ryuk | d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd

Analysis

max time kernel
168s
max time network
144s
platform
windows7_x64
resource
win7-en-20211208
submitted
20-02-2022 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
Size

124KB
MD5

4bb18d5e27f9e75b211f8053a1e0fb4f
SHA1

4eb0d5fab83c5a92e442beee4b31a6cd7d05cf4e
SHA256

d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd
SHA512

bdb107f07beb782a1d90857cd3e895c7013ceb8b4dc78285014434214e9c34925e0c6ce8278b48acdcddeb1b430804f5a0c9398f7012f45d68a869dfd51fcaed

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Drops desktop.ini file(s) 64 IoCs

Processes:

d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exetaskhost.exe

description	ioc	process
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Music\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\E16QEJ8K\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\E16QEJ8K\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\ZZZ3YRT4\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\H2R8HLJC\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Saved Games\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Music\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Pictures\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Downloads\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\AKOZAZUE\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\SendTo\Desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\H2R8HLJC\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\AKOZAZUE\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\DBS3QI6C\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Videos\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Downloads\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\ZKOSACOX\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Searches\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\VL9MRVWS\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\E16QEJ8K\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\ZZZ3YRT4\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\DBS3QI6C\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Maintenance\Desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Recent\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Pictures\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\VL9MRVWS\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Contacts\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\System Tools\Desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\ZZZ3YRT4\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Desktop\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Links\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\SendTo\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\ZZZ3YRT4\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\E16QEJ8K\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\8927RJE4\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\AKOZAZUE\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\ZKOSACOX\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Desktop\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links for United States\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\H2R8HLJC\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\VL9MRVWS\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\AKOZAZUE\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\8927RJE4\desktop.ini	taskhost.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe

pid process

956 d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid process

1396 Explorer.EXE

pid	process
956	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exetaskhost.exe

description	pid	process
Token: SeDebugPrivilege	956	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
Token: SeBackupPrivilege	1212	taskhost.exe
Token: SeBackupPrivilege	956	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

Explorer.EXE

pid	process
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE

Suspicious use of SendNotifyMessage 14 IoCs

Processes:

Explorer.EXE

pid	process
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE
1396	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe

description	pid	process	target process
PID 956 wrote to memory of 1212	956	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe	taskhost.exe
PID 956 wrote to memory of 1308	956	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe	Dwm.exe
PID 956 wrote to memory of 1396	956	d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1396

C:\Users\Admin\AppData\Local\Temp\d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe
"C:\Users\Admin\AppData\Local\Temp\d439abbc0c204aa869991837e62e7a5ebf30f5214e6f648c78dc812d4ffd62dd.exe"
2⤵
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:956

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1308

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:1212

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.RYK
MD5
20b57d2774cd1bad4b343859378bb4fd

SHA1
52e1268fc518a7bc2d11eefc88a5c56b3cc9e7b7

SHA256
1919fc2c77d338b442eb67f1845f4f96799408c45e8f3f856e7f3ab54db2db05

SHA512
b10b72f2d6ca64fc8f15b7e02cf3de16c3d80f7ec08e13fc431943a7b5a03af05f990b52d38aa44d26e93eaaffdd83e031e89b6c988b1754ee67050cfe5dddec

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\ACECache10.lst.RYK
MD5
a32c39eb93a63303a9505efe5cce30f9

SHA1
6384dd182f93e2c7a826529d501d09302724eb50

SHA256
d33bb267e2f8607ec285876b601632be0196630f9a0f4d2580fbf83587b8bea3

SHA512
a1d42490837ec572c6346352271fe8e67616db718acae7b3538a3f931144a688a3b5fff18f052e3e5fc90a42ac79af34eeb46370369be5541a82164bf6fbc53f

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.iccRYK
MD5
dc7182936eff83a1d1eb28ff35db0dd4

SHA1
140fca85224ff01c88c15d37fbdb01797f2b945c

SHA256
5431894cf4c3a0033a2bbfc3456ba66d1eedd0d7bc524e3279d02753ed79ff76

SHA512
c00f3229144d704086cba6b214adf585f6818abb540cda8730812ae6109267d1743f4dfe5c18511826e0c12c5a9afe9266a8e809dfde33526819ae32e43badfe

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.iccRYK
MD5
739280bc0e8e180fc412645e3fc57048

SHA1
09dafa137d196843bceaa4e149e8649dda68864c

SHA256
49c8db25b1f6b0d52cdb283a0997d07b1c2027648e84ac036d519a34aae9359f

SHA512
cdbeed155aa3bfc5078419ac2c6dfaa01d193e4977b26e56c5f0b544c035d255805b817870eb256b3ddde68f64d54b665787ee6d2546ced202700b0a594dcd6b

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK
MD5
30eb9dc04f3f343c454516ce6de97bfe

SHA1
dbf364b3f5707a5e33459d27471d5b53c91864ef

SHA256
fb794b894153da51bf9f6402d3feecfd524129147acab536b6cc1107f5d93f02

SHA512
a39a384880f75db33dc168d11b5b4647b732c1f0ebc318aa426d1de32a9325a868a8fecc04602fa323b9ff7c24140d70406077914a23c532ee209d791b58881c

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK
MD5
b43056d01e6d76e5f224056be26ac6d5

SHA1
674fa5b8b795d961f1df106084f2d74c002763ed

SHA256
dabc014d1f7e65ce194e5cdeb276c3904d5f18a760c9a49f63381b8e6730a372

SHA512
53b3db53153b8bc92f16a34221a49ddeac8e81d0b8612a50659c021c91526253bc92340e401990ff71c20a2eba0d2489212ae31e0a5ec396e96e30e534a8db1d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ASPNETSetup_00000.log
MD5
bd8521ef4a007b0ee73669f5b608f5ca

SHA1
b65188e84efdc553c414670fa66fb93f655f616e

SHA256
e3627a01857a86f57a08e5ee5d76b3f7726ac0e022eb6b9f8dd92b9d526a3d39

SHA512
b2cd0118d7f568ae7238e1b62012bc4f722635835f739ca84e939f4c12cc09daceec76ab4b7a8a04fca91447265c0ffe5f2d67f98b2c231f46b75de151744139

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ASPNETSetup_00001.log
MD5
9081555e7a84169eb79ea824378c1423

SHA1
759b3efa5b8f99959819113b43f07732a36baeb7

SHA256
04495d72c0b8e49ac199c51c5cf6ca702a9cc9a3fecdbe25437fb3b29b39d133

SHA512
e526949ffa36d231a5db20f079b198a9b82785db5f2e19c2dda47121dec16d972e31ff1e3ff43d8555e41d70f5870205dbbb664eb102b1ba5c8a22e41bed3194

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Admin.bmp.RYK
MD5
fcc2e4e3fa671cad3052f74dc7bf4956

SHA1
9803dcabe382bdf22e322203c8554ee5e7f2b826

SHA256
b3c0301d9b59300e15a531ef0923432faf4367cfec1ad4b8ede377b2fb0dfdc5

SHA512
c1ba4c2c3ab1f150878351660807874758f902a3a57c5f9b1cb89ed99d07ee07847f4856f260d6f64ec3c4c26a65ebcfc298964705f553acdcf074fa7b147eab

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JavaDeployReg.log.RYK
MD5
67d7b72e38f55298c8dab4c71f6910bc

SHA1
29808faa36f225e841f07cb840633db8c19e3131

SHA256
fabae3ad5337f3301159ac39677d3550bfd1f8b444d91bc9b87764aa3367039b

SHA512
1df359c32ec4979bcb653e5d8ecb31f771ecf4ac42300d5ef68d433ad289d97642921370993b9529f58c812f876dd20f44dc1a5371c0010b8e2f892264fb5fa9

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Low\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGIFCB7.tmp-tmp.RYK
MD5
a77ee259b8352112a79fdd366facf0b1

SHA1
935512c8f4aa99d98789ae66a30ff249eb8a452a

SHA256
e8dc7e2d05afd5dedf2ca98f80ac33e7bff642c18f651cae8e04be16197af5f1

SHA512
e482701ff5b96c74e2508104936b8832b595e0e8e3234cacfa1dec9b5fb25b936b193682b695c5b8ac56582ab31af42a36a94670a2b5928718519caec422301f

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGIFCB7.tmp.RYK
MD5
80c13b40e4b7c3ba04cd32c51b7a5c7f

SHA1
5a1e7bfe2c315d7b30eaf992411428d3c2978457

SHA256
ee8d985b746bda1e6b2a0b5f98fbbbd8cefb39f23e07d87cccb824c9b360814e

SHA512
0cc0de7f727c608391ce2c0cf4d5e897224fec447e3b6dff40b2069e29e301f267d56851a3530b46aa04ce83d8b2b86d47bd382898059db496ec27c68093c1df

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome_installer.log
MD5
19ef91ec03837351812bf8c149cc9ce9

SHA1
0637c5147839fb84fa40477faf8879f0891122b4

SHA256
b9ad288b58a2a92591c4ed0f98d6810ff52e5d7f88e15958bf9329fcdd79b336

SHA512
ee5589449b131fa395378af4e409935d65ce802bbbe6b9ea904c7d1cfb6d13f63ed5e133cd3d74dd9ef3082ad5b6eed543b2fa9e133c24147466fc4c4eff5aba

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_SetupUtility.txt
MD5
06a0d0b38b6246b8b937193b39bdadb3

SHA1
690ee4e260b8e61c7a65fcc3c7d58d203686327e

SHA256
a9afd6fdb9bb675c63d57828bfd937f246b12054c8189a96a20bfbe0a35ff482

SHA512
5690edabd646c7e21cc31b8b98535b1b300532a540155fa1b41d0ef54aa3c17f8ad278f85a3054836224eb1b340c6308a591224c1c920c44131fda6a1a127c73

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_vcredistUI1E30.txt
MD5
2ffd32976883d0e2659a64fef9f70975

SHA1
8d3bee0f1e4c6596fdb6be390dc4205e50e71859

SHA256
3d710337aaf370fe7f186b714fdb8fd5f3e3570af6827c807419f88cb968b20c

SHA512
3fac3a333300e1b1b1693872a0087250e01d74299813ca8bfe881465b7ec3fd2c1c6ac5c078cdf031ed17d6095e3db924160c4371da456e603604ef344139eea

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install.log
MD5
48f7c9af524a0048d83008c7984035c9

SHA1
7aa3a85e933c98a5a09ade2419e3dd64223b4fd3

SHA256
b7d5e41623c26d1a8ed69ecd30f3d50aeefc98ac759aa05845e0a6b2ab37fca6

SHA512
bdd42dea576fe453ab9b2cdaaecb6f8bf95898ab54f3b426b4ac6e8ed2d81a85a0fe9229c345289f57bcf28c7365a7d86583d96a366624e0cd18120439b508cc

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install_reg.log
MD5
57740929e5f5f6f4a49f4da41005d6cc

SHA1
429d6382adc5c4b6de5b8f7eaff69d68bab24baa

SHA256
4753f761d3ebacc80858307e8cc1274868855921b9dfae08640723ac75256372

SHA512
b1ebd599b7fe8e87baecb18d1fa82d0640daf76db3d60670ea4a05a9ae899bf7d6998176dd8680e9c3abe72fb23373729c1b5b7d53d6909a42b23609d26f92e6

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log.RYK
MD5
9cb0022c807124216e877118c847ed8c

SHA1
c4a78cec3111c47c3bac3dc1cbaa72aa496daff7

SHA256
5b47ec31bb158f40890dfdc312aa58900518661614f744d1a56c70287713336b

SHA512
0837c3f004b359dc4a0d648f87ee9e97c056a3b78076170f332e725501b43f4aff3c6af15489a438999a26aa7563c0cb9dadf931738af41cb7b2294bc75883e8

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log.RYK
MD5
fc9320f6abeb47e4d186012f7c03604d

SHA1
fc853544de3cc41c2fe070f4bf99ab23dd461d98

SHA256
68a90618629e4de7fdcf95cda8894c7694f91010a12dc75ca773b300f509c5e0

SHA512
62a16a427972d951178939160f70802a0acb0a09ed6a34c819bbf58ebeba4421eb71dbf8f6f026868b635301710ff25a2e959e7d44848f88f1583d4563ce61b8

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK
MD5
502587bda2b05e9382bc8756fb2a6cdc

SHA1
99fa6dfcf944a024c1d5aca9042cbdf62e73209e

SHA256
c05c65010cc440a7165bb881b7335378e6261434336303a8c0155af196cb9f95

SHA512
6a4db68bbff5ab2c2b7a69fb61a4e14cca293782a9e418f87bad368367fe76f7cf33e304fa54072d272a8e76aa82aa7c36ba7ce02e1aa4b39cd2278c55544f06

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\E16QEJ8K\desktop.ini
MD5
f6253e2336b9985bd04b5e0a4b92877b

SHA1
1420e775577d487f676b6a30040f7a5c1b634cc5

SHA256
395548d16c04469584b8cb3339d987f36b896275333530fac496fe9da33101cb

SHA512
2b7db630bd064522ece804ff244f01ceaac5d4886c09f297bb78fdba8173970f739f6d7a926daea9963cd2632a9b279691cb2801abbe038d754da9b6a574730c

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\H2R8HLJC\desktop.ini
MD5
0869a6105d4dffe403948e39d2b6ff48

SHA1
b79f9fad9e942c6f0c58a7403e6eb377cbbb15c8

SHA256
25a54f121ae519a857de02235612504cd99d8aa905fe3fe2b0f64141540fefd3

SHA512
0b64cb76ec7c337eb049c72217bf41d4c8f73bbfbda694901adfbc77fcfa19cadd5fe91d1cb4823b91d40d7fe5cdba91177348af06f00bb638add30d7b454abd

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\VL9MRVWS\desktop.ini
MD5
5292d4f7ffebd09c8b0ab10730921e90

SHA1
a33bae71a9c8b4e60e57a536f2fd648406a570f1

SHA256
a7141f1702c212c5c76e1463e0f9bdc803d6a9ea11a4fcfd267a94b073ede335

SHA512
a72958d2f682bc66f5e9caa1994a355d95184ba0bf4db524a324e91c19edabf4c6e9b377f23eb82565e420f61a7c65540a987d8d9ea20bd67819a3e795309666

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\ZZZ3YRT4\desktop.ini
MD5
33ee2e913660936e5e6eefdcb77fad7f

SHA1
c8cdb581310a2bf7eea970c1f68f8f2539c9bdb1

SHA256
8021338c3ab55e718d628723ace809e000a870273f60f5e72e6b38023c004b14

SHA512
30e905acebd142625ebb459c401f4cb1f0a84022495113581d6abcd8d88f56c5d769ea672bf3827257d06ea12362aaa7a94b99297a40c4971f65b4a3bd9dac10

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini
MD5
5e002b0204a34714b39eaf6b9ca2573c

SHA1
df9cb15fa102f8bef8af5c985bee8ee495e303d1

SHA256
f1c94d0e9ef813608283f6a7c836108869f7c6c6cebc16c5fe1a8666e9ce29c6

SHA512
39c661ca53e901145247cbb919d669c99a2b964d7e9827b59571dca9836d2798586a26167574ce2ed361e83f40a2d06eddaad816484d4bc81435755e0fa8fe67

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt
MD5
73625b5417bb1bac3a0257a8441c45ef

SHA1
9082e37ae7282ddbb11e4376a18ce0f4aaa1ad54

SHA256
b700702d18ec1a9d7a021921e5cd94e9ab4756ff76ac86757b4b3bb436454006

SHA512
0f616ac7a40199e822bd5e150070a2c2e5ae62ee7dd81d97dd148b42f33741d3e6b1386f7af15d5b50c44bc00c423aea050d4828fdd69878daf2ea3c75e67353

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb
MD5
691c0aebd31c3fc04203ac0a42e8a0f4

SHA1
48c9507004c2ef017572f5da87fe1a8f09d70855

SHA256
572cd54f68facfce32183fbf86c99dda88602d435a2d4e071eb784e5dccf67bf

SHA512
1049dea5037d200e5fab3d5e98c04277fedf414e9faf4129022e4d465a14804208a087ed614da3f03de654f8e2db7efd6d32dc7475463faf27ce2100aad222aa

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml
MD5
bd155898d0f571a22ae15d748f6fe0e4

SHA1
ca3618ff5debccccc633384690111ef4982945fb

SHA256
747ddf810ec8d5036fc76326edae28e8213337219fe241413c3cc6479ff47d8e

SHA512
28097882a19d90d9df815e78f4a1e7a765649d18ac9db50a1e817bb74fc873addedf85019bdc73f6ded6e515a17ca88a42fbee0d5bcbd3d1e6751161ba897bf7

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\AppData\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\Admin\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\Documents and Settings\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_3bd845b8-ce6a-4337-9974-31490196462a
MD5
93a5aadeec082ffc1bca5aa27af70f52

SHA1
47a92aee3ea4d1c1954ed4da9f86dd79d9277d31

SHA256
a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294

SHA512
df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

Download Submit
C:\RyukReadMe.txt
MD5
42ac10b17dec8f69e4407d67f609d31e

SHA1
1b34d8da6ae28878631afa6e9061c03bfbe4272c

SHA256
0dbe2464ba83217256bfb9831a18d04111439f1330a5a53812e7c9e89a2443dc

SHA512
930462579bb90693c0eb0a8d63dac01f23f2d02eb2ae7d87ea3a368857926a8b9a60fb7e501e0995309fe115e79668a19c56a7bb1e6ea500e6ab407b6c56ec0e

Download Submit
memory/1212-57-0x000000013F520000-0x000000013F8A1000-memory.dmp

Filesize
3.5MB

Download
memory/1212-55-0x000000013F520000-0x000000013F8A1000-memory.dmp

Filesize
3.5MB

Download
memory/1308-58-0x000000013F520000-0x000000013F8A1000-memory.dmp

Filesize
3.5MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads