a2300c789f080aa75e0f1ae440a0406eae845771895629546157ddc70de5a3ed

Analysis

max time kernel
1800s
max time network
1782s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2023, 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mega.txt
Size

73B
MD5

a90b15fb440d1a8fbf47775ed5124839
SHA1

3a5143426095023501ebc13da680cf453ea21b6e
SHA256

a2300c789f080aa75e0f1ae440a0406eae845771895629546157ddc70de5a3ed
SHA512

6d49fea7e6890c1c6b16405740d06b51fbea9f70daad44f44c6047538b8a7b5da98ddb6f2b59b359cd626db77d8e6ed20fe7248e2b33ace9051ee25810fca0e5

Score

8^/10

evasion persistence pyinstaller upx

Malware Config

Signatures

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
3132	attrib.exe

Executes dropped EXE 7 IoCs

pid	Process
2900	Koko.exe
2956	Koko.exe
4240	Koko.exe
3364	Koko.exe
2896	Koko.exe
2820	Koko.exe
4140	Koko.exe

Loads dropped DLL 64 IoCs

pid	Process
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe
2956	Koko.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000022f75-1590.dat	upx
behavioral2/files/0x0006000000022f75-1591.dat	upx
behavioral2/memory/2956-1594-0x00007FFBD6800000-0x00007FFBD6DE9000-memory.dmp	upx
behavioral2/files/0x0006000000022ee6-1596.dat	upx
behavioral2/files/0x0006000000022ee6-1600.dat	upx
behavioral2/files/0x0006000000022ee4-1605.dat	upx
behavioral2/files/0x0006000000023369-1630.dat	upx
behavioral2/memory/2956-1601-0x00007FFBE9690000-0x00007FFBE96B3000-memory.dmp	upx
behavioral2/files/0x0006000000022ee4-1604.dat	upx
behavioral2/files/0x0006000000022f21-1603.dat	upx
behavioral2/memory/2956-1631-0x00007FFBE9E60000-0x00007FFBE9E79000-memory.dmp	upx
behavioral2/memory/2956-1632-0x00007FFBE6F20000-0x00007FFBE6F4D000-memory.dmp	upx
behavioral2/files/0x0006000000023005-1629.dat	upx
behavioral2/memory/2956-1634-0x00007FFBEFD40000-0x00007FFBEFD4F000-memory.dmp	upx
behavioral2/memory/2956-1633-0x00007FFBD62D0000-0x00007FFBD67F2000-memory.dmp	upx
behavioral2/files/0x0006000000023004-1628.dat	upx
behavioral2/files/0x0006000000022ffa-1627.dat	upx
behavioral2/files/0x0006000000022ee0-1626.dat	upx
behavioral2/memory/2956-1637-0x00007FFBE9E40000-0x00007FFBE9E54000-memory.dmp	upx
behavioral2/memory/2956-1639-0x00007FFBE6B70000-0x00007FFBE6B88000-memory.dmp	upx
behavioral2/memory/2956-1640-0x00007FFBE6060000-0x00007FFBE6093000-memory.dmp	upx
behavioral2/memory/2956-1642-0x00007FFBE9B40000-0x00007FFBE9B4D000-memory.dmp	upx
behavioral2/memory/2956-1643-0x00007FFBE9680000-0x00007FFBE968B000-memory.dmp	upx
behavioral2/memory/2956-1644-0x00007FFBE0520000-0x00007FFBE0546000-memory.dmp	upx
behavioral2/memory/2956-1645-0x00007FFBDA9B0000-0x00007FFBDAACC000-memory.dmp	upx
behavioral2/memory/2956-1647-0x00007FFBE9140000-0x00007FFBE914B000-memory.dmp	upx
behavioral2/memory/2956-1646-0x00007FFBE04E0000-0x00007FFBE0518000-memory.dmp	upx
behavioral2/memory/2956-1648-0x00007FFBE6EC0000-0x00007FFBE6ECC000-memory.dmp	upx
behavioral2/memory/2956-1649-0x00007FFBE6B60000-0x00007FFBE6B6B000-memory.dmp	upx
behavioral2/memory/2956-1641-0x00007FFBDB000000-0x00007FFBDB0CD000-memory.dmp	upx
behavioral2/memory/2956-1651-0x00007FFBE62D0000-0x00007FFBE62DB000-memory.dmp	upx
behavioral2/memory/2956-1652-0x00007FFBE62C0000-0x00007FFBE62CC000-memory.dmp	upx
behavioral2/memory/2956-1653-0x00007FFBE6050000-0x00007FFBE605D000-memory.dmp	upx
behavioral2/memory/2956-1655-0x00007FFBE2C20000-0x00007FFBE2C2B000-memory.dmp	upx
behavioral2/memory/2956-1654-0x00007FFBE6040000-0x00007FFBE604E000-memory.dmp	upx
behavioral2/memory/2956-1656-0x00007FFBE0BE0000-0x00007FFBE0BEB000-memory.dmp	upx
behavioral2/memory/2956-1657-0x00007FFBE0BD0000-0x00007FFBE0BDC000-memory.dmp	upx
behavioral2/memory/2956-1650-0x00007FFBE6B50000-0x00007FFBE6B5C000-memory.dmp	upx
behavioral2/memory/2956-1659-0x00007FFBDBC80000-0x00007FFBDBC8D000-memory.dmp	upx
behavioral2/memory/2956-1660-0x00007FFBDBC60000-0x00007FFBDBC72000-memory.dmp	upx
behavioral2/memory/2956-1662-0x00007FFBDAEA0000-0x00007FFBDAEB4000-memory.dmp	upx
behavioral2/memory/2956-1663-0x00007FFBDA3D0000-0x00007FFBDA3E7000-memory.dmp	upx
behavioral2/memory/2956-1661-0x00007FFBDBC50000-0x00007FFBDBC5C000-memory.dmp	upx
behavioral2/memory/2956-1658-0x00007FFBE0A90000-0x00007FFBE0A9C000-memory.dmp	upx
behavioral2/memory/2956-1638-0x00007FFBE9B70000-0x00007FFBE9B7D000-memory.dmp	upx
behavioral2/files/0x0006000000022edf-1625.dat	upx
behavioral2/memory/2956-1664-0x00007FFBE6ED0000-0x00007FFBE6EE9000-memory.dmp	upx
behavioral2/files/0x0006000000022ede-1624.dat	upx
behavioral2/files/0x0006000000022edd-1623.dat	upx
behavioral2/files/0x0006000000022f4a-1622.dat	upx
behavioral2/files/0x0006000000022f45-1621.dat	upx
behavioral2/files/0x0006000000022f2b-1620.dat	upx
behavioral2/files/0x0006000000022f2a-1619.dat	upx
behavioral2/files/0x0006000000022f29-1618.dat	upx
behavioral2/files/0x0006000000022f28-1617.dat	upx
behavioral2/files/0x0006000000022f27-1616.dat	upx
behavioral2/files/0x0006000000022f26-1615.dat	upx
behavioral2/files/0x0006000000022f25-1614.dat	upx
behavioral2/files/0x0006000000022f24-1613.dat	upx
behavioral2/files/0x0006000000022f23-1612.dat	upx
behavioral2/files/0x0006000000022f22-1611.dat	upx
behavioral2/files/0x0006000000022f20-1610.dat	upx
behavioral2/files/0x0006000000022f19-1609.dat	upx
behavioral2/files/0x0006000000022eea-1607.dat	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\\\Koko.exe"	Koko.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x0008000000022d85-289.dat	pyinstaller
behavioral2/files/0x0008000000022d85-328.dat	pyinstaller
behavioral2/files/0x0008000000022d85-329.dat	pyinstaller
behavioral2/files/0x0008000000022d85-1589.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
3560	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 573656.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
464	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
1012	identity_helper.exe
1012	identity_helper.exe
3268	msedge.exe
3268	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
964	powershell.exe
964	powershell.exe
964	powershell.exe
3860	powershell.exe
3860	powershell.exe
3860	powershell.exe
1432	powershell.exe
1432	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2896	Koko.exe
4140	Koko.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: 33	2444	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2444	AUDIODG.EXE
Token: SeDebugPrivilege	2956	Koko.exe
Token: SeDebugPrivilege	964	powershell.exe
Token: SeDebugPrivilege	3560	taskkill.exe
Token: SeDebugPrivilege	2896	Koko.exe
Token: SeDebugPrivilege	3860	powershell.exe
Token: SeDebugPrivilege	4140	Koko.exe
Token: SeDebugPrivilege	1432	powershell.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2896	Koko.exe
4140	Koko.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 2308	436	msedge.exe	97
PID 436 wrote to memory of 2308	436	msedge.exe	97
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3472	436	msedge.exe	99
PID 436 wrote to memory of 3976	436	msedge.exe	98
PID 436 wrote to memory of 3976	436	msedge.exe	98
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100
PID 436 wrote to memory of 3772	436	msedge.exe	100

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3132	attrib.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\mega.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbda9846f8,0x7ffbda984708,0x7ffbda984718
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18148159806461139723,14218355087007148312,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x48c 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:752

C:\Users\Admin\Downloads\DAG KOKO\Koko.exe
"C:\Users\Admin\Downloads\DAG KOKO\Koko.exe"
1⤵
- Executes dropped EXE
PID:2900
- C:\Users\Admin\Downloads\DAG KOKO\Koko.exe
  "C:\Users\Admin\Downloads\DAG KOKO\Koko.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  PID:2956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:1988
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\\\""
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\\activate.bat
    3⤵
    PID:2880
  - - C:\Windows\system32\attrib.exe
      attrib +s +h .
      4⤵
      Sets file to hidden
      Views/modifies file attributes
      PID:3132
  - - C:\Users\Admin\Koko.exe
      "Koko.exe"
      4⤵
      Executes dropped EXE
      PID:4240
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "Koko.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3560

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\DAG KOKO\logs\executed_at_2023-11-25_16-03-57.log
1⤵
PID:4828

C:\Users\Admin\Downloads\DAG KOKO\Koko.exe
"C:\Users\Admin\Downloads\DAG KOKO\Koko.exe"
1⤵
- Executes dropped EXE
PID:3364
- C:\Users\Admin\Downloads\DAG KOKO\Koko.exe
  "C:\Users\Admin\Downloads\DAG KOKO\Koko.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4040
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\\\""
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3860

C:\Users\Admin\Downloads\DAG KOKO\Koko.exe
"C:\Users\Admin\Downloads\DAG KOKO\Koko.exe"
1⤵
- Executes dropped EXE
PID:2820
- C:\Users\Admin\Downloads\DAG KOKO\Koko.exe
  "C:\Users\Admin\Downloads\DAG KOKO\Koko.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:3052
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\\\""
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
33a17254f2bedc8f81c1cc117e16d309

SHA1
1ab1179f09006d18388ecd3e7c869f988c0cbad7

SHA256
57da2e0bdd145a945d05dbb8eda3210f27304b1c0807dcf7c0d239b280a13ebb

SHA512
de8599c9edca5fc7ed28257691715732cc5b57af89cd4d04dd60dfdedc4d5bcadf8a202c6dda49b757451b865401deffef8da38147541467be4b7b9182cc35c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
42a0c1616cc15cb90b2c3d825fc5c5b8

SHA1
e103516a520714c66a5419323a7f10c628b2fd83

SHA256
72f62721dec15b86d0e8a2a27a5fcafa38a278861b20c16b248e91fd4cdcd827

SHA512
cd5bed4f7b20707f3e86199d6b0ceee045a684dcb50605dbaa16ecc7e8c4075eabec1a45b2ca1354aedf7b1d5b7877a77bf27b246be6105f3c46fcd413001c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
15c79b1f4a2096be8aa1460e3d0ed6bc

SHA1
be7a5fe56faeff1eb908d30ff72435d672d942a9

SHA256
87708f68863731ad96c24dce37ced3e4f2cd75ce9267326bc1e45702b3c3da12

SHA512
0f166e2c1e1b78c5516172f7a625b26cc9719274c5e0ad908c3a74f048e2fbca3690cf69774023fe795e6db67814e3ba88d60dce739e3d6768a592619871aafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9067cc6bb40d58fa610f6b3a655c345

SHA1
8a5e085fb87db7c6c57d1376b8c0dab862947f9f

SHA256
c98e5e473ff25f953f0b29f923a8b99b954cf7022596eb7bf724ea7371423725

SHA512
97208a5e6db24fa98fac883df43969ba782284a5836c24f197edd209dacdb2aa43e81acda8ee474295f7f1b8d90756fd89cfc99c989fa1320d2fc74ecb5ca070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
321aae4f26a56f9e393b85e62e60e62c

SHA1
1f714b2d4302086f3748e2ba5ab207ac24e07576

SHA256
f2adcf4ad673a4175a52cc206b42deb628e1a2d9a8f5c2015a2927e72424d035

SHA512
701d56ad46dac8ceb8b1df8a6576f0bf02729897311cb0a64436d93ab072ae0907cde303d578cb4861c4a86650e5bcbc1d5de65d5143852305bd49614aa10eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7afd282e31305ed4c807f29da8b1a83d

SHA1
f89555929c35dca997c2a153fe17e5b6976905e6

SHA256
2feb1a8aa4000877e47f5df3062f306df95d98351b6a59e02f2a476d70bc6e2c

SHA512
b066a504d3de561878124736235aae1ec25e9c049b960268696afea1306e011aa3120f794572fef79a26971fe2aa460c75cbfbd832bf904a8e48d5625c6dd9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3af46ab584a2296b720f1ef46a9c9b0a

SHA1
ef6520c9794176075a34a64b858079efaf564941

SHA256
2d5eb6bfd7c5464f00cd7b48b209b5bf458efb4def0fca7bd06fba23219d252b

SHA512
7ad262085c8cb87bccff35a35a6e754036313533280251b2b4243f5240d1166099517cd5414f87ee57c25e3ea9aad2152e1950a1f678d3232e00c96a9e828a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
17a6c71845b1e4397ad6a9ef1dd5f3d3

SHA1
4252ff76d0898f0689e5f2277535f038dc2d6e38

SHA256
ac116a3f1e56d9c3551ac2b7a204cd4941a1f6db111f946706e9d9dda9f3d5bb

SHA512
da731c797dd2c5c47a91d8637b5ce48d8e9eb173935caa86436364d67ed171fb800d3c1601dee490102d44f5f43cf39cacfcbe60e9c18ff2461cf7fc144e37d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b973.TMP

Filesize
48B

MD5
a16bd907d7b049d7e55e26a8945eb963

SHA1
1fa007d3db09b9052806320e641b1c0c7118e9ef

SHA256
045ac1286244a90d4ee11b21b39607945fc95821ce17cfcc07da0b5f9f8e55d0

SHA512
eb241788ff76fd793656400379bae38a33e535492846cbe81cb90b9d28fb1c9ea4901260a4d6a00e879d10d11025d1d6d23880a381345ae865b63446238e6436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
375b51b1e05ad25e76560e500f8f1076

SHA1
7d401778e1bbef7e26861c1a37b37e4ae5d9126d

SHA256
ef0581cdfdf22e582cb86cceda9008ab71914e595ab1c1bfe8588bee1e17be3c

SHA512
d27291a109e5eceefdd882379b26fbbfd2d454c3326913d43a16cab1a976b0fffa921b64925927be769f6528dfc07f44e3b17dfd719cea3462e0b3200b9d5d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aca40c4f0dda2687296d51bb43545e2e

SHA1
145ad3b9c2116da00790243758dec2d6275603b2

SHA256
3b1fd73e2293aaf5a271be83e99524416ef82c158709ba0507b79f13d174decf

SHA512
b13c63c59c81451ad1b915e812ced5492ebce76343e88efdfd2da373a3c40a6ed3c64acd46fcacc051e3e1944da425eb9208ac876407288a3dd856fee6b2d08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3bec7dbce0fed235fac9d736d38b9c05

SHA1
6664ceeb781aab93c39d3350bf24366a30d06e76

SHA256
2e13854e47fcced0f18aa06e1150b68eacb79b4d9d75d8951c95349701cfb93e

SHA512
fec7b078ec08ff0efbf599de2e34efa581d3c7e5c07bde20bfeafd2a180b98943dc4e514bc080c4f35936142404e39ee70fca1cb3783142c5a600260d1dacb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c23c0fcd76265d1d0e83da231ee24a2a

SHA1
9428590af2f28225556191bc9751548e0a1f1b59

SHA256
eef1f1f531248594eb2cb3e22570876e49644108024988cb896dc574b68823dc

SHA512
f1b1a5bf23765eda3ca3cfe03a8b86a9392674868420f4a6f4ecb222c692c92b2f5cc8085ba0b6ca3cbdd84fe127a7f1da59f0fc1aef1feacc4554f7c6fcc09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2cdae846c82e8589cd6e6b18320572e

SHA1
78f8b4b134d456ebdec3f12923d170bac364b783

SHA256
9fdf29af5bd0d4c7bafb87f962678671ea9e35adc13dd8555284ff413dfc0343

SHA512
3df1aa787a6b18fd962b10088a594c9b2cf5e7689be301e35e1efcccee03459fd11e70c037303854f0e12febc385ca519036f05d7679414a1f899b55003c73a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\pygame\zlib1.dll

Filesize
52KB

MD5
ee06185c239216ad4c70f74e7c011aa6

SHA1
40e66b92ff38c9b1216511d5b1119fe9da6c2703

SHA256
0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466

SHA512
baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28202\tcl\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\SDL2.dll

Filesize
635KB

MD5
2b13a3f2fc8f9cdb3161374c4bc85f86

SHA1
9039a90804dba7d6abb2bcf3068647ba8cab8901

SHA256
110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6

SHA512
2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\_bz2.pyd

Filesize
48KB

MD5
2ecf2bfa8e418ffa83dbf0a5c4f986a2

SHA1
d30558105d6d855e0bc2bf93e929727c58c7b1f2

SHA256
6d6a617a5fd18877f455e65361ee2c170ef6c7a55739a0b492ede4ba793bab99

SHA512
f0b00a29a5253481ea80ce561e8a20735827698e0526a13e84995d87ea941ece18466310b7f025b8306d730926f303c844bea0c0c4aee7d7ba61ab542686cd57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\_bz2.pyd

Filesize
48KB

MD5
2ecf2bfa8e418ffa83dbf0a5c4f986a2

SHA1
d30558105d6d855e0bc2bf93e929727c58c7b1f2

SHA256
6d6a617a5fd18877f455e65361ee2c170ef6c7a55739a0b492ede4ba793bab99

SHA512
f0b00a29a5253481ea80ce561e8a20735827698e0526a13e84995d87ea941ece18466310b7f025b8306d730926f303c844bea0c0c4aee7d7ba61ab542686cd57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\_ctypes.pyd

Filesize
58KB

MD5
5c4e2bcd420122153c7a0d1d5fa614fa

SHA1
98491798f4ea83b1c975a8ff889ce683cdad69d9

SHA256
03259912e28b3b970544997bae6e81e06b2d98edcbaf8a3e34a4e117f7512884

SHA512
e6e58c8ce7aeb145e42a1f0905e40a027ea6e8f4e0e7a797619c9001358df80078b2e6d882b6d0da9ce4ac28b313ecf85c41d0d0f029cae639465ec94ce53ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\_ctypes.pyd

Filesize
58KB

MD5
5c4e2bcd420122153c7a0d1d5fa614fa

SHA1
98491798f4ea83b1c975a8ff889ce683cdad69d9

SHA256
03259912e28b3b970544997bae6e81e06b2d98edcbaf8a3e34a4e117f7512884

SHA512
e6e58c8ce7aeb145e42a1f0905e40a027ea6e8f4e0e7a797619c9001358df80078b2e6d882b6d0da9ce4ac28b313ecf85c41d0d0f029cae639465ec94ce53ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\_lzma.pyd

Filesize
85KB

MD5
ba61f1e2cf406ec2376c407dc14ff707

SHA1
a70bff0dec7fc23779820531440aed2d6b4b54dd

SHA256
160ef6d47f0db11ba9f0de331421ba08fd0aba9d6466a41bed98129b977836f7

SHA512
26cf809a27e2c21e67bf6e16f7aac270c720c4eb29442edbd3b75dfbfec84d8d5b153f6645f7d88ae94f00d1ca4341dc8a90aea0d0908f47330c0478dad46649

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\_lzma.pyd

Filesize
85KB

MD5
ba61f1e2cf406ec2376c407dc14ff707

SHA1
a70bff0dec7fc23779820531440aed2d6b4b54dd

SHA256
160ef6d47f0db11ba9f0de331421ba08fd0aba9d6466a41bed98129b977836f7

SHA512
26cf809a27e2c21e67bf6e16f7aac270c720c4eb29442edbd3b75dfbfec84d8d5b153f6645f7d88ae94f00d1ca4341dc8a90aea0d0908f47330c0478dad46649

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\base_library.zip

Filesize
1.4MB

MD5
d220b7e359810266fe6885a169448fa0

SHA1
556728b326318b992b0def059eca239eb14ba198

SHA256
ca40732f885379489d75a2dec8eb68a7cce024f7302dd86d63f075e2745a1e7d

SHA512
8f802c2e717b0cb47c3eeea990ffa0214f17d00c79ce65a0c0824a4f095bde9a3d9d85efb38f8f2535e703476cb6f379195565761a0b1d738d045d7bb2c0b542

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\crypto_clipper.json

Filesize
155B

MD5
8bff94a9573315a9d1820d9bb710d97f

SHA1
e69a43d343794524b771d0a07fd4cb263e5464d5

SHA256
3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7

SHA512
d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\freetype.dll

Filesize
292KB

MD5
04a9825dc286549ee3fa29e2b06ca944

SHA1
5bed779bf591752bb7aa9428189ec7f3c1137461

SHA256
50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde

SHA512
0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libcrypto-3.dll

Filesize
1.6MB

MD5
f8076a47c6f0dac4754d2a0186f63884

SHA1
d228339ff131fba16f023ec8fa40c658991eb01f

SHA256
3423134795ab8fce58190ae156d4b5d70053bebe6c9a228bea3281855e5357fa

SHA512
a6d4144cbba4a26edf563806696d312d8a3486122b165aae2c1692defc2828f3ff6bd6a7f24df730ff11c12bc60ac4408f9475c19b543ed1116b0a5d3466300b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libffi-8.dll

Filesize
29KB

MD5
013a0b2653aa0eb6075419217a1ed6bd

SHA1
1b58ff8e160b29a43397499801cf8ab0344371e7

SHA256
e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523

SHA512
0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libjpeg-9.dll

Filesize
108KB

MD5
c22b781bb21bffbea478b76ad6ed1a28

SHA1
66cc6495ba5e531b0fe22731875250c720262db1

SHA256
1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd

SHA512
9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libmodplug-1.dll

Filesize
117KB

MD5
2bb2e7fa60884113f23dcb4fd266c4a6

SHA1
36bbd1e8f7ee1747c7007a3c297d429500183d73

SHA256
9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b

SHA512
1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libogg-0.dll

Filesize
16KB

MD5
0d65168162287df89af79bb9be79f65b

SHA1
3e5af700b8c3e1a558105284ecd21b73b765a6dc

SHA256
2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24

SHA512
69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libopus-0.dll

Filesize
181KB

MD5
3fb9d9e8daa2326aad43a5fc5ddab689

SHA1
55523c665414233863356d14452146a760747165

SHA256
fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491

SHA512
f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libopus-0.x64.dll

Filesize
217KB

MD5
e56f1b8c782d39fd19b5c9ade735b51b

SHA1
3d1dc7e70a655ba9058958a17efabe76953a00b4

SHA256
fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732

SHA512
b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libopusfile-0.dll

Filesize
26KB

MD5
2d5274bea7ef82f6158716d392b1be52

SHA1
ce2ff6e211450352eec7417a195b74fbd736eb24

SHA256
6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5

SHA512
9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libpng16-16.dll

Filesize
98KB

MD5
55009dd953f500022c102cfb3f6a8a6c

SHA1
07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb

SHA256
20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2

SHA512
4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libssl-3.dll

Filesize
223KB

MD5
f4dd15287cd387b289143e65e37ad5ae

SHA1
f37b85d8e24b85eedda5958658cdaa36c4a14651

SHA256
6844483a33468eb919e9a3ef3561c80dd9c4cd3a11ad0961c9c4f2025b0a8dff

SHA512
8583692f19c686cbb58baaf27b4ab464d597025f1ff8596c51ec357e2f71136995b414807a2a84f5409f25a0798cb7c497ddb0018df3a96b75aba39950581a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libtiff-5.dll

Filesize
127KB

MD5
ebad1fa14342d14a6b30e01ebc6d23c1

SHA1
9c4718e98e90f176c57648fa4ed5476f438b80a7

SHA256
4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca

SHA512
91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\libwebp-7.dll

Filesize
192KB

MD5
b0dd211ec05b441767ea7f65a6f87235

SHA1
280f45a676c40bd85ed5541ceb4bafc94d7895f3

SHA256
fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e

SHA512
eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\portmidi.dll

Filesize
18KB

MD5
0df0699727e9d2179f7fd85a61c58bdf

SHA1
82397ee85472c355725955257c0da207fa19bf59

SHA256
97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61

SHA512
196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\pyexpat.pyd

Filesize
87KB

MD5
3b0ad66aa60c312e9fd3db1530c92f44

SHA1
25081b2623cbc3378cd0d0f42e0649617609a008

SHA256
7951b7d87ae79f332b28be3815b47a4775ddaebae5aae1bc69657b76073a0c32

SHA512
3defa7533d36637d084adc0ec593807147cc70c41c63abe89e94d5aadc1c44875a07b95cc7729aca4cbafd6e33dfd55b60ed34bf61b61d3d228fc10348f99022

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\python3.DLL

Filesize
65KB

MD5
d8ba00c1d9fcc7c0abbffb5c214da647

SHA1
5fa9d5700b42a83bfcc125d1c45e0111b9d62035

SHA256
e45452efa356db874f2e5ff08c9cc0fe22528609e5d341f8fb67ba48885ab77d

SHA512
df1b714494856f618a742791eefbf470b2eee07b51d983256e4386ea7d48da5c7b1e896f222ea55a748c9413203886cde3a65ef9e7ea069014fa626f81d79cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\python3.dll

Filesize
65KB

MD5
d8ba00c1d9fcc7c0abbffb5c214da647

SHA1
5fa9d5700b42a83bfcc125d1c45e0111b9d62035

SHA256
e45452efa356db874f2e5ff08c9cc0fe22528609e5d341f8fb67ba48885ab77d

SHA512
df1b714494856f618a742791eefbf470b2eee07b51d983256e4386ea7d48da5c7b1e896f222ea55a748c9413203886cde3a65ef9e7ea069014fa626f81d79cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\python3.dll

Filesize
65KB

MD5
d8ba00c1d9fcc7c0abbffb5c214da647

SHA1
5fa9d5700b42a83bfcc125d1c45e0111b9d62035

SHA256
e45452efa356db874f2e5ff08c9cc0fe22528609e5d341f8fb67ba48885ab77d

SHA512
df1b714494856f618a742791eefbf470b2eee07b51d983256e4386ea7d48da5c7b1e896f222ea55a748c9413203886cde3a65ef9e7ea069014fa626f81d79cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\python311.dll

Filesize
1.6MB

MD5
8ea69ca2292c3af9cdb46dded91bc837

SHA1
72de7df68b2c336720d1528c34f21ff00ed7a2ce

SHA256
3512c3a7ad74af034f51eba397c0e4716f592861ea3030745e8fd4dc8f9bca49

SHA512
fb317bab11c922dc183d834b770e37e382b9cf3ab1ea95e9bca8d73ed1e23cc9ef2b6aea4a20d4637eba34276c81a6eee54b00cb146f825ef554d81387ae4ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\python311.dll

Filesize
1.6MB

MD5
8ea69ca2292c3af9cdb46dded91bc837

SHA1
72de7df68b2c336720d1528c34f21ff00ed7a2ce

SHA256
3512c3a7ad74af034f51eba397c0e4716f592861ea3030745e8fd4dc8f9bca49

SHA512
fb317bab11c922dc183d834b770e37e382b9cf3ab1ea95e9bca8d73ed1e23cc9ef2b6aea4a20d4637eba34276c81a6eee54b00cb146f825ef554d81387ae4ddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\select.pyd

Filesize
25KB

MD5
4cbe2c3f0698a0ef98715ca41e4811e6

SHA1
a72fc29a4578482e194a5826a3bb2d101a48f8ed

SHA256
dd9aec6dbba2efaad82dc4bd951241c729d1753faac361ea24bc2a214a0cb944

SHA512
f74b0079178bddc69eff6612571012c47d2966572ffbaabfe71a8c0e6716d0fa34e4491d4a300904df7146bde58a9d4f2598a7bf14f004764da3cf7bada0cb25

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\sqlite3.dll

Filesize
622KB

MD5
3b9c94a2f9f2fea6d30286f785ff40fe

SHA1
cd1665803bee49c2b82c8c101e2f771ace89df51

SHA256
bc9729f8c778f9f8f1306c6e59ee7b3394d4f4d2a7bb69c2839e5e725f5b6da9

SHA512
cc1392677dd6590fd4425fcf198a29023c3a7e0a08fb7b57197549585c33437140e0253674bc861aee805bc5fb4f4c12bf4424ffa5cfe294f6e024e1685c5cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\tcl86t.dll

Filesize
673KB

MD5
755bec8838059147b46f8e297d05fba2

SHA1
9ff0665cddcf1eb7ff8de015b10cc9fcceb49753

SHA256
744a13c384e136f373f9dc7f7c2eb2536591ec89304e3fa064cac0f0bf135130

SHA512
e61dc700975d28b2257da99b81d135aa7d284c6084877fe81b3cc7b42ac180728f79f4c1663e375680a26f5194ab641c4a40e09f8dbdeb99e1dfa1a57d6f9b34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29002\tk86t.dll

Filesize
620KB

MD5
7d85f7480f2d8389f562723090be1370

SHA1
edfa05dc669a8486977e983173ec61cc5097bbb0

SHA256
aaeda7b65e1e33c74a807109360435a6b63a2994243c437e0cdaa69d2b8c6ac5

SHA512
a886475aeea6c4003dd35e518a0833574742b62cdbbbe5b098a5c0f74e89795ebddac31c4107dae6edee8fc476addaa34253af560d33bed8b9df9192c3e7f084

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33642\cryptography-41.0.5.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33642\pygame\SDL2.dll

Filesize
635KB

MD5
2b13a3f2fc8f9cdb3161374c4bc85f86

SHA1
9039a90804dba7d6abb2bcf3068647ba8cab8901

SHA256
110567f1e5008c6d453732083b568b6a8d8da8077b9cb859f57b550fd3b05fb6

SHA512
2ee8e35624cb8d78baefafd6878c862b510200974bef265a9856e399578610362c7c46121a9f44d7ece6715e68475db6513e96bea3e26cdccbd333b0e14ccfd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33642\pygame\SDL2_image.dll

Filesize
58KB

MD5
25e2a737dcda9b99666da75e945227ea

SHA1
d38e086a6a0bacbce095db79411c50739f3acea4

SHA256
22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c

SHA512
63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33642\pygame\SDL2_mixer.dll

Filesize
124KB

MD5
b7b45f61e3bb00ccd4ca92b2a003e3a3

SHA1
5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc

SHA256
1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095

SHA512
d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI33642\pygame\SDL2_ttf.dll

Filesize
601KB

MD5
eb0ce62f775f8bd6209bde245a8d0b93

SHA1
5a5d039e0c2a9d763bb65082e09f64c8f3696a71

SHA256
74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a

SHA512
34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xpfgd3yo.5dm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\DAG KOKO\Koko.exe

Filesize
79.1MB

MD5
ef5fd774851084ff1f0380d89dff3e9e

SHA1
d8d94d859a75c0b6b0c68676b572065da072f9b0

SHA256
a5296e5dec8db44f151862d0228535f4fa54c5b337393e6231406e3c5a6b0b14

SHA512
392e50e9942a61284c7ed12cd11b8214bb687c86f0fb5538a19bd9be85d15d629c46a9f14542867b8ece4cb4e722a0ca2e7b3f21c715b44274e1012408fc6143

Download Submit
C:\Users\Admin\Downloads\DAG KOKO\Koko.exe

Filesize
79.1MB

MD5
ef5fd774851084ff1f0380d89dff3e9e

SHA1
d8d94d859a75c0b6b0c68676b572065da072f9b0

SHA256
a5296e5dec8db44f151862d0228535f4fa54c5b337393e6231406e3c5a6b0b14

SHA512
392e50e9942a61284c7ed12cd11b8214bb687c86f0fb5538a19bd9be85d15d629c46a9f14542867b8ece4cb4e722a0ca2e7b3f21c715b44274e1012408fc6143

Download Submit
C:\Users\Admin\Downloads\DAG KOKO\Koko.exe

Filesize
79.1MB

MD5
ef5fd774851084ff1f0380d89dff3e9e

SHA1
d8d94d859a75c0b6b0c68676b572065da072f9b0

SHA256
a5296e5dec8db44f151862d0228535f4fa54c5b337393e6231406e3c5a6b0b14

SHA512
392e50e9942a61284c7ed12cd11b8214bb687c86f0fb5538a19bd9be85d15d629c46a9f14542867b8ece4cb4e722a0ca2e7b3f21c715b44274e1012408fc6143

Download Submit
C:\Users\Admin\Downloads\DAG KOKO\logs\executed_at_2023-11-25_16-03-57.log

Filesize
1KB

MD5
153dff94f2fb86b038ad3162bc4dbbb0

SHA1
3618b852ff01347fd2dd510066b738b2a6547059

SHA256
5c909818d974453b80248dadf00865b23324f45e3718b0a3e0889f021bef10e1

SHA512
595b9f4d9c5b6702d81ec7b4335f677ca5ff96834b94d22b3ca369d6afaf026b346253935420bceb9a56d667e3fe56aedf2075bbef4912c1ff885678d7b6808f

Download Submit
C:\Users\Admin\Downloads\Koko.exe

Filesize
79.1MB

MD5
ef5fd774851084ff1f0380d89dff3e9e

SHA1
d8d94d859a75c0b6b0c68676b572065da072f9b0

SHA256
a5296e5dec8db44f151862d0228535f4fa54c5b337393e6231406e3c5a6b0b14

SHA512
392e50e9942a61284c7ed12cd11b8214bb687c86f0fb5538a19bd9be85d15d629c46a9f14542867b8ece4cb4e722a0ca2e7b3f21c715b44274e1012408fc6143

Download Submit
memory/2956-1662-0x00007FFBDAEA0000-0x00007FFBDAEB4000-memory.dmp

Filesize
80KB

Download
memory/2956-1664-0x00007FFBE6ED0000-0x00007FFBE6EE9000-memory.dmp

Filesize
100KB

Download
memory/2956-1638-0x00007FFBE9B70000-0x00007FFBE9B7D000-memory.dmp

Filesize
52KB

Download
memory/2956-1658-0x00007FFBE0A90000-0x00007FFBE0A9C000-memory.dmp

Filesize
48KB

Download
memory/2956-1661-0x00007FFBDBC50000-0x00007FFBDBC5C000-memory.dmp

Filesize
48KB

Download
memory/2956-1663-0x00007FFBDA3D0000-0x00007FFBDA3E7000-memory.dmp

Filesize
92KB

Download
memory/2956-1660-0x00007FFBDBC60000-0x00007FFBDBC72000-memory.dmp

Filesize
72KB

Download
memory/2956-1659-0x00007FFBDBC80000-0x00007FFBDBC8D000-memory.dmp

Filesize
52KB

Download
memory/2956-1650-0x00007FFBE6B50000-0x00007FFBE6B5C000-memory.dmp

Filesize
48KB

Download
memory/2956-1657-0x00007FFBE0BD0000-0x00007FFBE0BDC000-memory.dmp

Filesize
48KB

Download
memory/2956-1656-0x00007FFBE0BE0000-0x00007FFBE0BEB000-memory.dmp

Filesize
44KB

Download
memory/2956-1654-0x00007FFBE6040000-0x00007FFBE604E000-memory.dmp

Filesize
56KB

Download
memory/2956-1655-0x00007FFBE2C20000-0x00007FFBE2C2B000-memory.dmp

Filesize
44KB

Download
memory/2956-1653-0x00007FFBE6050000-0x00007FFBE605D000-memory.dmp

Filesize
52KB

Download
memory/2956-1652-0x00007FFBE62C0000-0x00007FFBE62CC000-memory.dmp

Filesize
48KB

Download
memory/2956-1651-0x00007FFBE62D0000-0x00007FFBE62DB000-memory.dmp

Filesize
44KB

Download
memory/2956-1641-0x00007FFBDB000000-0x00007FFBDB0CD000-memory.dmp

Filesize
820KB

Download
memory/2956-1649-0x00007FFBE6B60000-0x00007FFBE6B6B000-memory.dmp

Filesize
44KB

Download
memory/2956-1648-0x00007FFBE6EC0000-0x00007FFBE6ECC000-memory.dmp

Filesize
48KB

Download
memory/2956-1646-0x00007FFBE04E0000-0x00007FFBE0518000-memory.dmp

Filesize
224KB

Download
memory/2956-1665-0x00007FFBE9570000-0x00007FFBE957B000-memory.dmp

Filesize
44KB

Download
memory/2956-1668-0x00007FFBDAF80000-0x00007FFBDAF95000-memory.dmp

Filesize
84KB

Download
memory/2956-1670-0x00007FFBDA3F0000-0x00007FFBDA412000-memory.dmp

Filesize
136KB

Download
memory/2956-1672-0x00007FFBDA360000-0x00007FFBDA3AA000-memory.dmp

Filesize
296KB

Download
memory/2956-1671-0x00007FFBDA3B0000-0x00007FFBDA3C9000-memory.dmp

Filesize
100KB

Download
memory/2956-1674-0x00007FFBDA320000-0x00007FFBDA33C000-memory.dmp

Filesize
112KB

Download
memory/2956-1673-0x00007FFBDA340000-0x00007FFBDA351000-memory.dmp

Filesize
68KB

Download
memory/2956-1675-0x00007FFBDA2C0000-0x00007FFBDA31D000-memory.dmp

Filesize
372KB

Download
memory/2956-1676-0x00007FFBD6090000-0x00007FFBD609B000-memory.dmp

Filesize
44KB

Download
memory/2956-1677-0x00007FFBD6080000-0x00007FFBD608C000-memory.dmp

Filesize
48KB

Download
memory/2956-1669-0x00007FFBDAF60000-0x00007FFBDAF72000-memory.dmp

Filesize
72KB

Download
memory/2956-1667-0x00007FFBE5DF0000-0x00007FFBE5DFC000-memory.dmp

Filesize
48KB

Download
memory/2956-1666-0x00007FFBE5E00000-0x00007FFBE5E0C000-memory.dmp

Filesize
48KB

Download
memory/2956-1678-0x00007FFBD6070000-0x00007FFBD607B000-memory.dmp

Filesize
44KB

Download
memory/2956-1680-0x00007FFBD6050000-0x00007FFBD605B000-memory.dmp

Filesize
44KB

Download
memory/2956-1679-0x00007FFBD6060000-0x00007FFBD606C000-memory.dmp

Filesize
48KB

Download
memory/2956-1682-0x00007FFBD6020000-0x00007FFBD602E000-memory.dmp

Filesize
56KB

Download
memory/2956-1681-0x00007FFBD6040000-0x00007FFBD604C000-memory.dmp

Filesize
48KB

Download
memory/2956-1684-0x00007FFBD6000000-0x00007FFBD600C000-memory.dmp

Filesize
48KB

Download
memory/2956-1683-0x00007FFBD6010000-0x00007FFBD601C000-memory.dmp

Filesize
48KB

Download
memory/2956-1685-0x00007FFBD5FE0000-0x00007FFBD5FEB000-memory.dmp

Filesize
44KB

Download
memory/2956-1686-0x00007FFBD5FC0000-0x00007FFBD5FCC000-memory.dmp

Filesize
48KB

Download
memory/2956-1687-0x00007FFBD5FB0000-0x00007FFBD5FBD000-memory.dmp

Filesize
52KB

Download
memory/2956-1688-0x00007FFBD5F90000-0x00007FFBD5FA2000-memory.dmp

Filesize
72KB

Download
memory/2956-1690-0x00007FFBD5E80000-0x00007FFBD5F3C000-memory.dmp

Filesize
752KB

Download
memory/2956-1689-0x00007FFBD5F80000-0x00007FFBD5F8C000-memory.dmp

Filesize
48KB

Download
memory/2956-1692-0x00007FFBD6260000-0x00007FFBD628E000-memory.dmp

Filesize
184KB

Download
memory/2956-1693-0x00007FFBD6230000-0x00007FFBD6253000-memory.dmp

Filesize
140KB

Download
memory/2956-1691-0x00007FFBD62A0000-0x00007FFBD62C9000-memory.dmp

Filesize
164KB

Download
memory/2956-1694-0x00007FFBD60B0000-0x00007FFBD6227000-memory.dmp

Filesize
1.5MB

Download
memory/2956-1647-0x00007FFBE9140000-0x00007FFBE914B000-memory.dmp

Filesize
44KB

Download
memory/2956-1812-0x00007FFBD6800000-0x00007FFBD6DE9000-memory.dmp

Filesize
5.9MB

Download
memory/2956-1813-0x00007FFBE9690000-0x00007FFBE96B3000-memory.dmp

Filesize
140KB

Download
memory/2956-1645-0x00007FFBDA9B0000-0x00007FFBDAACC000-memory.dmp

Filesize
1.1MB

Download
memory/2956-1901-0x00007FFBD5E80000-0x00007FFBD5F3C000-memory.dmp

Filesize
752KB

Download
memory/2956-1644-0x00007FFBE0520000-0x00007FFBE0546000-memory.dmp

Filesize
152KB

Download
memory/2956-1643-0x00007FFBE9680000-0x00007FFBE968B000-memory.dmp

Filesize
44KB

Download
memory/2956-1642-0x00007FFBE9B40000-0x00007FFBE9B4D000-memory.dmp

Filesize
52KB

Download
memory/2956-1640-0x00007FFBE6060000-0x00007FFBE6093000-memory.dmp

Filesize
204KB

Download
memory/2956-1639-0x00007FFBE6B70000-0x00007FFBE6B88000-memory.dmp

Filesize
96KB

Download
memory/2956-1637-0x00007FFBE9E40000-0x00007FFBE9E54000-memory.dmp

Filesize
80KB

Download
memory/2956-1633-0x00007FFBD62D0000-0x00007FFBD67F2000-memory.dmp

Filesize
5.1MB

Download
memory/2956-1634-0x00007FFBEFD40000-0x00007FFBEFD4F000-memory.dmp

Filesize
60KB

Download
memory/2956-1632-0x00007FFBE6F20000-0x00007FFBE6F4D000-memory.dmp

Filesize
180KB

Download
memory/2956-1631-0x00007FFBE9E60000-0x00007FFBE9E79000-memory.dmp

Filesize
100KB

Download
memory/2956-1601-0x00007FFBE9690000-0x00007FFBE96B3000-memory.dmp

Filesize
140KB

Download
memory/2956-1594-0x00007FFBD6800000-0x00007FFBD6DE9000-memory.dmp

Filesize
5.9MB

Download