Analysis Overview
SHA256
8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec
Threat Level: Known bad
The file 8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec was found to be: Known bad.
Malicious Activity Summary
Detected Djvu ransomware
Djvu Ransomware
Vidar
Downloads MZ/PE file
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Accesses 2FA software files, possible credential harvesting
Adds Run key to start application
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Checks processor information in registry
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-31 13:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-31 13:00
Reported
2023-03-31 13:02
Platform
win10v2004-20230220-en
Max time kernel
147s
Max time network
131s
Command Line
Signatures
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Vidar
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Accesses 2FA software files, possible credential harvesting
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\8a0710de-231f-4d11-8200-895926a181e7\\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1348 set thread context of 1232 | N/A | C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe | C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe |
| PID 4900 set thread context of 4336 | N/A | C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe | C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe |
| PID 4344 set thread context of 2468 | N/A | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe
"C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe"
C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe
"C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\8a0710de-231f-4d11-8200-895926a181e7" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe
"C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe
"C:\Users\Admin\AppData\Local\Temp\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe
"C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe"
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe
"C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe"
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build3.exe
"C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build3.exe"
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 6
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 188.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.217.0.162.in-addr.arpa | udp |
| NL | 162.0.217.254:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | uaery.top | udp |
| KR | 222.236.49.124:80 | uaery.top | tcp |
| US | 8.8.8.8:53 | zexeq.com | udp |
| KR | 175.126.109.15:80 | zexeq.com | tcp |
| US | 8.8.8.8:53 | 124.49.236.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.109.126.175.in-addr.arpa | udp |
| KR | 175.126.109.15:80 | zexeq.com | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 78.47.168.170:80 | 78.47.168.170 | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.168.47.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.122.125.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.97.242.52.in-addr.arpa | udp |
| US | 52.182.141.63:443 | tcp | |
| US | 8.8.8.8:53 | 0.77.109.52.in-addr.arpa | udp |
| US | 117.18.232.240:80 | tcp | |
| US | 117.18.232.240:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | tcp |
Files
memory/1232-134-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1232-135-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1348-136-0x0000000002370000-0x000000000248B000-memory.dmp
memory/1232-137-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1232-138-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\8a0710de-231f-4d11-8200-895926a181e7\8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec.exe
| MD5 | c31fb9ce577cf5157f179495a2bf6ce8 |
| SHA1 | 2adf67c3eb284bec857c964f29c8a774a3db8a6c |
| SHA256 | 8dec71df55f7027b3df7545f713663b63abec8ec23112aae1ae58fec78e8d5ec |
| SHA512 | 31ab5e9fe87ff7bf9676f13e120e3ad7ed9262404244d43b321fe361e55fc511572b39a6a34cb063c9350f5486326b2bd34e1ef0532fd70943d1b8d7f27971e3 |
memory/1232-147-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-151-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-152-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 6a3b8331e801f083b403b0857ed8d574 |
| SHA1 | 48d275731f1dbd0630d1ca55a1b05f149a011d1f |
| SHA256 | 98651a2da4a4613bc2a03c4128926fe6b05f1af8a7a21e1fedec75db013706a0 |
| SHA512 | 7527b8857707c8822e4b7f5049ddc9b4c49933e68535690746d84b7f0187a10f36e874719bdb1bf3ba8b035568a7cbafd687b80c4621dc35552d73f7e497071d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | b61bcb8fc72333400b5c4a9e6ba2c741 |
| SHA1 | 4443b706bfe08c44aa0f5836494a8879e66d5b23 |
| SHA256 | 26c5059dc5b8144e705294012de1de953c69180ce9c919d7ffdf1642219f022a |
| SHA512 | 5d970e1106a82c5e3d90708c66bce8ac5a0c057fd98d5ca544c668379ea19e31969367077e051c1b4f378ccd797ee08dba46b338bee83cfafcd2c50860c7798c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | ee7ad9d8f28e0558a94e667206e8a271 |
| SHA1 | b49a079526da92d55f2d1bc66659836c0f90a086 |
| SHA256 | 9eeeef2cbd8192c6586ffa64114ad0c3e8e5ab3a73817e1044895517c6eba712 |
| SHA512 | 0c1596e7b8e54e0cce8139a339c4c34f5f9391ce0b7051673abe7a43f174f292e0d3267b1ce1186247535941b416962b6fe63cb03855ddea254cf09fddad3223 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 5878dd8d731685cb7ca1a6210334bcbb |
| SHA1 | 5a181ca375472e4fd804f356e0cb45923a031122 |
| SHA256 | aaae76da3932f188eaf296112b4840c5fdf4376aa7f054eaad04670a6ef6458d |
| SHA512 | 62a95c8ac1ca66c08437f1210ba28f1f0ef837041e0200b3c56375fc46de03a14926a506773ddcc2a85be9fbe58a82988c3b0a490e7d00ee30db3217492e0bb8 |
memory/4336-157-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-158-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-159-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-163-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-165-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-166-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4336-167-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe
| MD5 | aa18968e6cfbdc382ada6a3ed2852085 |
| SHA1 | 4a41fa1a182916d5790aa2071106b3441d64468d |
| SHA256 | c165c8db38ef8dd8c33d103b5ee78e9ddafd8081ff0c7c035fa5251f970e6cfb |
| SHA512 | 8ffdacca2b003438fd4874e7c88beedb6ad8cf9cd5b36fda5907751e06a85a829e7d9ce7335fb59590462f78054722bccba511b21db838368c661d993000a845 |
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe
| MD5 | aa18968e6cfbdc382ada6a3ed2852085 |
| SHA1 | 4a41fa1a182916d5790aa2071106b3441d64468d |
| SHA256 | c165c8db38ef8dd8c33d103b5ee78e9ddafd8081ff0c7c035fa5251f970e6cfb |
| SHA512 | 8ffdacca2b003438fd4874e7c88beedb6ad8cf9cd5b36fda5907751e06a85a829e7d9ce7335fb59590462f78054722bccba511b21db838368c661d993000a845 |
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe
| MD5 | aa18968e6cfbdc382ada6a3ed2852085 |
| SHA1 | 4a41fa1a182916d5790aa2071106b3441d64468d |
| SHA256 | c165c8db38ef8dd8c33d103b5ee78e9ddafd8081ff0c7c035fa5251f970e6cfb |
| SHA512 | 8ffdacca2b003438fd4874e7c88beedb6ad8cf9cd5b36fda5907751e06a85a829e7d9ce7335fb59590462f78054722bccba511b21db838368c661d993000a845 |
memory/2468-179-0x0000000000400000-0x000000000046C000-memory.dmp
memory/2468-181-0x0000000000400000-0x000000000046C000-memory.dmp
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build2.exe
| MD5 | aa18968e6cfbdc382ada6a3ed2852085 |
| SHA1 | 4a41fa1a182916d5790aa2071106b3441d64468d |
| SHA256 | c165c8db38ef8dd8c33d103b5ee78e9ddafd8081ff0c7c035fa5251f970e6cfb |
| SHA512 | 8ffdacca2b003438fd4874e7c88beedb6ad8cf9cd5b36fda5907751e06a85a829e7d9ce7335fb59590462f78054722bccba511b21db838368c661d993000a845 |
memory/2468-183-0x0000000000400000-0x000000000046C000-memory.dmp
memory/4344-182-0x00000000046D0000-0x0000000004727000-memory.dmp
memory/2468-184-0x0000000000400000-0x000000000046C000-memory.dmp
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
memory/4336-193-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Local\23dfa7eb-45bd-45e5-9578-1b8f332ead15\build3.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
memory/4336-197-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2468-207-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/2468-275-0x0000000000400000-0x000000000046C000-memory.dmp
memory/2468-277-0x0000000000400000-0x000000000046C000-memory.dmp
memory/2468-278-0x0000000000400000-0x000000000046C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
| MD5 | 9ead10c08e72ae41921191f8db39bc16 |
| SHA1 | abe3bce01cd34afc88e2c838173f8c2bd0090ae1 |
| SHA256 | 8d7f0e6b6877bdfb9f4531afafd0451f7d17f0ac24e2f2427e9b4ecc5452b9f0 |
| SHA512 | aa35dbc59a3589df2763e76a495ce5a9e62196628b4c1d098add38bd7f27c49edf93a66fb8507fb746e37ee32932da2460e440f241abe1a5a279abcc1e5ffe4a |