ryuk | d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

Analysis

max time kernel
89s
max time network
148s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-05-2023 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91736.exe
Size

127KB
MD5

e8673c8a299d1647ead6f3da4565ac54
SHA1

71015f9c281038d63bf7cd45894550c1a26c6b53
SHA256

d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe
SHA512

90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc
SSDEEP

3072:W/SfjQAr839SVK+DM590tfXQpr8WbkPnkaT3Tb0b:ySfjQAY39SVK+DM0tfXQfqv0

Score

10^/10

ryuk discovery ransomware

Malware Config

Extracted

Path

C:\$Recycle.Bin\RyukReadMe.html

Family

ryuk

Ransom Note

izviawirto1982@protonmail.com balance of shadow universe Ryuk

Emails

izviawirto1982@protonmail.com

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Executes dropped EXE 1 IoCs

Processes:

iwupXoMzelan.exe

pid process

768 iwupXoMzelan.exe
Loads dropped DLL 2 IoCs

Processes:

91736.exe

pid process

1324 91736.exe
1324 91736.exe
Modifies file permissions 1 TTPs 2 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exeicacls.exe

pid process

904 icacls.exe
108 icacls.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
768	iwupXoMzelan.exe

pid	process
1324	91736.exe
1324	91736.exe

pid	process
904	icacls.exe
108	icacls.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

91736.exe

description	pid	process	target process
PID 1324 wrote to memory of 768	1324	91736.exe	iwupXoMzelan.exe
PID 1324 wrote to memory of 768	1324	91736.exe	iwupXoMzelan.exe
PID 1324 wrote to memory of 768	1324	91736.exe	iwupXoMzelan.exe
PID 1324 wrote to memory of 768	1324	91736.exe	iwupXoMzelan.exe

C:\Users\Admin\AppData\Local\Temp\91736.exe
"C:\Users\Admin\AppData\Local\Temp\91736.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Local\Temp\iwupXoMzelan.exe
"C:\Users\Admin\AppData\Local\Temp\iwupXoMzelan.exe" 8 LAN
2⤵
- Executes dropped EXE
PID:768

C:\Users\Admin\AppData\Local\Temp\WZJMKuhiElan.exe
"C:\Users\Admin\AppData\Local\Temp\WZJMKuhiElan.exe" 8 LAN
2⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\DQwEWgryglan.exe
"C:\Users\Admin\AppData\Local\Temp\DQwEWgryglan.exe" 8 LAN
2⤵
PID:1400

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:904

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:108

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\$Recycle.Bin\S-1-5-21-2961826002-3968192592-354541192-1000\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab
Filesize
4.6MB

MD5
4fcf9033c8b97ae561ccc3bc9d8696e2

SHA1
a7a6b3fa918231779ff96919baf0f647d4e681e0

SHA256
f1e19fb7b2501da5b921b815a12ca3ed31a7532e9caf3a63d8063e86f95109c9

SHA512
660aa32779edc847a12afb36cbf8d0354c943187d03d84b01bc5403cae1cb3c96419bb65cb4b443511616de10fccab3b4cf6d2c8040b45dab07b685edc506058

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.RYK
Filesize
2.0MB

MD5
9b641bde5f3cde324e6abc56022d9115

SHA1
df98151fee9841fb59bcc1c1304bfdfcd11b0181

SHA256
bdfbc58888cdb77bc22ca6fa640e31ae56d8ff86cfd1d7dd472dc7082daadfdb

SHA512
52033a17bac3bddf18a2fa4c922b4cbdf80f322b82cccc92a67e532ec7e2ad984169d2af221de446ee53731c5e90d381750f50c4121c43636735346a5e340fa3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.RYK
Filesize
4KB

MD5
5e60ed9b2ee59d6006ab43c5d53596a8

SHA1
e3652f6cfd1888733598f22819c48e3bd0da1ba1

SHA256
8032515b105e1ab346a867b796dc269e8ba4994a811de3ddc143da43e8e281e3

SHA512
2c17d3ff066832998e3a81e573052de39af5d76ca389917db7268f32789071825441233019777d8253e379592b91bb03a39ad2294f3f265b0bfc9ba555b8971b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi
Filesize
2.0MB

MD5
1b871b636ecad2ac6a9c0aa6a8f51981

SHA1
0da809f4b489afa91aeecbeca3d5ced37bc50920

SHA256
3a54d16f56b1a8bd657c37c69e4aa7a86a0914c460c8b85b26e692b6c8249c5d

SHA512
f3bc41a0cef2a02f8be09002d59211691509ef1aacc9584c265e7951c327f669242f298ab7252bb6148d650298cf3763f6ca172f304e6b90890a77f21756da74

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.RYK
Filesize
17KB

MD5
46aa87d5c6af78c4169e821932c67a7e

SHA1
362c3a6498edc8857666292d5a40cbc1bc4ccf2e

SHA256
646d1b2d3828f34ff062cbb3aa76cc6d0e011a5be9cf96296ada2093f44d16d1

SHA512
dd94bb407697d226f8ae87ac2972443490393635b2afd4e387e1e826d60b0c441c37af02f64db6c76e8a9b10b03abcf218087d4066b3139602a25f10126ec20b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPsWW.cab
Filesize
1.3MB

MD5
c95b7bd3bdd730365d25c48212c87e4a

SHA1
6d87929a43ce047bc80aa8211c65026063a9d069

SHA256
0ad5d140a93fc3184b1b9a3eb3aca032c9ee9ec1f357b639f4a8efd4f3e18d2b

SHA512
24baedd384946b7d22b8ff84250e04765cda21d2d8dd7c86cb7e05d8a7c13517cd92481937764679a9f07d5717f31e17130b86114d19f009df236a1d83a18b85

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
31KB

MD5
413ed5640e4dea449c0ec99b85c14a36

SHA1
a1c57367fb4f1c99c6ac713aa71354ec01dc3175

SHA256
5c32f42ebc0ebbc65be956fd05f80baad391e05d0be3e37fd8d1919b42106275

SHA512
53bb96252d0a9b9c0f5111e675b44369c996c5fda926cbe20fe160535bd08ae252fdda859a666cec0d11fb199a3cecfb729f1ad4d6a3c279ed2c9159d44298e6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.RYK
Filesize
699KB

MD5
29d39813307b907ad4ffbdfc3e01158b

SHA1
aca45aa07095d589809266d177a6a6403dbd7798

SHA256
a029e45524932a2a2fa1594f36da51a0841ca417bae98ffa535990e84f7fd8aa

SHA512
62a4f3f7cffd1444d4d1d2fd4d2edc5b0b12e115524259b37cfc58cec086f7e48e6716d78346a2a8c6ed9c81c8744e76185f0530be72869738faa57ededa260f

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.RYK
Filesize
4.2MB

MD5
9ea04308f0ef4b756e4c773d3a644459

SHA1
45e1ca3f5a6bd4368d228df7a666f2e0797a4079

SHA256
d63a1aba1942d7a460ae31b8ecf9ecd3c372245965d92bac3cb3daeb16758941

SHA512
2ba30fd4901110aa413e0027eb6cf5bc65f7ec99092643672ce2f083bd8f6fa9a7480e75c80a7a56102556251ec2fe155bd4a045ad4ae0baffdff68c51ae986b

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.RYK
Filesize
1.7MB

MD5
189b784c4d9174eb8f23ba906f2389b8

SHA1
71ad750541a76ae2c909b9263eab7c0337dae7c9

SHA256
dc6e6dc541082fdcec7e397b45bb12f9fad52900c42e750e328b1ea50008463e

SHA512
75a07fd9f3fe47e53596b86371fa990d2073cb4c72a53842168af7e49316a0a47f53a38c33dee06463781b167fc6ce1ea61d945f4652e9d06c03c0b38b60a40f

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.RYK
Filesize
1KB

MD5
df1682ae00018225d415acb294afb704

SHA1
db8b5a942aae17356a460a9873c6d52a9b970822

SHA256
7a1569154883fc63dade854c42712124c31aca4286b6bc3ba494e260c60337be

SHA512
0048e3dd84b8e0b90e5fd3214d93f5b82a9544fc68c73a66a2888345e33abdb891519bc9ee5b07d6e3aa02766c606d7a48da9d73feaf6fa4c70c08de761624ce

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
2KB

MD5
5f89916953f6633afaedfff913e37245

SHA1
16265c7badce9fb5656dcdc66be8af72efdf5df8

SHA256
cba8977c4219bf1d55d2af8fbcb4ce104c31499ef2098f1da7aa232f3eb3ce38

SHA512
96624f722d24bfd60fea10c9361ee1fb9280d9e10fb314601ad0c37dd78a76669da8eff1a5e195f7c451280adcc7e58262fe4d40c3de7a149427142b37f040b2

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.RYK
Filesize
1.7MB

MD5
70d7aa55ca4d27639a81b4a868a347e5

SHA1
463e23fcbaea68c345180d2e442c4bbd9cdca2d8

SHA256
53cb5e7943c0177ef0eb88204a801a877d74268ba5356d813826879fb5808e0d

SHA512
b55dd4f4c3c782f43a40f401e75d75f3ae0c4dc82c8280d3a5de3c30d1ee2dea7f8465f497976b25b23724365ef4c2cbe998eedf7ea02beb957dcdfbe0bd7228

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.RYK
Filesize
1KB

MD5
45fadf20065432b71cc07517bf1c5903

SHA1
3857fb4670fc1c28eb27775699f552e0ce9a29e3

SHA256
2a23458e7bb19c42810d0e8bcb0cbb2376673bd598e12f58e12c553e5c6b3c3b

SHA512
0197b1f328c352d20996923511bf40a353149ea9963a235f05f07a41f3007f482124ad210165b91b113874c4fe42776560055f01c49ef43188ff0b420a138c8c

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PptLR.cab.RYK
Filesize
2.9MB

MD5
6fa13a662b5ffca3b6b4560b9c764d71

SHA1
630086fae9a3e13cf0dc3fed7ea47664c20ff74c

SHA256
407cd03bd23d12247e70acc5b0c4ec17a45ff7f4118bca21cde08e8bb2c12429

SHA512
cf22bac9a2516acba421b6e53a9bd9033900668437c803f1584b85de59032053521209543d445b72d0074ebf79850748950b86b2f043e2ef8baf3a9c9f0d82b5

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
2KB

MD5
873ff9db498fcda31224391c6dc4862b

SHA1
ef367f7fa18a52818478fe3639a2a0ed3d1476e7

SHA256
6540e953be7337a85a503baa82cf2fb5013d3af114e2747951f25b4d6320d5be

SHA512
025768d8615f0112820b3c19f7c6e690c06f5d5cda0778a9658da9d73897a65e9b43590cab842ca6615d81cc31e71d235742f0f684863c246a98940d741dbf40

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.RYK
Filesize
1.2MB

MD5
4fad5297a42e6b9c08a8e282534c79d8

SHA1
60de6e6a0fbb91002ba656bd904ab2fa43a429af

SHA256
25b2d7bd61d629aff95072b36cb810c04ad1ae9cf9101d1bab3d768a3d62c542

SHA512
6d199fbdb21913e03a5fa3cc3d9791f68148526c1908966f3e3ae18a7905649865b1f2870991ff85e0a1836baf0876bc15e55fccebe238627eb68842f9d2714e

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.RYK
Filesize
1.7MB

MD5
529d6c4b5c022c3e5b982e6ae53765d0

SHA1
569bbc8447f50139621586e2b1d2f46a19e69335

SHA256
05d80ceaf5ef09abb164cf551c205febad670ef685e4a7d2aa30dad568e8bb29

SHA512
7b36d2a5f09a4557b954e14be126fb940095f327e73db429493a1939d982ae4a4b11b710fd6f26182bfc2b4a1411620ec8fe61f62ba98739b8b7a8710150138b

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.RYK
Filesize
1KB

MD5
2ef05ebc9a6a6ded0a0836ee496a82de

SHA1
851500faa267714a0f0f3a2bfa10959d3d611230

SHA256
39b5004f11204758af94c507907cddd50d668405d3da9a74b23af72b8cf14d60

SHA512
697065460e6deb9bb80a2ee9ac88728040904e5cb6ec421ef11d52696d1c46308a5bd8f4eb5c1b0a414e9f1eff5bc00966e9cea3e4ee435da926ad8b6a643baf

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
1KB

MD5
e9271fa9e502a94c65724e527c6e3736

SHA1
1c2470a7136bbceb840da9fff4f85ccd01d7425c

SHA256
a409d988d461ad5bd1c69f185fa84108875a346d5328e1bdaa6803ffbbac00c2

SHA512
f6f6b5420afbd84e6c4456fa7afd44b1f9111ac40ed2c145b6bf9a0ec5b57cef2006bbca65e1ff4af4f0fc16dbc490f13442da50572d267e89386a3b3292eed3

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab
Filesize
2.3MB

MD5
b46a81ab3e25ca1776d9cf833989dbe6

SHA1
a38051c03803c8ca21bfe3d5833630309dbfbc3a

SHA256
fa31abf6f04d8134caf0ec15a34f0bf79724aa6d4b2a2ff2b0f8857cef4c0a0a

SHA512
7202b5d23c26b053d7ea52bb338dad99a505ac58155a5d2c7658b452cafd25946891d7d7914eba9b76023572a8d242e349c293c480659fe1339a3923f20243a0

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.RYK
Filesize
2.0MB

MD5
8c84e81d588fc3faef153fb849b7e73f

SHA1
adff967abc2db1a86abf1f0c0e578ff07658696d

SHA256
be272aa45fc9e964357901dfe096100a0c365853d5c95787f51c463da3f9c53c

SHA512
47d479aea2950efa44b5672b1a88b01e4c65e30e450f888ac9166c85a0e4648ea89e3d96e756d16afda2d18013354b7022d3db0f5d4eb46731fa56cfdbbd5152

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml.RYK
Filesize
3KB

MD5
829fc6c46f7046a26468740090862b9c

SHA1
02e511afbe005f77832fb863bddfdb229d30bc1f

SHA256
7219e220fa25e45e32ee559c4ff1eb75e595f0909222a7ba6d7538083f730c2a

SHA512
bee2d2de8dc7e23a3642703438784933332e7b1f4765bd8e27e039c935eef09d792ddedfc3e6d26bc00b98814f2e65e49dbb9bbffee9e7c82f96aa8a091c4664

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
4KB

MD5
4e705fc518b8e588ef3f0e6bbde94565

SHA1
655b344dec5d307b63bae219aeddd8afa73b4db4

SHA256
2eb743ed35c4fd2bf34587955515cf4665c9b5b7601c13a58b31c60788047ebb

SHA512
a8dcb5f1d203624eb451b3ebb5efe4e331f86b9e98c52eaf49a66e39c2c06bfa4d68cc2504522322761b1bb8ef6e3913deb0121b523498519a614f31abb7642f

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
2KB

MD5
075af3ca4b84bcfbc1ba153a8f56dfaf

SHA1
7a5ef833eb327c9cc92e1fb3818fada81174c94a

SHA256
d9fae422fc01aadf43ad7f1b180c8a7e554ea68b4b8c1ace51c3cd1bc61a747d

SHA512
5d812e1751a7ef167be52146dabeebee58a3de7cb9f22b30a79c0d96e32a74fccc4ad7d779e133dfa6debb300d3beba5e6e839f6c35f2b13ca079286e7d9df33

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab
Filesize
2.5MB

MD5
b817cb1f889ef6536eb952315753f079

SHA1
dc5f5b1a405ece7ad384afdb05c2457e03ef2d71

SHA256
5117f3ea7386ea07f03432c4732bc7a54b7d159e72198117a4bbfa1220bcc92d

SHA512
25be9acf160c281a8c9c1386ce0f7fd22c76e6d10f213bc8b7a4f0cfa09fb0fa4c3f7cf4034b1129560e35fdf1876f77cd6fbcf3100fc06ac45555471f087aef

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.RYK
Filesize
1.2MB

MD5
c610162ebb6c0ad39c6441750204424f

SHA1
5211ae7c04f7affc306b340cc9d2231156be7f8d

SHA256
29d5adf90b4a0c720c57dae06e83856ada8a402c34fbd5e70e4d3afa898c0eed

SHA512
bf138274f9cb8e9462158addea2c327b305608c8b84dca29c6f63459cb30f17c438273e4bc4ca3308c1928fad8a5d6c19dd46ee51c1f1cdb242be1abaf182008

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.RYK
Filesize
2KB

MD5
5b4199496c384b6596e793aa10b0c570

SHA1
13dd8dc24a8e4a2140ada6d0ec312ef5329a9934

SHA256
c5e3dd92b1e77129dc7265f9f9da04107a345b7a10834fcd6f237c0d8d56a5c1

SHA512
b2fc972db49b56596a1833fc83216ba0bf5871c7e841f1af29b996dea8671315b7f29d7f2a7e0c72cea9e10239261c36bbf326263dbda17607296e1a1c7e11a0

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.RYK
Filesize
2.4MB

MD5
9f89548512a7406f0d64f44de86a55d2

SHA1
a38224ba04239ccd160fa111372c9be3062ff637

SHA256
8e62d3dc2b8917054ffa0477193ed316a1c3fd4a5d37777ebaa242b4ea28ec22

SHA512
fa810addb5ab07754991634148c29d9b223e4a020a15d10bf0a3ea07d8264fd227b43aeff982ba66323b03114c1368a81ea4e0ff54da83d1659a1b6101e34215

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.RYK
Filesize
641KB

MD5
416b3738e0253ef6906f056e4aefd6bf

SHA1
e2ba02fefa9178a951326f52a4c29d4845487b8d

SHA256
b2f8972a7327c316b4e9655bd05388172aa2ecb544336df41d13136d8b361301

SHA512
9b5a727c862b4998b1ccb1c55f828e246fa4ecfa1c38724c5214bdcbca58f9e1bb6259b38d28d7108a32039dd486028a7d35fb548e7673edcf6f1f6614725caa

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.RYK
Filesize
1KB

MD5
22c704dbb6058dcc57493c2ac7ebee85

SHA1
a17dbb8e7f75db1f550424e1e437b06baef2685e

SHA256
c640376390f1155853dc3a3b5fbf42453c1a6eb889220af4bf6e30c2d3026102

SHA512
43b451843a5e2c13229d237971812656a4c1bdf8a4f2631bbe782826250083f38a73944035f98d1ed98009131fc952148d0eb783c6c1e38ad8667c053d4f9be1

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.RYK
Filesize
1.9MB

MD5
122fa1c0c7f659ea5edfe354c4bed394

SHA1
e32704686f2d15c33c1b6fc7fd1e472a6f119320

SHA256
f821f653ef361e0e260c984213f0226bb7e91fb3796f11eb4c1d36a64134358e

SHA512
e02268f9a82907e6e81785f177285148dece13c1501fe5e3fc1d717760456622186591275751480fc50a35cd96a14b7a1da2af051bc6b8cdb3020aa98ea782eb

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.RYK
Filesize
647KB

MD5
6bec4ecbe78e7d4839f22c8472199d3c

SHA1
7c01d1d59f892c51f7e9a8f2b9b62eeb59a04f15

SHA256
bb68271cd2e7f9fa08ac16b09af94fe49e6536a107e7558609feb2c21ed2c68b

SHA512
ba306a76a4c6e80735cf39b86e1df329e0de2879561da705245d6ab498a00d6b230555786e4e7fa9a9f2cf655a1ed7ff1a278bd5090a88f4a4f12703eacaec86

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml.RYK
Filesize
1KB

MD5
555efeb311df9fe9fe486077b31ae2fa

SHA1
7d2a2163c11330f58b658edbc034b13ab17036bc

SHA256
9c68891ce4498aa88ac896e13b226e2818f9b76b12f5ab62799dee832107d9e8

SHA512
70288252394278d7d6973f66d17b7f95bf9e0d20d8c1211173f41190f621cdd064ab55376d304eae129ae3ecff5f1004e2be6cfa1ffa87fb6afdd74cb4310c48

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab
Filesize
2.4MB

MD5
b766288b5509df690a2a989070edcf70

SHA1
b65791093a77783386673dc847c0311c772377d1

SHA256
bfc2cadf13be87a31da5f5fac5b1d24e211b806f6fc6aa536c8e262366759639

SHA512
09bf5ca643a10802f33b5f306c5649d4d85b9df8921c1624b489608a4bfb6ef7c5e38ef866dfaa1c3343c20de6b7ff3cb66d5d6cd6f41c1fa925e6b6af250b57

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.RYK
Filesize
652KB

MD5
f089fc36c6b71aea6574f248ffb41b49

SHA1
f534b76f04ac6211e4afd9082cc739486c4537b0

SHA256
de465a0666fa9d22b844e9ee1664e6f485162003fb88ccd84dfe9c455cb4ab0d

SHA512
f4cc438de17548ea5a3acbce9e4bcaa7eeea71eb4ce0552cb3f7440cb11ec563c6af34e3cc5c5bb5e13a9f8bdb13e2cf98bef2eb2487ba58fd7b22d4d8221aa3

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.RYK
Filesize
1KB

MD5
fdbac087dcb488b57608568e7c3529a9

SHA1
6f92679f4ce6331844800d36160f8d233209ba84

SHA256
7246fba94a8b696468a366a928dbab10257f6b782feffcaea9f787088cd32c81

SHA512
3628f63ad2ac5a9b4715d6be94eff1f0d4427572069311deb806f7cc2628322f6bc03a96c614af41f9abcb0dbc7a579ee9a07e62571579729df6cd79e03cf9bd

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.RYK
Filesize
635KB

MD5
9109c108c219b87cc49772d5a74da025

SHA1
f313284b3fed8c605e978ea7837ae20ba471159d

SHA256
6d471ea183a9ebf13bcd187cab6cc28f8efb5bd1be656133e58c941e58ee21db

SHA512
feeef64da57ad059eac1c40eeffebaf3c90f77f1fa5d965fb3bbc9d972f1e3f7c36dc6425ad37ecf35959097d0c77c9db90afded2a4ec8c62294bf3b0d090002

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml.RYK
Filesize
1KB

MD5
213b1a0c8387e5cd51e08b6674f8a0d8

SHA1
54e79f3c35240ecce1122f99b6ecb0b0d722b683

SHA256
802854091d739070c8238d463551de2ca17f0c06668ebddf4be13df42dae0731

SHA512
62a68759a12aa4ccd23bb781b6ecfc5dce1caa418cd922987a5214d02a99e3babda58407f3ac4221647b31d6c01643579ea40891f05d7e2c25c5be6ceeafa7ac

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.RYK
Filesize
6KB

MD5
f821404270119f46a0ac596666897842

SHA1
59aebcbe48dc38ccbd7d13c764a574bad70bc5d5

SHA256
a3ca1bfc7201f957d2ccb6fb9444cf9e13b1b2054e19a9c99d4bd1ed5b313200

SHA512
a7cc2ef9f4fd82ced7aab503a72fbb7e69c3d45887ad335fbf1441bf9de42172e9b12ca55289a46144d42e71aaf87c5dc36109e6d9ec935483d97069db03340c

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab
Filesize
4.4MB

MD5
d34f1cd7a536b3932389538219113b91

SHA1
2bddbc6c29f8f01693c0155ac2f13d44736c47db

SHA256
6afd259643e4ebc0b0c4ae2a940de65c5f2d419be695b846b5382da87f44c3ff

SHA512
261181f8a41bc695a0aa6b1d7385430f0fd86136dc96459cfeda468a9c8b3272f5bd8e0e62e5582dfa4a4d3e9becc40d0579cf302c9cfc19c958339342510fd7

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.RYK
Filesize
2.3MB

MD5
a60382cec55c771c66d9c8e8b5f07a2a

SHA1
9d890402316bba300bf47aa61883abf557454839

SHA256
d48e0b0f45b9db335c5da852448f5166392edf367cda41be09c6992b0d9e75df

SHA512
818bb74c1aa0a758258789a145c0c61b43bfa25c141cd2211230ae0169bb13b7d238566b3ddc7a792ce74b97962770d0979cd613a979961502914917d70c1b67

Download Submit
C:\Users\Admin\AppData\Local\Temp\DQwEWgryglan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZJMKuhiElan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwupXoMzelan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\iwupXoMzelan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
C:\users\Public\RyukReadMe.html
Filesize
620B

MD5
aad27a2b7aafd7847fa58ddbf07a2d25

SHA1
5a367ec3a44b5c079d80e414555675e316947d28

SHA256
317a5d236c321ec9dc865b7a3de107bc160388e0b76102d9067830618f4b942d

SHA512
52856b0a4f2ee114c19cccd110355e26dfe22c6366f9d755b18d98cac33f1a84ca56aba177fa105a1ae6cf46c11e2a738eacb389f9c1ad3271d61204cb1b0cf3

Download Submit
\Users\Admin\AppData\Local\Temp\DQwEWgryglan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
\Users\Admin\AppData\Local\Temp\DQwEWgryglan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
\Users\Admin\AppData\Local\Temp\WZJMKuhiElan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
\Users\Admin\AppData\Local\Temp\WZJMKuhiElan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
\Users\Admin\AppData\Local\Temp\iwupXoMzelan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit
\Users\Admin\AppData\Local\Temp\iwupXoMzelan.exe
Filesize
127KB

MD5
e8673c8a299d1647ead6f3da4565ac54

SHA1
71015f9c281038d63bf7cd45894550c1a26c6b53

SHA256
d0d7a8f588693b7cc967fb4069419125625eb7454ba553c0416f35fc95307cbe

SHA512
90ad0b12c8de7e22c997f5bfb84f558f7cfd78a1edffdbe45547f545113d7b01077dc5962f3f941e383de390cf946405fd73d890ac9059b8f5a4d491297a72dc

Download Submit