90bcb8b307d5e864a0ab128c6f3b30e0a9b59a921fde5c285a92f6d5610aa729

Analysis

max time kernel
129s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe
Size

206KB
MD5

bab845f7d6b205028d3c153fa40146f6
SHA1

c23801c8eab1dc9a6991462c5c42c21fef9d707e
SHA256

90bcb8b307d5e864a0ab128c6f3b30e0a9b59a921fde5c285a92f6d5610aa729
SHA512

9f46ccd4a6b0f8b34c4fe37c9e10e50c4dad1c206075b16fe816ce732badeaa6b450cfe6c54b4a564512f2f333495b69d811b966d424bbfa1b86410743f1124d
SSDEEP

3072:iA/yzn2myhzoR73ax4ss38hw5Y+J1uDtf:iJnryk3I4s1halXuF

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Control Panel\International\Geo\Nation	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "137"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "527"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{32941BEC-611A-11EF-B1C5-D6586EC96307} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "60"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "1064"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31126823"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "977"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000068fd66d6220e584abe447a4e1268eb5100000000020000000000106600000001000020000000f8f38c0448ebbe6b13a5802d0c494653925105aded2bb2cdd0fc5d969ee400ce000000000e800000000200002000000071066ab845161dcdd0494369d715fb31d4f3785ba35e60a1e549762a914171a62000000094f6cbf2b654cb90a4a14071eb473ae6709dbf2851c88669b07ab458517c2a614000000031af583926800105bcd5e1df5b10e6132da1ebb76c03bd48219be70af8fb2cf302e5fd2ccec531726232103f73918435fd3a8065deb240e605732e21faada7e4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "274"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "640"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "898"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "117251535"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "405"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "60"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "640"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "940"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "1064"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1017"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31126823"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9088530927f5da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "413"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "977"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "898"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31126823"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "462"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "462"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "898"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "117251535"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "118658361"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431160037"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "274"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "379"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "527"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "1100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1064"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\ = "413"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "1017"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "118658361"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\beings.com\Total = "940"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1128	iexplore.exe
1128	iexplore.exe
4048	IEXPLORE.EXE
4048	IEXPLORE.EXE
4048	IEXPLORE.EXE
4048	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 1860	4768	bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe	84
PID 4768 wrote to memory of 1860	4768	bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe	84
PID 4768 wrote to memory of 1860	4768	bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe	84
PID 1860 wrote to memory of 1128	1860	cmd.exe	87
PID 1860 wrote to memory of 1128	1860	cmd.exe	87
PID 1128 wrote to memory of 4048	1128	iexplore.exe	91
PID 1128 wrote to memory of 4048	1128	iexplore.exe	91
PID 1128 wrote to memory of 4048	1128	iexplore.exe	91

C:\Users\Admin\AppData\Local\Temp\bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~7BB8.bat "C:\Users\Admin\AppData\Local\Temp\bab845f7d6b205028d3c153fa40146f6_JaffaCakes118.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://beam.to/MPSing
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1128
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:17410 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N0HMDG41\beings[1].xml

Filesize
639B

MD5
f418d238dab8c5cb5cbd1d4e94bbcb85

SHA1
7f17229a863cf552f1c1aea4effcb06b5f528389

SHA256
42a5cf53d8c4c8c73b2751486ab6ec9168f5c14ee39b4cd6a3086acfc28b0a1e

SHA512
ee14a911ee2064c69d686119a3d65dec807ef3b4c08ae0d4e08dde270206483c29170111c8e665a005f4d11e299397ff05670bbc4b718051c363e231e1966f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\N0HMDG41\beings[1].xml

Filesize
841B

MD5
c66a7c0f2829e790d761754a186e53f4

SHA1
fefd6f154b8601314ab9d452e08560add8c869bc

SHA256
b4ba2aad2ccd985a3d1f0511e08da2ecf44cba3deff3f67ffa4df8270030f6f0

SHA512
dbfa677ec35cda0923a6f1d81a02035486336fc7b42b6cd77772a0e4c8bc1b4bb1348a4df1799e3029d46b7f9e96dc450b6e72d71151675b06eac07c7fb74311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verF443.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3HDB1LPD\js[1].js

Filesize
313KB

MD5
47da61350db53932b515606fbd5007c9

SHA1
935b152be214b23bdd4f9e4f6e800783174c727d

SHA256
f423ffcd33e155baee8250350746858b44f680a15a8869386be1b638e9d9d27b

SHA512
5fe92e627d58890fe32d15f82cf1b4aa33b5dc2f8a7685da77ef8e6179380fbe1ea6dfb26989465b88e0789ca0946b32026f8c766a0d4cb6198af8a42209fa27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5JGBC19U\js[3].js

Filesize
339KB

MD5
aa179f959ad3fd7731c30305b42d0243

SHA1
fb9c61289b8cb77db618c948b0b7aa3928a7f0ec

SHA256
76fae83d3816eeda2dfcfee8f921166481fa650c5d847b4b037e188f8d978bb9

SHA512
06326932eaea2a73651e1bf0eb262bc8c136990cb8c7933a5a9f01e263820e25b076fccb3e3df0ffbe2b78aaf84a83fcfce0a8c45887218c9a74ab2884606f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFM58U6K\Beings-Logo-Blue-Favicon[1].svg

Filesize
1KB

MD5
a5bf7d81d5184a9e784337f7976d9931

SHA1
72f7cebf8113ca4d440fb78824b56de9b4b7dfd4

SHA256
84a87c1f6f1351732f7ca715c18b5d7a10934d7f892036029dfba1b8234c69b8

SHA512
32664f6b7c22c5ffe389f4e26b2e2b5f6013211af3e0fc053eeb2eab25b1e62844f83eed88e4f5e36677c4b9cb7192dc0fb69aaf576bdefc4a70cf042c799e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IFM58U6K\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\~7BB8.bat

Filesize
51B

MD5
0c48ac1054ac53c842e3277b09bb0205

SHA1
76058975b6741c8041acb54af906916beb59af34

SHA256
42157ef75033f29c9864fd0a730fe7879b2040e422b36677013638fcd75ed40d

SHA512
03d7ef210ca2dfaef921ec31c5bbd1bb7a3764d3130045717168be6707a32b63f40c2f654a92a9e4fe7d9c009e2f73e911a1a4dea06fa12fc621bd4011e7c2d5

Download Submit
memory/4768-3-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download