ryuk | 68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218

Analysis

max time kernel
178s
max time network
53s
platform
windows7_x64
resource
win7-en-20211208
submitted
20-02-2022 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
Size

126KB
MD5

3266352bea7513ac3ead6e7d68661ad3
SHA1

2c8ea348cc80ed41737d3d2d8cb5487dcd49d040
SHA256

68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218
SHA512

e0a1676a5426c6fe156e9c382d54dadefe7824485a3cade62ebe8000a36292ff14382e818dcf640b9f0784f6ec2785c643d9a3ac7ca562992b6e6f947b458f42

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder. No decryption software is available in the public. Antiviruse companies, researchers, IT specialists, and no other persons cant help you encrypt the data. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions.Send 2 different random files and you will get it decrypted. It can be from different computers on your network to be sure that one key decrypts everything. 2 files we unlock for free To get info (decrypt your files) contact us at [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Drops desktop.ini file(s) 62 IoCs

Processes:

68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exetaskhost.exe

description	ioc	process
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RO7FJFDE\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Videos\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Contacts\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T7AS43M2\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Pictures\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Downloads\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Links\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Saved Games\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\System Tools\Desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T0STXTA8\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T0STXTA8\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Desktop\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\My Music\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links for United States\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Recent\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Startup\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Contacts\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Searches\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Maintenance\Desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\RO7FJFDE\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T0STXTA8\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\SendTo\Desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\T7AS43M2\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\FNOUQX38\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe

pid process

1496 68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid process

1248 Explorer.EXE

pid	process
1496	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exetaskhost.exe

description	pid	process
Token: SeDebugPrivilege	1496	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
Token: SeBackupPrivilege	1120	taskhost.exe
Token: SeBackupPrivilege	1496	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe

Suspicious use of FindShellTrayWindow 11 IoCs

Processes:

Explorer.EXE

pid	process
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

Explorer.EXE

pid	process
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE
1248	Explorer.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe

description	pid	process	target process
PID 1496 wrote to memory of 1120	1496	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe	taskhost.exe
PID 1496 wrote to memory of 1180	1496	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe	Dwm.exe
PID 1496 wrote to memory of 1248	1496	68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe	Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe
"C:\Users\Admin\AppData\Local\Temp\68c11bb87583954ebfaa576a49ff91344e011c2717686f152442b0036a69d218.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1496

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1248

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1180

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
- Drops desktop.ini file(s)
- Suspicious use of AdjustPrivilegeToken
PID:1120

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.RYK
MD5
78afcb3bcf5a46447b4cb16a4a7f1819

SHA1
a5a75f09db49ddb3adcd303d480bcb71df9d3e38

SHA256
a86651bdfb808e91381c65739cb52cc667f940596f1df9dc855bc1c6de04ffd6

SHA512
36ea88a2fa55cd45f58a1501c17f2a07a12917327a5d92329a9650ee720ea913354824dd6ade5250934af67a988abd6177438934cb8225b0eb7bca7bd4591e5d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\ACECache10.lst.RYK
MD5
1a59196544c7ab636799f58cfc353839

SHA1
4362149f9905d2a6ff28f47985cf94db9161c446

SHA256
2a0acccebf41131f5c60e1f3ba00842b40a81a6b9c5863017752e22781d2c09a

SHA512
de6698e6fcabc74abed2ab4459002614975671d0bd38c96a73e603e1e5b0fed1972753c6cb6abd03c36dfe070cc40f9b643b446948f538770a2bec881bee144e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK
MD5
65d5e3dac2c43d229b26fead39886edf

SHA1
1ffd4a8a3b71d7713a99ec5c161fcecda865f56a

SHA256
9885893de874ec6a1789b3b617d01aa16ec74fc9b1d3e68084136f48f6456736

SHA512
7bf7550c708152e09474b6deef70bc797aa0b69f59a30acb63b19aa4f0654a90f414ba7b36a668e890f4266b07c4b1a183d5b4e0ad1b20dd64942ed701abde7e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK
MD5
f953dec612777cc94ada3d7c896f639d

SHA1
cb546182899c7d3c6f6dda40c8d631fc4ee0aaeb

SHA256
cc32f5daaff2595d0a44aa38d57f0edf3c7c1f545333b35c0543910084e8bdd9

SHA512
9825e9b2e285c71b9c918dc38949d4fa8d1ad77e44dd37f5e0780b6bd4f4d46d409d01233be320537904c7b37d6a639d4ebc4afa672a6fcbf10a6ba3b6a0503e

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Adobe\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK
MD5
4a8e2d3813b081e865583757ccb86c10

SHA1
5d300df715b61cd482bdccca772116252916be3a

SHA256
98b768698eb6cafae6f016253b1b31a8adb841becea68b9cfc39866d5019b2fe

SHA512
fe04cb9bb690670fc8289a0b539bed4a01ee900eccc107345e6cc853f7ad069cc612095b5a1e99ca6eeaa13607f672cb09cdc9e525b8b1745d5f7d51fe3a8bae

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db
MD5
9d0abd5915c6d76649965f3d1fe2e664

SHA1
7b262b95ef25209dbc910a0661502c41b540f33d

SHA256
40d9f0fb10501679864054f86a1a1560023a7a352fa087e8ce7f5a8f8a946f72

SHA512
63086d2b66d47c48d17b6d813adced27ed1779054b5c50813151793cdd535a6a3f2970686f3ce0ea41a303e6385bae55131718a1b18f5d6dee93c9f19b65f548

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ASPNETSetup_00001.log
MD5
5a6fdfe7fa060682fecb5636be108afa

SHA1
537683ff520313d327b9b615c48e6b46b7c7b189

SHA256
7eed3840906999c51ed9b961c935583d52372aa81e475c898137e9fc3efc1b49

SHA512
bd8aad2f078024424d48e2d3c7052784bf957a47d604d8bb49a1d560a3ad4ce8a0273b48a5f2f08217a834d129fe61b4bdbf5d20f5b211911ce045199adc47e1

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome_installer.log
MD5
6ec7865a2d0803517ff3197a5088a004

SHA1
b16f4659a26a3dab476c27f05f31482fbe505a5e

SHA256
a5150aae76b645b707af9719cab361bf9d374234dec05651fc655c56135b0bb0

SHA512
4b8f1e7765eda2ea796bcb99a4d23567cb67347219ee7c946623ccb93d4035b54ed7650d83dee8a2273633ba0c2785fbd4cc42a696a19e24544bd350826a1568

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_SetupUtility.txt
MD5
87b51c2e694dc89f023059a946f0cb54

SHA1
a3decc2336f5acfe8353bc4064be06d34e5a6dcd

SHA256
966bfe0422d399b6d7c9941b518b47e263b54ae83dc9d22e4412af5e23dc1a4a

SHA512
52e9f4d12b3899933122219b880e4a555bc7d3e2b879f81405bc4ad1f7fbf513366f6c377c5d40cd7b2b13cf134cbe7666f8d69d6356d53d4e014934cd22737b

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_vcredistUI37AD.txt
MD5
8fb0c640bf8afc5ca95d36271cbb0d23

SHA1
097444b9d8b4e1233d3ecd49a4de7947a8ac22a2

SHA256
c15fb448e257babd9cf461c7176f2529d9604f0165898a308aa1d235e08f22bf

SHA512
463ad3ccc968d168ddce7d56a3f1c90bceb1e011dd42a79bb2a98c1d6e90dd291f27480604e9d8a0368c33b91731d0a2ffc43a3bda0a507ff82a2038429e8329

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install_reg.log
MD5
fd10062b35bea95eea31c9cb64a769ad

SHA1
bcad4143b28c0eda93eb02b029f7644bfc45cc28

SHA256
8254c2efc860c31028c08e18cce87d722447080b4c9f3b864429df3091f5974c

SHA512
4407e6c2d6123d962fe785e5c34e8075c3e7e8f5c7c0915e69572fa952541a3b5f27cbd9f24e7c0c689acf26c437cc0c610fc0bd3a32a5d984ab4da1876a6499

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log
MD5
98f50470dfa7db4c22021f51b6cabbe9

SHA1
c8bdd0877bba6e94cc099ab6dcb1e6c62769d1b4

SHA256
b2baf82eb01339e4ba629e4af34fc16d07afeba03cc59515f66c4e6a41dda4db

SHA512
6befc1d9288e47fde7861c5792a8b37389ffa2a0dd8670b7f49312931991117a4781fb83288570ae66297d64ed6a6858dfdfbc4b0e6bfbbe20dd3a17a0f102b6

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log
MD5
d429fbe6a007aaf6b4d85d441fec988f

SHA1
bfc99ce25feb5775740c0791d48775cb53c44cdf

SHA256
d8d2d971b58b93535a182d3e3ae10235715e251aa16ead1071a7137ac4aedac4

SHA512
a810e813e51e318d280a25131b91665e369b7a11744f2216295c30683bdfbd9c3ac19dd190749fbed0c111fe3dde9534dd2dee41429795219d4bbd20ae6ae7ca

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\K819CMRP\desktop.ini
MD5
a43169d67b39da7f7a3b5c110e9355af

SHA1
70e9fdb49dc7d0fcf3f8648c7376e4dafef83787

SHA256
e1db6b6bd4e1e059a08d3a817f2f0d33d8975757ec964bf0f65c704c4b879045

SHA512
320148cfbbf6d12288a84a7f60ef3263106f4c1950f8275e3e46fb121f68d994ed8b84d3d2ffd36a6072c9a9abc155e017d82433222e57b9b0dcaed6d83fb213

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\NK9YD4KU\desktop.ini
MD5
ec61b9a984102a1fab7c3d393411e763

SHA1
80eb568c3bed6e41800a2c7202f617ecb661d03a

SHA256
6b8bd0b0eb816ee6547a41c7b604c4a69c3d99a552062882fcee610a74072717

SHA512
cce14ecfbdfab6eea67ff0a643e842dbe44f94b80ae3b76a9354a712e2af731566fdb6fca64907fce96ae1bcec1ad8539ec47b7ff4cc55d097aaab9f6297b2cd

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\QDAZQ7UR\desktop.ini
MD5
fb334d30ffbe5309064f4a9745eb027d

SHA1
c685188087ebb6a757fd8b575b3d38a71e4e8407

SHA256
317d3ad2a4e7775b2f56647cb9ba5785a9c4fe2d796d5f003548946310402209

SHA512
b4637e5b2462b90a4f64580ecd919a6dd8060a25776a47e90e215ded0c40de3f839db498c17fdc79eb9edc48ac80db60a1caab5b816fe1a2ab8f0618d3c88936

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\S3IV548V\desktop.ini
MD5
a2d3958447c9cbc1f0641825c73f96f8

SHA1
d1549c4c0518e0a6b0cf6186c2446d4e3a60a278

SHA256
bb0dc6aae0a5129e05318fc158e9a59f726de94cea7a2a9435fd95e1ac7eae62

SHA512
41705b30e51a4dd6c12fe95b9ed4e4acaa858877281cb79647a8c296a54fd12560a85fbae574e4e79e6ea4a81eb3685d8e99f6617f47cdc6e1e7425fe6e577eb

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak
MD5
711f030ff01f566f93fc5f1c44856251

SHA1
f4d0a1107c55fad870986420283eaa4d4385a9c1

SHA256
1ce41afe1e9ee7df41e44eff7a31c8996ecbc5e78e75378a943db7edf77b69b6

SHA512
2cb3b2a044db20219c2bcb62da640a143fe5118b70d855a67b5ad5f7b4b98ddc73f81c17acce2f910d44d915797a29bfe8f90ed2c487776bd30b238cfb5e9656

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\User\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.htm
MD5
4915b3d00521f24f9c1531a5a035a9af

SHA1
9930d5d08d6d4665ba400980b716621df767fc57

SHA256
14c2131743023cd1e48b2f4d53fcc111ceadfb9d3a787e1cba8afbb53b3f06e0

SHA512
af14b57b9a185192b25dac0c59ad1408ccb08eda0a501bbbda6a93362dc6e326df7d9b07db239342116be8c6365437e0e19a80bef27f1d774fbe2aae6a15dba2

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Bears.jpg
MD5
3825900e6fa3dcfe89cee5c5645bd0d2

SHA1
cea78a34bba004df600bb0845b8d43f0e928f78e

SHA256
8f5517e5ad3ab7c65c7443b511a5ed6216121567c5918d1d800e04f7803bbdfb

SHA512
83e9d3326cf12f7f5bf11f52d241e772817b815488ec8e56d0d46df37e5ce458960f253bbc8dd4f999da168e0977ba784da296688fe5ed9ec175d2ebba0b8790

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Graph.emf
MD5
f0af69fd0bb3bd54b238e86a5655d9f2

SHA1
00e71e0eb2bb04dcec6f962169218a180dd65cfe

SHA256
03e083550af244cbbe910d9f65fc3146a028d92f8d1ff5cab0a2f7424eba8980

SHA512
b44957f7d3ebca349c5b7c6c271299527a49dfd5fa55dd2fd7d3a18dfadb915bfa377c3919ed8af93fad65d4623e2d215e917fb7dac48831d879666fa79d1c12

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Memo.emf
MD5
cdfea5e695743060c673e578dc5be5f5

SHA1
1b05b6a6cdcf198e66b3e280542ebf4f655e60b2

SHA256
c828891271298e3cc7678d6401afc6e12e086749286815b126639e8618542c6e

SHA512
bb99fac30ee2d303092000961b69a761b83852cb1635133a0deabc6b845859775254dd4a6f3e4a7e0342b49c23a2904dfe626aa376196e2866f53cdb80f999bc

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Monet.jpg
MD5
8a92419885d0ec5ac867370c7bc339fe

SHA1
23b0f82b53bce350f0bd3d868aa83a23a928f3c5

SHA256
8802f59821ba0d87b2830285f631468921d9fe45f16f510530919658a0f3294d

SHA512
509a94afb4dea3b25c9eda354f503fa5a0460fa663d0b814e55ab0367528940d846f979e81d8d95a955a54e85dc507c23b83464337bafb6ba0526f0f9339b9fe

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Music.emf
MD5
13cff22f223760ec785675b976f639bc

SHA1
b2064d53d57381e4f60e7a509baef8ad82710cfc

SHA256
f53abff656d2d58d5a640b41503953380c4a595cb0c1bdbd4f3248b9e803c3fb

SHA512
2473752000d9eb26b12afbd5e580cb6005c093469b36c9ca8b33fad404912cb8384ce523156c9afb80e566886015d279c0ffeab9a8daefa32754c1c971346bb4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Roses.jpg
MD5
95b6937db8417960b94297cc974c51f6

SHA1
e663ff48b551d933222d841220b8824fcd7f1596

SHA256
4eae4519cb6dd723d85691d413b4afd33c57977b284ba147689f6be5d7924d69

SHA512
b9bb548c5b04dd0ae53a7eeb70ec31f7d61eb16d5ae533f67d9325e07631cb0b67fcce73e11ea2ccd52554b4d32c33dd14799634a068150af735688e7b3df186

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\Stationery\Stars.htm
MD5
28a75f051e0e17e9c13bfaf3ecf184ed

SHA1
38912daceafbf040ba1e56fb41001d8a4de175d5

SHA256
8dba26621640adef1bcfa840e4ddbb04e9bf5760f45565f540f5f01abda36773

SHA512
4cb14aea58726d9058494184d3b417e7b6cafd50a1dfff0c323d397e8ea781402c92769e4a2632d410c0e4afb401fc0467db8a424e7ff5288abba649ebf2e74f

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\WindowsMail.pat
MD5
b23b6944cdd882d4c781219866608eb7

SHA1
5b85d36f46004791fb1a1d06edf03a8219efcc1b

SHA256
f36b14172c8862e5dd6f715ffbccf5a2442a84bf4040de0cc16d0e6aabe9238f

SHA512
e2b59899d095c4c11fb0eec5ea1b7930964baeb07d50301e7c7706629c2d7ad6ae01fb468efae7a17f16d71b80e3894284b3498c43fa7f8beda4735de4ab1c98

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk
MD5
e7204f6fa76b2befcc653d09ea3b4ff4

SHA1
8b392f7cfb5353b9c90065ae2c6b1c6b1483b884

SHA256
820736a13312143d1bc06918277c4b66b707cab4fefca1a2cbbac0e43f136e9c

SHA512
2f550392d321f02d33db3058a4de3d150ddb69fb0a0895a1fe4809f0df75d63dc2e8e0b554e39f63ae425c175779e0dd45fdeba9cadccd4f78fb1a99ccc84c95

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log
MD5
52732c8dec1556d840806fb89890278b

SHA1
85ac8bc7e4459c72b057b73a2dd5bafdc77ddb02

SHA256
89367670c9e351a86f8ac8760e5af3427c6cb1e56ba77d69c34e4f283bb143f4

SHA512
d7c4eacf93138c9c21f72c2eea258dd2a9e9f63ae6eee87b70da7fde62dbf767e2aa4b88419d629f42904195faf2a5c989aa6543672cab16fddecc30f8e708af

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml
MD5
f87a9ade8600c86310998326396dd8d8

SHA1
7153e21091495c08744feab0164c8453e38cf11d

SHA256
e96a8a94974c0babd2bbdd716c230751b8c51d032d8e4657eab541fc6334c55e

SHA512
06cc60bb14803fd54be11a1df80d468719e203c4801cd565b93e91c5f5a5f9c53eff5153fe982f612da41b1bf48af199be4ff80da07c4baa6f16733efa787807

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Media\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\Local\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\AppData\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\Admin\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\Documents and Settings\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_bc8e1036-7fb3-448e-8ad9-a824b1a03b8e
MD5
93a5aadeec082ffc1bca5aa27af70f52

SHA1
47a92aee3ea4d1c1954ed4da9f86dd79d9277d31

SHA256
a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294

SHA512
df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

Download Submit
C:\RyukReadMe.txt
MD5
9a090335ed651038187d3f8975b32217

SHA1
b7b976a645baf4e917e696a1e1415a1761b67793

SHA256
adf6be779af5f277dee54bcce605d6f83242740136b3f9d348401131369061bc

SHA512
f02546c314e16772efec72f19ca3d9742c669c54d7f6af6634167244133ef25919889864f509b6e6663f055277b46979121092087c9d4cb613ae4804fdd146a4

Download Submit
memory/1120-54-0x000000013FA80000-0x000000013FE02000-memory.dmp

Filesize
3.5MB

Download
memory/1120-55-0x000000013FA80000-0x000000013FE02000-memory.dmp

Filesize
3.5MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads