Overview

overview

10

Static

static

23f8aa94ff...b2.exe

windows7_x64

10

23f8aa94ff...b2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    17-02-2022 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2.exe

  • Size

    384KB

  • MD5

    5ac0f050f93f86e69026faea1fbb4450

  • SHA1

    9709774fde9ec740ad6fed8ed79903296ca9d571

  • SHA256

    23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2

  • SHA512

    b554487c4e26a85ec5179cdcc1d25b5bc494e8821a8899fbbf868c3cf41f70cc72db107613b3f6655d3ab70f4db94cce2589066bb354b1ed955098d3911b844d

Score
10/10
ryukpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. This may lead to the impossibility of recovery of the certain files. To get info (decrypt your files) contact us at [email protected] or [email protected] BTC wallet: 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk Ryuk No system is safe
Wallets

14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

Signatures

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    ransomwareryuk
  • Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Modifies extensions of user files 4 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 2 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Interacts with shadow copies 2 TTPs 14 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies data under HKEY_USERS 49 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
    • Modifies extensions of user files
    • Drops startup file
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\users\Public\window.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:70640
      • C:\Windows\system32\vssadmin.exe
        vssadmin Delete Shadows /all /quiet
        3⤵
        • Interacts with shadow copies
        PID:70224
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB
        3⤵
        • Interacts with shadow copies
        PID:20656
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded
        3⤵
        • Interacts with shadow copies
        PID:70392
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:70184
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:70280
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:16672
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:70324
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:17220
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:17240
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:70428
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:70500
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:70440
      • C:\Windows\system32\vssadmin.exe
        vssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded
        3⤵
        • Enumerates connected drives
        • Interacts with shadow copies
        PID:17244
      • C:\Windows\system32\vssadmin.exe
        vssadmin Delete Shadows /all /quiet
        3⤵
        • Interacts with shadow copies
        PID:31400
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k UnistackSvcGroup
    1⤵
      PID:2256
    • C:\Windows\system32\taskhostw.exe
      taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
      1⤵
        PID:2300
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p
        1⤵
          PID:2552
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:2744
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 2744 -s 1012
              2⤵
              • Program crash
              • Checks processor information in registry
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              PID:1908
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:2908
              • C:\Windows\system32\WerFault.exe
                C:\Windows\system32\WerFault.exe -u -p 2908 -s 3204
                2⤵
                • Program crash
                • Checks processor information in registry
                • Enumerates system info in registry
                • Suspicious behavior: EnumeratesProcesses
                PID:4772
            • C:\Windows\System32\RuntimeBroker.exe
              C:\Windows\System32\RuntimeBroker.exe -Embedding
              1⤵
              • Modifies extensions of user files
              • Drops startup file
              • Drops file in Program Files directory
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of UnmapMainImage
              PID:2972
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3056
              • C:\Windows\System32\RuntimeBroker.exe
                C:\Windows\System32\RuntimeBroker.exe -Embedding
                1⤵
                • Drops file in Program Files directory
                PID:2824
              • C:\Windows\System32\RuntimeBroker.exe
                C:\Windows\System32\RuntimeBroker.exe -Embedding
                1⤵
                  PID:3332
                • C:\Windows\System32\RuntimeBroker.exe
                  C:\Windows\System32\RuntimeBroker.exe -Embedding
                  1⤵
                  • Modifies registry class
                  PID:3952
                • C:\Windows\system32\backgroundTaskHost.exe
                  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
                  1⤵
                    PID:3032
                  • C:\Users\Admin\AppData\Local\Temp\23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2.exe
                    "C:\Users\Admin\AppData\Local\Temp\23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2.exe"
                    1⤵
                    • Checks computer location settings
                    • Suspicious use of WriteProcessMemory
                    PID:3068
                    • C:\users\Public\yOMHr.exe
                      "C:\users\Public\yOMHr.exe" C:\Users\Admin\AppData\Local\Temp\23f8aa94ffb3c08a62735fe7fee5799880a8f322ce1d55ec49a13a3f85312db2.exe
                      2⤵
                      • Executes dropped EXE
                      • Checks computer location settings
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:1792
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\users\Public\yOMHr.exe" /f
                        3⤵
                        • Suspicious use of WriteProcessMemory
                        PID:3704
                        • C:\Windows\system32\reg.exe
                          REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\users\Public\yOMHr.exe" /f
                          4⤵
                          • Adds Run key to start application
                          PID:2320
                  • C:\Windows\system32\MusNotifyIcon.exe
                    %systemroot%\system32\MusNotifyIcon.exe NotifyTrayIcon 13
                    1⤵
                    • Checks processor information in registry
                    PID:1220
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -pss -s 408 -p 2744 -ip 2744
                    1⤵
                    • Suspicious use of NtCreateProcessExOtherParentProcess
                    • Suspicious use of WriteProcessMemory
                    PID:1348
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k NetworkService -p
                    1⤵
                    • Drops file in Windows directory
                    • Modifies data under HKEY_USERS
                    PID:3284
                  • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
                    C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
                    1⤵
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4248
                  • C:\Windows\system32\WerFault.exe
                    C:\Windows\system32\WerFault.exe -pss -s 520 -p 2908 -ip 2908
                    1⤵
                    • Suspicious use of NtCreateProcessExOtherParentProcess
                    • Suspicious use of WriteProcessMemory
                    PID:4688
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:21104
                  • C:\Windows\system32\vssvc.exe
                    C:\Windows\system32\vssvc.exe
                    1⤵
                      PID:49432
                    • C:\Windows\system32\sihost.exe
                      sihost.exe
                      1⤵
                      • Suspicious use of FindShellTrayWindow
                      PID:1840
                      • C:\Windows\explorer.exe
                        explorer.exe /LOADSAVEDWINDOWS
                        2⤵
                          PID:14208
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:67804
                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                          1⤵
                            PID:68256

                          Network

                          MITRE ATT&CK Enterprise v6

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Documents and Settings\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\DumpStack.log.tmp
                            MD5

                            e36dfb3f671032bb19e209f5a9b88bc4

                            SHA1

                            5712f47a2f21a530e138b571540ff5078e8cbca7

                            SHA256

                            964806a41bfaf59abba8d4bccd68c095dae415b8d2b2f86ac71dd846d123f10a

                            SHA512

                            6c7d373fd64ce34f193901893717763c38b7de542879a218ec39df30de003041252a9efa1f72133eaf14a693c48bc5ed3ef73342959fdb780660017bfd0ea1c2

                            Download Submit
                          • C:\PerfLogs\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\7-Zip\7-zip.chm
                            MD5

                            122ea923b951a3a7a7ef1055baed94c3

                            SHA1

                            d74fdcaa373fdf068c0df4befed4787b13b90e61

                            SHA256

                            29db975fce2153b8fcc9f5a3464bda8d7f7d91ec57109e11a23c4c19ef820270

                            SHA512

                            d645e335c422e25aef248ba103a327bc54a8348c2b376ed8f327c802c697660b51dd2139aaf3ac062d133d693f6926f07c9c1e90552aa3374f694a10f24cd89d

                            Download Submit
                          • C:\Program Files\7-Zip\Lang\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\7-Zip\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\DESIGNER\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ClickToRun\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\ar-SA\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\bg-BG\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\da-DK\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\de-DE\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\el-GR\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\en-GB\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\en-US\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\es-ES\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\es-MX\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\et-EE\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fi-FI\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fr-CA\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fr-FR\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\he-IL\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\hr-HR\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\hu-HU\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\it-IT\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\ja-JP\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\ko-KR\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\lt-LT\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\lv-LV\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\nb-NO\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\nl-NL\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\pl-PL\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\pt-BR\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\pt-PT\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\ro-RO\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\ru-RU\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\sk-SK\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\Common Files\microsoft shared\ink\sl-SI\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Program Files\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_0d751396-3164-4736-b931-4f59d47ff1f2
                            MD5

                            f11e0db3d850084ac76670ae30aee9ae

                            SHA1

                            dc0bf6c08adb9523a058fcb9ea23fde54aa3815a

                            SHA256

                            e82a3ab42ddf8475a78e89dc30fc8cb04a2204822ada3e5d07194651f232e1e3

                            SHA512

                            f99b7f3e26677575a0a4a71c4bb41c4491f404b11a8405051f9907a898e94d770230cd61d2d8566aea794d76c98abbcd3ca1ba68ce1a4c66c7b8770fd8619810

                            Download Submit
                          • C:\ProgramData\USOShared\Logs\User\NotifyIcon.7caa8043-5386-435f-b1be-763b09347256.1.etl
                            MD5

                            ac8c6fff58f0f7e104c253a5fc8b7191

                            SHA1

                            9b50c33265b6f17acc3bb74f9549f20e88a8b2d1

                            SHA256

                            c044ca7f73370b0d09d3f9facc59aed428e05afe518ae055e908caa437ea5626

                            SHA512

                            58d4b874fced4d65cdc97c133b0fc32b3d1e5a9d2011d47078d2729f1f60d8b3abe82d468ecdcfac1c539397a0cfff08e7dd852c7fbb3c33f18dc1826804cfcc

                            Download Submit
                          • C:\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\Users\Public\yOMHr.exe
                            MD5

                            31bd0f224e7e74eee2847f43aae23974

                            SHA1

                            92e331e1e8ad30538f38dd7ba31386afafa14a58

                            SHA256

                            8b0a5fb13309623c3518473551cb1f55d38d8450129d4a3c16b476f7b2867d7d

                            SHA512

                            a13f05a12b084ef425f542ff4be824bbccb5dbdfe085af8b7e19d81a6bcba4b8c1debcc38f6b57bc9265a4db21eed70852ece8cc62b3ef14c47fca3035a55249

                            Download Submit
                          • C:\odt\RyukReadMe.txt
                            MD5

                            cd99cba6153cbc0b14b7a849e4d0180f

                            SHA1

                            375961866404a705916cbc6cd4915de7d9778923

                            SHA256

                            74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

                            SHA512

                            0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

                            Download Submit
                          • C:\odt\config.xml
                            MD5

                            d110844a5c7d4fa94c5f84626105ab8a

                            SHA1

                            aff8a38ed01eba10faa125ea04b6e6f89f96f517

                            SHA256

                            fdc0afb3dda2b23d1fb1881000a67b8b0173ca8dcd650b2e3fd4bbd30ef9e460

                            SHA512

                            7b642507a31427f9aaa57d306e9499197ff6adf94157c847ae1471c56b9d19391d6b79cabaa41c2125f4ecb8bae21cb19be6fedb45178fe3ff29438595ab52a3

                            Download Submit
                          • C:\users\Public\window.bat
                            MD5

                            d2aba3e1af80edd77e206cd43cfd3129

                            SHA1

                            3116da65d097708fad63a3b73d1c39bffa94cb01

                            SHA256

                            8940135a58d28338ce4ea9b9933e6780507c56ab37a2f2e3a1a98c6564548a12

                            SHA512

                            0059bd4cc02c52a219a0a2e1836bf04c11e2693446648dd4d92a2f38ed060ecd6c0f835e542ff8cfef8903873c01b8de2b38ed6ed2131a131bdd17887c11d0ec

                            Download Submit
                          • C:\users\Public\yOMHr.exe
                            MD5

                            31bd0f224e7e74eee2847f43aae23974

                            SHA1

                            92e331e1e8ad30538f38dd7ba31386afafa14a58

                            SHA256

                            8b0a5fb13309623c3518473551cb1f55d38d8450129d4a3c16b476f7b2867d7d

                            SHA512

                            a13f05a12b084ef425f542ff4be824bbccb5dbdfe085af8b7e19d81a6bcba4b8c1debcc38f6b57bc9265a4db21eed70852ece8cc62b3ef14c47fca3035a55249

                            Download Submit
                          • memory/2232-135-0x00007FF7907B0000-0x00007FF790B3E000-memory.dmp
                            Filesize

                            3.6MB

                            Download
                          • memory/2256-136-0x00007FF7907B0000-0x00007FF790B3E000-memory.dmp
                            Filesize

                            3.6MB

                            Download