ryuk | d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9

Analysis

max time kernel
141s
max time network
164s
platform
windows7_x64
resource
win7v20210408
submitted
10-07-2021 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
Size

131KB
MD5

2cc630e080bb8de5faf9f5ae87f43f8b
SHA1

5a385b8b4b88b6eb93b771b7fbbe190789ef396a
SHA256

d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9
SHA512

901939718692e20a969887e64db581d6fed62c99026709c672edb75ebfa35ce02fa68308d70d463afbcc42a46e52ea9f7bc5ed93e5dbf3772d221064d88e11d7

Score

10^/10

ryuk discovery ransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = '8x0nKKx5'; $torlink = 'http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://rk2zzyh63g5avvii4irkhymha3irblchdfj7prk6zwy23f6kahidkpqd.onion

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Modifies file permissions 1 TTPs 2 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exe

pid process

1520 icacls.exe
792 icacls.exe

pid	process
1520	icacls.exe
792	icacls.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe

description	ioc	process
File opened (read-only)	\??\Z:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\W:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\R:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\Q:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\O:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\X:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\T:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\N:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\F:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\E:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\Y:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\S:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\M:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\L:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\K:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\G:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\V:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\U:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\P:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\J:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\I:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened (read-only)	\??\H:	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe

Drops file in Program Files directory 64 IoCs

Processes:

d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Eurosti.TTF	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\RyukReadMe.html	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\RyukReadMe.html	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\rtstreamsink.ax	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\System\ado\RyukReadMe.html	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\RyukReadMe.html	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\adcvbs.inc	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\RyukReadMe.html	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\RyukReadMe.html	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe

description	pid	process	target process
PID 816 wrote to memory of 1520	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe
PID 816 wrote to memory of 1520	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe
PID 816 wrote to memory of 1520	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe
PID 816 wrote to memory of 1520	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe
PID 816 wrote to memory of 792	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe
PID 816 wrote to memory of 792	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe
PID 816 wrote to memory of 792	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe
PID 816 wrote to memory of 792	816	d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe
"C:\Users\Admin\AppData\Local\Temp\d6b7b27e13700aaa7f108bf9e76473717a7a1665198e9aafcc2d2227ca11bba9.exe"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:816

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1520

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:792

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab
MD5
302973825cf1eea89183a01a3e420524

SHA1
d9863b9ab0628fc259084f07180a20081016d409

SHA256
3762aa11214949ab7dd763ed651f14bbb04fd0fece514ffc5212cdf72173211d

SHA512
345804f3ad22d27de00c90a361b448e2279c48639a5518692698dc9cb39a42d67a14740547795295875fa3a512da0e216e1316569cd6d58ca8252b192cd0b5aa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.RYK
MD5
122170dbae105afdf7567342d7d1c9b1

SHA1
2a4fa595b03b802d9b2b441fbe6ed4362e2ffa14

SHA256
7d6c3d70f6a8c37a912fb9aff9956cf3475b9f00cb2c5575db9c631364bbdbc8

SHA512
0793d63973e1116325bfd7f8abbde3d746d7aef4bc6d26f0edcc471a7d84ec82aac1c54c86a9877342f67a58bba9c7c3fea6909d2293cf2f587faf7f6a9e405f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.RYK
MD5
d2d4685c25230e9c5188209c84ad32be

SHA1
b01999e426434845a78b3474726155d3e5584d77

SHA256
baa14a1b896f05ba6bceb7c9a6a0e3a5c2e8bb18f5e64198a89b83244f83c337

SHA512
1bb9336975005d313e3ad69599783b4ce8986aacb82485c7c7790002d8bb7e6ab217b20b932cc96f10bfd507b28bdb4a513d70fd3010b49c2db3f4f0ad6b3590

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi
MD5
f0438d545a015b5d70cf0368acaf1efc

SHA1
6bdf2fb15cb879d97645595221292770eb0d61b3

SHA256
326aa178fe410e736ff23efa48cf65c812186da3662828cfb0e262064eff58d7

SHA512
21a5a3255542bb44c3e6fcde5ab6819ccefccfa02f1ad295177546b836effeb85337d456f7651a3e7f95e9c7c2b13ff72fc63e5349371bf86481f24b2af4603f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.RYK
MD5
4bbcf8db62b801381a88054633505176

SHA1
ebfd483738b859b64880d893ad7fa80b400dd9d0

SHA256
db8f6fc85b9ec63e142759058afcf8bf7de600a6c59ae6c5e2d81e6105a89336

SHA512
ad058e173d6219bb3a93177208d23ddaf3ee92866b48e9774fba2461994c818a17a9ebf56830d5b8ef3472e9c1d7a30daf4b240df9983fa628e3b3e3c15eb557

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab
MD5
48160ad98a464ba0261f44629f34d814

SHA1
3651e56f3d0e255fccf74d659950bcbfd2e9e6f7

SHA256
b00a2caa46f2e77cfac6dc2b1333b21048ffc9b784e9f6f0842262d06c0e2d77

SHA512
42b19cf15fd5e38f71d654fb7f0659ba20a1e29a748073281b9d89a85dd9d87dd317ac8218c49b119133b4c89764df36e10b70ed9b84ff631e85ed0e654b1de5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW2.cab
MD5
5dc3ce452cf9f037660eadde98c7a2d5

SHA1
1049edb769ba02b8c6fff71464c16708312e241f

SHA256
59cf4872d86c7015cc205016079ad6cf5bb3761ff55607b139dbb19f3c69ddab

SHA512
b2464a79466f1d1a8d8243fdfceacdf54ca9d214b930e35abacb79573a42b6f1b96f2d226cd778ae80a54de45b66716e6cc7e9299f3838c735e9cc15f52a0faa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
b507e122047dff25f6634ceda5705ca0

SHA1
3afd9e0baa04f15bfdea9ca928417cc5ced38e44

SHA256
fc0a5647563fbdea5d5c3d12273a1bca4fa31c3498e1f2250d8dc459edab1c02

SHA512
bdb60ad968b0dc43a7b8d80785dcb431a778723aef9840314f3f4314b328f1e210991883fcb0a036adca52101c199fecddd42805146c86b722dc51bdab2df22f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.RYK
MD5
8f9e9cea34b0422f447aa33b0169f9e1

SHA1
47d2026cef1b4611d46156cb76488ceb61f27045

SHA256
f59565eb9ddc54b63bdff2cab36725e39f9c3aa3472bb000a7b0afcf9267615a

SHA512
77aca3f0c9ffb88facf9bbc9e3d9fbef2905da58b9510c14b8f79c294cc5940d5642f76ee644c4c6f8a67f191fbe64a10c39ff684d2aa4d123815e8345c28684

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab
MD5
f796092c3665733a67416adfbffd5aba

SHA1
7fc6ebd60690de760726cc5b4f6937b1220cc043

SHA256
94b1ff333a598f4d51d877cfde1f009813b305e85ea90c99d5f511fea0051066

SHA512
f5e95c08869f08782b430f193a1bb2bdcf7f5e7af47a804b4810e18495d111f03d6a2443ab61c8fd8f06afdb2b836fe2cb40c15c01f6bb3aed001c7ba97e2c23

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.RYK
MD5
2aaa870944461c1bd26c920e69adc93c

SHA1
6786ef96c77523f7b7cbdfe1b0edbf8efb2c6b8a

SHA256
dfc5e225758b87f32a89adc366042c5d6ad2f2dae06e0d5edb0321242d09709a

SHA512
3973dd6ef78e6ec227f43f7ba4fb487fc6c9d3ee5226a522979a959b9a3021f193f87a60551e4ce4ec9d0c74df44c2f5c8610e6ef296b484c053743f72e29db2

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.RYK
MD5
e597fbcfa33397e166c9d52a22a0ef7f

SHA1
e2345b3ec7157dfb182d166dd9854eec540b9ab3

SHA256
0accf91f4b7a8e52d23d350f826f7fc487313dff5040a8b72fac0ca0b8b262c5

SHA512
fd46c14fe1e685773dfe26569e8b99546564a1e807501b01262b0b774c6490370af647743a31f7ca9ede6109d43c005e5f4e8d518c96901c2248710296e178a5

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
15499c7863c419cae9254637b9767ab1

SHA1
367e5e7d1d75c742f2e79b8deb2ffacf437ff136

SHA256
96424b40bd1e8c6fc6e3fc19a6e8a251caea73e7ae4ca032c3f163348c6c62a6

SHA512
f609244dbf27c54023ff81a62f72837b680d45d3a415c3112f0cad59e98c75a3851effe5c0e50fc908df6a1dd826544e48fb697c76e10a97afde5aecbb3bc1a5

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.RYK
MD5
44a438112a884bbf71d049e2f7aade9d

SHA1
fb7201454ef1fc68731670453f4b1c1f3635e244

SHA256
c2514f96855d66882055ecfe9237c03330785d6cf3003819abdd7bf5f8a92716

SHA512
b736c7d7fa6ac111d28d81021341402ee86b4b7d9e4f79cefd786d8b93f20889faf531dd48447fa520641152259f9691a46eabb0524b20383058c381d03d9c75

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.RYK
MD5
598a3f0cd3fe1a623413beebd42e7549

SHA1
f841ea7c2a93bad89880b0b2a8c4718cbf335fa6

SHA256
dd5ed4cbefa39a8de46c9e4d12adf98a903e277d1c3ba79046b2ffd2b5398668

SHA512
163866032d1f12103fec05db6e827b7ef44126b1a0c02069ffd6904657f9fb12ca49b7e1e31029379ede14f0d8152b27b938da5c8efeae5d8629bc48539bfd9d

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab
MD5
f622685a5e795233bfd08e6211838c73

SHA1
fe3850702b91e68f582d369b8d279cee4dbfadc0

SHA256
bcd0c1bc91278b3979910655458a175607de8ad59f7c96c83050730bf8a4e60e

SHA512
008fd08eb0a3c97e7bdcdead98c97e548b13d070aa4bdac4f16c3a9bcd7eee6a7607c74bc420d6ce7ad366fa44b3d879e315d9246e3eaf1b3ffe008186c97c8f

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
51d4e0a14e8107bfc1f335be395c4605

SHA1
24f87788f5e2833a2a66610a4c8e026d841e73a7

SHA256
a352b6c4b4568afd2178584e2533e9242cdbe161df4697acbe40fb08f03415c9

SHA512
d668ba9a27c33da36a1d072a93f97364a012fb9d831126a0e2dc16d052005deec656717e0e8480b9b39eb185470d85e75847547f6d4f121bb2d0dc749b22323f

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab
MD5
8d11a67aea2dcba6996167183e2a8a96

SHA1
278eac16afe52cd8a565bd9424c23d9832035767

SHA256
a690f037abf9c283b93fd10034281cc7dcd99bbecfc5935b1171989f79fb8a5a

SHA512
c5e59edb22cc17d1767bf37f559139deb45d50f7700b1758f07f2b1e235dc3be1749bdb671b7eca50cda5ba61083ef71ddd1ce000712e2feb0bd61f828a17677

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.RYK
MD5
7ea402817b3986816bad62e6fc058b08

SHA1
ac4b3b2e07049f0924a605dad37e81e72a6471b4

SHA256
45c3b6690f063df4b005dd290548eb36f03fdaa5f1f23bb09fc057dbf139c1da

SHA512
a116f05c010734931108fc3cd8981d4e2454dd34744537d7ceb2bf7fe2ca52913ba40de20a5100eab8a0195618866bb3e07a8dc1afe288213aa90f1dfaca968e

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.RYK
MD5
4e5b0b15cf22715917074d3a52b2737a

SHA1
b951f1400525ba8e4b228e0d9935f52b8503a98d

SHA256
7b58f32a335a4b659346bfb18ad460fcd7e6866159392a54266e853bc9bb3902

SHA512
76760c72f0aefdf50712d6b9ce5b4ad0ec3a6d4d220e7afbfe5f1676e3a06f1cd8ad4a86a95531ff36f78d9ef84e6f398dfc1c8cbbf4299e7fc2629afd263c14

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
8e4e88765e8beb2a00499a2534bf28fa

SHA1
ece085b9c35e7904107aadb5a479fb1e54fb1d08

SHA256
543332b8601ce771dc1ef469639c52d6609f7219167d7d5b1349013ad7cce98e

SHA512
e4dcc3b20e2795037495eafe50c74b7eb139b19363b8d4ea9e428244a86f9996c0706fcdeeeca08d72eeaacf2d871bd53570a2bdf0b1c7c80fe013367b641948

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.RYK
MD5
358201eb3d69c78818bb9ce3b81cdef6

SHA1
a742088b86331329b4609e6c176f919db880e468

SHA256
51f4ed24c426030b0347e67e242edb4baf8a2323561dfe18279a3e53cf9c99d5

SHA512
3062d72d5633d76e185f91f01cb3364f804cea1e3569aa637600fbc7e9bff23ef64bcfb781ec381129f799154c378bf87b7e280ad0c5cd697ec2ad17b0760262

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml
MD5
be40e2396289a1ad112931715247ba4a

SHA1
8f521455ac0be244108db0f344fc084c86326f55

SHA256
972308d66d030ec81cf34831c64a11b8cf701762ce9e1fc3f679326d95c4881e

SHA512
a3b6b7105c93157255ab483f13703604c0f83f665239db8657939ffd3896c892c87b41e1b064e5edf23184a8cf445294ada68dfd294473f89a3b05f41b0e2920

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
02dc87e2d16c88afc3a8fb794a6fcabd

SHA1
c20e2f04c2e004ee3884f55ac1bb02d8c7f5377d

SHA256
28c53173cd1fa7babddb758a3b82c4f333844593bea70608502aa5289cf2f35e

SHA512
257aa620ea9ce41e2f8d79cdfacfdfef342ca42c1c24a2ae1a8f92a4d902de763661c41be370ee99dd5f47d6b59d16d89fd6c1997587fdd8e2db54dd83db9b1b

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.RYK
MD5
d76f23b538d3983ff765ce744a13218a

SHA1
edeff1590024ab2e460060ac7e0f3d48a7cb8599

SHA256
e9c8b8220b53e5b6c96c299af7eefc2bb13baa164ac6867d708ae44640023d3f

SHA512
d2c24f54689e9c33400de86e5c718440503ff273c9af59356e9ec5e01a1aab68b4d059b7a5868087658b234b16d61c4158fe1fe0284c8cd28ec1629e79e1a445

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.RYK
MD5
ac569198dd978d9f7a6d099bfd1d4a2f

SHA1
a4889efc39955b05b1f75db2a307ca3740bb710c

SHA256
63ff39850a8de1fd816523a92a03424cdb54bb0ac222564138dcbb42905db036

SHA512
c034f4b6cfdd8f88a3537177cb268ef53ea78c231cfd6814329c00cdde5f68a671738f46714230d065416cb8601542f2f27251ba43a84c34a554fd5a9e3279af

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab
MD5
525120beeb54fb89fbfc0e04595a009c

SHA1
c53dbce898af4f220620574240bea30317865b1f

SHA256
acfb87977b4d69fd24c93b684264f720b66bd659da55c33ecb4912b4798834fd

SHA512
c1f2bba58b9ee533b4b6dc216ac0ea85b53b28b3b777f8698c3d721be8c33120eb1b85cd4ac4ea28ad43b2e91687009e8f1a4cd3132bc6fbdd930260ce9dc0cf

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
d081a9c3dae2aae9cec893f5f386a22e

SHA1
6ba9ef5599b4fea1c44d3c0415a6e6e518d34e4d

SHA256
5b6653add301f40c11f11e51736b1351cd7cf4f8a6e684a9c0c5ea39643d7812

SHA512
a26bae6d51c8eeb4dfb287f02040226b1c556915c979744c3ca27ebdcc0d3432b4ea7fda6bd502207541200abe387a56597400631184d6c3d9e8a58b6a351e7f

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab.RYK
MD5
dc568c95c6632e8f6b29cd6a9e7c3822

SHA1
c309362b5b576ff27206260ff8ec66bc7d2b20be

SHA256
e87fcb318cea93b52354d07edf944d9365379dedbfe385493eae9c67fc02a2fd

SHA512
0e34d0d0039bfc01139c1e34e8ebb6dffe3fe37a2cea44ffc2a4179a0a3bbf7bdf0cc28495a3a2776880d329d3cee612583732d02603de71f8f46f99c2e09023

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.RYK
MD5
86cdd113720fc7cad951b67b20857eb8

SHA1
ed73fec759c1626e4e4e1522353e9ad78630231d

SHA256
5e162f7f3c21669ad73012a677e647b732e0230599089cd36dcc899f1b2b354b

SHA512
e06485c6c39818600712c38cbc50bb40e9365336172e0f96ac6ed922918e18aaa64bee6329f8cfaaa36ad9bebd0b6dfd72689bbdcaae02c9eeefa94a18515c0b

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.RYK
MD5
7932f0020cf0f8dccf822d10c864b58b

SHA1
7282c73a3fa7f91a12a56b04fcc6d759387c092c

SHA256
b430af5fac0226065411bc6a2bbe8a8c6cb0518039100c3e6abfed7839f3cf54

SHA512
73e2d5e7851a9bcc0552a0a418fbadf49c8bef7058f32332f2f705242f9745c60622a1566cca6469bae59e8fe0eeb0abbb8bfea44e9e02fd961158b9367146b9

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
6395c3c01a15b575de048344d55ead17

SHA1
555159a2401f49b6f551c551eab4961843bb1f38

SHA256
462921a7a07580fad10ea1727886c82c3a16336d50f5e593304677548db1b2eb

SHA512
97cf84ec4a2d29b0d42c4e41e4c47a9b39d28208ae081f54fbf97d49eeac331efa5e1cb0137de747144dd665220442a2a8ca763d4ce043e67c5d2f4de0b77583

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.RYK
MD5
0d9167ebc59a99e101fec9129fe3adea

SHA1
9d6880b97ef8946bd285539b979db691962fe878

SHA256
ee447bda255b3c86340503af4b47c0ee8d648c7bd17f5515668d48aa116eabcf

SHA512
2d66b41f4f1ee321fd2a45dbe83cb2a61a72e6bef6e39b46cedef7c496c45b23eae4d13363040801d5d821091846cad8be38d02162dcb6a1815d3bfff830cc4a

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab
MD5
2433bc9dfd379db1777013ef3586eef2

SHA1
b9fb7d2ed48ed64fdc6b705d4cebad31ba0714fd

SHA256
356bda5ee15f8e46d42c44f2d4e66fb7a3cd1847ac9b854a311a60a17436d404

SHA512
0f77edf3d871c5d3de8b9861a7e21019b1251ce9c7f507d8f88a60d16a84d8538b5a80e5e14f709a17eea053a16d28ba53e2919ad74ad62d1ac417af38dda706

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.RYK
MD5
36f2cd02716719452e0a3ad00fb61046

SHA1
0cbb5c64639080db2b59e7e855ff0ef179ce1b0e

SHA256
5e003dc41eb16a58d8764502f1cab4782e8f2ee434202f17676bcf6dbf56df24

SHA512
3853f7d40088e758cb14b65bd55a69304f8bf9124cf9eb01e58f57739cf49e42d8b5821eb942cb76ac6d5777a3475575e8bd6b0a73df531c895c1319297b6868

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml.RYK
MD5
b9249249d694204bbf6e084b96a8bdf2

SHA1
03016174609d850ea00d2496fa895cef72886f8f

SHA256
8a89cf995545d1ce276e63d110e00cd99f403d9caf5cf2d4179b150bd8306f7c

SHA512
afdfb36fa8643c0f6b07ad2abd9ab07f067114a2a8e86c22ebe8bd33327a8079f18461d0e22355a88a9b395510d1240f7f78e1c1922f4a2cdc899b453df9f4d3

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.RYK
MD5
7439f4fbef079975df2380c563fd38c4

SHA1
1b9e8ae331c0abf1ae1cf80980e31e4f2a58bb00

SHA256
d684cc91b2594b9b7fd7e7eff4ecc16cea3c1fcae874a3e029a0f4314622cfb5

SHA512
770a50034e27f17ed04585f56d7123b28609ad2dd78fbe7ecdf203b026112a5797e33f4b42f71e3b53619905a9477acd9d50aad02577eb5fdd28b262b66091e2

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.RYK
MD5
b34eec16f063b6f118a9397677235e10

SHA1
e9e8c067eaf6765a5cb552a137ef6206f95c3bea

SHA256
60c18e4683ac1e0f9f352a22085aca753756738e7c0c4b5819ab4c5997ac219a

SHA512
cb63441e96f587ce80cc1824def30f9fdc0efed40f14614b89e5839b6fb05968561dc49e81e71d839c8e9ad3dd91f952044edd27e2251cc55fe48aaec0056002

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\RyukReadMe.html
MD5
a275819b461f6458af0dcce3dc69bab2

SHA1
4211607b906db1280376dbc9202df7f426b2921b

SHA256
615ab23d7c60104e69412960185d34163add0d6f7238dc22a851cf2c12de2b3a

SHA512
8b744cd272ef41a44dbeaa098090fba83843dea2af32d41cee0f6800d067fd89a6d8486153c473729a9f7a9c2cf723dfa4c6f870c5179d216554878c695925f6

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
MD5
4bb25d8eef30286713e1d2fa8b9a313d

SHA1
d5e1dd3f31546d2c5f6035db51c98333da02bb8e

SHA256
fde808b0bd02ac360ecfd0a5cacdc753dc4ff03bf8c7a44e28b7cba363ce2086

SHA512
3fd1b262104026e14997e9de5fd73c37079344c194d918a62ec81bd2ffed86f59934b4dc79403369962789872034fedf13eaf4a2426bb2e54d9297d581416c49

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.RYK
MD5
5b26d389fab5b289d246d82f4b5519e4

SHA1
f06d90326561406d8e682efc5dac9d55f5ca9c84

SHA256
e5e67d840d4c24c71f429798308f9c33bb5fe9c223bf469fdd6c9e1cb19c4f18

SHA512
3b5c7629c783ddd7cb02177e336ee9b2d4f3dab8885e640ce34c559e382598678e544e935c56f99ee7d124f05a0e63b8153057fd4ff1c30fab3fe975c0015cee

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml.RYK
MD5
59bccb0416876b038150f793f426eb27

SHA1
786baba9baadd848bb5b66793c6345bdc40d654c

SHA256
657217cc1af1211b9f517f0c041d278845e5e1a6a2920abca1e97cd5dc48c939

SHA512
b434574c2e89e7bed5a4f4ecce97f6586b46dd4d243eeda5c9b0c376efd777916a7a37dc3502fcb835d64d1a02bef4b6b01edd60b91a2f01b04b15bafad26bfd

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.RYK
MD5
4f617bf0eb99fede877095aac5e23443

SHA1
1564ebedee3983f7032745a7ef34634466e0de9f

SHA256
51e6e5245001ae5682badc32ac0f59224bff25418b20816b65b021fb45b34566

SHA512
bb0b9ecc7df02515bd1d5e570b314dd86b34eb0670ee8932b4ca2695c8925af2b88b0c2d2444689880899723c86ff42670660820cad0ccbea1acc200e44da24b

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.RYK
MD5
281baf5e2ced63ad0834aed75f4d2138

SHA1
a4c58dac56056f179fdbc246db7510cea2057fd9

SHA256
0003de7d4c41a9856c96a952fb7d6af2ce1bc86d6e9f95ab9d01285c63b1d3cb

SHA512
38da5a6df3c262fa0a534b7de99e78aa2a4e094ddc74cca493d2cddd934eb8260eb8429e6f357031c3305b814f861c43ded486891026660cced61d7b16281d81

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.RYK
MD5
abfc0c32493434c6664a8debea8e44dc

SHA1
373693c167201e3c539499e0e1fedfe76fdb2fd9

SHA256
de4dad11a90ba985bd08d63b0f782876f1b0083971b5cbb60bc21ff95b4df1b4

SHA512
e10dd47de3368d4bdeb3185bfac06387cb8ccb53127315dce9f5e9c9856289bdae10e55d79db0b30aec54490a64f7d0ac301102b9c30600df711e261c2cc5d03

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.RYK
MD5
2b10c6d59a46f0d4ee717b41538dea4e

SHA1
5e3e278ba4ecd4db089b65d77c7e93e3f81d58f3

SHA256
006350bb4044ec570a24820ee1e0a24f06a23b77f9f4c8e8677b03a75d4f6c0d

SHA512
d27da14a6f7bf61e6bfb951b4b06dff0fd6cc71da6940857f00728ab51f533dad9a4714a2d31bfa1f14e45c55df2361251646cbd16dfe104c2ebbb59d4e61640

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.RYK
MD5
4ae7cc9d039a82545ccf8110276e0835

SHA1
0021b84ebc0fb2b1e4cdb915a7844c23d8e1892c

SHA256
f7dc2562a75563af7aed8350ebe5dd42d8c7ac996b9e4149634a4aa247ffc1a6

SHA512
a45928644cd2b83a8bc10ddd9e713744442ac4aad6bd56977bd07e4d6adeb2f6e3c2f4719445cd8d998baf5d3895981594c14b739ec3b835c26127213b141957

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.RYK
MD5
609930669a34948601a1c287c189e12e

SHA1
46c97b301bd6d2f39235e550025655e663421cb5

SHA256
d2f198bfba196580dab6546f3ef0b77d526115dd57446562549914d27ea5f7e1

SHA512
b13ea3969f6ae81acd6a37bf8ebb9e8e56e2f5b4e0d7a0fcab4174e5dc570d36fac4354f78915c2ce1092c5366565a90d53e4415a81d3834846488d843ef378f

Download Submit
memory/792-61-0x0000000000000000-mapping.dmp

Download
memory/816-59-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download
memory/1520-60-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads