ryuk | 9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17

Analysis

max time kernel
172s
max time network
157s
platform
windows7_x64
resource
win7-en-20211208
submitted
20-02-2022 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
Size

130KB
MD5

aef8a240881322a88d3dafcfdb19ed8a
SHA1

29abad9d694a43dafa56e589b07d007128f3063b
SHA256

9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17
SHA512

2a27de732fa573181aa2141edfca463324f60905ecc56702b6564d05dd7bf02d06201d4c71edb989ff89172016e254302752ae5ec5ab300176db569716c89268

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Drops desktop.ini file(s) 64 IoCs

Processes:

9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exetaskhost.exe

description	ioc	process
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RO7FJFDE\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Music\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Downloads\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Searches\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Music\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Saved Games\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T7AS43M2\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Links\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Desktop\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links for United States\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T0STXTA8\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Videos\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Contacts\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Pictures\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Maintenance\Desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\SendTo\Desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\System Tools\Desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RO7FJFDE\desktop.ini	taskhost.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe

pid process

976 9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid process

1292 Explorer.EXE

pid	process
976	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exetaskhost.exe

description	pid	process
Token: SeDebugPrivilege	976	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
Token: SeBackupPrivilege	1140	taskhost.exe
Token: SeBackupPrivilege	976	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

Explorer.EXE

pid process

1292 Explorer.EXE
1292 Explorer.EXE
1292 Explorer.EXE
1292 Explorer.EXE
1292 Explorer.EXE
1292 Explorer.EXE
1292 Explorer.EXE
1292 Explorer.EXE

Suspicious use of SendNotifyMessage 17 IoCs

Processes:

Explorer.EXE

pid	process
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE
1292	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe

description	pid	process	target process
PID 976 wrote to memory of 1140	976	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe	taskhost.exe
PID 976 wrote to memory of 1252	976	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe	Dwm.exe
PID 976 wrote to memory of 1292	976	9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe	Explorer.EXE

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:1140

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1292

C:\Users\Admin\AppData\Local\Temp\9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe
"C:\Users\Admin\AppData\Local\Temp\9fe66773c84d371ef1b424005996ade4d5e16fb00306a1d54b107b2b2d03fe17.exe"
2⤵
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:976

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1252

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.RYK
MD5
50b3f2fbf1fd004bef5455c39d6c9967

SHA1
e1bfe81aa3b3d4e847f9fb229c455a1e9c6ee87a

SHA256
d6dacf3aa9c57feadb5c9e5dfea2c9f549be4b4f054cad9fc115e6ee3e172556

SHA512
0be90b31e14fcd075098241b5735173604e34651b2716a4fd41d187874be9547873889883c4cdd88a50f34e739858d58bbad6970753ac237711f29ff7629f3c1

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Adobe\Color\ACECache10.lst
MD5
6067eddd6450593fbc7fc2b2bfd5cfe4

SHA1
a8d44f6e88d8f72537a2c74f99e9715e2a5ca9d5

SHA256
6504d5a673ce2d8d70848daa5bdc7b25180202af776f4de19ccc7abe6270709d

SHA512
68a611a60fc16db014506617fc265766cea7d11a2220891dcd1561df9be8d78ece3d4692b8130477dd3c3d6f0fae07911f5a8ff9db6be19328b0cf2eda9a565d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
MD5
31d8277ffe3e87795ab37fd99c3df05c

SHA1
c4925ddb6567578ba5a51cfae5e4a324250c5bef

SHA256
9a096ca10a36389a8c52e0df069ce4619b90c559b47159f4c579d803c4a961b3

SHA512
b9b85fc3fd1bfb875419bdee8c9520242a59765b9f5a2ddd79b9ce7bdec15aec98a98d4e87a22da3da41d113d1a4b0abef360349af82dba64cebd55c899642ba

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
MD5
31d8277ffe3e87795ab37fd99c3df05c

SHA1
c4925ddb6567578ba5a51cfae5e4a324250c5bef

SHA256
9a096ca10a36389a8c52e0df069ce4619b90c559b47159f4c579d803c4a961b3

SHA512
b9b85fc3fd1bfb875419bdee8c9520242a59765b9f5a2ddd79b9ce7bdec15aec98a98d4e87a22da3da41d113d1a4b0abef360349af82dba64cebd55c899642ba

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wsRGB.icc
MD5
31d8277ffe3e87795ab37fd99c3df05c

SHA1
c4925ddb6567578ba5a51cfae5e4a324250c5bef

SHA256
9a096ca10a36389a8c52e0df069ce4619b90c559b47159f4c579d803c4a961b3

SHA512
b9b85fc3fd1bfb875419bdee8c9520242a59765b9f5a2ddd79b9ce7bdec15aec98a98d4e87a22da3da41d113d1a4b0abef360349af82dba64cebd55c899642ba

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Adobe\Color\Profiles\wscRGB.icc
MD5
e1013dfaf01055b78fc27c92894c8347

SHA1
032e5cf3efd9902b19ef330fdb05b14bcf54cdb7

SHA256
9015d29c2e87429e1614c9105a4d08590e959cd7524c155f0169932bf590ba44

SHA512
3264e6910304df57e61ac7ffdca76791e442b3395e52e80798c132d3c04953c239d7cbd81f807b714824eada7f68dd9a88fbb62616bd24a2e554dff0fc2e7d9e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini
MD5
423e40086627d3047147593380ea8ca5

SHA1
f784ca440b21ae4f672f49de1e1a2d691e06cbd8

SHA256
2689967db24241712d22c484dbf92b89848a405267fb23b7ff5173283dc6b219

SHA512
a53d7950e8d5431dc9487761da16d467f29935a472fcfe6bba3c3890c57774a0d7eeef99d67306da60f85cc171934426304095befc9182201583c1a6ef7b3663

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db
MD5
e5e8af40077dff17ad3baefb8d5a3782

SHA1
090eb835c6dcc45b3b18fb5d28c8b131117ccb99

SHA256
e9c21242c9bd9be0c289a3d11f4c4234838b2fd3410a81a4f1c2c0c26415986f

SHA512
4e596d4973ccb6486740563cae43500855b3fb1c23ce49cfe86a494e013d137b2258d379687d61d267f127f6bee14d4fb75af600be73b705ea4ab9d0a87d0d61

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Low\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGID605.tmp
MD5
38762a14d4971ef8a688f9483277c97f

SHA1
e99c116f42d3726d30cc58a4f2d7ab35937054b8

SHA256
7c1f0c51097a3dfd1f6cf3f33918b52d7f018bba30d2643f8c94a5052db4e9fa

SHA512
a0558b0d6c794c910ca71408d24c35eecacb263574b727f76c48c4a7eb2328144f1da218a06938ca3dda20df4e24e80a7bb59e9dae60ee237e8454511f78f843

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\WPDNSE\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome_installer.log
MD5
6dc9d8463dba249d37c271f9dbe2a344

SHA1
0a43bd4bbbe908271c480cc6e3bbb163ce24c477

SHA256
ef5c8a485ef3db5ee2923d0d4f58c864fcaeeff56304c5608344f694787729fa

SHA512
dba0c0e3ced58c088a354b86c09c2c1544ee4e07875954472747528db16d5dc4c16831fb83234c06a8fff1303236262065515d59f9899d56d8c1e197519b1ccc

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install.log
MD5
367bafff650d08397b3fdeb2aadefa41

SHA1
2c1b5bbd55f05fbe8d84bbef767011d568f78ce6

SHA256
707d5f9b89ad3a5315b64a1502035cd76f0f4be0f872e7cf23a9004c5e1f939c

SHA512
92f4d341e6427eca3255743d97030719e9b9fc26e5dfa99028718a2868cef3a8c1b36243187ddf492e5418f8cfb0e9e3876156309a48109940253b681f99e9d3

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log
MD5
acb6e70e1d1aa7ff03330b0f298e9883

SHA1
4603e8e71b5e957a73f11b1334600ba2b8a0fb63

SHA256
0135ca5da840ac3adaf43b1a87bb00fc52be7c4c67aaa03136ac894d641c16eb

SHA512
7bde39e8d5ef219e78cfae50854e7f4ee0b14e64dd7b69e8f58b1dff67c0e4332bfc53d810238ab391b194df7c6fd49587418af79061264a091ee412dfa230dd

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log
MD5
cec93602bff0b1508c4d83e36b4af13c

SHA1
dacf344cba9c11df17da29b6f38feec6f2630a7f

SHA256
69e26529db3efb68a18211439e1cdffed08656b3d37007841ebd0ba896d1e8b5

SHA512
94fa5e73f089eb8c053cb83d246308cb2f5ea88ef3c1961797d05cd6b7b750a491e87bf9a9ed6b894e5debb280aba59c98c5a4d1e07390162f4b0787e7b4c6dd

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini
MD5
530840ddb4af161aea11de73b1d2feda

SHA1
118e37512bfd4fc3a6bda87dcb6000c9e9289896

SHA256
22b22732484a1fc15cc19b15d85ccb615d0ef08aae09d988c63d1359d31cec1a

SHA512
c8c832f6e6c8cec5de4fe33debe70a6b9c59211616516dcf261b04bf58bbfec5869388be8947087814ad97610587c940f57a892f37badbf7ec32252af7d54243

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini
MD5
ae82a8e607fbb6a828558ada4ff266ee

SHA1
98cc3e079494f683a9d6b8f05bf6f0ffe35e4b76

SHA256
00b55758406a79006cbfd460c5e5e798a21a7e05867159a244c4373948659d43

SHA512
bfb2bb63fe386c58d976aa71429d31f76b39863107583d8fcb73ef562e19e0c345f3856ae2ffaf25e3c1d3fef40edce32f3bff6c679a06363f4a67cc70bbfa8e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini
MD5
750e6a5b84dec99848ffb50051fd0604

SHA1
4ceeb0d58e611cdcaf0e69ae80dba52e68ea6bef

SHA256
b6b84538b333d1384ad3432e18bc62e31ff1135e94e5c833dcf950d4eeb080b4

SHA512
59bde0acb175a89c53a129cc455ec4ca770c5b93b79279ec5bfea14512830e8bbee75fce2fc8b0bb785c13f5cdd6b680059d16da499c692afb616046c3012d09

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini
MD5
1e42bde26accc334647624ab16412a52

SHA1
e8aa4ce34105a4969c06d4163a2485bfbc53f713

SHA256
34d10bb259b3197b5ce7d6611817ab9c5cb897ba862cbbcb90ec53957e7132b1

SHA512
951c2a538fef2465bfbb36645b7ca37f422d789d6356afa1f5a172f2aa3924f1fbd5ff0a7ea73dd74ed394f177c563b20e69fde134c2484be3d2e47b6cfb9e42

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini
MD5
4c4607086eea303132607280ca6f7a6c

SHA1
5757476c22b230f057b948ddff78b93d52cbd3e0

SHA256
33e755e49ae9ad60e26e4fdc3c4f5a7179cc54ad512e29695d0301d4745d5713

SHA512
a47df932b00c11520825a2c00090ed3cf5eb0ce17e2daa05180c8ccd97b95d72b0bdfe06aedcb3603bdbe8658b12c2c11400684e9c6dc8db43195e4bc7ce5584

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini
MD5
18b967db686a2d7d04e723973784586e

SHA1
49b4ee6dd6558a4263b445f7b4e8a69325e8e7c3

SHA256
d93c2ef3660c4dd4feac8723872054984ce66108739a9c04198c5f2c5a6947f8

SHA512
d0612efe58a9e09865c6d397d60acc96270885f2541d2e1b4a1d1edd2b677195b3c5c99f0676070c4ef101e693b1b836a67f4a6f1191c3119e110b5e07be6c2b

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak
MD5
1737e2a33c2a9457b5951ceb7708038a

SHA1
fbafc0e2cce5b609fe82ce735ef502b46b7a339e

SHA256
b56c198e8e5cd3f970af404a26f06aba0f408fbc56ae4584ee943c890f97b1fa

SHA512
13e9ebc693c360ba7a5a89bac25bd271e7607fc15b0f2f0115bfb2635a75a2ae95c39dc18219b3d5a0f603db23fff70a4e278de6d995b39753dfb982845a235d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt
MD5
b0b9d7d80e94897f7f383d7cd9d59b52

SHA1
550c921474a9e3f5b4a711ddca2b4948acedf1f7

SHA256
f5ec548ad1fbca404bf032752945db98fba2e76e386098d19f3a5a5936a1d2fa

SHA512
63c155a094aa87c3694f135e997131f49c5aa98c2bbbdcd6f42ec6aa7f82208c8e58df8323ef2673cd0de948a5031c921be6d2fccb605f049381a82c671771e1

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb
MD5
763e9b750f2e3aee9c63ad66fe8c36a2

SHA1
5b42ff9b443e80349f47b654e9c835c441f40a24

SHA256
3fb05b7bf75fc45fcb6d4aa863261c20f479df98c8886dad9eb3e2dba8739c39

SHA512
6ccd5cc1bef4827513484ca20c5f06925a750782d6c024abf7c398873a27addfd50e94567f1848ccf934dab9dddde6834079bf3b3ee62b5c4066ae18a76e5d11

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm
MD5
980f020e7a847e6a5102fed314daf30e

SHA1
7c2583f473478445ee30f918524e89b925e64797

SHA256
fcadbde5eec4986b9227f7c6e3a2ad8c7dec01a50690499b4c84451e1a1feb53

SHA512
666f8fd7275545cd26b1e1a1fb2ffe153292b74bb129c46417bd59b9e64c18bcb287269f62931d7f2f574bf2778b4c9746c99b521f1fd112e62d7c1d3be21dfa

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg
MD5
05fa39bedde2f73c03a1897e6d13d4c6

SHA1
44989867fbba3178b63ac517307fcaccf6a397b1

SHA256
3736523d93b6c50edd5ee86c53c5125b4e64e01fd44160819b99278c3d88e78c

SHA512
e66506717b3b68a0f86b6711f070542615c4beef6b791b03b00dbf5f49866d8c4b2719a473fa5f391aa599081b56a584c0f4924ac678116e6d49d1864d247cd4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Music.emf
MD5
dab430269417b48ecebf3711839e0db7

SHA1
f0f31bf811a11bc917550f7457cfcd93bec4ef75

SHA256
a7d31e96c514421cf66a2430330b074274714c50cab7f93831735adcfccca883

SHA512
3e6e5dd17be81b0a4b5a61dba4d59f685c654b8df3d3f356b9864d38bea8f4c941c294e43f729e43c383860410183b991c95c51d59533e9c4df327c76286ec8d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.htm
MD5
fa2fbc47358beabf4665dbeff3a585e8

SHA1
24451c2e50ec54c2b48fbf9bec0d09ba38aa3187

SHA256
08ccc235104e6dd10f3a3443dde6f6f9a3f8f29acb06eea0d63fb4bb75300644

SHA512
cdd829cbcc049ada7ccfd808166e1929b9654439327cde66d480b7f476fc2e0568f2a46825b6ac843a9da13f268f05becedfc6176df758404267eb52750e58e5

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm
MD5
e420f9a48eadb6cbff5baa3c0a70df37

SHA1
75d00911b1a349bab521d6f20dbda1ed6dbb8640

SHA256
71743c954184108756070c1adcfefaccd44919d008ac25ee7da3abaeaa807728

SHA512
cb9baadf7b3a09df83c4c1aff54accc1af08d7f4499acc6200462e59f09390f8083a506070cd977d5ab3b79015339355db0cc26aa9b3a99b59bc1e12791f1d3c

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\Local\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\AppData\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\Admin\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\Documents and Settings\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_bc8e1036-7fb3-448e-8ad9-a824b1a03b8e
MD5
93a5aadeec082ffc1bca5aa27af70f52

SHA1
47a92aee3ea4d1c1954ed4da9f86dd79d9277d31

SHA256
a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294

SHA512
df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

Download Submit
C:\RyukReadMe.txt
MD5
1e920d0d93a5df1b135bc091d1f72728

SHA1
423d16b3950e50f5b5e9677a92b708bad3c9d440

SHA256
18fb3d596fb7bc197d0ec8eca275dca9f1de473f7e9157d03a9850305077fef2

SHA512
0eaaa191cf984e13740405610df18ad6db649d5abb4bb865acb4058c69862ecefbce3aff99147532066771f869b626c32c3b5cc05774bcec1a544e0826d87a48

Download Submit
memory/1140-56-0x000000013F040000-0x000000013F3C3000-memory.dmp

Filesize
3.5MB

Download
memory/1140-54-0x000000013F040000-0x000000013F3C3000-memory.dmp

Filesize
3.5MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads