7c3b108ec6887eea992b1883c8640a8f42aa5826eeceb3336982b879ed350077

Analysis

max time kernel
122s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
Size

769KB
MD5

2626e3ceb0a5959eb1a4eafe724234ad
SHA1

60410283e2430c9667e2d3c58da0f94ed4dd9bb3
SHA256

7c3b108ec6887eea992b1883c8640a8f42aa5826eeceb3336982b879ed350077
SHA512

022434bdc0b4c039d4cdd11da7d8a14ad9612d13f22f4ded3e5191f0734421cb052e9c7f16434b229cacad6133b5ba397e6c5e08c1bb285f02e78c8327c20ac5
SSDEEP

12288:g72bnuJ2372bnuJ2K72bnuJ2372bnuJ24D:g72zV72zQ72zV72zO

Score

10^/10

defense_evasion evasion persistence

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exeavscan.exehosts.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	avscan.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	hosts.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exeavscan.exehosts.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	avscan.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	hosts.exe

Adds policy Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

WScript.exeWScript.exeWScript.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\KGOEYKGQ = "W_X_C.bat"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\KGOEYKGQ = "W_X_C.bat"	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\KGOEYKGQ = "W_X_C.bat"	WScript.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cmd.execmd.execmd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 6 IoCs

Processes:

avscan.exeavscan.exehosts.exehosts.exeavscan.exehosts.exe

pid process

3584 avscan.exe
2592 avscan.exe
2060 hosts.exe
2728 hosts.exe
2480 avscan.exe
4896 hosts.exe

pid	process
3584	avscan.exe
2592	avscan.exe
2060	hosts.exe
2728	hosts.exe
2480	avscan.exe
4896	hosts.exe

Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs

defense_evasion

Safe Mode Boot

T1562.009

Processes:

REG.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys	REG.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager	REG.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc	REG.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys	REG.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power	REG.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc	REG.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exeavscan.exehosts.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe"	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe"	avscan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\avscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\avscan.exe"	hosts.exe

Drops file in Windows directory 5 IoCs

Processes:

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exeavscan.exehosts.exe

description	ioc	process
File created	C:\windows\W_X_C.vbs	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
File created	\??\c:\windows\W_X_C.bat	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
File opened for modification	C:\Windows\hosts.exe	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
File opened for modification	C:\Windows\hosts.exe	avscan.exe
File opened for modification	C:\Windows\hosts.exe	hosts.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 4 IoCs

Processes:

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.execmd.execmd.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000_Classes\Local Settings	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000_Classes\Local Settings	cmd.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry
T1112

Processes:

REG.exeREG.exeREG.exeREG.exeREG.exeREG.exeREG.exeREG.exeREG.exe

pid process

464 REG.exe
1964 REG.exe
4216 REG.exe
4908 REG.exe
3140 REG.exe
2436 REG.exe
3992 REG.exe
2804 REG.exe
3996 REG.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

avscan.exehosts.exe

pid process

3584 avscan.exe
2060 hosts.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exeavscan.exeavscan.exehosts.exehosts.exeavscan.exehosts.exe

pid process

1800 2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
3584 avscan.exe
2592 avscan.exe
2060 hosts.exe
2728 hosts.exe
2480 avscan.exe
4896 hosts.exe

pid	process
464	REG.exe
1964	REG.exe
4216	REG.exe
4908	REG.exe
3140	REG.exe
2436	REG.exe
3992	REG.exe
2804	REG.exe
3996	REG.exe

pid	process
3584	avscan.exe
2060	hosts.exe

pid	process
1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
3584	avscan.exe
2592	avscan.exe
2060	hosts.exe
2728	hosts.exe
2480	avscan.exe
4896	hosts.exe

Suspicious use of WriteProcessMemory 63 IoCs

Processes:

2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exeavscan.execmd.execmd.exehosts.execmd.exe

description	pid	process	target process
PID 1800 wrote to memory of 3996	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	REG.exe
PID 1800 wrote to memory of 3996	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	REG.exe
PID 1800 wrote to memory of 3996	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	REG.exe
PID 1800 wrote to memory of 3584	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	avscan.exe
PID 1800 wrote to memory of 3584	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	avscan.exe
PID 1800 wrote to memory of 3584	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	avscan.exe
PID 3584 wrote to memory of 2592	3584	avscan.exe	avscan.exe
PID 3584 wrote to memory of 2592	3584	avscan.exe	avscan.exe
PID 3584 wrote to memory of 2592	3584	avscan.exe	avscan.exe
PID 3584 wrote to memory of 2988	3584	avscan.exe	cmd.exe
PID 3584 wrote to memory of 2988	3584	avscan.exe	cmd.exe
PID 3584 wrote to memory of 2988	3584	avscan.exe	cmd.exe
PID 1800 wrote to memory of 2076	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	cmd.exe
PID 1800 wrote to memory of 2076	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	cmd.exe
PID 1800 wrote to memory of 2076	1800	2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe	cmd.exe
PID 2988 wrote to memory of 2060	2988	cmd.exe	hosts.exe
PID 2988 wrote to memory of 2060	2988	cmd.exe	hosts.exe
PID 2988 wrote to memory of 2060	2988	cmd.exe	hosts.exe
PID 2076 wrote to memory of 2728	2076	cmd.exe	hosts.exe
PID 2076 wrote to memory of 2728	2076	cmd.exe	hosts.exe
PID 2076 wrote to memory of 2728	2076	cmd.exe	hosts.exe
PID 2060 wrote to memory of 2480	2060	hosts.exe	avscan.exe
PID 2060 wrote to memory of 2480	2060	hosts.exe	avscan.exe
PID 2060 wrote to memory of 2480	2060	hosts.exe	avscan.exe
PID 2060 wrote to memory of 5052	2060	hosts.exe	cmd.exe
PID 2060 wrote to memory of 5052	2060	hosts.exe	cmd.exe
PID 2060 wrote to memory of 5052	2060	hosts.exe	cmd.exe
PID 2076 wrote to memory of 792	2076	cmd.exe	WScript.exe
PID 2076 wrote to memory of 792	2076	cmd.exe	WScript.exe
PID 2076 wrote to memory of 792	2076	cmd.exe	WScript.exe
PID 2988 wrote to memory of 2424	2988	cmd.exe	WScript.exe
PID 2988 wrote to memory of 2424	2988	cmd.exe	WScript.exe
PID 2988 wrote to memory of 2424	2988	cmd.exe	WScript.exe
PID 5052 wrote to memory of 4896	5052	cmd.exe	hosts.exe
PID 5052 wrote to memory of 4896	5052	cmd.exe	hosts.exe
PID 5052 wrote to memory of 4896	5052	cmd.exe	hosts.exe
PID 5052 wrote to memory of 5044	5052	cmd.exe	WScript.exe
PID 5052 wrote to memory of 5044	5052	cmd.exe	WScript.exe
PID 5052 wrote to memory of 5044	5052	cmd.exe	WScript.exe
PID 3584 wrote to memory of 4216	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 4216	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 4216	3584	avscan.exe	REG.exe
PID 2060 wrote to memory of 4908	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 4908	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 4908	2060	hosts.exe	REG.exe
PID 3584 wrote to memory of 3140	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 3140	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 3140	3584	avscan.exe	REG.exe
PID 2060 wrote to memory of 2436	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 2436	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 2436	2060	hosts.exe	REG.exe
PID 3584 wrote to memory of 1964	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 1964	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 1964	3584	avscan.exe	REG.exe
PID 2060 wrote to memory of 3992	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 3992	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 3992	2060	hosts.exe	REG.exe
PID 3584 wrote to memory of 2804	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 2804	3584	avscan.exe	REG.exe
PID 3584 wrote to memory of 2804	3584	avscan.exe	REG.exe
PID 2060 wrote to memory of 464	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 464	2060	hosts.exe	REG.exe
PID 2060 wrote to memory of 464	2060	hosts.exe	REG.exe

C:\Users\Admin\AppData\Local\Temp\2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2626e3ceb0a5959eb1a4eafe724234ad_JaffaCakes118.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Adds Run key to start application
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
2⤵
- Impair Defenses: Safe Mode Boot
- Modifies registry key
PID:3996

C:\Users\Admin\AppData\Local\Temp\avscan.exe
C:\Users\Admin\AppData\Local\Temp\avscan.exe
2⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3584

C:\Users\Admin\AppData\Local\Temp\avscan.exe
C:\Users\Admin\AppData\Local\Temp\avscan.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\windows\W_X_C.bat
3⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2988

C:\windows\hosts.exe
C:\windows\hosts.exe
4⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060

C:\Users\Admin\AppData\Local\Temp\avscan.exe
C:\Users\Admin\AppData\Local\Temp\avscan.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\windows\W_X_C.bat
5⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5052

C:\windows\hosts.exe
C:\windows\hosts.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4896

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"
6⤵
- Adds policy Run key to start application
PID:5044

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
5⤵
- Modifies registry key
PID:4908

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
5⤵
- Modifies registry key
PID:2436

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
5⤵
- Modifies registry key
PID:3992

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
5⤵
- Modifies registry key
PID:464

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"
4⤵
- Adds policy Run key to start application
PID:2424

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
3⤵
- Modifies registry key
PID:4216

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
3⤵
- Modifies registry key
PID:3140

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
3⤵
- Modifies registry key
PID:1964

C:\Windows\SysWOW64\REG.exe
REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
3⤵
- Modifies registry key
PID:2804

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c c:\windows\W_X_C.bat
2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2076

C:\windows\hosts.exe
C:\windows\hosts.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Windows\W_X_C.vbs"
3⤵
- Adds policy Run key to start application
PID:792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3776

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\avscan.exe
Filesize
769KB

MD5
b2a643c81259e9b93b0d876aad174c1e

SHA1
527fa60a31e1bf620a46db9d549349265d89f071

SHA256
9583639b101e4939bff1592c6fa54e49ab1e0bb68a62a40834debe27e8d0bdc2

SHA512
aaf21617445451425dc11760664d206ae5f61eeeca340d1b105af8dc28b3e8a3b2b1970e07b0b671bf37ce41dcbb83677828bf8d468c52da3e72d818bfab58c5

Download Submit
C:\Windows\W_X_C.vbs
Filesize
195B

MD5
68948c74a3d8b365ad157fb7602ce4d3

SHA1
9c962e56c2f9b5595e8292c2e16aa398942ca5c0

SHA256
78e4c3ff9b1f0ba58586e92a519f8d061ca414ef66cb92e2422f02e21678a4ae

SHA512
cdd0ef6665159130e42fcbb4ce72ae72c133a219465939a21407914ff4a1eaef0935499e1a7f2558821e967ce941f7314e7cdcba7e8f559598f3fbf26139ebbe

Download Submit
C:\Windows\hosts.exe
Filesize
769KB

MD5
e39e2cc35ccbec8533c1c1a3815723c8

SHA1
dd5c8bf74de367100e983b6a261118a1d68efd8a

SHA256
7d26438ec44dce6f4072c4c2be0679b5ae605225fafdec697fc0fb7bc2a433b2

SHA512
17ee2a371d4c6dfbd86980cfba7a5667bbc580dfc3d3cd24b9d0b58eb04196dfffa3279d59dff4c436386af338085bd74bf9b3975e09bf635a44803f56bc8f67

Download Submit
\??\c:\windows\W_X_C.bat
Filesize
336B

MD5
4db9f8b6175722b62ececeeeba1ce307

SHA1
3b3ba8414706e72a6fa19e884a97b87609e11e47

SHA256
d2150b9e5a4ce55e140f0ca91c4e300715d42095c8fddf58c77037cdd2cfaf78

SHA512
1d6dc274cf7a3dd704f840e6a5ad57ab4c4e35d5f09489aeff520bb797e1c825bac53fc335156fe41e767a46520d031855fe42fe7b175409ebe5e9e986fb9b8b

Download Submit