533bc93955a1af8164f6baf8dfa1514340e674b07e22a46c70b916c8eb56bad112a55ebe4114df608bb1681df407f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed9f46af00464531114a529294d423d0

SHA1
8dd3ae23b10aec6a9190d80d4bf062ac5786f1cc

SHA256
f42a5a1121b69d5897d3c9faeb676581d058a6f552f5b85ebf32c76cb606c939

SHA512
8bc3f4cd1cc3bd08fd24ccc5c3ed8aca2f2c9260c484299f35f3bf65ccfd64ca20373b29b50f55341402cc6a66a66285b0063c9e37e1e6a79176487cda749679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
365adc0315a6ff12dab50f9d7c370a99

SHA1
ff47724f232622a02d98f1ce143f099b6c90410e

SHA256
15e812c9b6d3ce489f7b7c2050ff16b6fc7231feba4ddfea1937d62be1124a6c

SHA512
f0d716051387fec6e8bb9a55a17460f9d1af4d3ccab620a0e36b39c67fcb60a8b78b955b94a1234808ab5eeec903dd3d95f0551fad6b33ec1b18390627b798e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f97917973f6a07afe301469454a63821

SHA1
3d43e94a2304d594a63181ed92231198b8f5a102

SHA256
3e67491db06e918df2f4c2ae3b8c1743c2039a6a29e6a40b28b539ce3b9f648d

SHA512
87c96b656841a19c7d37f2fa0a3bd720554a85080bc4c2e61dc89b0293728eafbf22a0f3ecda6ac3de161cf5ac58af9c0b6817c2dbb8f6b7ea16edf52eb8b80d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3134dbf01a8b486c906e577aca9f6f79

SHA1
d35c8d1135cb0d423b66cd80a7fcabd9fda030bf

SHA256
0e6c0a4293b3569d90cea1550b2b4c870433ebc06329b6ab45788e0376231903

SHA512
e86a10de4d84e9ce60b41f0c910dead19dd6caf19fec0ad8291adb87337445c1008cb4afcad039814d87a9c160831ea7a802494f355f28853ce9f42eb1272b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21e1bb6f1521978893f866aa28b6be3d

SHA1
cfde6eba06475dec7f2b72d7c78f914c02fa75a0

SHA256
8fef9638c25a3410358058152137d02b72635bd7b6216371750578150e0e3a41

SHA512
477c323d068aec73fbe50ce895887e711fca4956340e4c053d2cf57c3e8434f2973ba7bf13852fe64e2b575f00ba0b3a84f898053603db6b0d860acf80adce8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
f514687969d9e5302c6129b8e4ec0cae

SHA1
53165cf1c2cee84b2369b78a0ee69ee5da7fa1d7

SHA256
73cea8f5bc85fc97b08491f6f39f4af505dd1bccafb1d76658ca64c6d1efca12

SHA512
ccc73e0479151611512043ea9662018f7dd16ef500e905e4f8f2d48a8b68b17def21ef94f344b4cdd87bd08a46095e59e496aee221ac0bfc504183503b43da4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
bfce2fddd5023a967cfc078adf13aa3f

SHA1
8f8a4925ca2a9115ab0184faa160976d7a77c111

SHA256
cb0a943137fc016bc3a44ccdebfd9eece14ec3d7efd0293cdf5570a51c3a2af6

SHA512
4f55a134804e84f86263003eed21a7d96cb726313d25b2172e09b225d5cb6b2a697cd314745ce3dbc704fce93dde191e2cb95563c8b278c0366b19116a448838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13361291521778400

Filesize
5KB

MD5
e6889e1fc8c455a016b70cd20aae345c

SHA1
3cc4386269247a13462e24f600244cbda1c4bbd2

SHA256
03e1ab628d2e102b988ff0c7b00babe28dfbf483f1fcadbdd09d94152c6681d2

SHA512
ba18a2e82d15f196edbf19e761a40b96b5f976439150013547d0f8a23bf90438cfbfd5f8b908bb578c74470ef6f78c30dbf18447f0e7e6dcad9ffbd26a97d073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
72B

MD5
2d339fc47506f23c4038bc8847abbddb

SHA1
03aa690695e6f3a1854ec8b069013f579a2abc23

SHA256
846812a29ea0250af9ed326a32d0306c89e51424022d982983a52747eadc8be7

SHA512
fa3f06fcb9d9134c19ba57667ed9e80b126d9f2790dab364408b2f6d0ebc1bd854b268de753abd3bfedec33a5998dce88e58c03e9d65268c6558222e62ee8b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
b1d76561b76b1710431393cd1cbf196a

SHA1
b44e2619f6accc99d58719f0dded039666b19813

SHA256
d56d09734b452f10cf91a7b9ce10cd0840c4ccfb4ad7aec2d759ee0008af1dbe

SHA512
0ac5a037126c41c7aca57fe80b626c071be353b98ae8374f8fe5f96ca1e7feb5c1a3c6b35114bec2f6693d1695608fa12356d1897747b4f33ac0c96a39ca7056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
1a4ca9070765cb8eb3320588d6b0b6bd

SHA1
dfa85e85c97ec3fbebf9348ce66dfa79f28574dc

SHA256
92682e86819a76399c791eb4a6f66bc4aa51ee1e044178459406e9a97618c0f7

SHA512
905bc0730aa625d7227ae7a8a3b99cb058039b8d9a1c602eaad9091b642ef9a6c012bb14a255001651d3a56e8ff50cdffd500a317a0455c8b50109c53f9ac599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
894a6f85ffb1ffe2efa3a71252b41dd2

SHA1
004c8c7ef0edadba5020eaea2a59234493fb39ba

SHA256
1a11fa443a9c5276f83ffb7498a8731b48448ddad02dd5bf2857ac46616c0510

SHA512
311ce543e4829a598d6f6e92f9692bc0ccb291279d78d753e36db110efdeb6f5e6680d1558ccc23ac890f844585bc008e9c7d15fb3b35c69e97eb03638c2a63a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
84bbd1f840d7780dbcf9096c82035d03

SHA1
814770a7906ff14fb2b2e83e1c92e99c9340f10f

SHA256
38fefba38ed02a12571f4ea475a725f992ab4329a33cc14af68f5e53f605d71c

SHA512
4dddc99d564df7903be541c4d69fae1e7a04322464df1e9e1c26325d6bbd77c47427c9dceb0234fc25b62e3222f7c71aacdf7b2be7e83b03bea38e86db15c14d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
f9b398adaa849beec315e5f6f0bee834

SHA1
e24fb84ed0adccb30cc05c0129115d582e5e98e5

SHA256
1e6c50f9e61028b66f8c19f8fd6f2d60c40fee3602397f1f47188ce9813d6257

SHA512
b37ff594d12159f36368f1529f1069e9b61b820fa94ae567084a9944abcc4c5eaa4c037eb236f3198b649ba989a628571caceda98404aa05b8cfaebe45d5758f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
b3af632bf8376971f0fd3cb348634949

SHA1
01cf6fc5e603828c01c9d8e4e24eaf26c8f1f103

SHA256
e7c8599c7fef934da33303ec80ff8502795d36d3bdeb5e66130ee72f751510fc

SHA512
4eae373c48b5cf9c7fcef0f77331df2c29df0ee3006605e5c20ae89a5a385f3e14931afae9eb59dc5b823c7ae2285c3e3e6b0c1caaf7bef28efffc574c74f32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
f99361883279d4bbc1a42394025e3204

SHA1
c7ff947a7a1409ded82ccf8ba4b83f424c6bc6d9

SHA256
ba26ab045ec940f9ae9ef91cfc363ae88be10173e6f79b74c448000f8dd43a35

SHA512
73d380856584166d30bbe330089ec7e84b609e17ff64f6784dc01a931b4d5efbf4b0d0e8ed4b5564217c2b0ea99573ba2eeedb4fe92057a70fe64e92e6d59f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
5cf0bde42f78b8acfa6d356372f14e9b

SHA1
afcaa57fd0f5d63d996de0630eeb92b72cec0c79

SHA256
665512a0067946550953b00f7e53eef131a9d48f631caf4c65cbb16d6f43ed68

SHA512
1c23b045ae3606262ffe0ffab30cdc9d66ff704673da5cae5d52d2df36161ff7271140dcc30fa67e15d0df04f96bffd380d4c451d6c74e7af23d31cab5e4de93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
b2ea13149795f95492692abbadb813fb

SHA1
86f96dfd17f30e89fce03d00ea2738a76300da13

SHA256
4a3b209a13c2e2397b78e32520ab3905b7edf1d914455867ad554ac72a89da8c

SHA512
61987c6491dd973dd944c2623a64b99de84a1249c49691bad2458c68739459e3e3161052de68da7400ea9fe19db950a8b639e8be5cdcdc4a05d88723ec10189c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\edc1bed2-35a1-45bc-8a01-8f9cfbcf9cb7.tmp

Filesize
144KB

MD5
bd5a57158abc5db9d70f86e90a013387

SHA1
5b29c2fae7d63c49ea7281fb86079ccb33750de3

SHA256
3d6530b63838fc3884455b92571cb5cf55087d7df97c73182f8650478c0ad4d4

SHA512
d5f889304572bf7f7589d5b092fea934b967c6eb3f0bc15ee6c599a866f11798e87b0ac47ae81cfa8339c3a34d6ed98963bb89815ee22977af0039192844576c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f0486f71-6fb0-4c21-ae3e-fde73fcd9559.tmp

Filesize
144KB

MD5
892c5e3e86a88c41ba7c3ebc232ad6a1

SHA1
deb0f6ec6ec304ac776e866d0b6d925fc7b2c725

SHA256
e79c73b271bfbd6e50a7eda41852686b3b6da515823645a41ddd726219315db6

SHA512
75d08b09c318f723c20dd612663dd7a917609f715f0c1fbce7d1edaeab9bde95e79253c1ccd2ae8378e67747a3bef8b8437c599df72c261fac7896fa815a2dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D53.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
415B

MD5
8e0e8e4fd021e1b2d5e46576e679dbfe

SHA1
547cb3766188820c817b98f9108603f7353a66c1

SHA256
db193b05993666b1a17ad227544739cb0eab9dcb334a762bf50123629956a69a

SHA512
a863282e18cef5b0e3aacc2af540fdfca74b9a944432e8e575aac56e00945d52b22f4eeecfc01cb8a822bcc58c34bc581d8a1946851b5d2bbbfcc672687dcf9b

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
370B

MD5
3e27baff4dba8c517ffbd477f96319e0

SHA1
e9fc9370bdfa126fbbe5763d5172eb8cb2ac4389

SHA256
43e0bda521f647524b808a20610c718838a6f8bab1b3859a358fde6b2c10f839

SHA512
2833ebd3753290044d21b0a2ddb6b1bcd118ab3ff9aad5a8228ff744cdbf7a6198429011936a86b39ab01985e3578b089b5b678310ae6431f1ec92d341fedfa8

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
3KB

MD5
7f4d040229055910762c6868e93fb367

SHA1
c0c1e4818e6c42772c8a6bfe664e04d45e2ac34b

SHA256
da4c4ebd56bf8cbf6df64222f291e4c7244fb619ab9e5c0d6bc5f1d6bfb22c43

SHA512
1851b45134891ea3ccf2135f6ca3759b885d13753e3981a59f790da1795ca1de4b467a510f618851a44c199ef065c319026cc671386e72eef2edf75c4fe4ae1c

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
3KB

MD5
75682324df39c2da8c4ded99bf714795

SHA1
9cfa722c9cb5f7ee22c9bd0f910cacfb2e5f6bf4

SHA256
be950694866d3c8b17118158e18a514d93bc0f57b38037578d563d71b6e4af45

SHA512
613eac1b0d5a8962a6b8b7a38df1bc5e8b27b936356527eec87a35810e3a9491039a71ab42260311eb44d1b2208f3b0f8facbd16b538eef6520a1dcad333a735

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
4KB

MD5
e89ece4c93b6209123c87b1c7391e868

SHA1
259f61caa97ed533c5548439dec12a0c319edc16

SHA256
c783cfda9b7ddefa1b5d6a08639e5947d85c1ff499f6a77d007108c26ddac4ba

SHA512
e2b1ac86bbd49de66d734082ee800aecefe351cace879669f40ca868efe0d937fe3b6a20c338bcc98d7fd6279cd9a07cdf0464337087a0bf5b08d92cf0f7b442

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
325B

MD5
a9e7cdcaf924432e8a840632e4f569db

SHA1
261d10f61e2d43a6732482fc21f28eac90bd0607

SHA256
54c6a8b3a5fef6262fe0f53f936f7b9698ba6ad567753b07cab107e6feff1a11

SHA512
b8c87120a175bad998055c7894b160d52e2c1b6d2e1c0512440378228b2c139ebf3fbb870a4dba9c10fd57d92436146d47462823c316d006da10b241018c6793

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
583B

MD5
190650c3c12aded1397f36a461f23116

SHA1
b92b3d7b585eb05371220efbd18ecf9329786a55

SHA256
6b7f29a3cfd635225050521532bc3b66bcc6d93d8e34c7e1f462c6d05fc8f5ca

SHA512
2ec2ead3f5d1088b32e991d2969131538f0b3f38e67e5ea954bb4f03c2a58d0f9cf8aa2a6eb50feef9c00c158252959754e4c64bc9578de86d35d4403d3623b6

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
325B

MD5
c00ff632337d0506c66f41333dd7927d

SHA1
01cf8d373b92c9d86c13c622ad3f8d8ae05aaf84

SHA256
6519919aad4bb06ff51fcaf10062a651136314b4a9601e9972dd4a55718ad520

SHA512
567d4ceb74189f38a5617ae6d62586ffe6aa09af82b239d0b99db801340b1b79c1215c73af0e47901d876265ebf5882008ae631074bba621337c763e5b86735a

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
325B

MD5
8abdfe97605cc67edb9b68fe23a5c10c

SHA1
3ad9970f3c745ab8a5f4ef56dd7e29929c9c4f0c

SHA256
546eb86970d1fa4180b0187f79277af1633d35fca506711afdafb38fa73eeb8c

SHA512
72d46fae8535348e941eca79b19765da1d3944112a99ccc47649f37db5c77ed342b8269067df0972cf037f7c22dd986716d973c53ab4c66dc40adfd6d5d5487d

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
583B

MD5
40ff266a7e9748d5f1d7a7570190d411

SHA1
62d930be04e9f64d94b0bd7cf87aa43e1dbcbfd4

SHA256
96845f3d137ad9570e44db6cfeb8d6bcd44146f54283760abaf0b5fc0c7720bf

SHA512
0a039782274aeac5948b7eaa9e622325506355263976b724cd6b711d6e43f1b07ad8307f705630e707a752548f6e6d01ca9049f6b3797345bf7319d672f7dd67

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
4.2MB

MD5
b66478cc0f9ec50810489a039ced642b

SHA1
992ede70f0fee5cb323b4b810cc960bf2531875e

SHA256
e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702

SHA512
ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

Download Submit
C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

Filesize
711KB

MD5
c00b30289cc427caff97af5aa3d43e03

SHA1
8e70885a62b0fe510422c2367b1f6de489b67e6c

SHA256
b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867

SHA512
3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

Download Submit
C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

Filesize
77KB

MD5
47c83b958951331ba409d6b80316250c

SHA1
ce14566676a27a0899079781a41888a2f1303127

SHA256
e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064

SHA512
58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\d3dcompiler_47.dll

Filesize
3.3MB

MD5
c5b362bce86bb0ad3149c4540201331d

SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd

SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
9.0MB

MD5
47183d7843a1af1e856bc2600ca73e5a

SHA1
e715cecf017bfcf670a4d00e94997701f1c694c5

SHA256
2250688fe226f6513caef2bbaf92e7e6831d48b6d53fcc91a863a9928b609ac4

SHA512
1fe603847a5a39a4e610fd09461075c5cc9fa7d424b0867cdf41f03584aa76bdafc23c4abcac5e60995d0490165e5158e1a66e48781a60f6564dbe26238143fa

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
30.4MB

MD5
4cb98d63f1b2b9dc38e10e9901ec52d8

SHA1
42c0e8b8e5c7a4113e38a977221f845ef8406722

SHA256
ba3467a8db908d81a0729f78fdc5c8f1d1595d3da4e5a9a34be9a16e06da9f87

SHA512
d351b9ff851490187b003c675047b6a20a2519df3818bcd18a674d6edab1d211c9661acc98403b562ff3268576ea203b4e0f10e962467b9849b72431c92735a4

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
2.8MB

MD5
20082752d6c5fae8d08071aaf242b739

SHA1
70e8c7499507e8275c2ac06c372bde3b84f4c763

SHA256
1fae9cd8610a6d666c9b42d91440b493a257adab2126dd7c77f5d5098d678b8b

SHA512
6d9778f29ab522e45cee8a3d5aad6f4e65606675479cdf782844f5d162e13a8d42837ffe6d7533d8a29c71f10ce648cd2f859db55e7f8d00a4638ebea0b8ba46

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
24.6MB

MD5
72fd66c4ce090346c113b72990eb7d86

SHA1
038c06b41cee82578f5b6a0b0298570bc8969e8d

SHA256
c382d8319f5ccf7faa6517bfa53a052ebb7d8d16f335d5925ae777270c93e50d

SHA512
9973f0a33aa3e085ff5bdba469859cf5b6df7c8d60927e229c2cea2648e8ce0c7a4ea96f9861735e2bff8d2207dee55fdbc90f3534d50d009559391d9ff7f2ec

Download Submit
C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

Filesize
75KB

MD5
00678eb6be3b52d562b66218c93e21a8

SHA1
ba583d1520da22f3d3b89196c981279ecda58648

SHA256
b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f

SHA512
58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
78B

MD5
3ee14f14f361e0ec15a2e51a084610e8

SHA1
13885547c21ee9348465f0361bc551fa48ad93f8

SHA256
491b36a1c5830b744bc59c59f643a41b306c9d4ef787e37f897205b9b8acceed

SHA512
7d3068aba773ee3544e61b74c79c6d71bc36cd16773b658f36b7f7bff16e2d4cc96ec9e740159c3dc0900a81b9a6863506ed7fb9b644e716d43ac0c454287137

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 225975.crdownload

Filesize
4.3MB

MD5
fc0734a7348f6e2979d3044a9a75e359

SHA1
ba7ebc472f8a7dae824c13a5e39f11e54d0f83b9

SHA256
a4b1a450cada1b25b74b8decfb92f77c64a04f0b4ec8ddaf1a3c0f962a364c0a

SHA512
9c6e2baa2a291ccd1e2787d10df50f1789f7f8976c707908448eb60fbeacfb00c90d2d390b7ad73c176daf510c3a6bb93f9a960ad61c60f899e74db4963a054f

Download Submit
memory/2448-3259-0x0000000000360000-0x00000000007AC000-memory.dmp

Filesize
4.3MB

Download
memory/2448-3279-0x000000006DBA0000-0x000000006E4A9000-memory.dmp

Filesize
9.0MB

Download
memory/2448-3278-0x00000000082C0000-0x00000000086EC000-memory.dmp

Filesize
4.2MB

Download
memory/2448-3293-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2448-3959-0x000000006DBA0000-0x000000006E4A9000-memory.dmp

Filesize
9.0MB

Download
memory/2520-1382-0x0000000006500000-0x000000000650A000-memory.dmp

Filesize
40KB

Download
memory/2520-1377-0x000000000AA40000-0x000000000AC50000-memory.dmp

Filesize
2.1MB

Download
memory/2520-1388-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2520-1387-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1384-0x000000006D7D0000-0x000000006D827000-memory.dmp

Filesize
348KB

Download
memory/2520-1390-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1391-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1392-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-2072-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2520-2097-0x000000006DF60000-0x000000006E869000-memory.dmp

Filesize
9.0MB

Download
memory/2520-1396-0x0000000009420000-0x0000000009520000-memory.dmp

Filesize
1024KB

Download
memory/2520-1402-0x0000000009900000-0x0000000009A00000-memory.dmp

Filesize
1024KB

Download
memory/2520-1371-0x000000006DF60000-0x000000006E869000-memory.dmp

Filesize
9.0MB

Download
memory/2520-1389-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1370-0x0000000008790000-0x0000000008BBC000-memory.dmp

Filesize
4.2MB

Download
memory/2520-1405-0x00000000061C0000-0x00000000061D0000-memory.dmp

Filesize
64KB

Download
memory/2520-1369-0x000000006DF20000-0x000000006DF30000-memory.dmp

Filesize
64KB

Download
memory/2520-1417-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1381-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1380-0x0000000006AB0000-0x0000000006B24000-memory.dmp

Filesize
464KB

Download
memory/2520-1379-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1383-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1429-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1426-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1410-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1407-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2520-1420-0x000000006C030000-0x000000006C040000-memory.dmp

Filesize
64KB

Download
memory/2756-603-0x0000000000E30000-0x000000000127C000-memory.dmp

Filesize
4.3MB

Download
memory/2756-602-0x0000000073EFE000-0x0000000073EFF000-memory.dmp

Filesize
4KB

Download
memory/2756-805-0x0000000000D60000-0x0000000000D9C000-memory.dmp

Filesize
240KB

Download
memory/2756-806-0x0000000073EF0000-0x00000000745DE000-memory.dmp

Filesize
6.9MB

Download
memory/2756-815-0x0000000073EF0000-0x00000000745DE000-memory.dmp

Filesize
6.9MB

Download
memory/2756-807-0x0000000073EF0000-0x00000000745DE000-memory.dmp

Filesize
6.9MB

Download
memory/2984-816-0x0000000000300000-0x000000000074C000-memory.dmp

Filesize
4.3MB

Download
memory/4024-2151-0x000000006DB10000-0x000000006E419000-memory.dmp

Filesize
9.0MB

Download
memory/4024-3013-0x000000006DB10000-0x000000006E419000-memory.dmp

Filesize
9.0MB

Download
memory/4024-2189-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4024-2164-0x000000006BFB0000-0x000000006BFC0000-memory.dmp

Filesize
64KB

Download
memory/4024-2165-0x000000006D770000-0x000000006D7C7000-memory.dmp

Filesize
348KB

Download
memory/4024-2168-0x000000006BFB0000-0x000000006BFC0000-memory.dmp

Filesize
64KB

Download
memory/4024-2169-0x000000006BFB0000-0x000000006BFC0000-memory.dmp

Filesize
64KB

Download
memory/4024-2170-0x000000006BFB0000-0x000000006BFC0000-memory.dmp

Filesize
64KB

Download
memory/4024-2171-0x000000006BFB0000-0x000000006BFC0000-memory.dmp

Filesize
64KB

Download
memory/4024-2153-0x000000000A720000-0x000000000A930000-memory.dmp

Filesize
2.1MB

Download
memory/4024-2155-0x00000000067A0000-0x0000000006814000-memory.dmp

Filesize
464KB

Download
memory/4024-2156-0x000000006BFB0000-0x000000006BFC0000-memory.dmp

Filesize
64KB

Download
memory/4024-2154-0x000000006BFB0000-0x000000006BFC0000-memory.dmp

Filesize
64KB

Download
memory/4024-2150-0x000000006E8C0000-0x000000006E8D0000-memory.dmp

Filesize
64KB

Download
memory/4024-2141-0x00000000081D0000-0x00000000085FC000-memory.dmp

Filesize
4.2MB

Download