ryuk | 4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a

Analysis

max time kernel
195s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
20-02-2022 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
Size

190KB
MD5

727cf4d00df34f36c4767f1ab185244a
SHA1

983331a93a5c91cb3ffee97495eef475d43f3f52
SHA256

4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a
SHA512

ff3e67d7b2d6196ab574d1f1157a4c3190e91f539d363c547b1a2cfe6e0dcf86d59a267dc226d0dfc5766ed82d01a9e782bc5ecfaed7eda433c2ede6199cd0e0

Score

10^/10

ryuk discovery ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> [email protected] <br> </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html��

Emails

[email protected]

Extracted

Path

C:\Users\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] balance of shadow universe Ryuk

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Executes dropped EXE 1 IoCs

Processes:

evsKwSI.exe

pid process

4060 evsKwSI.exe

pid	process
4060	evsKwSI.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exeevsKwSI.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Control Panel\International\Geo\Nation	evsKwSI.exe

Modifies file permissions 1 TTPs 4 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exeicacls.exeicacls.exe

pid process

2300 icacls.exe
1900 icacls.exe
1732 icacls.exe
1568 icacls.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe

pid	process
2300	icacls.exe
1900	icacls.exe
1732	icacls.exe
1568	icacls.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exeevsKwSI.exe

pid	process
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4060	evsKwSI.exe
4060	evsKwSI.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4060	evsKwSI.exe
4060	evsKwSI.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exeevsKwSI.exeWMIC.exeWMIC.exe

description	pid	process
Token: SeBackupPrivilege	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
Token: SeBackupPrivilege	4060	evsKwSI.exe
Token: SeIncreaseQuotaPrivilege	3388	WMIC.exe
Token: SeSecurityPrivilege	3388	WMIC.exe
Token: SeTakeOwnershipPrivilege	3388	WMIC.exe
Token: SeLoadDriverPrivilege	3388	WMIC.exe
Token: SeSystemProfilePrivilege	3388	WMIC.exe
Token: SeSystemtimePrivilege	3388	WMIC.exe
Token: SeProfSingleProcessPrivilege	3388	WMIC.exe
Token: SeIncBasePriorityPrivilege	3388	WMIC.exe
Token: SeCreatePagefilePrivilege	3388	WMIC.exe
Token: SeBackupPrivilege	3388	WMIC.exe
Token: SeRestorePrivilege	3388	WMIC.exe
Token: SeShutdownPrivilege	3388	WMIC.exe
Token: SeDebugPrivilege	3388	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3388	WMIC.exe
Token: SeRemoteShutdownPrivilege	3388	WMIC.exe
Token: SeUndockPrivilege	3388	WMIC.exe
Token: SeManageVolumePrivilege	3388	WMIC.exe
Token: 33	3388	WMIC.exe
Token: 34	3388	WMIC.exe
Token: 35	3388	WMIC.exe
Token: 36	3388	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3676	WMIC.exe
Token: SeSecurityPrivilege	3676	WMIC.exe
Token: SeTakeOwnershipPrivilege	3676	WMIC.exe
Token: SeLoadDriverPrivilege	3676	WMIC.exe
Token: SeSystemProfilePrivilege	3676	WMIC.exe
Token: SeSystemtimePrivilege	3676	WMIC.exe
Token: SeProfSingleProcessPrivilege	3676	WMIC.exe
Token: SeIncBasePriorityPrivilege	3676	WMIC.exe
Token: SeCreatePagefilePrivilege	3676	WMIC.exe
Token: SeBackupPrivilege	3676	WMIC.exe
Token: SeRestorePrivilege	3676	WMIC.exe
Token: SeShutdownPrivilege	3676	WMIC.exe
Token: SeDebugPrivilege	3676	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3676	WMIC.exe
Token: SeRemoteShutdownPrivilege	3676	WMIC.exe
Token: SeUndockPrivilege	3676	WMIC.exe
Token: SeManageVolumePrivilege	3676	WMIC.exe
Token: 33	3676	WMIC.exe
Token: 34	3676	WMIC.exe
Token: 35	3676	WMIC.exe
Token: 36	3676	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3388	WMIC.exe
Token: SeSecurityPrivilege	3388	WMIC.exe
Token: SeTakeOwnershipPrivilege	3388	WMIC.exe
Token: SeLoadDriverPrivilege	3388	WMIC.exe
Token: SeSystemProfilePrivilege	3388	WMIC.exe
Token: SeSystemtimePrivilege	3388	WMIC.exe
Token: SeProfSingleProcessPrivilege	3388	WMIC.exe
Token: SeIncBasePriorityPrivilege	3388	WMIC.exe
Token: SeCreatePagefilePrivilege	3388	WMIC.exe
Token: SeBackupPrivilege	3388	WMIC.exe
Token: SeRestorePrivilege	3388	WMIC.exe
Token: SeShutdownPrivilege	3388	WMIC.exe
Token: SeDebugPrivilege	3388	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3388	WMIC.exe
Token: SeRemoteShutdownPrivilege	3388	WMIC.exe
Token: SeUndockPrivilege	3388	WMIC.exe
Token: SeManageVolumePrivilege	3388	WMIC.exe
Token: 33	3388	WMIC.exe
Token: 34	3388	WMIC.exe
Token: 35	3388	WMIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exenet.exenet.exeevsKwSI.exenet.exenet.exenet.execmd.execmd.exenet.exe

description	pid	process	target process
PID 4556 wrote to memory of 4060	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	evsKwSI.exe
PID 4556 wrote to memory of 4060	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	evsKwSI.exe
PID 4556 wrote to memory of 4060	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	evsKwSI.exe
PID 4556 wrote to memory of 1288	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 1288	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 1288	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 1288 wrote to memory of 1348	1288	net.exe	net1.exe
PID 1288 wrote to memory of 1348	1288	net.exe	net1.exe
PID 1288 wrote to memory of 1348	1288	net.exe	net1.exe
PID 4556 wrote to memory of 4760	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 4760	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 4760	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4760 wrote to memory of 1552	4760	net.exe	net1.exe
PID 4760 wrote to memory of 1552	4760	net.exe	net1.exe
PID 4760 wrote to memory of 1552	4760	net.exe	net1.exe
PID 4556 wrote to memory of 1568	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	icacls.exe
PID 4556 wrote to memory of 1568	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	icacls.exe
PID 4556 wrote to memory of 1568	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	icacls.exe
PID 4060 wrote to memory of 2300	4060	evsKwSI.exe	icacls.exe
PID 4060 wrote to memory of 2300	4060	evsKwSI.exe	icacls.exe
PID 4060 wrote to memory of 2300	4060	evsKwSI.exe	icacls.exe
PID 4060 wrote to memory of 1732	4060	evsKwSI.exe	icacls.exe
PID 4060 wrote to memory of 1732	4060	evsKwSI.exe	icacls.exe
PID 4060 wrote to memory of 1732	4060	evsKwSI.exe	icacls.exe
PID 4556 wrote to memory of 1900	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	icacls.exe
PID 4556 wrote to memory of 1900	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	icacls.exe
PID 4556 wrote to memory of 1900	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	icacls.exe
PID 4556 wrote to memory of 2232	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	cmd.exe
PID 4556 wrote to memory of 2232	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	cmd.exe
PID 4556 wrote to memory of 2232	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	cmd.exe
PID 4060 wrote to memory of 3112	4060	evsKwSI.exe	cmd.exe
PID 4060 wrote to memory of 3112	4060	evsKwSI.exe	cmd.exe
PID 4060 wrote to memory of 3112	4060	evsKwSI.exe	cmd.exe
PID 4556 wrote to memory of 5092	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 5092	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 5092	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 5092 wrote to memory of 3476	5092	net.exe	net1.exe
PID 5092 wrote to memory of 3476	5092	net.exe	net1.exe
PID 5092 wrote to memory of 3476	5092	net.exe	net1.exe
PID 4556 wrote to memory of 4488	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 4488	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4556 wrote to memory of 4488	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe
PID 4488 wrote to memory of 4316	4488	net.exe	net1.exe
PID 4488 wrote to memory of 4316	4488	net.exe	net1.exe
PID 4488 wrote to memory of 4316	4488	net.exe	net1.exe
PID 4060 wrote to memory of 1444	4060	evsKwSI.exe	net.exe
PID 4060 wrote to memory of 1444	4060	evsKwSI.exe	net.exe
PID 4060 wrote to memory of 1444	4060	evsKwSI.exe	net.exe
PID 1444 wrote to memory of 1472	1444	net.exe	net1.exe
PID 1444 wrote to memory of 1472	1444	net.exe	net1.exe
PID 1444 wrote to memory of 1472	1444	net.exe	net1.exe
PID 3112 wrote to memory of 3388	3112	cmd.exe	WMIC.exe
PID 3112 wrote to memory of 3388	3112	cmd.exe	WMIC.exe
PID 3112 wrote to memory of 3388	3112	cmd.exe	WMIC.exe
PID 4060 wrote to memory of 1440	4060	evsKwSI.exe	net.exe
PID 4060 wrote to memory of 1440	4060	evsKwSI.exe	net.exe
PID 4060 wrote to memory of 1440	4060	evsKwSI.exe	net.exe
PID 2232 wrote to memory of 3676	2232	cmd.exe	WMIC.exe
PID 2232 wrote to memory of 3676	2232	cmd.exe	WMIC.exe
PID 2232 wrote to memory of 3676	2232	cmd.exe	WMIC.exe
PID 1440 wrote to memory of 436	1440	net.exe	net1.exe
PID 1440 wrote to memory of 436	1440	net.exe	net1.exe
PID 1440 wrote to memory of 436	1440	net.exe	net1.exe
PID 4556 wrote to memory of 5688	4556	4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe	net.exe

C:\Users\Admin\AppData\Local\Temp\4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe
"C:\Users\Admin\AppData\Local\Temp\4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4556

C:\Users\Admin\AppData\Local\Temp\evsKwSI.exe
"C:\Users\Admin\AppData\Local\Temp\evsKwSI.exe" 8 LAN
2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
3⤵
- Modifies file permissions
PID:2300

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
3⤵
- Modifies file permissions
PID:1732

C:\Windows\SysWOW64\cmd.exe
cmd /c "WMIC.exe shadowcopy delet"
3⤵
- Suspicious use of WriteProcessMemory
PID:3112

C:\Windows\SysWOW64\Wbem\WMIC.exe
WMIC.exe shadowcopy delet
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3388

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
3⤵
- Suspicious use of WriteProcessMemory
PID:1444

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
4⤵
PID:1472

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
3⤵
- Suspicious use of WriteProcessMemory
PID:1440

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
4⤵
PID:436

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
3⤵
PID:6044

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
4⤵
PID:11368

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:1288

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
3⤵
PID:1348

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:4760

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:1552

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1900

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1568

C:\Windows\SysWOW64\cmd.exe
cmd /c "WMIC.exe shadowcopy delet"
2⤵
- Suspicious use of WriteProcessMemory
PID:2232

C:\Windows\SysWOW64\Wbem\WMIC.exe
WMIC.exe shadowcopy delet
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:5092

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
3⤵
PID:3476

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
- Suspicious use of WriteProcessMemory
PID:4488

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:4316

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
PID:5688

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:5788

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
PID:5680

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:5796

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
PID:11652

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:11752

C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" stop "samss" /y
2⤵
PID:11688

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "samss" /y
3⤵
PID:11776

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5624

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_e269d2c1-0edf-4391-ac7b-818b8e88b04f
MD5
93a5aadeec082ffc1bca5aa27af70f52

SHA1
47a92aee3ea4d1c1954ed4da9f86dd79d9277d31

SHA256
a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294

SHA512
df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp.RYK
MD5
7d34f2943f268a6f6adfffbdfdb498d2

SHA1
dde2eba0b516a68429994a61d63a431a4a67cc6c

SHA256
3aa5214b930905e614f857354709879e86dbe4f7404f5b2158e4ec304bb74e8d

SHA512
0c4c4910b2ccfa85e91d02ed3160d914d53584e59f1ea4a64ecf100eb26e90b0b9c492cb5ff14ee5b7936f8d80415f5d762114276d7ea8a074c07084a5a72d76

Download Submit
C:\Users\Admin\.oracle_jre_usage\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\3D Objects\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.RYK
MD5
cd9f32cebb32d48e4cf7b25b3ee65aa3

SHA1
c3d2db47d2ca571641877d9c3b8e06faedf6e12f

SHA256
0f340669150bcf4487107be56f89c0216057e6a140a13cd004e6c1377adb0268

SHA512
055531fa6a8c2dd6e141611535ccb3332634cb235bcec57607232e1605e221aa04cfe6f85d1d3660cce2447aa4ea25654225d6bb086be5d936d3af2c3610b0be

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.RYK
MD5
fd8fa454610b543f07b3c17c19d5ed4c

SHA1
501eb6ce829cff54fab254d1f072f57951389767

SHA256
a48f38e92049874d87d4d846ace8b258f26b6bfdcf4971249530d5ae3b9b0c7a

SHA512
070cb773da08a0ad4238233691091fd9a00152a378ec098bde0e666e51d04d7bababd3f8f9a33efab98814d94643ce40311de039d82cd24840115807eb24a6ba

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\ACECache11.lst.RYK
MD5
01b92305f1c9d9f56c6236ce89cf09d0

SHA1
e82fb54eee4904eb325f6c98ada07035ccbdc2ad

SHA256
62bdf9d307f3fb950750fc7bcfa64c850e7fd8fb0ecf32eeee2e7f9685b3565f

SHA512
ed5c9b6cedd9f82181d4c0df033b53cd84bd32e66cf1af7b07c4a213213479dd19c0e2d3f3b25f338b2712c326e487e629a4b1774357922ee2ce57f448b6d37a

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK
MD5
462129e3b74d9e683c723d5568c0ed56

SHA1
1a5905f825523555c9a9f843dcbf1321b7e771d5

SHA256
642d0556e2b3c0df8bff6cd670da59521a1ebec6a14a8551c14b76004ef19f4d

SHA512
db2cd979f1192566f95268b53772507b6cce4b74b132878654147a10612b3e7678fe9863cd715420966e5837afd76a07ec592f58bb7a4b8c22489f1649d5dcb5

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK
MD5
f991040898bbeaf082a6b7f9b4ee7a11

SHA1
bbfede7dc2354105bc988afc85d64f6e502d1ca8

SHA256
69a7aadfac8e971e98f86657942bc11efcb239dd5290af433d4b1d9137bf391e

SHA512
6f1202be99cb7e054126bd2b3acf50c34f14cb2d036a8017c5dce7b215bc3a8c28b114d85636b58a7cb9fc725a50b4c2483d50f4e411a1bc7bc2b1281137926c

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Comms\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp
MD5
ee2689bca19a138fc2c2048e212936d5

SHA1
fc758555594836f7558401cdc27fa079ea6f606d

SHA256
2e166c7092d6a679922ca192739379eaacda994b9acfa2b0c1b6c54ef6cac3f5

SHA512
232a51258918d75e8b2e2bb11abfaba1b67afc6d7b5bf8ecdb08f5f6003eda1d2f162a5a952a6d9461b691eaf6f1ffa380201f85723eb5fde202867bf4b478c2

