ryuk | 88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335

Analysis

max time kernel
145s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
05-03-2022 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe
Size

575KB
MD5

6cad2f7dc809b9353a31753a438aef4e
SHA1

459d816bb020f5da8257076a36d0ffd1f1f02d76
SHA256

88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335
SHA512

a67367990452bf21b7c0d0682c598422c78a5ed455a5d5e684d8fabb43366b0e9f9cd579a5f18123f6b1f97945f789904929838d1d893b70f450bfeafb243bb8

Score

10^/10

ryuk discovery ransomware

Malware Config

Extracted

Path

C:\users\Public\RyukReadMe.html

Family

ryuk

Ransom Note

<html><body><p style="font-weight:bold;font-size:125%;top:0;left:0;"> naebrahedin1986@protonmail.com <br> </p><p style="position:absolute;bottom:0;right:1%;font-weight:bold;font-size:170%">balance of shadow universe</p><div style="font-size: 550%;font-weight:bold;width:50%;height:50%;overflow:auto;margin:auto;position:absolute;top:35%;left:40%;">Ryuk</div></body></html�

Emails

naebrahedin1986@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

Family

ryuk

Ransom Note

naebrahedin1986@protonmail.com balance of shadow universe Ryuk

Emails

naebrahedin1986@protonmail.com

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Modifies file permissions 1 TTPs 2 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exe

pid process

1152 icacls.exe
1996 icacls.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1800 2720 WerFault.exe 88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe

pid	process
1152	icacls.exe
1996	icacls.exe

pid	pid_target	process	target process
1800	2720	WerFault.exe	88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe

description	pid	process	target process
PID 2720 wrote to memory of 1152	2720	88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe	icacls.exe
PID 2720 wrote to memory of 1152	2720	88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe	icacls.exe
PID 2720 wrote to memory of 1152	2720	88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe	icacls.exe
PID 2720 wrote to memory of 1996	2720	88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe	icacls.exe
PID 2720 wrote to memory of 1996	2720	88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe	icacls.exe
PID 2720 wrote to memory of 1996	2720	88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe
"C:\Users\Admin\AppData\Local\Temp\88b1b4966650de59cef20c340b28739c52dc9ead91d9959a338a8e531ad38335.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2720

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1152

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 1120
2⤵
- Program crash
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2720 -ip 2720
1⤵
PID:3392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings\Admin\AppData\Local\Application Data\IconCache.db
MD5
570799f1db25c38ca4d23551e8658b13

SHA1
ac5a6a6a809e9bfe796393d83c6bd9d294aff804

SHA256
1d52e19e05455a8c7f526e5ea9f8885ae89b28a19a44e7af55f821431eda5c83

SHA512
91b3b715f2b7952136323dde98cf0ab75f56254c47d76afc2b3b998d75b1d82310bc15d3af6755063366c7d0840213bc6db2bda24abfd4d793ce389a409634ed

Download Submit
C:\Documents and Settings\Admin\AppData\Local\IconCache.db
MD5
7d2c7e0565d04e888b2588cafcc71d9b

SHA1
5dcab316a63c74ac0c27f84b0aed8941e2fd0e5d

SHA256
ef32f338e420517e3bf96a7781e61ba9d281fc719c729ee9a5bb0ffe5fd3b324

SHA512
e4a0513491ca3546839ea252605a64da8ee9dbc72318bdd60004e02f6008808feffcf6f275630c7df06ca96b200b57d9814315df851ff91462db499fb02e5e55

Download Submit
C:\Documents and Settings\Admin\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
MD5
c0fb4484382695fb69b1cfd3a4f3cc7d

SHA1
b3aa324f6814ade53ddc1dcaeb8c6a2a0bd8a93a

SHA256
7cb171b9e3b5c8ba10f5467d7ea814a52f8c330ab0977eb35577ffa0ea2c3239

SHA512
0c13deb2525c474c9495f6245117d98da17a4141df594c1986d990a4c9d22a12d86e4113ade305c9461fa7a37219f7ddf6957e1bd90f417f1a44479b1bd9a553

Download Submit
C:\Users\Admin\.oracle_jre_usage\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\3D Objects\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
MD5
acff3b95b8b43e27a709aad09677bb8d

SHA1
4c263d94c4acd16d17336180b336f86becba9a12

SHA256
09746b107e30204755b953fa3b76f8ad6963c34b06b584f7361a83f184806fa3

SHA512
daf551eefdb828f47469e4c8e0886c126d5d907764069b51ddef2fc450afa88bfcf34608f2d34cf13c54c9f5b71dddb5f96ac6d15d81bde7a0a250ee665abcc9

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
MD5
2f5559a5e655af4da4e99cab8dd6699e

SHA1
6cf885c294183aa8b9fb7df1bd480ecb6026cb87

SHA256
b665910f2070272c92b3d5239338c24cb10ffcfc86a23dd3b1fcf715f9a74014

SHA512
bdf624602609ac43e71834f6e2f2768589bd076c4a8d8098354801f93cf737c3a5f31ac83f1e387b2632f821834b784204144a0e9bc8c7929e1c25ad981bc5b4

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\ACECache11.lst
MD5
a32b1d78d5e27c7f01402be384e7439b

SHA1
4a2abb74ed4e7aaa444c467678a4f95b775d41fa

SHA256
402af53ce7b10f90b2ec7b173f67addc20f37d2aee19e9078a8b0afae5a3274b

SHA512
007aad379307f63566e4571bd12b2000c90e08934e1f242c9460743422da3b4687ea053bc0ef388428e4cf8bc9b78d97a57a0bf16fa653a54bd76fa3d48ef109

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc
MD5
4dd5c242d95937505c686fe95c479e50

SHA1
41450071702a44921e461c6b2e6943fae4eebab7

SHA256
42b0c582e8f9391f1af213b0936f7d137dd3ca25fb7b725aec850f1cabfcca94

SHA512
84a36c66040351e14f1b70b33f8de1a71fbdb7892f2361d1f86e4f74a98c80ac53ad76b9ae5ccca1582f6ac0ace91b5f2bd164326a09ad0503216913bccd6b80

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc
MD5
7e75d8ae23be2e003f1b2e9183f2f6b6

SHA1
89efca83a5fc30f5444ec90668601d4b349da861

SHA256
0e73dd256a76dce74c9dcbc855ee80cf3c894badc97331ffc471ef3e7433f3e0

SHA512
c16c45c4668ce2840be3f7fe9d4da4d1a3b230ea3b811e9b3ffe9831cd507dd951dc40beee1355a70472ab3a74adedee35bc7c3c8ab308501129c9431fdc548f

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Comms\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Comms\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp
MD5
7f57cf2263c7940ebbd2ec5c7f61de7b

SHA1
8dc0bd2ee77f2cb18a295c9e1e2e32d97dee67d0

SHA256
70d8140e2c2f6220f66363cc7686153a8cf197a13843ea9e9f0ebbf927f8ef1f

SHA512
88a45f665ba7b8edffd9f2c97c1a93b06702ac35b686fc90b74b6b09456e9ea21aba96683ff56b858fec395e307eba293d11919eb0dd1912a4eb167a47b22fe2

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jtx
MD5
cafb73c3daa4c40f75e4745aca0ba896

SHA1
86ed9849544f10afbd29828af93f5b152e7b029a

SHA256
51ff56084242919fa93cedaa1cd81129d82b43591d7b5f31f5e95e1d4d8cfca9

SHA512
38fef63b50225ac4d158f2ebe9441ffdde34f933c6ad938f032965c4befe1f532096d14e83075275e441264d2c297b241897cd373af17f43995fa5e9499a97cc

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
MD5
bbae5f0f14926babf31b987d0579d70d

SHA1
d36272a11f3fd37cbcb4c1b35524ba5d8acdbb5e

SHA256
66bc53d5c04d73ff296bcffe9ace24eb952f594d96bd54d414bb2fbe9eb40852

SHA512
aea4290ab0d7b49baf3029007cefe5248fdced0d2dcfe69a541bc09f3f45e6b807029afbfe8f796bda39fa2d7ae50715a3f1334368c012f4b0e0f785e659034a

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
MD5
cabc897cd575a23371ed6230a84c998a

SHA1
3fc301128bd1ae520e7be7933db513a1c0e8653a

SHA256
3d50aad52219436bfbcbb131c4e1d07d8c853f435e29e75dc9451ba9317bdc45

SHA512
d624ddbb591d6ac2d288ae5436cf93db93e827848b47a6ce83f96d79d1ab31f752641a99bc17fa9347ecaa60142fe4bfb8b6678e221ff597d729907ab2cb9de4

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx
MD5
caba1361fed33f804183d64556cfed64

SHA1
6a2f21a6ed780ce431764386dbc79174b644ff35

SHA256
543706cda08071e56bfd030dfeece638efc0582ef94f179d3a43a58ece65a274

SHA512
a9316ba653944c68d3aa685a9bd361226e692aeb40e401d2175b3837db13cdb8fad08fc15ff0f7f409ae0211378c1b3f6eede281e3dc25d4d73c19b27c29286c

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
MD5
2394b9177b1b1a9c26d803bbcd5f536f

SHA1
eb83e14fecd431caa9a948836e3a11580409dc51

SHA256
98af7764f92a3a026d154899876f4547621f4f9dbf4ec768532f22baf4b19f86

SHA512
e552c6cf3ff9771353ecde65fbd127ff5c279faa85d07ae18ca0d370d473f863d7305ba5aeb06537296b65062a9d1f1be54e8fbd86601a7faeee6aa230c34162

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.vol
MD5
c0b425d98f39efe3f163a88dc3f5be3b

SHA1
1e025c6f46ce685f73a977f3ff58b106af576a9d

SHA256
ea61898fdaf92edd19864a92b0816b917084d4a7b551f0096e0f03fa82283551

SHA512
83c6bdfecb4b412ed49f252b1e7726264a0830655ef9d5cfec9b64aff8efa2e6c686d1a679f3c4146a8f7dd3035f5f6f5884914963173033c3e2862fe49eec99

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.vol
MD5
c0b425d98f39efe3f163a88dc3f5be3b

SHA1
1e025c6f46ce685f73a977f3ff58b106af576a9d

SHA256
ea61898fdaf92edd19864a92b0816b917084d4a7b551f0096e0f03fa82283551

SHA512
83c6bdfecb4b412ed49f252b1e7726264a0830655ef9d5cfec9b64aff8efa2e6c686d1a679f3c4146a8f7dd3035f5f6f5884914963173033c3e2862fe49eec99

Download Submit
C:\Users\Admin\AppData\Local\Comms\Unistore\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Comms\Unistore\data\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp
MD5
173d66888a7bc7bb0da95a1acfc9ca35

SHA1
ab2a292583cc1c1fdf71ae6b1b933aee01c70f60

SHA256
6356d43bb7c440b328b3ce1dd71b8dce4df47e4e6d8cb184189d0f9f88be1efb

SHA512
9daa7c97604edaad987a6d3e20827f4eb2d5608cb409861a818f89777242bfc4a5b8319ed3e71ea22bc76e984aa3bf4b64fb79abf31fe390b4d329fc0914c579

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst
MD5
3516b85bb2a99f9c02d681e5f0a85442

SHA1
f509bef6823b62c2ead7b0cc6e76ac83b8dbec9a

SHA256
111a26409230f63e608fa9917e5960d755dea70ed6709538bbe01f19f723f72c

SHA512
471ae3624ed1cb6ed29b0e4dcebb18ff876a924261392604bdff5a91afa27fdc1818dbc5b6bf626b7d37965c25d1302407f39641b4d107eb9fc7e6a02ce30948

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin.cdp
MD5
e91836176a88251e209f2d862ca5d4f6

SHA1
3b24aed7a9c81db313bca7b5e0eac3c9b7584fd2

SHA256
c903206f476fde85a8e5c7dd0d53658bb89fc6f40d9b93250c43773f3409a1b4

SHA512
10446779047eb89818dafb371daf7e54d4ad95bd509fa4eed2ed051ee2ead99483735840da79586f7fa3a510b8060b0a7ec68561844ebc74c604bc2b03a9dc2f

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin.cdp
MD5
e91836176a88251e209f2d862ca5d4f6

SHA1
3b24aed7a9c81db313bca7b5e0eac3c9b7584fd2

SHA256
c903206f476fde85a8e5c7dd0d53658bb89fc6f40d9b93250c43773f3409a1b4

SHA512
10446779047eb89818dafb371daf7e54d4ad95bd509fa4eed2ed051ee2ead99483735840da79586f7fa3a510b8060b0a7ec68561844ebc74c604bc2b03a9dc2f

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin.cdpresource
MD5
9d6be9a44f4d0148c7e32fa082c2b3f3

SHA1
97654674714bd37894c146fa0131902d8b794cc6

SHA256
57dcbe9d3717ae3e1ffe7c7291b683db619316d4cf8cac44085afd4758a001b7

SHA512
a10fde216f75f26af5b406eb416e0c1c3c4559e130a1abb8cb73e46ed02d0924cbdd0d45dc10885cab5c38958213ba26691fade33af4ab0d226a2f8685303544

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db
MD5
e7cd537d7bd7fb5e990deddc4ccc734a

SHA1
11420d3240dd37591496d92d8c58184bdabcd290

SHA256
e22f42cc37e43812476c35fb81cc2e1272d31a33640dab72458f0a20386ac773

SHA512
315141649756f5e2a6928715f2efa5e3998b6ca49590b4ce3a37cb37de142b3c25f6165dcf48cfad054aa91dcf0c4b71d1bce820b015bad6ee8187ff9fd0bef9

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db-shm
MD5
8b31619829f27a5996000c36d06e4ad7

SHA1
cf21740f5aa8c78161af4756a5385ef98db1becf

SHA256
cdd17f4e3740da52bfd84741cf60ec1fcd68cb6bed4701d53c01c5d8c4e4f5fd

SHA512
e85d5143c306075e6224ae68952b5c21609fd9679366a9a650d9473b60182b2c14bfe0af4cda938d881aadc9fb572b7b6ae6190bd7b8be9b11d7e2953d24c68c

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Google\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LocalBridge.exe.log
MD5
faa4cdfbd990a94179d489807ef416ae

SHA1
8a08ed00ee715aa4d721aab328f50a0f55700285

SHA256
b8ec0eb4f67ade537c6effe626471578b3d8d820c09ad0841a7f206bed7845e6

SHA512
f137aeef6d800b8297dff3f60faecd8c68a2126948f32098d285c8defeb3f764b70b54ee5c767e089c40b4a026ed8d59fcbf587988d0797be269a6561f759386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
MD5
ba696eea9f30767f238adf3f16c7c89b

SHA1
24d80d31a8c08724bff6a78eb6e86c19f00c8dad

SHA256
2c5bf6520a55770885eef77ca3f700ec6c7322cc9fa3c6a3b602b9a1935ddb87

SHA512
8af83b7160766f7604dad53de70c20f50d94dcf83f6052ee1b2e4711bcfb3955b39e9f317e6b2a952057749c6b4cbf79a76444ff5bc568b201db82201098967d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
MD5
783ceb50bbbbf41d58f7c5c8cfadef91

SHA1
121809419c6721b11c2928acb3939d79fb6f42ce

SHA256
e42ec2c4dd61b78a8e35ee5e1741cc3b4a828fa867674cfce7dd8dac60e834eb

SHA512
567bd2566509309913ae85576effc477bb85770e2cbad6abcef1c5b55f6baf3dd90fed748e25d0c75ab91715ebf61eeebdcd5cfafce7373076eb2b6e6db08865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D
MD5
98571eda0932c8312a0002f65afacd12

SHA1
f0993356710aae4a8c7e461a736c8c8823fbc7e1

SHA256
5c134b5870d963ffb2541620d22288c333b31229a6b8a73f08360390747c2eba

SHA512
39cefd94a9c0e7f56914dab9989a304871d7ec6017e1fb2457383a3acf60cd6c669405066c17086871d3ec105e9d6e518dda491a45a62c6b0f804cba84895804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Credentials\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\GameDVR\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\InputPersonalization\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\input\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Admin\AppData\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit
C:\Users\Public\RyukReadMe.html
MD5
ff8331d271aeab6046ea1ae5eec0be35

SHA1
4b212771c593a2535a12040f931f704ad59e9a49

SHA256
8c31b02a288e81359864aa3cc4a087d147cccc391ff98341e504a9b10135e12b

SHA512
d6503fb5419112c4cabbc4749a97ae6304a968071109d69ba0fc1acd50dd533c590740e0c682b9f0849d74207612820aef00f7c6d07b4ac452b0f00f2b8357eb

Download Submit