ryuk | 0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87

Analysis

max time kernel
143s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
Size

728KB
MD5

b160ba8945e6d1d8612da6f1a7409621
SHA1

5e59d635511f9f3e9abadf2d8040f7383af41716
SHA256

0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87
SHA512

c144895fb0c4a4b4de0459bf0669ddbfdaf4cd38a66b5aa8653c8daaca90e7ffeac242b417521a023b091fb6f39f4ea128f23a1afefedc5246a465ad09c2898a
SSDEEP

6144:GatRxLfCE2kkkxk69R0hfyGydNoo7ogryWbF3M6oXCHF9+kktHSefL4s:Ga5DCjGk6whfaoo7HyWyCHF9XktSe0s

Score

10^/10

ryuk dave discovery ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\RyukReadMe.html

Family

ryuk

Ransom Note

contact balance of shadow universe Ryuk $password = 'HrP7O1qDZDw'; $torlink = 'http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion'; function info(){alert("INSTRUCTION:\r\n1. Download tor browser.\r\n2. Open link through tor browser: " + $torlink + "\r\n3. Fill the form, your password: "+ $password +"\r\nWe will contact you shortly.\r\nAlways send files for test decryption.");};

URLs

http://oc6mkf4efqrjp2ue6qp6vmz4ofyjmlo6dtqiklqb2q546bnqeu66tbyd.onion

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Dave packer 1 IoCs

Detects executable using a packer named 'Dave' by the community, based on a string at the end.

dave

Processes:

resource	yara_rule
behavioral1/memory/1880-63-0x00000000002F0000-0x0000000000310000-memory.dmp	dave

Modifies file permissions 1 TTPs 2 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exe

pid process

1380 icacls.exe
1724 icacls.exe

pid	process
1380	icacls.exe
1724	icacls.exe

Drops file in Program Files directory 64 IoCs

Processes:

0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\RyukReadMe.html	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\soniccolorconverter.ax	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\HWRCustomization\RyukReadMe.html	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\RyukReadMe.html	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\RyukReadMe.html	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\RyukReadMe.html	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe

pid	process
1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe

description	pid	process	target process
PID 1880 wrote to memory of 1724	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe
PID 1880 wrote to memory of 1724	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe
PID 1880 wrote to memory of 1724	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe
PID 1880 wrote to memory of 1724	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe
PID 1880 wrote to memory of 1380	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe
PID 1880 wrote to memory of 1380	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe
PID 1880 wrote to memory of 1380	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe
PID 1880 wrote to memory of 1380	1880	0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe
"C:\Users\Admin\AppData\Local\Temp\0de55e3b9cb7955e3ca059eb2d0496adf65303695cf50018a9ca24cb0dadef87.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1724

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1380

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab
Filesize
22.8MB

MD5
975186eb8a7ac938aba01611eaa37540

SHA1
7c956a717800d7ed230805999d04773b87863194

SHA256
daff1b0c16f93af388b214a549a882c8692e92c4b6cf802c67ef82743d07db0e

SHA512
008e51e12b218f41a4e9c83aa8d1d95e468e3a9169c92742d196ea0f970edbb2cde1a319bb93353d5512a049f3413c139e6064f41929dda789e175e9d83c4c74

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi
Filesize
2.9MB

MD5
726506484dc2adedf169d19b100220b0

SHA1
628181f2d0481cbdb6105a1594d8314bad85983e

SHA256
8e22ccd8f29e8fc07cea6e1e89c7fdf3400cb47e12c6dc769976d9174e8a401e

SHA512
dea82eb6c93b19859d16a2d0591b7da3592533b28fb05f2ee2bef348929bf275a7b5aee3489c04f3626864396674cc908bb8694cf701fcfc2122c6a5453a26f5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml
Filesize
4KB

MD5
5548b3782fd69c2d5cbf295e03e38cc2

SHA1
538745cae8a310136c98473c522594326113f313

SHA256
fbde7bd32dc8e7e8619235d6c40012198e496861b358bad2acb394f350b7b18f

SHA512
f51a651054b1bbabdf86722cd56769e8e4ae02d4adf0c845e5358cb1bc11c3fbd4bc715d4893771a72ff90c5d16bb8bff3e7b6629ab91e0348e4cab7e72a1407

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi
Filesize
23.7MB

MD5
d4d46cb0f90d422746f385b54005dc32

SHA1
003aba9e87d925fc421c9212ff5f5f2fea699d18

SHA256
429bd0b4b8cd9cccd28ac22ffa5b939e54da1360786541d579fc9a07e1950285

SHA512
49850d31f6da22ca0d5991e81513f9ad9801053846779c73be043013a59cb749f59d2ce85c835e17036a6cac9b649a5c9812332febacbf16bfbace75adcc75bf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.RYK
Filesize
17KB

MD5
20515500597094bba53786350fe3800f

SHA1
43d2480c693bfeabdc8ff6e1ad9afd3bed470726

SHA256
18aeb66f42b9e928c27604b232423d67604ad4ed81c15cceb918edb41d3446e7

SHA512
e48825af313e6376513f8f18c1442ec4eb2002869c9db503ed89ccb890ca08a37a18f4c53ee604df539bdddaa2dcca67f29e3ab377e694964bcff93acfcb759e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab
Filesize
142.4MB

MD5
4d77fae488fe5a7331145160b466ee5c

SHA1
3bcf075ac8eee8dcb24d5b1fc4fa9986fac27e59

SHA256
98ee92ea5950f1cd32912fe363446e710fc79bc5b0d5102137aad3003e055fbd

SHA512
aa2ad46be194b47d8c1ba49128cf2884c5ec9a6275fc0dad98af9bc28749e836929a6c7d61302df9af1afe380c5a10b387878340d133a8b91eaa8f30035dc90f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
31KB

MD5
8c14ef4344e6bbd90aba97ed671b4b2f

SHA1
26f25c85f5923f3d3fd99184f9de1a75e1829299

SHA256
df93d88f171c56f4780819b1f7189133388d15ed0d0ef1a6bf64e2133fa43582

SHA512
cded60e1a9f60bd71d10b1b81ddd0bbc090aa893fa7a1b9953684a4ee6c28bc63f41214bfb638193e38c5805b0f9c7f100aa291718a23bc5b1db74d23a6fece5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.RYK
Filesize
699KB

MD5
726561c903f67b533a82aad61708fa6e

SHA1
35fb72daad75a3f85f2e2d691971a77159615024

SHA256
a6f6bb2376f957ddb6215e552e496ff9f146921989d7e6bd554d4ba44f8f1746

SHA512
8e4eaccdd33c4ec62df41e1c0db67f0db2808d5a81182bd78a5a8fcd379a909b9e6444ab096835a80f2aa0bb4e0186e54393fa083be22d0dbeeeee93b2896b66

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab
Filesize
16.1MB

MD5
c0b91552945488326cd0ebf294bbe8ad

SHA1
c66aea0817ea9071a71e6f7cd82ca70e222d6fe8

SHA256
891adf3664f0cfc532ec41c5d5d902cb9af88c50185d703f3bff22e2ec10516d

SHA512
7e5286d8e4027b4167f1bb78cb1ce2187bb01366174e020e9bb5575c4500b4641e4ca617c42cfea8169d0236ba780bc571139ba7b131dd59f08369424d9a685c

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.RYK
Filesize
1.7MB

MD5
2e78292b368278b48174e00086413e39

SHA1
5d488d73439e5302f065d3371d365a8aacd46ec8

SHA256
6a294a5c96bc2731a8e2ab0c0570fe50add44f57b8929a8ef15e6034c32e7614

SHA512
0f27378f3d4208c1d5cb463b85fe7822972d420fb5418a230b884303c352fdb6f5709cdeb76e72aef8ddfe1eacfa7b71a0be435552a1e7eca189d21778f092e7

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.RYK
Filesize
1KB

MD5
ffbf544a702175451f7229345942cf12

SHA1
4ec25ba1c6e6fcb936ae784c30a2d7ea89218301

SHA256
0f795aee8831a854e618139ae89cc6568473459d036539735e9604fb0ec0dec5

SHA512
8990c2650c01860b894044c548a0768fbdab79b201d95d772ebf10e7edb3b1d3253082d0e42d335e7c6794e12410164557ab72094c8a18a6eee434d1bf34c79a

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
2KB

MD5
798d8d0dfa2eeb2f18903c540062a60c

SHA1
874a09196a0fe549e72dbe8da90917868e84dbe7

SHA256
d22dc3ceefdd79c33ddcfc636257dc7e1af36575cd431cb658da26329218a76f

SHA512
63c023777ef2269c5d962e3343a68a718501cc8efc7f34f9574a59a1d84126acb19fc5471d726168d3439596973a2f52b72d2a2473a9b6ae222d7ee986698a8e

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.RYK
Filesize
1.7MB

MD5
aecae472c2b8e17c19a3d2ed0ad88f76

SHA1
5b31ce222fc4723719f1f5bc5a7b00941e084c3a

SHA256
9563d5940510028c937e06fa95ed6adb2dffd89c1819b97d91750fab63c1ad05

SHA512
e72c941c609507d4bc59b4c328d3c798fe989c8b724b85fbc94a401dbcd999cfc8697fe2e829a851df50a4ca7c0f3916b404197a2f196563a542c484a4cd5f60

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.RYK
Filesize
1KB

MD5
87a74ab0cee783a3267dcc2123888784

SHA1
01e80651828e06e236f9cb611856a0a0322cda61

SHA256
743c9b61e596568cd460d87ff4e7c6446b46f4dac7e434c09ec0e80d3df51ba1

SHA512
0e92c8df1a652b2845ba637102615bf73be742f0ec844ac1e38e1caeb574f70e588d133e20b420b63b38309c97f907ad6544e1c85342e04579a0cd955e1c613d

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab
Filesize
67.7MB

MD5
99bbbf49d9a581bee86d3bc143144dde

SHA1
f0a3349d17fe43bb92205c26acea985d291d9f72

SHA256
73bbce8743317dd233a1ef3cf58701929d512f674fce3bb4d3d908a39a694ad0

SHA512
7d472aff5290fc5e992b03dff012fbb8b27e66fee1936870db9c53563a3fb11159054b7f2a97aa9bc5659fd5378f4f4caa403f94173f2233c4afdc08bf44802c

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
2KB

MD5
0737582364b15cc69135a5f3615b5a43

SHA1
bd371829a5cf42bbfcef036d0afb3b47678fb2bd

SHA256
922b22560c58400249391889ad52c14840d66787f8de96e262d9095c6f652238

SHA512
0ae413f7f513e142fd2f45c07720adb94a7f481abd9d4097a210892986621acb915e983fc13bfea5312781a552eb567a939109825cf02f47a01a9cf4a8ef5afc

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab
Filesize
9.5MB

MD5
95f2f12031801867fa7f7f67e4135a1d

SHA1
5e85e42adcfe21c393dbfb914a7e3be8e1c207e0

SHA256
771a38cd5c0548c553d5bfb43628be64959f87a3bb7235b9b4dccbb4ce9e0bd9

SHA512
0bf792a0e9f3239549f2e35bb6ac5c9c67dc240c9428215e41d45d1b47ba100809785c5fc2ef9a29f05ececc4ca1e26e958c7783b4fc83a0fd180a5d8d42198e

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.RYK
Filesize
1.7MB

MD5
2fb0aa01f365d0f4fb976342a50c104d

SHA1
85f9597ad6870484f814a38b4b3c31c19c09578e

SHA256
a2b2f8e3a4e095623f699295aaa287a2af91e673beac501ebb8fc37e15ec92a6

SHA512
6f28f871e9775af2e10be1457483d2d74248204d867426f4092deee6e0990ea0d11458afa58baf8b1b01c2d743567b06af0a4c39e69d2c778fa44661299be248

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.RYK
Filesize
1KB

MD5
4fd6d2667569713ae49f4859b7309342

SHA1
2b1ff559de6271f506aad31b453113c11d8c1ac2

SHA256
92f24e85f47ac0951e3c56ce21084cb853f4bc10e6a8df0c1ab1b1100a7529fa

SHA512
eaa21720fa3be03680533ee94d033ac12d9845907ade54b19a451f5e472ff9c9fedcefe45f1fa9e029a457c557af111effa22b9eaba419d94f77755135c99b75

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
1KB

MD5
c25ba8005d29bdb5a4661410a2048835

SHA1
4ec332b2e013ef5bb348f9b05ac396c6b625f691

SHA256
cdd293c7a9cc941db648d2434a4622563d4783b41928e92618d2fefffa6dd1ad

SHA512
d98b785ddf596a64ce67f1e3aae07f9cdfd76cefbc2b9bb701bddcdf6062fd21eeb282af32c9b74dc069284f3d6be2615e9bf7b95cae1ab9c8173cf1112006f8

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi
Filesize
2.0MB

MD5
8787943aa5ae4e8a7a79903faedf8330

SHA1
b3ac97b10cd416da8beb0ef0b68fc5c0148b6b0c

SHA256
3f8386479407804a24650d4e1dbd27e6f7b99de2310f34168111a41dfdf58094

SHA512
14635f94c0900fb1fb6cc26b18da96e3a4f1b3bd44949c714922f64366c04e83c59dc13b56d6ddd55b3606580385051f50eb5ab3250b7258beea7b8e4dcd4443

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
4KB

MD5
6ddcea88897d19fa4f103179eb91badd

SHA1
fdddcdb62783347b15e25dc129c54d87657b5442

SHA256
3ef19725e6cc9388435aa6f8128dbf80ddd4cf8058ef83aaa722ea0a67b4df86

SHA512
e2cb42b3c24d82d65e9f23101626c943a660ce0bd48541e4ebd4ae2102b25f07a324a4efe3f2447b622d0e3930c7a1c0d8b62d52b44bc7d3cdb5f4a93f24a982

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml
Filesize
1KB

MD5
bbe4165ca43e1b46d6b19f53e04cd8c2

SHA1
548b5c69ec5330c3be76d662324a66c107ea7c3d

SHA256
c5e9a6bd04d4614ebdd8438ec87a3f3dabf81062a52750bf8fd83fbb09e9de7f

SHA512
7ca79042cdc8497a13b08899e5a46b619e7e4e62f85bb92c2b84859b560742e4de3288fde23285b8505c714bf3a422f082df3556ff2640da3208df6f1f636039

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml.RYK
Filesize
1KB

MD5
4f3e36ffca8b4f1b97be1d03a9a70218

SHA1
a3228ea0cb1fecd401e7bcd10ac50e7377e18946

SHA256
f9af2bd6dd33e438d494d0c530cb26208152fb1d322e54473e190fbf4bc1c31a

SHA512
094727f5323a21922f0c9ecba00875056b2373b3ad433aaa92835d410af35cb8248d50d67aa42d4921535dbab416502906e59392be8734a84278ebd3e2084d22

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.RYK
Filesize
635KB

MD5
8bbd27311622d2010922fa860b29c0c3

SHA1
69a45c755ace5f52a47144bf8bdaf743b099efb9

SHA256
0c5d503a5d4af41990393919461745fd99d2d24af63b0cbd1443677646fabdae

SHA512
5ef24147d57cf66d6fd7fa12a9a87746d401000ca2d3fe3be27ff11c44f43569df5e9c5e90144ad6107f3e64c6ebc65915d32aba03523b630bdfec08bc98823f

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml.RYK
Filesize
1KB

MD5
e178b2b782203ad4dcb808c04e8195fb

SHA1
d2c289c4b71c610ee6b66c48d2d5a8ce73a0c293

SHA256
ae19377d8b659f692c4088ecd4043c739bf9766cd0ae04bdbf2c84a8f80f5554

SHA512
04bb9e08d3f86a67c446be330058ce734aa569758b845f435885bb676df7aa9d5a05702ca2743d0b8716463f0bd2f1601237b24c8b1aaca55d777085ff9a1feb

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
2KB

MD5
617b0b28cd86244d0fcdbaaeeb65e634

SHA1
c1cb392adfa6bf9cdb0d1b553275c56db5e292f5

SHA256
1d0b9052affbdbfb6e5cb8205ccf9c87523f0f35f3c882366802bc79a32aa6bc

SHA512
1ad45911538cc7e4f569475ef9cca878b97f807ee9a5ac13cdb53edbad9794e516d62e8f3ff5c916b7a0802a9a31bc95a219eedd04086e2ea4b87d023007aba7

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\Setup.xml
Filesize
2KB

MD5
f56013e69a65cd8470a2b5ffb7e480eb

SHA1
010668fab71159a8a48b1e543c6feac9ebb92b96

SHA256
a6da0fc4761a0828faadfaa3b10cb88d54641c718e5c84be5295363f09a9f710

SHA512
4c9a57dc26188870eadf92ee82dfacbfa61041b452dc371c2ca1cb888d23c60a920df79a25554d383967e0c18ec6663cfa8d23155427d34984c9890c960a7768

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveLR.cab
Filesize
3.9MB

MD5
8b74af84e282632eb9491589783bb178

SHA1
288a323db801ff96296f8dbd83cdb360890ece14

SHA256
dc0930524d9ee57e8059d723682da762d6e4bab9dc8a4dbcfe4f60ebe3c76688

SHA512
5448b54ff90431d4eff0c6f692c9fd2b8916717aac46a86de8707f748e8afe108d4639108ab889a92153bf5e8fc993fd0e599180b9964d68884ff1766ae9e675

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.msi.RYK
Filesize
1.7MB

MD5
40540ad4cbbbbb48d5e95ad62df60408

SHA1
79a802fb833299cda7f0e4f097aec02746b78766

SHA256
bd67b1887addebda531d7d8660708866b914932c7e88d5d36ac189433c8e87c9

SHA512
0995b34be5e0de70e16801ba4fb9dded7b71376de3afef6536d4760b78cf1333cdab543b9e3ccda4c2734db8889efd1d898586d6a69654312a6c5c99ef0a8b48

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\GrooveMUI.xml.RYK
Filesize
1KB

MD5
380cc4a96d51f1f8a8dd38232dd184b1

SHA1
afd4da4fe7ebd7ad3faf65027f655479cfbb814f

SHA256
58a00f2f7caf2a162a6a26e8b3030cef562714f1174186681092885d910dc47e

SHA512
6fba18a577d6040c9e2ff862aa4f54418294df2edfc6db338bd9134b799b63c3ec7074df946c9bbc8275e0aecd681a925ed0d4ae96a80a7fd1aec121a7e408b0

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-00BA-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
1KB

MD5
1415209988bdcc9d7826b72594d58624

SHA1
23b8f5cf2d378968002a80de1c2531c733dbb389

SHA256
907410968021634125fcae3ae229aa121192e16a61151b59f2d3a389db8651ad

SHA512
b47adc3666ffc6094468baffee23de6b25d9d57a810d306ef5a2c07692fc7043c9605035305e73bf62ed56c81b7354e3f76d3d192eea2485e13c70f13e78ef71

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\1033\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.RYK
Filesize
2KB

MD5
d46ad90198a1fe3e6ae84a1759822d14

SHA1
3f9ec8e6b41ecd91b9c357ea6f17aa5ec38785c1

SHA256
f9edf8a5e0131b3d26ea1dde7e2fe2d98e206c67c92cfa76aaf4575cfc950262

SHA512
581770339a9bd8a4560f7d3a7e206fb845e7f4c1c549ac4a284be3a8cc85a93041b332596fa443214a9f83a7e233f9a6149e195929edad6f695ba668a57d0af9

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeLR.cab.RYK
Filesize
13.7MB

MD5
1ea58356107195c35686bae22d775bdd

SHA1
65957459dbbb9f6495bb655dd3fe16e71a5e58bb

SHA256
029a5c8e64f03f2b6cd2c7d4784634ffe361fa3a33e9e7a630ca3d315051a017

SHA512
2ab326e99036b99d79f0c935131817aaad01ce1a149a7491f1f7a38636a802a32c33c213e9b220b71572c0b4e9cd14cbf5732ddd2f5c69de2e8d8f3373c39e51

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.msi.RYK
Filesize
2.7MB

MD5
66cb0ac07619db08d485a753b537d2b5

SHA1
9811b2bd253870884a2674c67750ce70d694b0f6

SHA256
ebe9b06ecd6e9af4d14b53b22df1de95679729d9d58f3bad066a7c61c6a5fb10

SHA512
0141feb8afd1ffa191e4caec77113f96479919510f44add3acf17310911682afe652138731463aab4c4f6888a927e571b06e5a4fafedb92b3d0c7a640ea8759f

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUI.xml.RYK
Filesize
5KB

MD5
f5f9b04f0514254fe8dc798fc334fb94

SHA1
0d8f2bb9001d7ced97ab60055695670b7f3600b7

SHA256
cb124c5e6cb10f6bf502f28b20240e30d6bf7bfda7eb4059612af27c3c43a49a

SHA512
e4d9870995b9ffca6a213fbf39dc553eb35ebd3e210059f12225d933654d06a427dc042c9c0398fab02549b9afc39812ee6e9969d7ddbdd54a27a105fa8e7bf7

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.msi.RYK
Filesize
635KB

MD5
568419a5a30303043e1f61b4375c3a01

SHA1
a9b73f01c74260dffa721df9c34be9b9fa7fbbcf

SHA256
67b1c5d9c1c507165d75028817cb82fa0e236e69cde9387fb9a7b85f54bba10d

SHA512
033cc1b0468a751906bc99db5c1ac1c238c72411bac3e2d5d1725fb0ab6fd29a3f3bb40fb8e6ebeb3b2ca0908abd1a86824051df60c4678efebce7c93b9d9b9f

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\OfficeMUISet.xml.RYK
Filesize
1KB

MD5
641ca771a6bdf395da32680f8f77f5b8

SHA1
da57b0353230eb65e64630e4ce1dbde3d55a4dce

SHA256
d14ebc3a10f926f9b5b14e1537f48c163477e10d3d5d282c9359d1c5f8ed05a9

SHA512
ed3dcb4b3503fbae58f4b64c28cd1fc4cfefdcfcafc5c609cad25b954f21fa309528b2e7db7907c1979e87c545440590404aaabd5c283617b9cc85ae428d50c2

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
1KB

MD5
11b99d04340f1787b622f2bf871e3f7d

SHA1
ecae22838d8a43f0ec3bc99fc08e42df4301ebfe

SHA256
44e4c998f2fa1e1771a28098e5590750802680e9f16057d9ab36e0cbd7c1d334

SHA512
f917ef34e7fcbe7cb1f0da03862d43ab514c56a4886515d8363bceeda0c7c610244e4440888355ddf9f8c2182b6dae447ed3efd78dd39e421def8289230e8288

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
9KB

MD5
54cf60bf16673b350f00254b35afe0ea

SHA1
52ef42e96b2859c68551c212fa6f8615d7a7b69b

SHA256
649ed26554d9b758246bd056382d859f54886893c2fbc942e4bd95dabb30b437

SHA512
22b5c87966fcdf889a48154cc49076387088c72e69f266a75fc9d515d39c949a1d3ae25acefbc01a405cc5e66ed438bd6ca8c971615cbf83f0288f3cf280bb73

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\ShellUI.MST.RYK
Filesize
3KB

MD5
626f07d27cde2f60748fa951cfbc09c3

SHA1
c72f5a2c493292dbbd549bb0f96513c32dbb8c33

SHA256
02624eca4a7facbf5fd8742d83dd710daebea427452e32e89a86af4546284d34

SHA512
70545d8d207ed641cc531341f61661194951d6a469f1766b0453ab687c3deb58f4d07d7ae5af68f0afb8890d6559cd5296f71301777b8888dc41c9dc1df5bf47

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\pss10r.chm.RYK
Filesize
26KB

MD5
fa48789cb9ea5fb9a10d76c0616b13df

SHA1
99e37522083d6420238d3b80c70517592fc51e59

SHA256
b4e1f601e6461684f34669a55f6b1cf5286795df00fb0fea2af2e6b45c6a1224

SHA512
14ff01ae169a5226efba809eef0084cdf6760d2bad820d5a896035ce39e12b0fd464a1170ec39acf5234839ea03a15ec65361dcea88ccc3e9c23b38adc6e029b

Download Submit
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\setup.chm.RYK
Filesize
65KB

MD5
5d24b67e3234cc54d71033fae3714b63

SHA1
76cd4ecdf8b1041291348b60f3868df046b622a9

SHA256
04a75ea186fbd9ea42d39208a0f422361b4439d275938c7413f095fdf506c1ae

SHA512
e69b13f3f7c5fd08d393f032d2a0bd1e90234d1988ad6cbd1d1c4a1299bd47f874e7f88c046bf5ab7308e30ef59c060c65c57cf862a78f695daaed33b7059240

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\OWOW64LR.cab.RYK
Filesize
1.1MB

MD5
e3a5043b351e0eb6c704d0ccd3b7295b

SHA1
292074392dca3a6acb892900ae4f632c4c071a2a

SHA256
898efb0590182e8591ff4ab88dc7000758d0ff8ef67189aa8f63f3d0be547d96

SHA512
0086cfa9bc91226da7f518998b1d40d747a9c61344222d0b4b4f544d3d690294af6e978be9924fa5ee29095141d91d0b02750e5ca0406555b610cd8eabbffa85

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.msi.RYK
Filesize
638KB

MD5
f732abed809d1ce7f39024577b72c196

SHA1
d5c63033534a104fca8fb72825cca9e8b398daaa

SHA256
5e8e11bd8b41ede3ca02f38f02a78368d1171a627f67a10ead964f1c3388a9e2

SHA512
7bdd5e1fde52cb85e7af4b373d57d706f5896dcc9f055d9f920552168a15581bf27159a04582dd555bbbbf02ed0a5bccd4e35815561934dc5702de5bffb9c3da

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUI.xml.RYK
Filesize
1KB

MD5
2a684ba51a2e4135ee2ae4b69837a2f3

SHA1
90bf1367790b2a3b7bca3ea2be4e4aa340a18893

SHA256
48f5c3fd6f70ed23cc150d8aad34a4e5a1853ea6f219479991af12d8cc325d33

SHA512
b782a6cd9c27d95f8c14066b345a79eec6a6dd14ad6805d89223a0be42d416808028556caf16eaed4a04392284e880535223088c4eaab259abb887176d201648

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.msi.RYK
Filesize
635KB

MD5
415d690dad58b60d73b75a9eb2dad311

SHA1
cfa03f6c1053333357f87812f71803a3d8a0cf86

SHA256
4b97b7de28d4f22dc0d54df503439fb5937703cc65989019ca24430c06ef1dac

SHA512
d6933628571d9d4dd663dfeda4631558b9e621edec77dd82ebb643b1894deaeac7e9d412f2c97ca9c8716dab2a9b290bcb83fac7d3f6418462d713dd536d94c7

Download Submit
C:\MSOCache\All Users\{90140000-0116-0409-1000-0000000FF1CE}-C\Office64MUISet.xml.RYK
Filesize
1KB

MD5
5c1b91c2791db21464d7cf64774f0979

SHA1
2e4d5bb94979056a9bb886ddc14ec13b6e6131d0

SHA256
4821527fee83093585b20e525c8a3e519c220fea6561bda27c952523325c629b

SHA512
df11a3e75363104d2d10cb9494a6dd25d1f20ec120c3cad064f4f9502b2e81b8eddcd4f5a10a885621fab1a21d959a4f3c0e413e1320450f4b1e755a5c4ef7ce

Download Submit
memory/1380-65-0x0000000000000000-mapping.dmp

Download
memory/1724-64-0x0000000000000000-mapping.dmp

Download
memory/1880-55-0x0000000000320000-0x0000000000343000-memory.dmp

Filesize
140KB

Download
memory/1880-63-0x00000000002F0000-0x0000000000310000-memory.dmp

Filesize
128KB

Download
memory/1880-59-0x0000000035000000-0x0000000035027000-memory.dmp

Filesize
156KB

Download
memory/1880-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads