0d37dc1147095e1e4dceaa2c9fa503aae238e677b2f4aa27b8e647ab1e8c21ae

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

yk3UHrKeTk.html
Size

10KB
MD5

554bdcfc67dd37d9270f6cd6c4147155
SHA1

e5296f6170b6efe1793804a6fc31ccc064ddfaab
SHA256

0d37dc1147095e1e4dceaa2c9fa503aae238e677b2f4aa27b8e647ab1e8c21ae
SHA512

714ba7c4c539595a5f4f6b0116fd2fb5d7033b735ac39b50a35a8143ed8f942a73aa160a5e40ea7b9cff53a259dc66aaf0cacb670a03f34721c9022428ba8b6c
SSDEEP

96:uHenBzcdMJe9XOfRr8LCR6e5hNvtdLXe5GaZfdnyp7nx/IJ:uH6le9gRr8+nlu39dnQ7nx/0

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000\Control Panel\International\Geo\Nation	osu!.exe

Executes dropped EXE 4 IoCs

pid	Process
5140	install.exe
5536	squD1F1.tmp.exe
5776	osu!.exe
3228	osu!.exe

Loads dropped DLL 64 IoCs

pid	Process
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
5776	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	osu!.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	osu!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	osu!.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	osu!.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osr\Shell\Open\Command	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\discord-1216669957799018608\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe"	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe\" \"%1\""	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osump\ = "URL:osu! Multiplayer"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.olz\DefaultIcon	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osr\Shell	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.olz\ = "osu.File.olz"	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osr\ = "osu.File.osr"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osk	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\discord-1216669957799018608	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\discord-1216669957799018608\shell\open\command	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osz\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\lazer.ico"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osz\Shell\Open\Command	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.olz\Shell\Open	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\discord-1216669957799018608\shell\open	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osk\ = "osu.File.osk"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osz\Shell\Open	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osr\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe\" \"%1\""	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk\DefaultIcon	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk\Shell	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osump\DefaultIcon	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osz\Shell	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osr\DefaultIcon	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\lazer.ico"	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osk\OpenWithProgIds\osu.File.osk	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu\Shell	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osump\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe\" \"%1\""	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\discord-1216669957799018608\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe"	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.olz\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe\" \"%1\""	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osr\OpenWithProgIds\osu.File.osr	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk\Shell\Open	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.olz\Shell\Open\Command	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe\" \"%1\""	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osr\ = "osu! Replay"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu\DefaultIcon	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.olz\OpenWithProgIds\osu.File.olz	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osr\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\lazer.ico"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osr\OpenWithProgIds	osu!.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1015551233-1106003478-1645743776-1000\{9CCFD1BE-2D96-4A6F-A7A2-3B96D7DB6104}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osr	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu\URL Protocol	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osz\ = "osu! Beatmap"	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osz\Shell\Open\Command\ = "\"C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\osu!.exe\" \"%1\""	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.olz	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osr\Shell\Open	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.olz\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\lazer.ico"	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk\ = "osu! Skin"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\discord-1216669957799018608\shell	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osz	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osz\OpenWithProgIds	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.olz	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osump\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\osulazer\\app-2024.625.2\\lazer.ico"	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osump\Shell\Open\Command	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osump\Shell\Open	osu!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu\ = "URL:osu!"	osu!.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1015551233-1106003478-1645743776-1000\{8104DDC3-9E1A-49BB-BE15-9C6E66E8E8B8}	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osz\OpenWithProgIds\osu.File.osz	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu.File.osk\Shell\Open\Command	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osump	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\.osk\OpenWithProgIds	osu!.exe
Key created	\REGISTRY\USER\S-1-5-21-1015551233-1106003478-1645743776-1000_Classes\osu\Shell\Open\Command	osu!.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1015551233-1106003478-1645743776-1000\{E2FE5857-2C87-4B4D-899B-F7337EBE6610}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 108718.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
1968	msedge.exe
1968	msedge.exe
5072	identity_helper.exe
5072	identity_helper.exe
216	msedge.exe
216	msedge.exe
3576	msedge.exe
3576	msedge.exe
5536	squD1F1.tmp.exe
5536	squD1F1.tmp.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5536	squD1F1.tmp.exe
Token: SeDebugPrivilege	5776	osu!.exe
Token: SeDebugPrivilege	3228	osu!.exe
Token: 33	5976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5976	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3228	osu!.exe
3228	osu!.exe
3228	osu!.exe
5348	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2568	1968	msedge.exe	82
PID 1968 wrote to memory of 2568	1968	msedge.exe	82
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 1436	1968	msedge.exe	83
PID 1968 wrote to memory of 2136	1968	msedge.exe	84
PID 1968 wrote to memory of 2136	1968	msedge.exe	84
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85
PID 1968 wrote to memory of 2416	1968	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\yk3UHrKeTk.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4c6c46f8,0x7ffe4c6c4708,0x7ffe4c6c4718
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1736 /prefetch:8
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Users\Admin\Downloads\install.exe
  "C:\Users\Admin\Downloads\install.exe"
  2⤵
  - Executes dropped EXE
  PID:5140
- - C:\Users\Admin\AppData\Local\Temp\squD1F1.tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\squD1F1.tmp.exe" --setup "C:\Users\Admin\AppData\Local\Temp\squD1F2.tmp.nupkg"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5536
  - - C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.exe
      "C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.exe" --squirrel-install 2024.625.2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:5776
  - - C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.exe
      "C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.exe" --squirrel-firstrun
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks SCSI registry key(s)
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,9917584303982300923,11417690406846025325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x428 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5976

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:2480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5abe7950-1b81-4ac7-ba06-07b68f4559c1.tmp

Filesize
12KB

MD5
cf21f8390659e158d0cd9d7c6828abd7

SHA1
b051fe4eee6f394d7801ed30bb21f916b61b4b0e

SHA256
9eb46bd34437c5c69b6ce26eb232abcb488acc12bb2f365a58c8ac81adbed469

SHA512
a6af87d55ed9f8489fc57cd7f0ea18b3815b03f21bfa9fe620352df48de3c8437074db8c82122523205d371453e6280f8e8ef5cc860882cf6effa70536549d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e81c757cdb64c4fd5c91e6ade1a16308

SHA1
19dc7ff5e8551a2b08874131d962b697bb84ad9b

SHA256
82141d451d07bdb68991f33c59129214dd6d3d10158aeb7a1dc81efbc5fb12b3

SHA512
ba8de0b3b04fec5a96d361459dde0941b1b70f5be231fdec94806efa3ecf1e8faf8e27b1800fa606dc4a82e29d4cf5109b94109e5ad242ddf9f4671e2acbcfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e57ec8bd99545e47a55d581964d0549

SHA1
bd7055ea7df7696298a94dedfc91136e3b530db8

SHA256
a50ba35608edc2f3360cc71be0d4b29bba0e3382d1f08f24df5322ce2ad2443c

SHA512
6b9b73d983c472149629c842e16e4f7c2f8a0a3bb6dd64837ef647db810ef1beb3a02b15dc1eec2c5de8aee6b3ca195c7d26c432705061c5b0ec7841a5bbf106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
3358e831188c51a7d8c6be54efafc248

SHA1
4b909f88f7b6d0a633824e354185748474a902a5

SHA256
c4cd0c2e26c152032764362954c276c86bd51e525a742d1f86b3e4f860f360ff

SHA512
c96a6aae518d99be0c184c70be83a6a21fca3dab82f028567b224d7ac547c5ef40f0553d56f006b53168f9bba1637fdec8cf79175fd03c9c954a16c62a9c935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
b55b8baf9ced2da93c17f6b749734870

SHA1
b7a0adbe14b12fd8f7bc3fbc27a5611693057cec

SHA256
38f98d8fffec9928c61be37a6d4a3da72e027dfc239b53d784964cc922a201a4

SHA512
69c98fb523179d002566ec88bfcd12800ec0154ef76efc017d05c1dc5f2ea479e5ced0e9c6158a2e8546f88fe19d58a3627bbea546e4ab6905f4f340767fffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
1024KB

MD5
09c44d7d3fe021b80c0c6983d43e7879

SHA1
62ef901550bb1438f574378cdcce94aaf37249f7

SHA256
3fc829a2ad9ef1ded5449ed209d27c613bb1dfb1226d8512e411594f50a5699e

SHA512
5c2422cb651ca203ab60b8b140fff001fe598835f4f7aa96c72c90680ed89c836a436b86337f9673426635468a7ff26655df2fe0ba3d20ea091e5d57d5e2c431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bbbf25d998a29bf0aee172208611faa4

SHA1
2e7fe7ae20d3f4c28dd116c9f5e7ad241d6a66a6

SHA256
10e9f1a47805b2e52853947fe8129dd8a98becbc254714b6f1fe3b6c19ff2f4b

SHA512
5050f97155dc0dbc3466de7db1aa5237b333deac4859390240b14be98f2d342f18393516ca3f2d44d158c641ca64cd2102de9a04ade1fd7996cd2a92841e2e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d7c16c618808ef38f2aa62661410bea2

SHA1
61c805cab77b3e88b896011d7dc7a574c70d9cf1

SHA256
bfe1ea2855ece41273fc0f361c2d75f66727a856597cb6e27a801a94189a683f

SHA512
9d2d04b89ad294581945bd39c03b49348081848a24c3569f53b8c465e45c340fe6e43f2b03e65136944a19d93b2ba496c083c80799b6ebe6d73f4a218eb852b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60d428e85e191cc5709cac2c13574e5a

SHA1
387b08d319cef23e5ef0a066878e4de71fcac2e5

SHA256
1f5673b980bf8efae9de29725058aca20c619afc0072614302f221688f2b0551

SHA512
4d0ce7c35f131638b60e13058e2f08d0fe565427092abe033f2fe91fdd8af7be1f9bfa74182df1ab3dfc5f2f3d98869174b6c5d7fb3bbf419b0c1796987d6da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dda5f9e654c21ebf169bdf374f65da68

SHA1
6dadeb6d86eb1c4dd3702f10c9494eecd6582ea5

SHA256
8a7f6621427d2195752b3820c5a7bf1e8f1353c6fa9c87937b60ca78769baa45

SHA512
32f7a44fae122ebbde89c80b18763e235ad91478458579c112d094b97cccc906d3a64e5aec0e7e0e2971662a31ae9e2c94f7ca06c455e2ac5df3ac415ef611c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a45bf715a69d5f68e077cca67b842300

SHA1
6349b343829f89c322d4d4c7cc4d1e06f0647d7d

SHA256
9b3e25fa227b86b8e08fbf28bb5cef25c875e19d16e8724016c11ba02d88e67a

SHA512
1a0b9a9b49f68dcd9ad95571f433ee45d78e29e720f50dc4b715bdc4d7af0b3a204b9f7151f9727db88b15223c421705ca159a681faa8ef09689ba353c564767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2f935ce07e6641de4311d0f805908bf4

SHA1
bf3996ccbcd1450138d96e0c220e126ac57f7d61

SHA256
df5c3829b6e9a314aa5726a3ae1e346718e4c646fac6f9c022d3031bfbe9e724

SHA512
8fe0d59b30f0a64db2e5b0e3f3ee5d16e7d25646ae1e6562bef623b42395624cbb08c0d56f4080cb24bcb2f6ae4d73b5ed40419ea3ff4457c270b3b0d4f7ee10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5c768d3a932dce637f12f2356062fc07

SHA1
e44c2d304efa2eb2641c272f84dae5daa10b6cd2

SHA256
069d5e338aed14d104b4304923bff2bfe6bfd7aecf9e8e9ba77b52ee3901d122

SHA512
41d98e816a0be0f1b1a1a79985dc9fad2a8dbe87eac56c818534a874164f4d4e34e1458f744036ae6fa352a0bbcb9426cbf737b4fd2d1fc13f2299c1b90f1c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
388ad68b90fda1c8b1ec05346bfc27c7

SHA1
1dc29ef31c740c39e1968bfd9a331d9e4a712cb0

SHA256
25daa5e3070007370b671667d8e70ec17bb9c028874cbbc7e29da83bd28b5f2b

SHA512
aa77c28c64b2c5f1acf955b002326bc7ae8ca2babdc66887d60d869015b8959e06d558b46ec6941fea7c4ef87f7310cb4a652c7a7cfc32a8c2d15d1dc112a8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8bf58d6006d54df1253c0853e5815fab

SHA1
fc0822eafbfa421fa908b1e0bbd010b7e3741bd7

SHA256
3f9869b0188d5bd4b5ee7528aacbf6d33bb6435cfec746b1945a74a0da05d662

SHA512
81236988df95ebc7e1ea069e0de0f36a34c7c7f608d1b5fd46fefb20917ee5b4321aff14c64799f2dd861b80825b4e7bb40d7bbcd876f455d9c97afd902d6b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f53d.TMP

Filesize
702B

MD5
53e4c5276440bedfb357081bb0993b50

SHA1
7a539fbca0af4a681b8da5f37eb525c33069f169

SHA256
980c5e7cdbed5d171b9ee00ebed248030d26a22fa4b342479757f9731ba9fbce

SHA512
e635aa5f0f398c5d7d2734aee742d0a82940b52f96fb59d2e1fbd57c43fb42eec84c530bb1482f39fde006988ad304caa4494370673c701e0e860026e49c6501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d71ff326cb55de250f8c52f487573c2

SHA1
ba75b32352dbed47cdbc636452e19f8e48d63014

SHA256
94d646d203c304cbd103b5d00d6347f90aef1bae0c7438322e7283b30afb49a5

SHA512
9c5f3c3854ff3ffac5d3d09a455cd06ac3c9dc1ee51209ac8e8095f7506667301a113fd2980a3b84ddfd6e3af96f51a7383d244e931be3c5421beffdc41d9145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd9dfbddb09d1835893e70a4406eef6c

SHA1
19a8fcbd34005c2cfd2c955a8f0ddb73e2c7332d

SHA256
6ea83d1cc7efe47e0f8fd211eb6fd16ceba2089290a291bbad1cecfd228c62a2

SHA512
ab4e2e6c3800bbdb868c5e416c6ae7c0395f658824dd2ffba8f9dc120a1ba219574e3dd5ee2f6584606e6b53ae16fab8683b93e2a4ae567037bf0d5ac39b894d

Download Submit
C:\Users\Admin\AppData\Local\Temp\squD1F1.tmp.exe

Filesize
12.1MB

MD5
b61877751f9a7f27be4529d98c0b5e89

SHA1
003193b77bee6902a6be7b2030483458b23a8381

SHA256
208ecdeba433b3dc1adc0d754458c00606369adcba5e99689f4a9b8fff1f0139

SHA512
8efafef2cb960c16c3d13b72964cebaea47bac3dd4f21b39c2b5d47b131cba623a2c9d9f0c98fe9197b77590f7f996816a6415fce619ff11a189aff688f5f585

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\Realm.dll

Filesize
498KB

MD5
8167192654522662b844e951fb762628

SHA1
ce1a51c9be21131c64f778ed6e5ff77da3f6a167

SHA256
ef201ea3a52677c7813e92ccf510872bcef8b6ade9159c70be0ee7259d61d8d6

SHA512
4442ed02957e21aab1ccaf455ab40e490c7310f76bacce5f0ad461b34d89df912d7b19ee8c352849ef40e3a6cbdf25d266ca8a11c203b11f5fcbe343dcdf9f20

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\System.Collections.Immutable.dll

Filesize
818KB

MD5
823f33ca68b0cf182d185c15b1dd0258

SHA1
f3813bcb5ebc39faddd7f86f1d7d4a2cde9007b0

SHA256
8619b2919ca1824e05cb9dd0aabe3ae7d5d63110bfa7c091ba5e29ff33409eda

SHA512
b694c8aed967d664b1ce26c816013fe5e1b2762719259ca601adefc4ca1bace662ac0a38b0c8eb2a257746d42f025683347847323e6583f97489a0032972ab59

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\System.Collections.dll

Filesize
254KB

MD5
db8ddd9f11721377e576d7ff52dbe502

SHA1
ca478076d45734e9c580c15d78010b2a9ba288ef

SHA256
9ffe74780061a481d4036e06bca04461909ffa0e92dcf3db851c63ef853b1adb

SHA512
10b569a0a583ef2aeaa7ac667f5ef79249d7c6c1dc855b29aad8ce81e8c96eb98772240dbdece341e4eb96bc9c12a4d4d93a8f1fab00eebbb9a5b2184a6bf974

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\System.ObjectModel.dll

Filesize
78KB

MD5
50ea57bb103fd41773e6ddaca81021ff

SHA1
30b3b1e9351edf274d2318973b5a7f80aa0fd470

SHA256
fe605a8520ed5d108464437729cf071bec87672c082c9756ace57c548aba0314

SHA512
1406dc6712e8d64e99fbbbff64e52b0a48c25322fec3397e48c490864d1474c5f25403b48be3200b9a052b15bb6af984928b6997f7f737e784b0906a52b757fe

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\System.Private.CoreLib.dll

Filesize
12.6MB

MD5
e5dc50fae11d0fadb7bb1d2988e75df9

SHA1
896e56c519174ce1c6957f1486bded9ccd71581d

SHA256
9718175ac727eef45231a191f37af3eb0a3781ed5e3dba3018434ebc650b37fe

SHA512
729ffd1c1c36ec7143d64e8496514541db2923f091fc90ec3ff4ef7fa5a1706676c84dff3f88b07a9fe75010d4b0f33f8c2cb5b8b72ca70f907b05d6b0f0ea77

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\System.Runtime.dll

Filesize
42KB

MD5
66acd14993bf44406e808f0fbd4acb88

SHA1
353737d9cc5a43e4bf3e5c1a44f756f81a722aec

SHA256
b9012307b78f788ee4537100d0ae26f1078366ffb587bdefb71c6932b6d32272

SHA512
943552dd2c2506ed82db517693eab1d8f85949979ec6a8d0db94fc1b2eb4fd9b5d83c40e271ea2bdb3c582e7785fc9683badfb15f70df15d12f52f366ea8b7b1

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\clrjit.dll

Filesize
1.7MB

MD5
603cc6cb10febceae1e66c8e192bdbc1

SHA1
f4e2a01b726391c0bef0e8aa3a7b92314d2433af

SHA256
eca6d42e7ecd2fde3693d70f43ce1b978240ff0e53d89743d3d303a068eae6a1

SHA512
6213679063b02101af6306fc08e22e8d2efe3c656c464655107d8bef1d95fec79e8a759ecc029c089df6b72f70fc2940aba11645cb66f2137cf11a1daf3972ad

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\coreclr.dll

Filesize
4.8MB

MD5
0176671030073faf47060265c4815137

SHA1
79d23d9f04def4ba9a9ab6c934e4aa8d66d6e414

SHA256
a60996bbba3b8f6e0b606a085df7c810a1e0e7617370c84d2db82cbe2782e27e

SHA512
f91985115054d456075ad337cadb02db461dff00d631199638a0227736d1cc91bf141f4757f95696c722398049a5db7d69e4f60e1d2760b040c2ded906d9515c

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\hostfxr.dll

Filesize
346KB

MD5
5c25e69433c26cd5283c75a91c146253

SHA1
fa23ffbbff9ff2d1d59cc2f296a41de6e6a10f23

SHA256
42bc1ee3e4cfe97d4c41c763439f76eec2d8e3c7a9f6ffd64b87db9f6f236399

SHA512
07fdfdb36907b28168777019e646b107a3dc337a6046d27b9ccc920fef313163d9ffad56623478e3be086ab7fc051c329a3dc7ad4be672562a3af82950794676

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\hostpolicy.dll

Filesize
389KB

MD5
fe061f4dd327d8cefeaac19dec243403

SHA1
9e27b88afc7a93538424d2043f0f5e2acb922d69

SHA256
6073509520903e07bc9ec0eafce506fa0fe955d207fa93242d29bb5732ad265d

SHA512
7e618d7f286ee961c03659069a50202f504eeb14bb550092f99460122eb50a82ff1a847afdb25dfbc64c7b365ca5f8b66d2845149582a023b3a071ab364d420d

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\netstandard.dll

Filesize
98KB

MD5
39c625f27b87435badf0d95a0814676b

SHA1
2bbb06c2871fafdba47155a507dd4925c4fbb05b

SHA256
fb27f2e82de1c2a27403372bd8c28fccd4adade0077752bd9f865bf52e7e54df

SHA512
e44d6b86adb4dae911df17e65faa11a76599095851cb4fe12da37e1018df912442d452fadbac1f8a79951758634e3eb4f6932337a7e0483f6d4840ba99b0587c

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.deps.json

Filesize
202KB

MD5
5ef8a9f711eb4cd1b1dd3a4e75436f88

SHA1
4ed1d390b63a5071c7643f39dec47e99f78a0ab6

SHA256
8b44393f47fe3d8acc33a29c8a30db673c39a7cffaa23030cac260b2b519e637

SHA512
a0ff5fa402a0e0d875addce1cb9143443ef815a6f6e3ba9ec751dfa7278cc3d26c8a21180c0cd0b82e0cc5b54bf0a9c5cb522c867dd789dd4645f82dfacb32b2

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.dll

Filesize
233KB

MD5
01197e6a0a7941e625bea849f171424a

SHA1
fd188092398ceace816e4df310efdddd2dfd842f

SHA256
c0155e8b0ed0028d974162537b33f0a28fbf36191406c8069a1edc4c8ef12e7b

SHA512
bdebbef074faf4230057b043d6577ea692c068e43685fca73892efef97dca7fe506303bebc619597a14702ebc842ada5055f06a29b90b15cc34c7d010e86d060

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.exe

Filesize
226KB

MD5
af201d5707f222f58225e715e2bfa79c

SHA1
062b628d89ef5a1a276b647ed144bcf237ceed8c

SHA256
126f6af051ad8a39b464ea45896c0bdc64b355ae3196267a1daadb33c899e395

SHA512
dd4da82614f76027ca1a139222ea4aeb9f9cfe83ef7ad00d92e033cf3bacd72a519286edb03b5516f3715de1c85a764898cb41fd9044c4a1dc8891076230adf7

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu!.runtimeconfig.json

Filesize
371B

MD5
b131db8b2f9675ef61d4582ec9a5c37a

SHA1
f69d37f558945c409703ef85c8ef182cf1215ef3

SHA256
897e4b96675b5ba30f93251e6c2a80ad469a274824b379215b7167f8445061be

SHA512
b4caaa5bfaf8c9ef87b04ab08cb48dcbce5e66f77c30d2b3a4810e4bf33d22c26eed90cdea8dc9a0e6422f415d612f1800a090f0520a4960eccb4de494dc9552

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu.Framework.dll

Filesize
3.7MB

MD5
24ea72542d47de84e7037f4f3aa07e25

SHA1
6fbda502e6476829087db82d78fc92e6d3290723

SHA256
447aad6e14d5db64f2b429755133e3b2e1b2d2c9e319a0c565813a066b273df6

SHA512
5785bbcfcf9cfb968a1ad126df0c86371322d089105f16c385d02be47dd34085df149380eac837364643aa825cdf3c0d6b44e8246d26e2b0f29bbcebeefa0b47

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu.Game.Auth.dll

Filesize
211KB

MD5
7f32f9134a1e148a2ba626e5c73ad266

SHA1
90faa738c07bd2901803667d16772eada75af082

SHA256
16df1537437c5e088b450c45aa920dca0872b514ce41030c9ccfc40356cd8083

SHA512
c918073208281c652ae5597df5d0f207fa6423e5bf53fe8888611555c2262eca763ecd8ea07e946a56e55fe305d2449e706a78e2dc235c3a4742e9908dd2730e

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osu.Game.dll

Filesize
4.9MB

MD5
52d8e8bcb96a2b53b2eabc13bf0d7d55

SHA1
b2d75512f349e5e3556ed6a9dae241c5ea388d4d

SHA256
e81793694ad47baa045266e5a48de2099e6ce6966b8c417197699be091d452ce

SHA512
ce419615c500418ae06d41fec13c8f6742a51dc0ce876563fe7a870e88381aa483d5a6cf679eb1e64d8b9f08e9eb502945a87b25fbe859d692be94f61ba22ab1

Download Submit
C:\Users\Admin\AppData\Local\osulazer\app-2024.625.2\osuTK.dll

Filesize
6.1MB

MD5
37f99fb7d03f59a18e408f563fa95cf2

SHA1
e9c871c65d0bfe5b69a8f72e0fbe084a32be7ba6

SHA256
94f66f595124a678648b559640350634bfebc132f4291dd888648521343fceff

SHA512
fd967e53c1d37e10b282f3a76b20fedc90a07ad1589097d93ff965a1c8b04324d948c2e5d0b129c5dd96d1dcd22a99dcc80e1d9426dd045fcfe096f78e2d1f32

Download Submit
C:\Users\Admin\AppData\Local\osulazer\packages\RELEASES

Filesize
84B

MD5
81e6de32d379eafc8f184153b1a849d7

SHA1
20ae0f900a6a7832d925d35560a46a47561c0f6f

SHA256
30f821585d7eaee1252df70099e0fa8a5fa84e8b1a9db09f5375a6a805c6d315

SHA512
9729f0bd75a7f25779a732bf247e6342003448d20e9df5c5b5c8b40d57ed1c40f02a5bd12b2959925cbc4750d4a0f3c23c8088d2f544b5d4a8797d91052bd989

Download Submit
C:\Users\Admin\AppData\Roaming\osu\AuthNative.dll

Filesize
5.7MB

MD5
f8e5a5e057662043afab1882433270dd

SHA1
7b59c691bc49744cdb2a9350f0b06b646861b7e5

SHA256
b4608ecdda36ef14ccc894cbc148eb33585a23a77eda5aecdf3ef280c4676dda

SHA512
23e8d1c37cfa9da7a6a0343f1bcec327cb747cb087ea10ba090ca5e0a918fd00ab7ee7c54e752c011682e8d68840f093541d578763a8c05e45ab5253f83b208a

Download Submit
C:\Users\Admin\AppData\Roaming\osu\files\a\a1\a1556d0801b3a6b175dda32ef546f0ec812b400499f575c44fccbe9c67f9b1e5

Filesize
988B

MD5
27d9765612170a9517f0a5e8b4613f06

SHA1
660d4456ea71bdb48a9ef84cf65cd68d40d05a6e

SHA256
a1556d0801b3a6b175dda32ef546f0ec812b400499f575c44fccbe9c67f9b1e5

SHA512
eda5ae2dc0e123418f0e50a51ea651c10c82aa0620d89bbef47cad1c5ef336b43d19604a6281853cc2603dd0c25d445b0195780897f8606beb768132222fa41f

Download Submit
C:\Users\Admin\AppData\Roaming\osu\logs\1720262760.runtime.log

Filesize
7KB

MD5
060ec6003534aaf3c764afcfdfe0ae17

SHA1
709171ab2fba360ae24614d7d59bf3aa69b31b0e

SHA256
e0ebb6398bdc8780d59395352c70583da5950220656dc7fbc7e8ee441e2f4ef4

SHA512
9e2f832084433a2e4d32fb40620430a40b6a2ff1a7ba34327d30ab3705534523203403daf558916f362f5c1eac6d58b3924c73be255492e8f1c821f7a15a6135

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/3228-1290-0x00007FFE33640000-0x00007FFE33BF7000-memory.dmp

Filesize
5.7MB

Download