e061199d4b9ed772f1c2e3f3f71fc1697a8d726879643e82e6ee1238c8c2ec5d

Analysis

max time kernel
292s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Osu-Freedom-Hack-main/freedom1.12.dll
Size

1.2MB
MD5

36dea25d49b9dff21acebface8ea2044
SHA1

5bd97162bc98e36c124811c360dbf29c6233405e
SHA256

d960a2eac5e7f1aa04e9f8d0da4eb9bb0b097ca58d0ce83ea1bb8351baf26301
SHA512

64f06db24297e30d7ec91d3cf9ccc33f28eb9041e463933866b09de0d138d964505aa38f32158be5e5491e4aa68d8ae77bccce9c068e5980d2281a24294bccf8
SSDEEP

24576:1iE0l9oS0Cl/9qZPcYJZEiDO3ytIPMunHuGKFufrrH1:YE0l1ZlVsPc06i63aIPZnBX

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	osu!install.exe
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	osu!.exe

Executes dropped EXE 3 IoCs

pid	Process
756	osu!install.exe
3812	osu!.exe
5488	osu!.exe

Loads dropped DLL 9 IoCs

pid	Process
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
65	camo.githubusercontent.com
69	camo.githubusercontent.com
70	camo.githubusercontent.com

Network Service Discovery 1 TTPs 2 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
4968	GameBarPresenceWriter.exe
5956	GameBarPresenceWriter.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
5488	osu!.exe
5488	osu!.exe
5488	osu!.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	osu!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	osu!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	freedom_injector.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	osu!install.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{E69EC5A5-3EFB-4E58-ABE1-ABFB888A1979}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{119F3ACC-AFD9-46F9-B885-D40A7A7B61C8}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{51E7FCD8-47C6-48D4-B2F2-98EE7D6F9E0B}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{36560979-9684-4DB2-8D79-B544F22B2D1C}	svchost.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	osu!.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	osu!.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 359581.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
724	msedge.exe
724	msedge.exe
1068	msedge.exe
1068	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
4372	msedge.exe
4372	msedge.exe
3680	msedge.exe
3680	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
1244	msedge.exe
1244	msedge.exe
5488	osu!.exe
5160	freedom_injector.exe
5160	freedom_injector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	756	osu!install.exe
Token: SeDebugPrivilege	3812	osu!.exe
Token: SeDebugPrivilege	5488	osu!.exe
Token: SeDebugPrivilege	5160	freedom_injector.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1368	OpenWith.exe
3116	OpenWith.exe
2648	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 2352	1068	msedge.exe	86
PID 1068 wrote to memory of 2352	1068	msedge.exe	86
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 1164	1068	msedge.exe	87
PID 1068 wrote to memory of 724	1068	msedge.exe	88
PID 1068 wrote to memory of 724	1068	msedge.exe	88
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89
PID 1068 wrote to memory of 1888	1068	msedge.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Osu-Freedom-Hack-main\freedom1.12.dll,#1
1⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee21a46f8,0x7ffee21a4708,0x7ffee21a4718
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,2749351110943988326,2193239876195039726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1244
- C:\Users\Admin\Downloads\osu!install.exe
  "C:\Users\Admin\Downloads\osu!install.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:756
- - C:\Users\Admin\AppData\Local\osu!\osu!.exe
    "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of AdjustPrivilegeToken
    PID:3812
  - - C:\Users\Admin\AppData\Local\osu!\osu!.exe
      "C:\Users\Admin\AppData\Local\osu!\osu!.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of NtSetInformationThreadHideFromDebugger
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x46c
1⤵
PID:1492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:4968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5620

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:5956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\Downloads\freedom.v0.94.3\freedom_injector.exe
"C:\Users\Admin\Downloads\freedom.v0.94.3\freedom_injector.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
765B

MD5
225be72e4616e0a6c70de6e01f515e89

SHA1
c36bf9d14b4d255aca8ad281913f12ba61855d77

SHA256
c9f64d14c7f5b1d57ef4fd83e1fc2c261662ec51fadb9903b26910ec4bbad522

SHA512
f8ed06455985682525776d9db006b6f98cc3088b241740294b97696f87f525d19aee9445ec5d72352e63a83449e0df76c8cb5f5062b3aff2e05e5a755b827d40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
637B

MD5
d6c6ec838893f19e7fa59e4dd69b6108

SHA1
a1f8c35dd0f1d27a0f17d9e775d83a5da8231672

SHA256
2127032bd2623e85e6435a778a3313cf18a1960349ae755d634a6ec6bb982655

SHA512
2d2a36629c303f6d29cd00c16b9e57e0c872718b8c2ab391dac952aa17bb78a241637b581fd39c7936730ff4d847f08ef1a9fe9038d26594b62090ec00ac3fa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
f827c5a79a9558e70b9b77df835cc180

SHA1
74564e322fac9fe80eae9eef0c10be88d8d7b2f5

SHA256
1115f144e09f96a624f804d4e2ba2826d4e7c20d8d0ab3186d95fd391386b6c1

SHA512
3230d989249e807fe3688683e0028f2c06f7622a7eb6ea58b44756ebef070b097cba1fed75b444e3aa0fd4e3160463b6d28ce2250f6bf467d9889a4efe76b269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB

Filesize
484B

MD5
90b47a00d42b77d6d865ca2bedf0e5fc

SHA1
19259151d4ec225bfe3ae07371e65251714f5088

SHA256
abb66018184802d3a9d2236986252ddbcb34533c98f51135aafb6056a07c2a34

SHA512
3dd7739eed815e2c599c3e0e2543bc4b82661b9d57c956981f11250ea045578e037cb7025a0c16307f7de76a5db6b3ea797f9e5c9ca6503a4a7d4e71d26fcc35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_C99E84AF904BD8598CB3FED576528926

Filesize
488B

MD5
d0ed29e07cbe9eb527c5e01968507cbc

SHA1
a0d9a48fbad201f6f9e5fd6ce22ac2a7e952f989

SHA256
d22892ec0b7b8fae28696cfc1b1ee26862ba424ae68e125c6311d40916d15ba7

SHA512
573d7943bafa8339a1932f80e808830c8db8fbe5cab25381fb8ec9ee24d2d25957fe4c4c19f46ead5e97c252486b0d328ca5ffd3d2a96477f3f9073e4dfb1818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
9c0f4add79c5c3ca345cffbfebc4d80d

SHA1
e4997c8dd6d04664cf46e8aec3d02384718e645a

SHA256
f4cef3f6013ab197084d7a7af0bc8eef212e43ad4064e5a0a52b735c9363c84d

SHA512
715766ea87da1de73533fae6300ff2d628d7edc187162c55e15b4f79ec3aaf58d4b75e3ce98d37b502a147aff30d980099c5bb2aafe1813c716cf2bc9c3b3fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\osu!.exe.log

Filesize
1KB

MD5
d7851eb8e6db261d609ce656b3c44dc6

SHA1
62f1d2b78d143a336fe6779a17b6400f95dadb2a

SHA256
079dc4c2a07c1e17851a6bfc41130e0771c6b8063a2f6dcc807f9b525e1ced72

SHA512
1bb23aba0d00f7bfaee06b0e9fdd9d1d54a454d62308a88cd964728c568c7ec5a91a68817d4b5c93e3e3c5ad4232106af44eb1eee94679aa51396c1872af1037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
5b6eb9202abfde97e3d691a835509902

SHA1
515f8ea6e88d5bde68808f1d14e3571bc04d94e7

SHA256
f9ab282aea02569f9e73aba576cd517a7fefba7d90b935fc571397e710b15dab

SHA512
309f32e918aefdb51c218d57ac37714d90653dbcc4317597c1e3df67a8375b5cd7aed9dec97eeae248b29c03bb46318216a3384971357bfb4dfbc294e7f5f9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
74c0a9aceda2547c4b5554c0425b17ba

SHA1
d5d2355e5919dcf704192787f4b2fbb63b649b0f

SHA256
3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d

SHA512
e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
1024KB

MD5
09c44d7d3fe021b80c0c6983d43e7879

SHA1
62ef901550bb1438f574378cdcce94aaf37249f7

SHA256
3fc829a2ad9ef1ded5449ed209d27c613bb1dfb1226d8512e411594f50a5699e

SHA512
5c2422cb651ca203ab60b8b140fff001fe598835f4f7aa96c72c90680ed89c836a436b86337f9673426635468a7ff26655df2fe0ba3d20ea091e5d57d5e2c431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
73de8b46a54ee076ebf01c6facdb49bb

SHA1
06c8c75e9ce47b4b3ad6275e6894a7622603bfbc

SHA256
17c354d99f496d4237760042cf75b58307564f62c2741bb3aa5cf48dd35acb02

SHA512
7fc0c80919c9da2a957d744972cb0d9f3e8befe7652f52b29faf992aaae772da08f5ef17a0f5b90281a194c3e406ad2317c49aeec3d284aee45e62b391ab445f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c1f6b726b9a63ec6cca90c7e732dcad3

SHA1
f0549e19945857abd5215cfc069a9e441b0e4907

SHA256
0e34f6f1cca7b96860f885283228d50ec376033245ee12760db82b4a9af4a6ae

SHA512
ffc489f06109ca0b494c7cc83c7f68868c4b8b7da9f229ba124404d1e74d6fbddbbe927db142364e88991a06a76ff9cd1881c03f45223a4d81992eb9775b2ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4de40f5e3d7a05c8f7d323c48f142d8c

SHA1
4cab97afe07125106849b25ccad10c446bdc4369

SHA256
affab8ea5260e0d443b3401a49b096cfc67c458571d5441bb6bd85fa39424994

SHA512
a25993a317effee261432fe8396572a76281bde67b5cbdc0cc1671d980a91096f69c43feb54d6e7f982ee44ded20dc470f48c861899a60a2ecfdbc4cccb448c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8b0ce9f099dff48363e03ad60ae712bf

SHA1
fe918c8f8fddf70a4cb0d8ab85569ae31f8f996f

SHA256
f166c2110a9fb54d626cd8b1c7a2862fa73560dc50b944017ef6a59722e44d15

SHA512
91d4ebb942941ba6a20773e46935f7738db5ead5984e1504a2051329c7b3b5e352f2f1366c5ea56634cb9da9899a0ca9ce05ba82ca0f78a146c028d6ea8d6193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
793B

MD5
fd77972b98a025e32e048f6dfb14cba9

SHA1
2334075c6704d0d72e8836e2d338164f900b287b

SHA256
6dfe95000ad12d0c6159171d160122f1d45030c1c61ed03aa686d2fb04453482

SHA512
454ef1d1973638af4b8bf4e43721b2a5bb725a8a808d87d6652da671dee2a982ebd6bda5c75c8903937297b9774b4a1b5473f25a62146e05162de37e4e8dc249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c3662161b779f73cc6644186903519a3

SHA1
20896d34f5b6c77eb28c1f3f544255bfa09fddd4

SHA256
d06ea37265a3ecb3e63ff286bf74222927c4ecb31f58ce7f52d64622c31a6e27

SHA512
63351450e4048d6f04bfdd4ea75af9c9af0769ca2bdc6e8eaefd019fb9dc664756b35ed29e20c676b2b97e22233bffb6427da7bdcc888c778850a396422f7bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0bac1451f336764585ba5c61e4c06e7

SHA1
974f8d9e8e599bf5d07d05fb0efd57243914a2f5

SHA256
ff759c8246ada1fd753e491664be2aae9f6f9073d95bd9e0d8cb3ed6f9b8c087

SHA512
71c63839aafbc8354c40742a5560da8b3b14f50542cd6c5c98a7a4d54f514e163b2bea759c235e600ae289b490fe59cd1b075e051e4f72999da366d4aa780084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12b9c7d089b00693fcfc0c0cdc955841

SHA1
414db6fb8e18fd6c4629514f9d83f6009f6c7074

SHA256
f1ff2ba8930e4d32148d5d0b136b3525f2562f6d471a37477842702cb9b1dc42

SHA512
a2559fecf882501ca02464764de1c7822d9a455b0092a8d17860a9b944dffaa7a9bc36512416a38c6d9c7ad7777e542f639fe19fd5ce25aa929a12fa8aa0606f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84e1aaec8efc5af6b9477652beedae90

SHA1
c59380fb9cf34d4ccf7bb5baa16cf8b72ada17ad

SHA256
468d9455537a092eef83272e1ed682a7551eaf00a04d16c48a0b7cd7036b11b7

SHA512
9719355c0a2eeb21fd6074c728433ec149ee4aba8278d998287b1916e4ac8ff8cae33e2ee2e99b153c547d11bbdf3ad0f53e95d63ddc9d2dabb9094a8d7c1a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19daa395de5baa60280ca78876d74bbd

SHA1
3615400489d8bc3db89329696768c6fc67c0cd52

SHA256
6db6d569bfcb5d9f0eea53379dc843554458f6c67d05119682285709c8671a02

SHA512
e285269a38a2f07de93eed40a9618818b991c3653e1b8125df4e9d17a8be3408c352c401b38e3eb6f67292eddc7952cecbcf67744c7b4f33e62961890b99c2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fa2fca22dd5dbc451d14a762aa6bb56

SHA1
d9f8e2fe1755eddfd877be2f9a0977cc6b4327eb

SHA256
185a02b7b0a4b89b6444b78f1f37b42d22ee66bc1f0961df9147d2aae03c69fd

SHA512
37a89d936b0e24e5f1741f1101eb5adf0fbe1db63a576d206bdca064243ed0cb1ecf358e5a6d81c20383bcc6d3383c83e74033b1097078e8a64dc82e372192c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
433d0947159512ae1c209e7a02a7dfbb

SHA1
19c1123fd34cb95c06af31407a543ede1eb1c1d1

SHA256
002aba5ec604f1c0e0c4a656b9c9a1754c7c2a43e0c55fc7cf5d59d3ff90f6a1

SHA512
4c04051903b59fa20e9c0b5dcbc23876731f667d666117c64b6275f2cde819448091ebb40509f3965d182c41d61ef5240574108cb7544ecf3bb5c8395ade83f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a522f945ee1cd9852e479d9e494f3334

SHA1
4fbf01120fd3875c4e6e31629f082258c3e20b77

SHA256
5f7ddf13555a441c307a86d09617e41f80d1b6136761ff2e82efab6f5a96972d

SHA512
27fdb478c841af1b8a79a8ef5c5703eccbc097e7694784192d8f09ef6f6c9c10e1bacfbc65e20966088cd9cc79f5282e499d4e8cc56a480cb910d59c50681886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a96ce98de3e124435c9cadfeadbe301

SHA1
42c783fa1ad7292fda457805393903e76c96fccd

SHA256
17a3e9c9cb14587814cba357b20fdeedaea20539e1246f65643361ad1f76565e

SHA512
dfd03111c05df54d7ae84827def903b638b9169f361591cb06014faf244f229fabafc15f29da0113f98fa39788f6145ec0ee813b29aba80378daa8572f64eb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b08d93487cf3b7ac24dec5c113484ded

SHA1
7969cdd0824f48e0a16676951d8b09778985da73

SHA256
f8e902bc137241dbd770cc567e11f5b4c267ef035c0e58d1051a0982aaf5c7ed

SHA512
ec1eb9621b0e459e334e663b76f90d1ef18c9b32441848df394257eb9fb1c2f9e8101010d3b0fa95b4aaa6d912e9afdfcd2c808816d8cc78d2cd702977dfc1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
033dcbf7a7559a68a327ad5271c2a05b

SHA1
b3c66dadac4be814dccdaf906a698dd93d942fcb

SHA256
48010629b028696cb27a82252d24f79b7bd8d1568a4e5d32bcce43b250857eee

SHA512
5984aded4d280749ecfeb2b45d114854af994ea4f4985d981f8d67c84b53fe60365c7cde3d5f56376937163d755d9ad1e2a2aff8b19b56104011209ec9b24f53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94212ae9763281cde633d9ffdcf76eb8

SHA1
5c1b243f14f9bf84880ca4f5882cde29aa453f00

SHA256
c651bde57b037cd7463fd6717d7e869ad8fd70dac0d1ea9079fe9d88ddf8f848

SHA512
0cb6e69af38beeec660992119fd23eb8dbb5c82b11e9db92256188dc15879584f3205a696413a5f48ecc4698e8630b1b99520164cb345e6449c69232566a86a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586d8a.TMP

Filesize
538B

MD5
57a81bfea6e985ff17b1497d93b0d654

SHA1
fae659eb2dc967724d9a73fdb1d535ee0f68e4bc

SHA256
f917b5a0355df886afc934738161dc91d2284043ef4072223930419f379be676

SHA512
e3bbc4a38eb9a1a180782fe0eadf589f535c41a3fc31b54813d014152c662e58720841996c3ac5c2244925249ca962fd54f555e329ff537720f071e8dca0ce69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
388670ebc39043bbdfad60703690d48f

SHA1
e35217fd69cb980f82442963f743eb8d73f4a184

SHA256
f956335f0c440fac7faec828692a9469e7005f935b4bd2484ae8568e66d1ccb8

SHA512
bd6e47d2af0fe030927903bbd4b926f7bd802f953497b169bb0501bd41c9efbb79d55315d889f4e79e095631e4e18f2dddb3357917aa09edd5f6fc97061b5ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b98ad6783d7c76f460bde270471a69b6

SHA1
1b542d85d03530f9e99198904b4cefc18455d9e6

SHA256
23b7ad9d35db7f323cd4928107681c73c3942096a8a0d4536fef01efeaafc346

SHA512
4b981ac6860fa344da08ae743151b88298fecd2e5f02555a209d339977e4cfc13cca3a021fd16a8d06f79e1fabc95570787c82e32610e4a412287e5151749c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f5bc6b05618922585233fe96e05fb731

SHA1
b69685affaf4965767fd7b5ac268509732212d8e

SHA256
7bf99a74659a7503739fba57b9338d08e3843d8da9c351606eab2419fcd144c1

SHA512
13788ab6b3acde4f85371375a0b9c729f6ec29c6bbc74b3dc321f8cb1654e27bb6b1c50f384ba19b4c9113a9cae56fe070c60e4547ebde22404747aea0950f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1a3ae8d09ad36357a460c8c462175dc5

SHA1
a853f56506fff3351aff4dacfaded85ffd9a2b6b

SHA256
a65cb80f87a3830aba56d469e68f5a541da8313ca17747ea3b0fb772515fed7f

SHA512
f007e8be46a0374a9fcd3c86051463b154eeb2cde862770e4ff05373e3d478d743d2961c6c39e049c48e3a889df975027dd83a758b0dc30e2c8e2418e6bbbeee

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
370B

MD5
e52daefbb8680040469f4cad5e509011

SHA1
5e6e6be974dbc7fb74efa8616568ed49d9136595

SHA256
977902a3023f2262a238a43ebd94d2158d730f3890982157dfae51622add896b

SHA512
94dd6db0ac2d51d8a66bb41da1730155f1f1cb30d004898c8637c11045f8a5e40ea79f2ba3d9f4786e805485fb61bc241aa8c58ee22470831b21b1746e577122

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
1KB

MD5
00380aac3253030e05973e248270968d

SHA1
2b18545890fbb85671497b56eb57f4b9dd72156b

SHA256
80cb1ab25edd4323ee966bb17b7390144b74393bec489b68fe5d23be01f6ba73

SHA512
64cb932147b33907a67f904f3bdebecbce2b869f4e470633f7287aa7435e01ec95c6689670892d6d5c3243448856f424dfbd3633dfff5b6212971d04e20d376e

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
3KB

MD5
752e21556dc1b3149faf12702361c3fd

SHA1
376d3d7bbce7f01f86fd90a0d4a3bf9dc48ab078

SHA256
95060a27d3540362596b05092f90e51c462c93856f923302cbcc23a761c1145b

SHA512
66330dbfd483be779361485ebc08f09275b563ce2f74bf01d2e92abb050bfb0a8f28d0a986cf53c645d53f4cec9f763e16ac0b60698da56ebb9b744455ffd301

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
4KB

MD5
69da009a3867b47abb2cc8adc1f2d74b

SHA1
1753055c1819346403aa33d819d33fd667d7ea98

SHA256
d8a6c448faa28058eeaddd58b656e4e4080828efa29c0164ee532aadb4fc9e65

SHA512
ace42b8c2fffbfe29bb52ed97e6dc34b54159ff2d91ff970036ac074be0b68de30c0c43f796812efcb41a8f0bd1e437c89c1dcdd5ab858fcefebf637cfb855b2

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
325B

MD5
697676c488969f18445b630e68dcc5eb

SHA1
26d8fe020dadb6f616ce5c389a0959dbd3ab792f

SHA256
f4edd48060811af901c93948f0b3028e455251d2e7c534165092d2731819907b

SHA512
06dc9c47b7f0ecbd724936f612e0df8032c9cb5cf3bef567a30a680f4e9df35faec3bcb4ab5d3481d2de0da05d1245082421adccc6e02bf43bd9220275765539

Download Submit
C:\Users\Admin\AppData\Local\osu!\Logs\update.log

Filesize
583B

MD5
e02cba3357b1ba247a727084bc7575cb

SHA1
1dba3ee0daa115cf257924cb95a8be5dbfe80065

SHA256
a3e39359c835eb19b96e30b39029e2fab469a193733ba04b36355d2981cc306e

SHA512
d04d20c14a73f555955a696fd92265c7d9925ae9b4a154e05ea23576a9e71fd78562c2ed49b73a801d40e5922b046f338fed2d97e7a8e8598497c9ae7d256b13

Download Submit
C:\Users\Admin\AppData\Local\osu!\Microsoft.Ink.dll

Filesize
456KB

MD5
82d4ee89f4a39c764fa6297a95ebb10e

SHA1
87b1f581ad017bf62604d8071a23fde8b81550e1

SHA256
1081255de41aafd51bc8f4e4404ef02209e59625ae65fa926657df5690716c5d

SHA512
904fd99f7d5951a23af202fceeade044b6d4f40c75db09d0237618ff80b90934ca4ad3210751f6e5bcad71b3a4131e24d420e94292bcfb7acbc3490ebc844382

Download Submit
C:\Users\Admin\AppData\Local\osu!\OpenTK.dll

Filesize
4.2MB

MD5
b4d949571134fc3ec6c28f1af7a75e49

SHA1
07eb5685ff4f19ff8ed466c68c2426e2ead69241

SHA256
b415f3e061d9758316074dcbf31d6dba48cb0b89405254db94ead0e43ed88511

SHA512
7abb1128d4f9312ec714f7d3f4e1d1ce12a6f93235d6382cf25c39dae0d7d88b5ad5141f512659c33cf57a762e14711b6b690b33da7d16c7d7be35c8b292131b

Download Submit
C:\Users\Admin\AppData\Local\osu!\_pending\d3dcompiler_47.dll

Filesize
3.3MB

MD5
c5b362bce86bb0ad3149c4540201331d

SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd

SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f

SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd

Download Submit
C:\Users\Admin\AppData\Local\osu!\avcodec-51.dll

Filesize
4.2MB

MD5
b66478cc0f9ec50810489a039ced642b

SHA1
992ede70f0fee5cb323b4b810cc960bf2531875e

SHA256
e512fe71775f767285cfb3310d8f1ac042639ab3d1a02ca3675b82cfd3cbc702

SHA512
ed07e71fd6bc2bd9f2ada8b8d6aa80662d6ffadce7d692f078e9ccd8ada2ba47b0e25967809f567fb93ffc96271037f010a0038bb78301812a75e30eee9b2645

Download Submit
C:\Users\Admin\AppData\Local\osu!\avformat-52.dll

Filesize
711KB

MD5
c00b30289cc427caff97af5aa3d43e03

SHA1
8e70885a62b0fe510422c2367b1f6de489b67e6c

SHA256
b155e2bfce3adbbc45d01ec991160ab4fab7e8d33a0ab835463da860d3693867

SHA512
3a70161a5adaba0101f2d2ca1522b1e71d04079ad15cc87a030b00c14b45df9545d5cba55101e25d9bd101769edb87a8e4d893125780e86fa2551290ab720860

Download Submit
C:\Users\Admin\AppData\Local\osu!\avutil-49.dll

Filesize
77KB

MD5
47c83b958951331ba409d6b80316250c

SHA1
ce14566676a27a0899079781a41888a2f1303127

SHA256
e51523f179a8ab8101eaa3e587c5e1dfe6c19636ecfa582896833f06d2e79064

SHA512
58408238279126e2b478a2f7cda513e5b5908140cc615f271e2baea7a2fe59046f51040406adb86194cc168ff4bc9ea2ca92834b9d90116f9ceb2384a4325896

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass.dll

Filesize
125KB

MD5
7623474a8b9bec1e3ffca813cdf93bc3

SHA1
4a1c0ecf8cbed18d0472136a7096ee8c3c2fa774

SHA256
67766e574baa86eb8317623acc2957e8e28944bb801a8c10a0fa9d29fdb4cfd3

SHA512
b7e7205e48eade918d63b483fb500867cc8196496fe9136f0177481d654a67af8319b6823fb04787e4bd6ee46c031c2b6fea57f0bf12b8a58cf8e0003834bd7b

Download Submit
C:\Users\Admin\AppData\Local\osu!\bass_fx.dll

Filesize
50KB

MD5
3ad3c0fd4dca001a2f9e707b74544919

SHA1
c6176415ecd3e8f38f976e4234325452fe1fd2a0

SHA256
81111a1cb6f8f362cf232e21098c563fe1409160300f2a254f2a1762e5d4db04

SHA512
436dac92e4a60dfc02c8c7a7ae496df7199c3fd15ef668bff2565f428f25be9c3ae1d0e120d64767eda1a9d4afa2e8bfeb6d047745440c3fce854080c44f42c5

Download Submit
C:\Users\Admin\AppData\Local\osu!\libEGL.dll

Filesize
146KB

MD5
9f7f22cef980ec272a9b73bf317500e4

SHA1
ae11d7cdfa84a242e31efd6f03b0ef764d5f900c

SHA256
041a631d114e45a11c43efe3b7712a10ce8052cf4b313c7f4577a5b9adb78072

SHA512
19e432313c1e28fc076fb9e9c3884c3c97cc2d05b6d1aecf429180a6f5cc407734fe758bcc63936d5fe7ef8ac01abdf5ec4b17bb08b26c5cc87c560f4b89c5bc

Download Submit
C:\Users\Admin\AppData\Local\osu!\libGLESv2.dll

Filesize
3.2MB

MD5
a4dfddff62d1e917ebb0688cf8d96be7

SHA1
9376bfa069a72da76733cc72cf90386920815142

SHA256
cbfc536b80405da7b5c37c97fceaf2310daf58d78c806140367b8f513352342f

SHA512
97de24a94f7aaaf3035853c0eb93f44c5c2cdfad99b563fef225d9f2b6f4fa3fe8f89850895d286322191cf8b372aa87da6620796cd32fe368f75b6722b556c3

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!auth.dll

Filesize
8.8MB

MD5
f9e1525b6d2c8fb6e44285deadd64004

SHA1
97f0e3f5dd07a83187a9cf9d0ffd07f5dde6499e

SHA256
b0aadf1648671477549653df4c2f82983d4f568a9bca74abf9adfebc50685338

SHA512
f194943f86b2e36c214c2a7e34b27e8182814c8f42b4b5b74df30e270983052819795ab1282c2e15b530c9e2d0fd3c2e23ef4dec2c1aae6b2cf0c910088c89ed

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!gameplay.dll

Filesize
30.4MB

MD5
4cb98d63f1b2b9dc38e10e9901ec52d8

SHA1
42c0e8b8e5c7a4113e38a977221f845ef8406722

SHA256
ba3467a8db908d81a0729f78fdc5c8f1d1595d3da4e5a9a34be9a16e06da9f87

SHA512
d351b9ff851490187b003c675047b6a20a2519df3818bcd18a674d6edab1d211c9661acc98403b562ff3268576ea203b4e0f10e962467b9849b72431c92735a4

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!seasonal.dll

Filesize
2.8MB

MD5
20082752d6c5fae8d08071aaf242b739

SHA1
70e8c7499507e8275c2ac06c372bde3b84f4c763

SHA256
1fae9cd8610a6d666c9b42d91440b493a257adab2126dd7c77f5d5098d678b8b

SHA512
6d9778f29ab522e45cee8a3d5aad6f4e65606675479cdf782844f5d162e13a8d42837ffe6d7533d8a29c71f10ce648cd2f859db55e7f8d00a4638ebea0b8ba46

Download Submit
C:\Users\Admin\AppData\Local\osu!\osu!ui.dll

Filesize
24.6MB

MD5
72fd66c4ce090346c113b72990eb7d86

SHA1
038c06b41cee82578f5b6a0b0298570bc8969e8d

SHA256
c382d8319f5ccf7faa6517bfa53a052ebb7d8d16f335d5925ae777270c93e50d

SHA512
9973f0a33aa3e085ff5bdba469859cf5b6df7c8d60927e229c2cea2648e8ce0c7a4ea96f9861735e2bff8d2207dee55fdbc90f3534d50d009559391d9ff7f2ec

Download Submit
C:\Users\Admin\AppData\Local\osu!\pthreadGC2.dll

Filesize
75KB

MD5
00678eb6be3b52d562b66218c93e21a8

SHA1
ba583d1520da22f3d3b89196c981279ecda58648

SHA256
b18c8437663002e4a4f06c4c1b7bec71fe13e5e6bbb927c68a273de02a5c690f

SHA512
58d9ffa0f569ba7b1aaea62b49f5bfa18bf23c54d2487eb9e4da984469236c2d4baabeeeac7e4b71d66b8c30f7fff4890fee5ee25e00369fc4afce053cbeb048

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 234767.crdownload

Filesize
507KB

MD5
2b49f6b23abf94845925fed00a57d515

SHA1
4d3212fc74d5fb13f83f4d990c47165e70e4dc65

SHA256
0db433e95fedaa65bf599771a91a55ad495c78bc00e81201e937429fd98559aa

SHA512
65b7d809096becf1ccab3e62f3cce6b41ebec651fc60a0928f3e7b9045da1d844bd059e1a18ed0863eb4b2bcdfa8ac8b201758a33a3cc4ef150c3025e15a9e1b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 359581.crdownload

Filesize
4.3MB

MD5
fc0734a7348f6e2979d3044a9a75e359

SHA1
ba7ebc472f8a7dae824c13a5e39f11e54d0f83b9

SHA256
a4b1a450cada1b25b74b8decfb92f77c64a04f0b4ec8ddaf1a3c0f962a364c0a

SHA512
9c6e2baa2a291ccd1e2787d10df50f1789f7f8976c707908448eb60fbeacfb00c90d2d390b7ad73c176daf510c3a6bb93f9a960ad61c60f899e74db4963a054f

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/756-1251-0x00000000009F0000-0x0000000000E3C000-memory.dmp

Filesize
4.3MB

Download
memory/756-1261-0x0000000006A60000-0x0000000006A6A000-memory.dmp

Filesize
40KB

Download
memory/756-1252-0x0000000005C90000-0x0000000006234000-memory.dmp

Filesize
5.6MB

Download
memory/756-1253-0x0000000005780000-0x0000000005812000-memory.dmp

Filesize
584KB

Download
memory/756-1260-0x0000000006540000-0x000000000657C000-memory.dmp

Filesize
240KB

Download
memory/3812-1309-0x000000000A180000-0x000000000A6AC000-memory.dmp

Filesize
5.2MB

Download
memory/3812-1333-0x00000000073E0000-0x0000000007402000-memory.dmp

Filesize
136KB

Download
memory/3812-1334-0x000000000AAB0000-0x000000000AE04000-memory.dmp

Filesize
3.3MB

Download
memory/5488-1621-0x0000000006BA0000-0x0000000006BF6000-memory.dmp

Filesize
344KB

Download
memory/5488-1631-0x0000000070A50000-0x0000000071315000-memory.dmp

Filesize
8.8MB

Download
memory/5488-1630-0x000000000ED50000-0x000000000F17C000-memory.dmp

Filesize
4.2MB

Download
memory/5488-1632-0x000000000C470000-0x000000000C600000-memory.dmp

Filesize
1.6MB

Download
memory/5488-1635-0x0000000008770000-0x0000000008AC4000-memory.dmp

Filesize
3.3MB

Download
memory/5488-1634-0x00000000086C0000-0x0000000008734000-memory.dmp

Filesize
464KB

Download
memory/5488-1644-0x0000000007090000-0x000000000709A000-memory.dmp

Filesize
40KB

Download
memory/5488-1645-0x000000006F830000-0x000000006F887000-memory.dmp

Filesize
348KB

Download
memory/5488-1648-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5488-1661-0x0000000075280000-0x0000000075A30000-memory.dmp

Filesize
7.7MB

Download
memory/5488-1664-0x0000000009CA0000-0x0000000009D5E000-memory.dmp

Filesize
760KB

Download
memory/5488-1666-0x0000000009CA0000-0x0000000009D5E000-memory.dmp

Filesize
760KB

Download
memory/5488-1665-0x0000000009AE0000-0x0000000009AE1000-memory.dmp

Filesize
4KB

Download
memory/5488-1669-0x0000000009CA0000-0x0000000009D5E000-memory.dmp

Filesize
760KB

Download
memory/5488-1673-0x0000000009CA0000-0x0000000009D5E000-memory.dmp

Filesize
760KB

Download