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jtx
MD5
a801b8bdf39b57cc9e9c7acfa4e7b859

SHA1
d26f3c4f30417356d93bb5fc8429b9fd0e774cb3

SHA256
0e3e136c8de7f313fabdb8ed5a67df55aeb428eaa35eca342a20b2c248465e57

SHA512
f15bfa33361974c15cb1849fc4345792368b375392647e2db2b0d93816ffe8062b0f32da6001a76e10680823cc5a33e786d0d2a06fa64091cdf3a7361993d131

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs.RYK
MD5
af4b66398c399680c00dbcea14fa5a55

SHA1
c7abfe79bb698842c0d70d009dd4f04d403c96bf

SHA256
60ddd2157856767cabc816b41d87f952f5490ab303cf45e8eb8fc2371cbeabd2

SHA512
37471cd12275ad03326335dac9d5bc2f8e438df49fbaac8981793f5f2a7dcfcaea591f9313be511941f280c0a0b7841098bcbcd1089cab10a6dd3576a19cdb0a

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs.RYK
MD5
13787316a08247b16ea7c4401a99861e

SHA1
8349c240285a9488176859ed11b6a9aa29848dc7

SHA256
51dbe20e40423cfca104b8dafc03f3dda1f4d8b598f3efd3f97c5453ae61dee7

SHA512
17bb70809e032d11154c005a09aa5571caaec60fd3248e36ac77c0154d5e4158cd07393d4f298386ac7e10eb372907fd1c68ee221fc11fed57a603bc44f040a9

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx
MD5
ee1746fc3d5184c08274847740e55865

SHA1
8fb8fc9ed9b96e1ad9d7abd85e02a32e2929aa1f

SHA256
a29fb6739c6d6b6f4e4a5e920f1cecabdfdf50534bd95249f24ee6153ca6d496

SHA512
af16d86540aeebc6ebf1ae648c3a397c0f5ba35ff627a58d433daf4d7e209d28f3dff1f7f5190498185db8b7bb222961456fded675b38b283d066dd23f84a67a

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
MD5
e2e36e461037d8d368d21353b53aeed2

SHA1
6ccc512f9587e6023def14c4af1bbcd94e62109a

SHA256
885230a592e8c521f0ad9e63a8822e95bef73bc679c87915b8d9e04af45c873e

SHA512
995030c224977a0322c2a2aa66b829d092c01cb6e8d863d8ff9d7e4f335eff5fbd32ed0d957b68550565eed6fdb61e4cf769c174ac4df27b9f098fe774d2f732

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.vol.RYK
MD5
f4dff35f9b905403b630083dc9fd1dc6

SHA1
d25f3b69637fb7c8c8d15dc8e0b5486fc66d9d67

SHA256
84a4817abed64075c001a0bbbefe881fa28238158e8ec7825c76162522bd295e

SHA512
1cc03a3e08353aaabdb36585eb4dc2aa9e8bd938456e7fe2646031fe23c0033cd5a144afd6a3f8a9533b9000c3902317b1ccab4f0225258ae25e6a6c46755486

Download Submit
C:\Users\Admin\AppData\Local\Comms\Unistore\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Comms\Unistore\data\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin.cdp.RYK
MD5
f1630cccba0c34f1a004c068707fc9db

SHA1
465f99fc8c1f0378fc350953c699637cd1073cc6

SHA256
00aec1e06f3c185fff53a03a4cdab056a81107b2033db2f820c7d74383cf6c50

SHA512
b6f42bd4d7a091f6a50bf292d325aba860b5492c7ee2296807219dbde453c7b37c7b5df23176e44a3898906ff7fa82aa68932288e4ab12cf4fa473873c31cb4b

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Google\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\IconCache.db.RYK
MD5
3f1e49a927db8af7e16aa3899025d242

SHA1
0bcc0629128a88e7470ab974e3e3edb2f61c27d7

SHA256
c107a7a2d9de4bc1290590df8f41287804f994ef922ad5d6c90a26bc9b2f7f15

SHA512
b67a33fdbeb53957d98ccbc5d7d027dcc3c009837b68d3736612eba0d61cf16731a7ebcb308241646de0588ef75562e1409b58f345bb61ae9876026c7f44be87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK
MD5
69035e285860bbe858e39fae05be26f2

SHA1
ff57fe8e5751baa3a5a0b3e7b0e6ef5d7a016040

SHA256
ab4b4cc19a94c9ff10bb88d576d81467712099f4214c0ff4960b0706c71cf13c

SHA512
40bef3bb982980355659bf16ddd18cb6baebef9470efa9635b0ab14929c9aca09eddd240038402040cddfb437ae2561988d89cf41ca4209973adc0b6d6f419ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Credentials\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma.RYK
MD5
fcf20fbfd828af7e0bebf010791c95b4

SHA1
c6f801e092025c742003fe2d432045bc8a41654e

SHA256
0db8b4392a8108493d5cc31908022b0a53afe1e0a9da809202a804126298df72

SHA512
ab01622c6e541fa7c9272d568a969eb8e8cb474e1058681676032c75669006e039bf52c159887767e6d85d03d74d8f07b240deef4f18d2c5c0b0387850b86f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat.RYK
MD5
274aa7e3202a439d8d9c6ddcfbb23f4b

SHA1
f0444dab580fcc4e1de3da088afe5bb63b3292c0

SHA256
cbec33cd951582ccbe54f1176ce1f28d6170e7688252e6c58df18d5ba4a05cbc

SHA512
adfae194bfb99e0b6d1635802342fbcbba714a4c69a7692301dae2e5839220adf5d1ea4de20bad5c806b5550138311c6ddb1498d7f7a06f9fc4b28b4a7fb4f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico.RYK
MD5
7b0ee99584de850fe8c48b3433ccb6f1

SHA1
e63b3d0176290705687b853983a1ec95cd05652f

SHA256
3dc55c94a01fbdfaff94647b8437ea4253ff97c2ba462496a14ac607c01df658

SHA512
5d9ed2e118b50d87dc97c985144bd933d5ee1a9419a340e14a96b35431c19cdc161fa092266f6400d943b2b309d25f2c382fdee459f3c082615fc1dc725a0cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons.RYK
MD5
90fa451e791bdd514bf5fc1a709fc3bd

SHA1
e8faf4171644f3778bf4f424d374499a52028bf8

SHA256
7d009af3ca492774242dd18304a7a2129bdcb763ce1c8d5442f9f683b77d503e

SHA512
06ffc0af8e603981d0788464d11b307a92031705400805b5f4ee841ee0aff3d1e48192c78a3d2cf4b70fd350c12c474f1fd6d4c1842184e5ba309493f7e88275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History.RYK
MD5
9bc9fc64b18e84f85dbf1ceb9c74bf05

SHA1
ab0b0933955ce1ece84b88ff2bc87e6c82dbe71d

SHA256
892e03f9ed5b6b9069ca30447b729f8c8f791dc25e211c3d3d9b98b845819fef

SHA512
b12bc9446983de4a9526f2ddba4948c2b86034614aad995006c8f13645ff54d025770de7febfe6a05a9323e2bf1845d39bc2724924801f6d0e0204a6e9cbd2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
MD5
6177ebe738bbe57d483f9ad29d41ff53

SHA1
258772bf1b4d16fff4c42055159e87ad70f1a30f

SHA256
769c9a359617c0412b6804af516cebad8fb86b7f03dc74471a0f1b85a447b302

SHA512
48786d5a8f81e68abd4636912342da81c3a7a244a93f7fe99ef9a9a764f7d227561cc9168e097f3b7943c5dc2919895112897a32fbf351ce4cd6da8e6a5026ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data.RYK
MD5
88426a8668533bbbaddb97d6cd63f3e0

SHA1
9c161c9404949e99d9797c3d8f0b0a7630c4e310

SHA256
9f0fe99c93fc3c8a0db9ed9bdf462190932754e6e3d7d200acf0a5ebb05d1e5d

SHA512
a97c3b1b2f801650395422b0bbb9cfeccb8b995f61cb6b3361fb546199fd7a09457ad6b7637b84945460dd3a6ef8d5292f08068ce6849e696abb897c166baf95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
MD5
53e5e8009d5f518a971c2b723f31fe44

SHA1
510b8c780509e8a34b3d7b78c07e9e21b47e08ae

SHA256
ea4d834a70eb7b8af48932bc25038693c2dff764433e36548569a69fa3e63a42

SHA512
71bd04a7df5beaf937d6c224c67967f85d8f9face1d607099c4f920a3ff3f17863a26acb4c856498314c82a9a85b2b31b67b00150618c6c5c608d7dd1a74db44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences.RYK
MD5
8027020ab8f37590e19e63918faae205

SHA1
849dce716dbee71eb8e50362f44f44948bac7b32

SHA256
b71b35cfa94dca9b2996dffa2368895276954d8c98288e85a4876990b1f0078b

SHA512
265db3637c0d54abc0d3add55133594821742aa4f765987a74ef736b072432502397fcd52c86a15ba1fc86141f24db1c2537e488127f977ba005c922bc3dccbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\README.RYK
MD5
6f92c08c9ad6cb0b0f066c9f344c9f00

SHA1
da85f28c7691618aa6411f6ec2b3752360d4a01d

SHA256
5be934968d0ef20bb3c40e2023f47b97a7e1fc901528f487ce3689c31a9b2814

SHA512
63aa65ce074fb4f0e9ef41f199c3ab3e6df64c7e7424ddb4dda1880adc9560506acf694eb71fd524a464bc529f0b33027f2b8ba94a47c9b4eaf661821ff1fa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences.RYK
MD5
6c0d644d6702c1308a86bd49a14b1882

SHA1
b4e5c81753f39fc5ec8224be13839be0fd126bac

SHA256
c9bb33c080cd820edcfcbfa6a139dbe27deb75672b0a34f590f251dd3e51806f

SHA512
8b4660353e135d6756dfa0ad6feeb19056fd7d7c51d906cbc55bdea7bf5fbebb3c6784ffde58506b1ebf63818aee77a8662f4f7aeba723606e655db0a75aa95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.RYK
MD5
474a8e81d38900f391fb21fcd5e0ea22

SHA1
f080a4b1ea76511a5a26a1e17e047fe26f26c568

SHA256
fb3db0b8d6f7d7b38e5cfa6f16521ef794ee1098089ceec45c5f6659dbea32ab

SHA512
8d433db32d88ffb87ba333e8dd69f8ac9590ad52e07ef2ddffd7c50950348d2aed578db4c9b0af39a97714a05f8df680d946019bd0aff8b3559e0a8335442422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data.RYK
MD5
aeb09fd4fbe86867920ac1fd47365767

SHA1
871b052a66a6f6410476b3c4417f8316a1b986f9

SHA256
6fa57104b01096140bce311c5837b7e5cb22d8278b3e2783e54ff19af242cb09

SHA512
6fdd64705a5e792bbf0d968764fef3fbff84543064525ec04a50c1b30b9de71d8c9fe1c335cc22aaa333d5b10a9bf701a8b797fb1bbc28e3fe470bae55b591c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0.RYK
MD5
7f63de0e925f950a9d8eed217463c3fc

SHA1
e5c92b4b1931ba35e5ad0d342b571b7e0e6d6d54

SHA256
1862733ce98c66f25cd9007217d9b35bc08c29801113bf702e25042fe51d2f92

SHA512
5875d8e3b6687ffbb04838e7dde8b49507605d4859591506e1796734353169fc19b25e03628d241429dd321f0c2752482ab483c9b6c2a7e2621ff0ce4558ea4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1.RYK
MD5
90b01ac19a137876c6a18ccf2f51e7f0

SHA1
3b84484f9dce26d890b0be2420e86f5305b89849

SHA256
3afce7fea21cacb8f32d934f9ae45c61594644ece06c0e53dfe6a3d34908608e

SHA512
055b8b8aada53b1c6966b3ce9e50f752161d1f7a8fe92e0e12b9a18395df5cd36b9250edeb417864a438f47f6ca344644817b17482c78ff46c0ab79e924ba525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2.RYK
MD5
b491f4a6fe91cebb9df00c047347c49d

SHA1
df5e7040cb1d78849524c3dd0e25bda199193c76

SHA256
a8526f8be71794296f2aca8bfb24760276127d73bc44d5e85169d147a7e65a60

SHA512
26dca3beb0432ab12ddb76e7747cab1577da244abe77ba849c2a209de113a9efcc809594c81b1722c96c0727a367eb3c6744e66e5584e40fe124532f6a7ed5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3.RYK
MD5
b3f98057118474450323a2175a8c0f6c

SHA1
838f3e2fb00b60311bdb1ba325325e9842199a21

SHA256
f6f92827e36f79c4b66e37460d21e6b7fc908d8618fc3fbde6ba741426dc42cf

SHA512
1aaa5f17fac5aa16c95c0f9fa602d6aa972ec01c5c1c51bc7a367aa6d751dc46885c09b7d338330f9ef7543b7f3dde1e43042a73b9db95b54a76ae494c081fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\index.RYK
MD5
91682aeb7b831e3bfda35006134cd5da

SHA1
804796f44f93bc499662a791303acd6ece119af7

SHA256
390b7e557534564ff30bae64b0c88186c8e9c0c2e3e4cc3cdaf794ac31ab41e3

SHA512
4b42323ae388ed0de23951a05c0954363730b20bb639a71c70cf077f7e93eaa111574cb4aa544030f012253f968e8f9d51e24b66298749a63ad1d7e0183be5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\evsKwSI.exe
MD5
727cf4d00df34f36c4767f1ab185244a

SHA1
983331a93a5c91cb3ffee97495eef475d43f3f52

SHA256
4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a

SHA512
ff3e67d7b2d6196ab574d1f1157a4c3190e91f539d363c547b1a2cfe6e0dcf86d59a267dc226d0dfc5766ed82d01a9e782bc5ecfaed7eda433c2ede6199cd0e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\evsKwSI.exe
MD5
727cf4d00df34f36c4767f1ab185244a

SHA1
983331a93a5c91cb3ffee97495eef475d43f3f52

SHA256
4a602ad6542e5bbf428f15cd236bad78265bc18f0275340d0ececd5f2d81db9a

SHA512
ff3e67d7b2d6196ab574d1f1157a4c3190e91f539d363c547b1a2cfe6e0dcf86d59a267dc226d0dfc5766ed82d01a9e782bc5ecfaed7eda433c2ede6199cd0e0

Download Submit
C:\Users\RyukReadMe.html
MD5
e5a0d49ea2478881d00f2043e603c9dc

SHA1
3debe0b34a7edf304a912ecc51a086a31c86c2cc

SHA256
5d33dae470c63e482dbe483b9376b3a5a11348cbccc41896ba80994e0a97a58c

SHA512
99c5c3e24c7e5530a139aa4a0281f2f4bbabc996c3c9fcf7dbf502b22192fff8724b355cae6e74324ef3302ae6d1adadbafa7ef1eb39049f12695c4fb72286cd

Download Submit