Malware Analysis Report

2024-08-06 09:39

Sample ID 231011-yvq1jaac6v
Target Sample_5d283d656ea1e5165f2c7b8c.exe
SHA256 c85fec6ed44bdfd54c5f37190ffad38919640064ce718045e228dca65f74ec7b
Tags
ryuk ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c85fec6ed44bdfd54c5f37190ffad38919640064ce718045e228dca65f74ec7b

Threat Level: Known bad

The file Sample_5d283d656ea1e5165f2c7b8c.exe was found to be: Known bad.

Malicious Activity Summary

ryuk ransomware

Ryuk

Renames multiple (7117) files with added filename extension

Checks computer location settings

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Runs net.exe

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2023-10-11 20:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-11 20:06

Reported

2023-10-12 14:07

Platform

win7-20230831-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Windows\system32\Dwm.exe"

Signatures

Ryuk

ransomware ryuk

Renames multiple (7117) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH01291_.WMF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange.css C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MLCFG32.CPL C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\LINEACT.POC C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3B.GIF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\1033\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECHO\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0400002.PNG C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD.HXS C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\ado\msado27.tlb C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7 C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101857.BMP C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_F_COL.HXK C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\WT61ES.LEX C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21512_.GIF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\OLNOTER.FAE C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\IPIRM.XML C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2 C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SL01041_.WMF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME31.CSS C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL001.XML C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Equity.xml C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\More Games\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\RyukReadMe.html C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A

Enumerates physical storage devices

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Windows\system32\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Windows\system32\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Windows\system32\taskhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\taskhost.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2024 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 1220 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\system32\taskhost.exe
PID 2024 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 2648 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2064 wrote to memory of 2720 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2064 wrote to memory of 2720 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2064 wrote to memory of 2720 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2648 wrote to memory of 2540 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2648 wrote to memory of 2540 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2648 wrote to memory of 2540 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2024 wrote to memory of 1316 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\system32\Dwm.exe
PID 1220 wrote to memory of 1088 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 1220 wrote to memory of 1088 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 1220 wrote to memory of 1088 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 1088 wrote to memory of 3008 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 1088 wrote to memory of 3008 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 1088 wrote to memory of 3008 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2024 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 2124 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2124 wrote to memory of 3420 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2124 wrote to memory of 3420 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2124 wrote to memory of 3420 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2024 wrote to memory of 22808 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 22808 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 22808 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 22808 wrote to memory of 26416 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 22808 wrote to memory of 26416 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 22808 wrote to memory of 26416 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 1220 wrote to memory of 28804 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 1220 wrote to memory of 28804 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 1220 wrote to memory of 28804 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 28804 wrote to memory of 28888 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 28804 wrote to memory of 28888 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 28804 wrote to memory of 28888 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2024 wrote to memory of 27956 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 27956 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 27956 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 27956 wrote to memory of 28432 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 27956 wrote to memory of 28432 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 27956 wrote to memory of 28432 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2024 wrote to memory of 45688 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 45688 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 45688 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 45688 wrote to memory of 45304 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 45688 wrote to memory of 45304 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 45688 wrote to memory of 45304 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 1220 wrote to memory of 49064 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 1220 wrote to memory of 49064 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 1220 wrote to memory of 49064 N/A C:\Windows\system32\taskhost.exe C:\Windows\System32\net.exe
PID 49064 wrote to memory of 49108 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 49064 wrote to memory of 49108 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 49064 wrote to memory of 49108 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 2024 wrote to memory of 50764 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 50764 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 2024 wrote to memory of 50764 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 50764 wrote to memory of 51100 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 50764 wrote to memory of 51100 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 50764 wrote to memory of 51100 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe

Processes

C:\Windows\system32\Dwm.exe

"C:\Windows\system32\Dwm.exe"

C:\Windows\system32\taskhost.exe

"taskhost.exe"

C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe

"C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe"

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "audioendpointbuilder" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

Network

N/A

Files

memory/1220-0-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-2-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-3-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-8-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_f8462d6b-7d99-409c-b6aa-08f77c38ad4f

MD5 93a5aadeec082ffc1bca5aa27af70f52
SHA1 47a92aee3ea4d1c1954ed4da9f86dd79d9277d31
SHA256 a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294
SHA512 df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

F:\$RECYCLE.BIN\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

memory/1220-29-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-23-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-33-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-36-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-55-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-65-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-62-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-69-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK

MD5 1b56351bd9ee27b5b1e75374fcc07ccd
SHA1 0b2dfaf8eaf5353ea0d9e9c95e63d31f6089d814
SHA256 d3cdbdad1b77b699b47d176971a5f38beaf1bc5581c44c14ffcbd6e7016599e1
SHA512 cc77fe6f290901af26e4262abdc8d902e80e912764a3217dfc3b8f6c7f230f6fdd88173ed20a3205e58e373e5ce3a1957d8a22b22bd33da35c175cece52e4a8d

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.RYK

MD5 61b47a2062081fac89535d01a7736fc3
SHA1 e5ed0c9f341fbb7c7c43b198338ee2bd17dbe4ac
SHA256 79d3d82941fbd064b605e2a9b07eb5561a98ebc004015a23e6d979cac8ca9a23
SHA512 50a6778c6b9acf7cf4f49d69550e5c4d6360e660d691d18029849c6250294aca40f90531e276109f675f85d12f69dc893ad7d26f8dbe4008465b3877db5ae2aa

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Adobe\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

memory/1220-120-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK

MD5 581603e7cf549c6186d354eb5e9bc192
SHA1 0bcc62267a18f5d3ab829b683623e03d0188efa7
SHA256 b34dcac5a18c6ca9c2ba6450b8a79542800de8f35f31625bf39e3cba935128ab
SHA512 9351c606636595b9aad7237cb734b07d895c306d0b3a8b8e717cbafaf2a94518753ec3cb40904dedb17ca3d341c37285ab0ca665822162507b8f1deeef78a35f

memory/1220-116-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-122-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-100-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Documents and Settings\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

memory/1220-165-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-126-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

memory/1220-199-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

memory/1220-200-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-78-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-60-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-218-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-49-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\ACECache10.lst.RYK

MD5 086737fb59eae6d5d50a5725a1d698af
SHA1 a049cfddfb2329b12866f1522fb822eae46ef8a9
SHA256 89351fc3aba8206002250ea81c47219190da34fa03df39377cf48aad4481edf8
SHA512 1cd26d9254f8fb5d93b8046d8f4036cc1500eb88ca088ed67b2feb74cd7eeb3d4e57ac9d68deab809e5650032c2aa56d56e965a9741e3378fcb50c1b4ff74714

memory/1220-237-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-246-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-247-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-251-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-271-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-263-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-285-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-286-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-287-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-289-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-290-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-391-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-396-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1220-397-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\java_install_reg.log.RYK

MD5 fa7f491c468b8b53b0357b84c87ce689
SHA1 ec2bf219d3c5f9ff1aa8cf048886870555dba27b
SHA256 7008b13dc441a5fbec7c43cdbb501aa59f541608b15be28b50600eb9f445770f
SHA512 227e21b0b7847761f4fb311de6bc0228376870503c2434e24a7e809f3510c37fb098625030599a4e630547ade89792809e7cf79780bc1ebf9aefde85d4eaed49

C:\Users\Admin\AppData\Local\Temp\ASPNETSetup_00001.log

MD5 b050eb11ff74026e62c3b2c241a4af14
SHA1 5bee829c9a1ded779b4a823fc139fb2c7e4412b2
SHA256 885efe5ea3b170191f4bb28b0f6372563a125e4ee91ce3c77c68dd86404b3902
SHA512 4f11da0091ba662dc9cb37c61e062bbad427295ccc8d990b9773f8270a6a4e11674f53a8c2aeea05689850f7ae5060a3e3567c2f206e1e1eaebd8da9239f1d4a

memory/1220-389-0x000000013F2C0000-0x000000013F59A000-memory.dmp

memory/1316-295-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI1F75.txtCF2.tmp.RYK.RYK

MD5 50afadeaba6a6b60eb4b5755a7f00731
SHA1 b048e2cb3b4a1caa6a119e6f49ff9a5066bfd0f6
SHA256 ab0a859cb904f426ec3e370a23d74dae752483aef9c8ed02d60cbca8012f3d67
SHA512 6ec7a8b6f4a1c51cb30f6b320b1f6fc13cd219882d24a63eceb7cb5d46d53193f7b895c1464c27cddadf1123afb2658a2b08eacc615be508bf3b845d2bc4c0c7

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

MD5 3b03652294e38ce0e2d1d2449ebff364
SHA1 812a3dfc2fa00541c6b23b1b2059ae74ddbabbf1
SHA256 acb05e5c8465755de811eed599ec43bcfb7f60cf2777fa89a63f2069fdfb8694
SHA512 0c53ce7c44c42bcabfb22afb1ac2e5f47f8ff31f0284c9b93c340392359c4db4a8f65761f0963a2083c781f0ac2be3aaff49227771c1d1f018f7bb42a9e0d941

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg

MD5 284a4f887dea51f94291f557ed6454fe
SHA1 24874fb612aa713c8ffdcc257f545ede6d7a94fe
SHA256 95781b2e389846b7b531e70fc1fe8dfbfa26c9b4e353b7ac4f0d91ab8b043592
SHA512 f427888a8ca71047b26b10151c0103ba63a2fcce3b041a2351d2b72e13f6a2cc7c58a55fd5c96ce3cbb7bb1eaff44320a86fa3066a0a8f33536f2d0106bdd650

C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI1FD7.txt147.tmp.RYK.RYK

MD5 e75a3f6f2b85ae1f270a10b5a2019a38
SHA1 d5517060dddebdd18f57c9ab6527e4fad18cfee6
SHA256 d276cf810925a07ee79230fc88ee9e8883d1105e4e92ba3dbd90f93b253638fd
SHA512 1b28c1b42e0f740ab3bac15f1aa0ce837e93f3631be3beab5f14dc94bbaa127b1281d748c07a18fb28eb20da619c2ff0e6d14f05f4b64a204c14d7937584f056

C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txtsched.log.RYK.RYK

MD5 336780ac7b8513757383f13599684b84
SHA1 94c77623bdfa7bc1ef35a818994c5cf72fb4f716
SHA256 ea00dda9b063d75e2a4a06e5fbd4468d40cbeec37c1dde299263046710ae0485
SHA512 4dfaa2ec175839bf771ed5eb624cf046ce5b6ebe99f7c4001b6d05eaa07e41bd3ed9707924af8f39f79c024fd53b34e189320db0a207ec4bedadd65eb394a04a

C:\Users\Admin\AppData\Local\Temp\chrome_installer.log.RYK

MD5 78c1f3458bb213bffb5f519a146375d8
SHA1 1aa9e8d7ae069752199e98ce2c783a81c4a5a16e
SHA256 3653cbc8fd37a9df5f2736a05460e2c41cbc561355a9360ff91566302dc0ee48
SHA512 17e57c2a69ada1fc3fc29f11a8e7e8de479f2a57a57c0345b4a2be1374c5a1d7aa3b918fa97a3d2d44ced174b270f4d3a5706cd60767e1fc82d80fd9047086ea

C:\Users\Admin\AppData\Local\Temp\RGI2D48.tmp-tmp.RYK

MD5 91473887ad9222384a1a998af78b9fcc
SHA1 a4db95e570b13790ff8d504e0b3d0fd75ec2a313
SHA256 01231887e25b29d970b5170e9cf67ab7ccb2c34a3840dd44c99750c35da25e1b
SHA512 646e20342380810f73ead6f666aca7d6c1b7b66bd03b28b163e90774fabea726b7a6eca9720e71dc1816678cc00eae24e81726f97481ab7b316db78f0189b2a8

C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log.RYK

MD5 8f88428b6307b8ec60cc1fb2121415cd
SHA1 df4c53662d28ecff5b71ac05e07504acae03ff11
SHA256 eaee9ecd2533d6f78259ca49c19e6c4c5eecb61ebf7ba7a31a46d562516e9f97
SHA512 79ec6c5b7006c4fcc0e0657682378cc3dc9ffc8340e4d825d14012111fad8cc896b0a7fccb6e99409cebf6d20226eb9f93163ace307863b374db0ba16c95c3f9

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

MD5 dcb35367baf02a5e24275efb237d712e
SHA1 e171299dc77c2eeabfd8df4cb1f3fcdef05af49d
SHA256 cb6e38e875712f059ae1f55903e6740f9a661b3eacc1e47db5535efd4f0f5bf3
SHA512 f835ba8fc7229fc735237f5dd5ccca30ce0318ec80d5cf6307534331b6044c77f0843653e038721ad6985b95a42d78f93b2c16ca42df269b6f7a7fba2612eee5

C:\Users\Admin\AppData\Local\Temp\wmsetup.log.RYK

MD5 cdac578e0580dd88b3b8c7ddc7d590e0
SHA1 1d837214c8b09aa555e2298ce034706650653a65
SHA256 6b36caf51c3274c46ddda5736b72cd5091cd99ded4ce7c6fb4770599ed664843
SHA512 4bad359473830e3e89b6ca6a3aabd478ceefebe8a6e2aeb3101454f1143ba77c074507c912db0b1cf2c294dc9ad696bdee2ea32c5ffacee7226134720394a29b

C:\Users\Admin\AppData\Local\Temp\jusched.log.RYK

MD5 0aa335160218d058cff8ff52a7e61c16
SHA1 23f52c933368780738987bdde423ad0ef51d5f22
SHA256 dc6a84b06e08869aa25ba583e54d6b3b453bb7439deb68de35fe5c8779306408
SHA512 c1f8fb9874514376fc5924cf07368a1d805eb8277b68f62c565e0471cca626c198cea5f0f42a59ebc9f66b7e3e5ea5039ea75b0361d15910d2ca10fd5c70df0d

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif

MD5 e92d7797d254c82097aa288e9065e36a
SHA1 d03f55dc371bfed88132911e5ba8ca829ea3302e
SHA256 18f77ce02c41b96762b66c70a9846230326b1a3b6ad84000a5f5c2d50be95321
SHA512 76689345686cc93aaa8a651beefed2ea9410411a66b6eb475f6d238020d0356e3028fd3e40a618f3329f0fec2c63cd53f474e79c2a4c50db881d4fa178f73410

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf

MD5 b8399793c3d6e15df3d3927976b5b259
SHA1 b224ca33c5b99caa5eb47c048617f65f03d6f90d
SHA256 ac92054754364ec46b5438f6b15ab12074e99a5142a94f1f92e5cc86c1ec1332
SHA512 693b76d8a5d10d89d246b86deeefb7aa9775f4cf648e686176793412cafe9bd7a2019afaaae598337ae70bd574cde8d9c16e920b29033d3f4596792d321f9893

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf

MD5 202d7f6b5d491bb4f0343c2b393f47ca
SHA1 20ff1de3e6f9e01bfd4c9482e32b3dbb70e79b90
SHA256 cfb8e180554f7708c8001f0bc0cdc6cfb5b1da536ff5c5f67d00b9ef580c11ac
SHA512 c49f043019e94667031c8aebea7d76554287f4451e5624ce64f77c7a0f8f12888c3edf5c66676e9e404504783a63448341ce4a8b81f9b03d04e896836d47a3b7

C:\Users\Admin\AppData\Local\Temp\java_install.log.RYK

MD5 81ed8eef640c006c170a8ee80b734a58
SHA1 1c804485f403fc909d42dc9d5c8cb2ff2bdbfc99
SHA256 46b97a54e83d5d73cd0f5919127c9d120d9916bfdd7e2a3673ea3190491a3133
SHA512 55361a5a2876f4dd56be2efe3d5a0853f9bb29db9ad93a4dc286077b580e3283701bc7c14cb233bac82b37ac4b5178382ec6cbe02d694d56cdc19c1e38e4f4cf

C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20230901_013010_697.txt

MD5 15fcb191ec24167f502c470a394f6b6c
SHA1 4218448d449c7ac0bfbb31ed853a124fe14a8151
SHA256 94f63b898da137156b9964be58ca113d47ce81d53ecf34a04537ff71940f862d
SHA512 b1beaae78aab8a7e9bdc7e46e09a7619e19e40a8a901d3a84fa419406dbe6b05aa6900054fe4162cbeafcde7ad80babec701503555070e8872db660c0ff74a9c

C:\Users\Admin\AppData\Local\Temp\Admin.bmp.RYK

MD5 062344e5635eef955fe972bcf401960b
SHA1 1f3ca4d4ca0736fa9bd7c69d5b64fc613a0a4ab5
SHA256 5d17125687f31c8f0a3ac9d3f32db08acb0cb797c6df79cd93aeefae7b5afd64
SHA512 733c05953bfd4a7ac3272d0ea7111008bc1d13dbef531e8299b90f35b81b964fdcd163832046d2104a46e64983e48d55471316de3f89bd083e4d019add95afea

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.RYK.RYK

MD5 e9092677ed02f9e2268769909f37f335
SHA1 5bc6ac303098c0e2d8ec36740a853c51ce422a74
SHA256 cb2177cde22c8902bc7446efbccd8740c6998166635a0e57ced37da6d443cf43
SHA512 44905255d96fd1ce67cf4cb29a865aa1acbfdfaafcb34df63baa0220f642a3c50b50994d0b76c16670e535e5919efa53ef5135b8b16dba75bb284a067e311e1c

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.RYK

MD5 4f3527c630a83452dc6d411add82d584
SHA1 336b6d7b1c849465a97368e86cae33a4ed86273b
SHA256 8358a25032fc86dfe38abb6be3a452db3d7814d7412c67eff39254e68e62af90
SHA512 e9879b33cca5a590100dd60a01b07882822a2c6e75166b89e4106d8c2b71cf2507d4219615fe702ccd8bb3ce22c8e1ee6b556609bbd804f6b50323ddbee3bf4a

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emfold.xml.RYK.RYK

MD5 59dbbefa62823554591a95337f87e30c
SHA1 350aa66affe0e578c9935ddeaed4149e9d94be54
SHA256 27e0e01df3dcaebe403897b57af7f3c058b195bea18d1fec02cbcd6fec31b561
SHA512 1f0bfa9bef3b125e1581f1cc9149c2f97c279ccc3aa4ddf9f92fb4435a4c0c5a4e1a39f0b2fb1afd309353761f7148ac23f35422b05e333ed1597f1b173a856d

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpgK.RYK

MD5 15d56e1bca081848d2b17ea155d12cef
SHA1 f9f45d91578f60299b3ebd76638f0ca4dd1cc3e0
SHA256 8633824a127f6eedaf7c027c11c51c80c2a62ac322822f9cb0344a890ad191bb
SHA512 53871876c39f4fd0b3942ceff9253b50d8704ec752ad2214810d1895bcf1acc2f4172c5095a6adb5203f5deda1158ee8135ad99699445b841faa42b0fac91908

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htmK.RYK

MD5 7635c94f6038b67d734f250b96ee0632
SHA1 1b1b664761a57b576fb23046fed3132f7b6f725e
SHA256 01ff9e30cbf2cdd3beff4519fc8de7b11b00406c33b88df91da114f94e6ded41
SHA512 e1b2482022ed0cdd57001cb4b3e85e903e41edc05b234565aaf9b63cacdbf92c2c1d574453cd10be5d7b3d1b03f309b2675fa8ebf27006ef60143d819c9a38b2

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emfK.RYK

MD5 bc198edb937bc7b715bbf8a8cee53075
SHA1 00ff8d8d2247b091090ea2ade5c4721eea40cc07
SHA256 56a02ae44c0cd6b3d7ceb55c2d1a8e9619e63e4458659582bc0429a6e4672798
SHA512 b3268ee8192434bde95bda497f56cd4f903aaf2696d72a47b5945ab09b51a26a8fdac7f51c1e5491f3ef99441a6d8b41b1e7f8534a90e4ab9778b7cac5bd41e3

C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20230901_013011_945.txtt.RYK.RYK

MD5 4165dfa0ade9959c644a05f93484f502
SHA1 93b634da1e985d5b999dd2865a9be61d5ff63a43
SHA256 68170d6bbeac15337a4a0c95611f7ebf9107ade14fda7965d65c2cfd79ecd04c
SHA512 a30016cb223fdde1668b4c0bbb8a20dcd736a55f97dfeb75c9219510aead8f391d8bad7ab54e34a62d49a60ec07304abb58d73fc5db00628acee8f15e35b2157

memory/1220-333-0x000000013F2C0000-0x000000013F59A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ASPNETSetup_00000.log

MD5 58e233f93e754396f22e6d31eaa63489
SHA1 d76530da781692b203ba1c7a51102baa0799216d
SHA256 b3077b45a83cad0b73db6468512b523c1ad648dbca01d6e8ac66f16ec4b77043
SHA512 9c801b2e5a792f4ea53375d89ce88be0b253109d61ccbd06c2708462a9bcf5c54e4f38cb701e55cdbf41f296bf55838c81141baa3e238fbbbb9c4e9a73dd059f

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK.RYK

MD5 c6ba4430d61f94b6ce43245dd1d95673
SHA1 10e1a89fd7ff12e192e408d2b442b85020c86219
SHA256 d17175048c3484d6dc5ffd59611cfc0da10bcc16ff5722e24934db9579d04a50
SHA512 fb46914935c37cb1ebd49816dc2cba04e29fda51b4ae02c50fb1104391107f34b30503017afe2a7cf536ddabb08e1fdc5228559bd23e6409bee94fd2bbf6ef79

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htmn.bmp.RYK.RYK

MD5 1ce4a71734d9f6d809f6cc30748ed2ae
SHA1 f4e214edf64c574ab0284541afe899e7c0ae7ac6
SHA256 20f391bb3c5ceae0d1e52047de90269022c3f4a9d4d0ca7b0d9520266adc7a79
SHA512 2e04a1ada879609fb1baa57da49af3aff5f42530de25b982e61e9a73c03c266d41888c2e0a789cc8c60df922d20cb3ddb82a64995d0d795b56e3af236ec206e3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xmllog.RYK.RYK

MD5 3d75893ef12647c59cfbfff2933e8a2e
SHA1 3218d82f72ab58efeb3676de9027f96f88c81680
SHA256 459a5bd0667dc4037c667b7ccdad92e291488d1bda43aa670ee107060d5d3f0c
SHA512 fdb14a80336ba604a5d500d0bdca36372a77b66868d34ccc49e2a1a99641ce50c980b240b80242e0427cbf33d19482f079c5ca679288cad21cd13d7a0dafb3cc

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt.RYK

MD5 58e4585361eb8d9736669466e3ac2e7f
SHA1 1a2c822eb92a4145438a1615fe75d6b5174d69e3
SHA256 57dbdbc629eab441d3fd88f76592db623ee2ac0cf42d975e0a6ac912a6802df9
SHA512 d56dce0b8a7daa83bdf326e7fa3fcece7548df96afec313b9fc27de547f971f67e426a812ff5022ece52f81ad46344cd2989304ca13385b038d281efefdc8efd

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-msm.RYK.RYK

MD5 00e1c8d501d42a9270c5ae3e12f9ba53
SHA1 ec25725f923e1f76d028ce6256ea651ce21ee703
SHA256 fb74208a3967c6fcac8132c9da76019db2cc0ca1f7883c5a8245242786c0fa93
SHA512 db4c546e94e13e0eb3a8c31b814fb239b0ba7a2d631d8e3639f11a21499b17bea5ed185af4bcbddd3ea93c80971473a2fdb3d87a6b52406c37341bec06e7640e

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-mst.RYK.RYK

MD5 792687dc8ff53da59571c891488a69b8
SHA1 fa01b4d1445e0b56acfb4a2c90cf8830964aabdb
SHA256 921499578fd96c708154c9b2b15dce8e50e69b838557154d0a831a5fef5fe9db
SHA512 462d03343089ce69da59f8e457fd9fc657b56286e0ee9a9935a10dffab398b480403ad1641aa143af2b8b9164363d7b8ca600fe03a0a177bd85d00b68968fca6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.bak.RYK

MD5 9d12530f971ebf8025fcb7e1395d7544
SHA1 a43b15944020d060ef7dc91dfcc5d45d7b200a65
SHA256 d24c4e2e9f9de1956884d71a5b392d366f89ea9c23937da8f0afb07a23c16e67
SHA512 17fa2edae4e88ac73fd2164805bac717ccc28cf91574ed8d1392822532cfcd3f9c76e640b011ec4a30bbc86a3e9627440345be1a7923dff1aa5414951ca35656

C:\Users\Admin\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK

MD5 16a347dead98a1937831c76ad2a0de6f
SHA1 2e7773d43ae6aa9a3485a2defb0cd9a7f0fe2467
SHA256 e217a894a16892b0bb304a160a6849cf17c1b04170e9f0b35810271b0373b76e
SHA512 77181b65b428320e3cf7893d7ed20b1c85ec63d11677427875e3624e9148949c1315cdcf790748207ffc3de631f03e620f6aebfd223c4e316869ee614c479c58

C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb.RYK

MD5 175c625984fc10392a24dada614dc0a0
SHA1 0f7420d3cec5c50506a1332fac74698bd7d8e8ea
SHA256 432658848703e1a1d81c5a371dd185734b3369a75773f74bbaa44e4ac8a8dce0
SHA512 e9ec9f3f03bef1fdddf1741671bb160e2af9fcbfec3e972fda64c7a9fd1372a4f96f377e6cf2aac19ee5dc06dae6966253437e802094cc5d574682e29729f287

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs.RYK

MD5 8ca7350e9f5eb3d21b21c9ef1b535bc8
SHA1 1672df471f6972429b43b9aa60f6b308d8308793
SHA256 d9f7655dbe07b7bf308f276b6d72ae968968d366da6885ece42d5a75175fff8c
SHA512 d541a47f0346c4fc5f340bbd9a672c41467d177dfe18e5ae02ca38c2d0a5252bfff6e131ef0e70127b784f277b96a7bbe12de565706f0cbd6f25086c3b5285e1

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb00001.log.RYK

MD5 67d011a73525ebd37b45ca950a3a9e1d
SHA1 104d9373ba49470c0eb95334e44321dbe70c09e9
SHA256 8665159327b19c34c6bdeebfafdf6bda6dc5432b8ab02572068b786ac9bf74e7
SHA512 fc3433c8385401861b872cd437137c1da00bfe3115a9e99750852ae64606d7e9ddd44b693fdf96cadc18a62d4e6f39d8bbcd4404f756ae86d0d950394b1bb7ec

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.chk.RYK

MD5 c0a2a0b6d464c144cd0af8a9d782c257
SHA1 45c552e88411e8ceb3151a918efb255469a54112
SHA256 13114ea6d7f675269e76266645b7e45e894a727d30b79fcc0a3fb730aca9a4ba
SHA512 1a323c0a0894d77d0fab349e62fd1f629794a0356949acd122d59de8fb0df1db215508b22b9e31d8a7542a7c2ff3a64f2b4b614c381697e474d514b01cf5c142

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\oeold.xml.RYK

MD5 229681d8ebedee13a6d60a495f5334e8
SHA1 38541850f5af7c06b13ff9c5acc23be0fe1a74ff
SHA256 c645502412deca788e414d52adf5ef3ffe90f2264bbf4aaf63ce6815dd48b861
SHA512 8289f432529628d1dafe71a8fd0c35868da8aeaa28190ac1eeda3f68ac9de6c9c63e11148a33e0a8b1e89d51738be9672b08aef07050537286b885a802c73069

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs.RYK

MD5 d885f059a0d78733794b3abb06c54e75
SHA1 8fcff264edebc183f5dd2f264f36d2dc4d7f654f
SHA256 be0d4868a70f8909c6fbd9d1117dcbc35b912dcbb5860016b070f14b32a825be
SHA512 db2939334864297ce4e293f578fd4795298cf7c224163aa5d553a8bf09ba80414b604ef7e9997b4906ff726ae52b998bc49dacc9734a3dd209179b05a2b448bd

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log.RYK

MD5 ce3cc89238891cf8149b323f7721deea
SHA1 422f320d12796a424815a24067a04f26885ec93e
SHA256 1692545b9dd2ad3050dedf4a4d12850473b9f2652e04ce10fe445af9b563e3fe
SHA512 4510d31fcac80128a4be916763f57bcc31f2b4023f6787fcd2e317706b311735865aec6050ce42a477bb5860236b5252a203b498d57737b62771fb35abd8f92a

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore

MD5 a15ce191348084b451a74f3dc43594b6
SHA1 bf886b1ce5aee02307fbd848757358fcc17910bd
SHA256 7870ab489d32e3c3dce8f9e5d274200b1eb9ca7e033d8e75dc7eb662b4ef8746
SHA512 6956d8007ac99a8550c9edf3723ed65749ce75045cbf7dbbedca57a66d7c1684826fc2be81826e501a7046a888d5361614c2f9f69baaf3279f8397f48a621e53

C:\Users\Admin\AppData\Local\Temp\lpksetup-20230901-015225-0.log.RYK

MD5 3841a4cdc9ed0834ee356299709ba77d
SHA1 8089ea2c92d7ee7b7af09c16a255dd091f4d40dc
SHA256 ea31ef4712c0a72c5ec0cffd8e5da441b7ee66ac1830671161d93d13a154a73d
SHA512 6b7cfbe7df83839fe7eef58c37a7e9a01b5880bcaa855fe94fdf084d0260968f112b69423998a021b825b146e450e86af5481cfce5000b22fd691e3c5f56e7ba

C:\Users\Admin\AppData\Local\Temp\RGI2D48.tmp.RYK

MD5 329fa38ea602ccab4c47fa00db0d6c8e
SHA1 c9fdc3ef6b7c8949e391a93cf3e95e51168f06d1
SHA256 d27bc897d59a4eee68737dcc227e43c4927f4aefee1494edbb8891a998f396f0
SHA512 9eb6e9c8f2891f68ee115cb20b0561bdf5dae63e6fa3f9aa1063e6bf4a8383f94faa593af72ddd9090d982c143ee7777e9fbaf75f018d717b48c6291bc192d63

C:\Users\Admin\AppData\Local\Temp\lpksetup-20230901-015534-0.log.RYK

MD5 cc6e3ff279c02aed32899de474e43c7a
SHA1 a430d25c64f1be8b847b2ed5fc6319e061c41dcd
SHA256 fafdf0566f981e93d96750f1d42f032db964e0c3b936b4dfe4f3df8d55ef30f7
SHA512 94e6107f0d5d619aa9892879f3b3fa93a6deed0271ba3cfc63bee71b698e974a95828084a15f3e14a654f9a32cb34283a28ddd5b97abda6d9deb943791be8e70

C:\Users\Admin\AppData\Local\Temp\lpksetup-20230901-014911-0.log.RYK

MD5 d4248f4f45674239ba2e90ec4d7cf2ea
SHA1 d174fbeebd565527b922a4b571922237876fbd60
SHA256 e4f1a5823e110adb9cdb7f323103b66b70feb0557bdacfd9148569b4ddb93bef
SHA512 a731df544732acd02e8c77fff6abe2175aa59d3100e2a121ef2b397986cf19d0535fd6f7d00ea6ccf04987d7f3f5cd66afe0f65c55974cffe709a0c7f36f13b5

C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI1FD7.txt.RYK

MD5 b30e8d7f93913c16cf26bc52f7553efd
SHA1 3d7350540a81c203ea843bb964c33a85effb80a2
SHA256 c0d20f76a5848b3859fdfa35f129875fe0b6743c1ba5ec7fcd3197c2ec732cc9
SHA512 3cc76b187b1fc75db545a01201875d920a03de0b0ccd34c84c20f4db50b9c7c401bea659bad1c037d81a095422ea619008afc90961b9f5c7734faf544aaa62c3

C:\Users\Admin\AppData\Local\Temp\SetupExe(20230901013733528).log.RYK

MD5 d5b026091a3ae40807ed621b2a5b457e
SHA1 d4745e200d93093a20d12b8c46b976e056645ceb
SHA256 6998aacc02707ff8d2c0ce23b172d39b114aae8836ced88d892c87f71a1728af
SHA512 d70265a751de0ff9e6e401287f046941a432e0f73686150ceb2b5b70aa662195695760a556e1464e1ca08be2f854add879ca8c3b33e7744bc8d2d3ecb1d22187

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat.RYK

MD5 778d594d641a4fba07b74f5f2ac42259
SHA1 34afc61cca4ba6802d3a3258639309f0edcaf10d
SHA256 5c6e97e6904b851185370998e38ecdc3f9fd6a7c9d2fe978f049958376f86af6
SHA512 59c3cbcf19434cbfe7bf5b9302f0d7b0e4b6338b79f2bba09028cbcb09eb7be527b4d3c2f47673682a8d09a2f73184b25b0adf9cfa57c6db3f99574ee2cd21db

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms.RYK

MD5 98ae07705797a537d48facdf062c0e0e
SHA1 3b1f2428eeeab7fb5f74e28a63144be89c3cfc3a
SHA256 ae432b5415bd439ef4b359c3ef0ad70ac3c1a706df0bc89ef78f9d2c19adf140
SHA512 a2e43ccc952797e32ba8e34fe229b6c55805736747ea8707dfd7168cdf4c4138b41ea1fb426baa70cd043a752c0a99e5532185132841320da4d4de7220dd22f3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat.RYK

MD5 dba62faa51f18441217aa2df21fdb3c9
SHA1 4294e919751be4d45f415568ebc989763b478daa
SHA256 6294a9820dc99892c26c4a62db98e87a2232a11f61df433be1413d05f99b3389
SHA512 394e79ddcdee1a6eb18c086bc789d25b21cf22856fe291e00db354e021648eacc45b3738f4c39f6f2082c8b738cb04c17fadeb5503eb8da27ef0b8e9b28a2d18

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N1ZD8WV6\favicon[1].ico

MD5 fd11aa6efac8d272859c4a3486ad4924
SHA1 066f75a6a19730eed8323e6fb5ac798b69c54a4b
SHA256 172fe493372c6002008fd9797379905152f3f1f6b6159851b6f8e37f14e3127b
SHA512 d21c575c1a51b612bc8cf60d53a1e0333178d2b11a5134d66c2381479251fda93898a7bc9203cd7374fb8bab7ce7be5e1365b16109bd277bb1cb446fd20f82e7

C:\Users\Admin\AppData\Local\Temp\lpksetup-20230901-015904-0.log.RYK

MD5 bb2ee28d395cd984aa5a2ff9d472f483
SHA1 b32340961a5dacd1c9892a58e9e5143f088e40ad
SHA256 790a79675644e0d3b162138e3edcfe053d76f402239c7985d1dbb95ae3b6d204
SHA512 c7c13f262f4ac69aa6e653cfdd41809fc2dbb2a5617b43ef096790a993a729c4b886e94bcb289dc34c2869c77dc72565e867e041c608874014474919b56588d4

C:\Users\Admin\AppData\Local\Temp\lpksetup-20230901-014547-0.log.RYK

MD5 1855d356deffb86104a020e9509c2e39
SHA1 0889a01c8905c9a05eeb10901cbc402623aabdcd
SHA256 64de85936d51a26f69128e46afa4b20b06d2500a8ef7c76de16a2ff9dfbbf014
SHA512 174623a42050f2cab7bb014f0b8d197f2b17301c1e702cbe8d2a2cb316f59d60050f2582135b1326f0d23b96063c072076f70165990b01474225669809990638

C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI1F75.txt.RYK

MD5 b9535e58052f4f601657eb907df1d6f6
SHA1 ef22e84c67a6bb0b054056934b2b7785ede38bb3
SHA256 1af3a6f524b996b13e07869253b20abdfdf0326f0efaff650fc594fc62452a38
SHA512 897f253db572f07a3dddf3c405de6ac401b753b059eeb6202224c93972a13d5be944b224c9ec9933f7fd82241b71a9df976bf71ed8b3289bf32352132d360194

C:\Users\Admin\AppData\Local\Temp\79231cff-fc6e-42e4-87c8-5b9a0b5e956f.tmp.RYK

MD5 0faa056705039b06413feb00c0e52d72
SHA1 1aaddeedfd056f79126ad487b29a8bf67b448d28
SHA256 a51b63a8f12a3f96bba97f18e99371873d841fecbabdde075e03ead4d8e17fc3
SHA512 163aacc34ca053a4810f0f3d6aad418fe20445f82b894782aec494d10d0a8fb0e84b9ba0c84bb156190c7c759fe0ced27441cdb1ba5a489848b946203c496728

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore.RYK

MD5 35b193800fb1d812cd2fe5cd2644ddd4
SHA1 3e1a2fd06e8d2ee2af6ffe82ce84cf300398e68e
SHA256 3f39e7f32457153ae0ab9ba76215d3e4c457a9dd57b1ab43614549cd0716a87c
SHA512 ed44a96992971533d9670671061b1f8ae821807dabd3cf5216672edcb77702a654574f37e309a49ebc7ffd213a797804686b2f83f2735304d0d213797403c3f4

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.RYK

MD5 09a4627d1fef812d0834655943ed494e
SHA1 aaed10aa036bae3dcc353fb77e824b8dc544bd50
SHA256 81c0dbdeed50766505159cca393c26083209ef36e6f4069c666063805640e89d
SHA512 50f95e597c45b92b2727b84d14918e6d83fa20255dd57f27d9245216fdaac64a85e75100519d3444ac5f01b6dbca5571f8ad72c744bf2aeac096a551dfe2dbc7

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.RYK

MD5 f8dabfe09e57ce47094b059a3d09f3c1
SHA1 9641f33c8045dd9cd1833ae17b10c2bd684fbb0c
SHA256 4fc99c026a7b355be6914819b5fb69bca91f98226e89d836063242886b297bb0
SHA512 f68fa3eccc1bff7ceba624b38c3ab7dbff134639d7c14387b0b6d5476875f815093ebe4fa9a359ee254ecb60e7029934c3c499650c78c148e79bdf9264c3398e

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.RYK

MD5 197557a9b2a19318d5500e80d3245473
SHA1 bcae109c3f650417e5951c46363d89442b5c1350
SHA256 a1e18322ab5d56be601e30a9443db86ab71951a7c5a5fd895a3d07bdcf818378
SHA512 4a99978e56622ae3863d53712a0bc79b68842f47598b51f1595a6df4313824d237f3cd249adcd875dc788c35b42528233a7742b45dd7eb2ea2e7ccab3d26780d

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf.RYK

MD5 610cd903788a8ac5d28949bdcb6c5194
SHA1 565c4feda83aef32e450fb29ed00d5719883063c
SHA256 79ede847a5218d679f8ca04ff14cf32b60f18cbfceda80d27356ce45d1e0275c
SHA512 da394bf3e2fa014e60e1f4195f8ab497dd1ab7cf97e6f96bff232a7611bebba13a7c904d64ca204f79f9ee9f8e0da0b83b3bfa3b0a597d3402828726c0fe9bc6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.RYK

MD5 fe2cff5bfc465d0a965f81399cbe325c
SHA1 45748fc9de200740214e3a17aebdc7a057a1d2ec
SHA256 a41f00b5b5284050b0acf38df7bd63f79d16c78b7ac07f8badedf551f15e5ec8
SHA512 c6f5e797b13b98dc5a4fdf97464aa0016e04a7e63b3a12f6b62c89708ceb4af8a19012801151e950adc2ef3bb4b569c1a912b2af95afa2f1fc2f606271f718da

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.RYK

MD5 f8cdec87d7ed365cca6b797f31e385c4
SHA1 fd0b4d749b20146c55133e61e5a42db6b1e4b11d
SHA256 d1da69d08cc80b3a9eadd145f112e83fdf1791e3e46cac9d3295dd61a4ecd20c
SHA512 36e3a9e9c24d3cfe7b74304d9cb9a1a81f553260ec2f9fbf2d76df582cfa8c8ddc5d102bc6b387e22fde793775df26babea555ea242e7129dad62a3d00954f6b

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.RYK

MD5 2b00942b9069cd11f61efba616152f54
SHA1 0679da035f51e8821201834925798912d382d2f9
SHA256 fe3c2b9116166fa6b19d6027fc6bb6a2c80115ffc8f5528a77867631761da60d
SHA512 1e9a2ce124322c7eeeae40ae7ab0818cdf0ec0d059e5d2f6056f7c92271e952a3272509108fa508f5ec717997b1e2388db0d7850d4590ae2bae85f256ba1ecdc

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.RYK

MD5 1eecc97a789daf97373beddbd5fa9819
SHA1 ffdfbbb1c3d67df481948c9e1e8eb99f82685df3
SHA256 c5410e53a0500f4a5ba1c23fbe35af784a515549448ebfaf0cad0590532b8737
SHA512 03766e30141c80aec1eb46eacc598f35b58b45339da5e4272921e2c86b273de514f750ad3c362f96eb8b5b291b67195270e866857e8be9e5f48846718aa5b947

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK

MD5 18c27bf5071e3cf973c6201da6b02bd3
SHA1 adb8cba08d7af22057e219d2e30d3c9ad6a25fae
SHA256 39252bcf000b1a6d8cc3b0ed480d749a7945068e43724bd3b0a7b7259733e3e2
SHA512 2d5e25e79dd4e9a8fc647496adca4c10db06e04618d286ea80043d767804bf9959661b0714543b6bc67955317697a33f1eee5b56a53f84fb9b0c72401a0543e6

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg.RYK

MD5 619ee5d90f034844b8b5eeb35aeb3976
SHA1 0d742bc5c7dec359bd59c2186234dd150f5c1359
SHA256 07507e371a89628c7689929f07cc86a0a2865a49905fbc02aae1ad65b2b6f1b2
SHA512 da2a8bb9202da8d4273665bcc6ae8497f0e0eb60df172fbbe0546ed325cb4f45ab68bd0c78e7d94dbd9aebebe98f854091c036a35c3a8ad536a784e0117176d7

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.RYK

MD5 9a8f7c828bbff2dbbe3fd847748f2620
SHA1 9d85ced0045892af05675f0e0d568b785344135e
SHA256 b93cebf621fbe90d6ea6606e18bfa4d670532cd696c92f28c45ae8427d881258
SHA512 22191741bdf383ce599109333b4d42aa2347e446a6b38f7f1c8b40efd4f5d9bcab2de0855d737eb66b191ce885af5cc1a86a1054fd648af29f7b93e4233c35f3

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.RYK

MD5 914c5de037cadfe5fac05d13e826c398
SHA1 7b513cad94166d647d3f81607377472280b21c5f
SHA256 5f27d167fa79a60608662123d81433fac7b87cc7a1a3762b9bbbbd4047449d6e
SHA512 2434660065d029a438fcf9791b10a901a2a3934298bfc321565c9ebeb70ac6e8c99fb6d7917ac297b4aa2603a3ccd52127857c390eca20d2818727ac3ee32f1e

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.RYK

MD5 15fe0663e6231c283b6dbf53842bc090
SHA1 c1fcb28f38162c31333ed4f19ad2fcb77868db36
SHA256 52867b0aadef4304b2e10b460c6ea227ba92eacc54682ecb76dd6b09c1d6eef9
SHA512 dfc74ff0791432dea96e9afb0e594df9992588c814615687641eea5022747eab26f54f66c399d2da6d200641dad67bff7745fe7f37b7f3c1c49e9ea1a2def422

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.RYK

MD5 3c885f8c5d42eaac813e3ef2dbff3bb4
SHA1 b6684022d91e5a3dff020252cf52bc50cbe5c3a7
SHA256 535615baaa8809070b9e6cb3a764515c4e5bfd3745b2e4e17a9372fdf31935aa
SHA512 64c57da01d00ea57fc1bcd19fdb6e706dae29eb124d1fdc52b42f1e349a4539daffad761a52e39908fef55e1e50436e05fa188f4cbb0fb015bb783c92a10e6f3

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif.RYK

MD5 54fabca2d1cb5102e63954aa0bcd342f
SHA1 dadbf42ba16ce36c95e632cf7daa68691970adab
SHA256 a0fb8386e52e2f3c2de5ae4cd7662e956cb27cd784e599189f5e167c0697ae9a
SHA512 eba161d172620addca40e346df033b61d71065c10c531ed940e0b593dbbfe30a4b22315314210ae76fe5f787267e2db33171a7115b2daab404425f9198786f07

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg.RYK

MD5 952cbe2d9299bab3a0aee8ebce93fe2f
SHA1 0b48bd7be922978a771a6467ddf825840ec7060e
SHA256 2cf792e07e3a77281e977b5902ad51551d1068db5b65e2130ba6585c3ec309d1
SHA512 a7d070a5807e5bf592c3645686de7f02719eb8f659e5891cc60878694086b49397a1538cc1e46eefec309678caad1f4b9ee27c77ce9adee296d9b961e0347746

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm.RYK

MD5 34ddf479dca29a01783cb8322384fd3d
SHA1 a49800c272318db70ebdc237474e0693f2b0e848
SHA256 8d4017ec01b827042f1d8533c5c52a78ec4450b24f3fe87a96704e3daa4982fd
SHA512 14892a4d64b9fa8844458bb81e03e721026836ec0b09f4ad58ed7e2c549c76027a49b7b0323de7eb502fa35438b484489c8bf5697688624e45a47ba9d075dd0a

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg.RYK

MD5 066181616451689913b5dad0e953a5e4
SHA1 2cf8adcfffcf584115fc7bad1fdb8f0cb9b3dc22
SHA256 bdb74df6a23066551aa70cca24d36d332e82b38da6d43f86d9ea596e21fb1411
SHA512 73364828989d6d168d0f68a5432a34c57157832429f7a39156ec2e0e01a1046e01e0161a368401d1b9826194974e07e57a86dfbe78d76d0f12c45eae89813866

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg.RYK

MD5 2f5fff17c0683c877d8b0c54ef955391
SHA1 3c1b6a0cbb4a3e6e3df5933e604624b1c8c32bb1
SHA256 c7be7622af17b10adbabe7e6389c4392716e70ba1b08f96035c5fe845d2dfc27
SHA512 d3ae85c22b52bc4916630551528a631b0b804e8865b3360d75603b280cd43d5da96433cb382ccebfe7821d60a68d96ba53323b2d32a7c2bb97dad515c8ce8f0c

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg.RYK

MD5 1856fac09fb39275d001ccd28ef0071a
SHA1 e78e1a5675728656a40d4e1742dfb1f6721b712f
SHA256 c9331b23bf6706cb2bad1a88a60245adf31a931e43c01ea4fe49156c3148c524
SHA512 cb89034c9b5d2e173dc9093bcfead434860e11607235090816ed8225434aa496021892fcd96f15149293ec60080a2c64fc6e7a744bd57435f025e2be33d1be88

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg.RYK

MD5 6a8ac564d3b4f665df33d2cd59f883c8
SHA1 d0b321a12db7dca9fa9b8850ea34f997ee97bc83
SHA256 bff9bc8d1c1d308215969d9bd7170c6d479abe21194908b40815e8810675c819
SHA512 e2792e63d2393c13e92da2e9f7509a39017dd1a00e78f3b70cc2f7844d8661b9678f2aa1c9461287c145475a97c075a17e3679dc8f0e2ffbcd89c884346d6b47

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg.RYK

MD5 55fd86192fcdbcd478047550869bc106
SHA1 1444470a61c8db492415ddf7725af8413c96fa6d
SHA256 ee29cc92adde874a1499ebd2103ac9ae0aced61ba50faa75c53e6dc99b65d94d
SHA512 f3af5a7e5cbc55dcb4cffb08359c5b4adce72a1fa521a16b5fcd3cdc52a61136445fcac0f328abe40dcdbdd5caa9ed6437df5eeb633ad86531cd470b7c2389c9

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf.RYK

MD5 b2a427c259fb3e1e7b50e8edb794f840
SHA1 c34187e763fbc1c9b0a314f11ffe31e311b95764
SHA256 b7561524ac85c49fb67e8763f63f6e8264754fc20bf16da3cc10500945bd2eb4
SHA512 c890442db840ef0ea4fed546f9d9b58774d8f67534985e514021b8b983d3c5074bb872012b3ddfd3161c8c92ca9597118da1b2069a97a4f091ed4fda965404dd

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm.RYK

MD5 b7fc249dfb21c43e86589e3110752f7f
SHA1 f69dd4355ad604c3f2eb115c7336620ada5cef86
SHA256 13d6aca45d2fcb6aecd7e7ba422a0058f3e064a7b336343b0158940c5c2594a1
SHA512 44f79e93c955c7080f3a33dcc00e74abc7a45b812b705a71ddcc34a1b3c62333ddb98bcc5f32300153434cfc548e535a55dabb423f442579789aa1c37950b54e

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf.RYK

MD5 e87ffd7825ff622682fc43f95b54a667
SHA1 884d6c654d6f5a384286674f298799ad6d9c1a0a
SHA256 d565173cb24fffed10d2054c63b22629a43e60f02a87212a5540ba5fb121686b
SHA512 9fd22275b3f7f0f6b7622e62724e0c7a6a32ffc69ed8d38ac7977c5121cad54c42c257dffaefd65d7abb352ab3da408aaf9f84d5f918eaa8c7ba2307c75deb9d

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm.RYK

MD5 914e5ca37a6c7df5b0653175d3f6ecf3
SHA1 1b22301cbe21292c247f8039ce1a040a0528f0b1
SHA256 17655d086fa9994c8e3380cae54b415138880dd1e01dccd7b5a8faf2e9cb23a7
SHA512 c12d52edfd881ebc801b0a89d0daf744af69a98adec851d72a1d6a0d2e882cc845ec2fdf1b01bc1dae8d1738bfe2b70931ceb6afb12f202f530b94efbc92491b

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf.RYK

MD5 20d63960938709c3169a0df551188bb9
SHA1 81898e400abc9e5a312adad6bb24d73e1ff1ec2a
SHA256 7d2121e22d47074a34e5adb3b530df33f50715e5d565964c918cdda06f56ea07
SHA512 c4319eff9c957c2547e23bf0f55e1e278f9aa5d90b914787cdf514d97fc72d12dbf0cdd7d21296fd13458144b224d807f4c531e0703ae11a2789f397c336b308

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg.RYK

MD5 fd3da20f371a3440e1ed2d4a28c52f81
SHA1 7d15d69bcc9408acc5c03b084869602d2b58213c
SHA256 0701eddd5ae4d1ac26c11daac54582f8dbdc98ed83dfa53ea1cdce26af9962df
SHA512 cb2ce827275e2039e18512d9e0c4a9bc6aba9b78717f0650778927cd5387aed95b769d1ddb43a91daf464878e8841c4866da258c8ada8b8f519699c0bd9a6e8f

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf.RYK

MD5 e415a640b5adc0ab22af8f44669c4a8b
SHA1 9f92013a2e984fbc063bc0f637ec7da84cf8c43c
SHA256 0582c24a9f739da32ad6ec732dff53062527ea2a1c1b4595af305ba58c378bd6
SHA512 d1e800d39892ad8ff9ef69ca459ead890d834c3a48403e757f1a915afb0b2339e373f93141057c112efa28af274fd40e97c72e108b93f14e044bdf9eaa2f88d3

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.RYK

MD5 3751d9a45a513481eb49439dc8ef4fe3
SHA1 86eb5352cb1b1a37b53b04edc450387f791fb9b7
SHA256 1d772ec650be8dc3abb371d2f96809a7889dd82b297965fa5c4e5cdcf115e4eb
SHA512 2082041bffa608e45756a39ed9d4bc82c95e4ea4a0b5235eb7f5b53cc2cd0b1a9b28e4559cc217c9925b98c8028e2b7692a1659f7dc92e0f7cafa8241ee1b9eb

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat.RYK

MD5 13a29b9a37b4724a1aef5141cc6c5dfa
SHA1 57d84b086475a6cac3efb5d5718b90447a554be7
SHA256 7707e76bd9dfe28d853ebd30d0bf12fa4c7b327bbbe0426868839b7b7e1750a3
SHA512 603b830f2bbfc7e5b5f00387f48ebf0f688450a35d4b7db5fb9eabc5488520a4ed9295fec3227029d6cc5b05225afc331753c44ce469f25fbacd87a42dab151a

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.RYK

MD5 5de9f6a9e80c8c28736d1854e8229bfb
SHA1 9dae2ee4292ffde8858611861f14022d1f78f325
SHA256 79c41e792c1efc571293341a84df4112f3b4dd97979d69d1f4dc5cb068e9883a
SHA512 7a778e3d632dc111b7c64a7c82c6ff72eef67f349e897ca1f4b68ce6565f77f8d0e9b854914b39ae1c814cacfca7e674898681ba9100ed64d92c7879fc6b711c

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_372.wmdb.RYK

MD5 e2fb99334e0e6c529caea131ded0f4f9
SHA1 3232e6b4ac63e6e1549f9ed0b593551599af6b9d
SHA256 6790b30976804b44d8d690a74a973009c09bc9b864f716b8f14bd87b2f0c3880
SHA512 957c1141d1fa1a39e69303f539b4ac8de27cb3e49401ba54e8ea6a16ad55ee91f1361e829138fb30a9991f63a228096fd61ad0a510ceb276255b37a38fad8624

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D8BCD083-486D-11EE-8DC3-56C242017446}.dat

MD5 b5b13f331f96d1732075e1c908e15960
SHA1 0d7110674c77993c026aced2cda0a5207b5e97b3
SHA256 2d0bb12386c514601c42a19fbd31b5dbab12e309f42ebfc42e1be085905c2c88
SHA512 ace664b2cfd9c31fff1c30121b24b2f739403ffd1eff2143e5a8c4550e8b1a01d83a1998f6e09439420a0adca800717e6a8d9992f5c4429dcda7d38bf3794f40

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml.RYK

MD5 a9f9d280f34c81464d4a132046ae7ba6
SHA1 67cadbf12ecd32873de119f0172cb0e11ea5b8cc
SHA256 d24577eb4c29c6694529becafc0021fe533f6d696fe860cd7965718f84f4b166
SHA512 21bab4c192f2611d382ddc67e15acdfc183bf18fc3290a361dc2a9216f8e890c522f16b84ac9541e5d14d1d635d566851002127a34e520a7107ac85e0c8a06c7

C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms.jpg.RYK.RYK

MD5 74b1874f38dbe1d8bb372c21ea51834d
SHA1 8449cff57775450bf97c016e534b65d43047822f
SHA256 08109fcf324dbff1696c3fb2d68045cb08919b0504ca3dd19bbfdf30198f26ef
SHA512 f9917897182baaf02adb0b60d5242a23973577c39065382597e7f9cb4a77a145ffa3709fa135047c7d2525f2fd469d986c7b299289f1d395fe10e0bba7215e98

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-msx.dat.RYK.RYK

MD5 71c142c1d37639589697a1cea89874a3
SHA1 7c2a279366848719696728786c7d349470c42963
SHA256 618627d3eba2cc101ea5d9b5983fe50bb8aeb53112586a014df33e4ed658686b
SHA512 6c99977471ab2a7b9f4924e92309e914167481fac2f6cb84ae3145d29c17378930c67e064b5495bbedd2494f90c707828ed7558e71091faa92178261c5dd4657

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290\msapplication.xml.RYK

MD5 2614bcff0eb857ea02c7386d7b22ab51
SHA1 05037d069521d46713b1cd54bd5fb9b88a2feeb0
SHA256 a430263bbf411542ef241d0361c9661ca169cfe68808e5f1d0081e02dd0198ad
SHA512 4653c08c5b6080d02458ae50fb59f2c6c06d3972b650c44624ac2f08348b6a40764c4915dc09eb88313b7c782c1dc0b3ada917e3ef1a4d4975eb3e45bedd2c7b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\12_All_Video.wpl.RYK

MD5 eda286c8492f409b5987996f31bec696
SHA1 dd3c4a829cedcd423458307a98a0c1b234a47dda
SHA256 5bb09607e35a3e2d920ed4f1360118def322d87d7c8c3db7f91c79252b28ff4a
SHA512 335d0e13bd71ba867d38ae2622d5ce4fb9f6dcd13724785bb4eaa623ae8b926ba49f472cb97e2e9473890066c8973f7c94e7399bfaf0e75dc387a6d754038553

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\10_All_Music.wpl.RYK

MD5 9aaad4450db6d3f18dfcb89708488afe
SHA1 14f29a0c2484e0dd1a62e7c983f306fb705628d7
SHA256 67ed2d302df9155d22bf0945992c56334ea7b9399ab136a9573a0bd995663bc8
SHA512 685fb3bf295cfa323e22c5329a21e53bc6151409696c4c8d5f963696ad8b69e78c498b579ccd48edbb88110b37f8b2136476bfc823eb7199ef8d5c028f19c1d7

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK

MD5 539cb647165dbf2c0b4b4f9c74000090
SHA1 b2bb6f562609dda6cc7e98c87b0bcf74ae77ba1a
SHA256 4ae0b2fbbeee12fc60fa149687603e5e6727d4cb90c28983eb1421356fae34fa
SHA512 10899eaabc6c5bf976effe4fae8d653fabde91c44bdfc7ce36f4ba26662bea4fc0b01acdc7541a779f95481fa76323cf18e3f2157b7b41d465ed7531c991c414

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat.RYK

MD5 96f96c2ba9bb3903b7946ed2cde094f5
SHA1 debf6a6dc8d9e00e623df39aae3e3c264e7b37fe
SHA256 798ce50f2e543e17bc598be360706d623f8b7c828e2f169c173910beb3c20a69
SHA512 f2e323a129c9c6a4517d5be1ecb77da3695b1954fb6838ddbf006ce8bbb1a0cc551ed908e6931f39eb4192fb19daf772612a1c093470a4639d952b1b5c1f912d

C:\Users\Admin\AppData\Local\Temp\933e3de7-4ce3-45cc-9ff2-da2d6ddee935.tmp.RYK

MD5 f7fea4aa87771eb4238aa8c8ed971078
SHA1 e5752330e906493852890c53902764ad98fc2084
SHA256 472b236902e94c14e09fc5fdd028c143af7a59a16d5c0b778dbe716c9c5f8662
SHA512 2f14c65492eec1bb67d456aba59ec9b213d19a946dda7fa16047c4e8fcc1441af3e4e0d1a4d1948572366dcf4c7954f63cf18994a8437ff48665686b4a8ce59f

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.RYK

MD5 f97484a28ee53fed68738dc3f07a6d0d
SHA1 7a6567f2b6adc44dfeded7b934d5b07a4fc677a6
SHA256 84cec2c859e68f539c95e448e5f2875e02001ac84dcaff84ca95510b46b1a4b1
SHA512 ba08cb81bb37cac9a91ac41be900c10a3d5e0a4f273fce34f8ba1173ba5a39fc9b5ecee2164af283914f5928f79e2064f8168f68de75337ac719e96c02bc2e1b

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.RYK

MD5 c22db85363ede8dc137f942ea9d7034f
SHA1 3d9787cb7d96ad7987f1baeeb6fd78f5e2efc1ea
SHA256 1ff0bac7c5ac53de6990ba6b0c61786540deb106374aedab65c9ebe14cb6ec91
SHA512 3c0b42ba89704d5d856d8e0dba32f00282cb1a651ed60c42abcf706aceb064b1d756aa52a59040e5719f5571567ffacb8f249b97869702a077abf562016b85fa

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.RYK

MD5 140d8945d4eab00a037170db2752ac5c
SHA1 0ec685df81ea37af8162f6ce9d36ee50f42aa608
SHA256 0faecde69a026f962f1c7aaad7578ff7ebcab2beea317cbd2d4fdeb8391a0079
SHA512 b3ab1df0a5a96baf2caf8951350ed27b8414c233a3746ce03cfd59d944948db08c7e197c33874aa90170618e3fb4e0d856b14e585559c839b1eefc62d2c76af2

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.RYK

MD5 368e4d12b0e0c385eb9d9fd7ca443861
SHA1 586300254519f136106e0f1ab809bcc21844d075
SHA256 9fd46ef4035b0ad2ab1e39a85f7c3cbd761e7ce4933fd6f8d8da2c98fecb8fff
SHA512 2724c2cd3aa6e6b103b1b7ae6a204c59fbae4613b390b4f5bcaa468f4b5cb7b5f57c5b92c2d93471236f9a7fa811c4e8963c263c5f8e03908c96b6a13bbc1cf8

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.RYK

MD5 ec32e5dc7d61ba977f7d22214465ad17
SHA1 e9b3af8ccbe7b7844329473ec225cfa6b330c1a9
SHA256 6877dfe4106049514f20debdab93ebe4928f4c56a87638405fdfb6d08f37f0bb
SHA512 bbdf787596e259a8f75a3a97823af5f71b64cfe5c9c85d5549b5ebe14961df7fdd31198e83a50d1f2ededca45ab370418784ef2f01c2317f7bc7f7261f9a162b

C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20230901_012943179.html.RYK

MD5 22972205bba6c740637f3cdb1eda1b3f
SHA1 0d085b3b253ef99010dd93f423d4feecc94ef15f
SHA256 ea19e5b6cc855698e642754278b4732a2e0184e2587f7a6a93a81029cdfde69d
SHA512 5e89aa7e28498fe28c10ed3404b14b50a0f81bf7b4d762d287316d2b2503d9eafe3be809b91a6ee97b0a0d5b7acb9a276799a32fce4591c3f27115d8732e481f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D8BCD084-486D-11EE-8DC3-56C242017446}.datll_Music.wpl.RYK.RYK

MD5 ebe10cc647ac66228a3ea4a110c09586
SHA1 a859893d77262231d00513a524fe9af2d8247225
SHA256 9dcf02870eddeb1e43d44e9531c6ae4192db499146bfc0341a107884ab8f44f1
SHA512 5211d387c8653833c2853f33854178b6d58a2133461cb13c96c55b8a2a1e1c0e265f6af5e1744900898ff7a54a2c1c196ca4406c8e852bb73c37185c00d96794

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms.RYK

MD5 d578223adb90f7c7587dc40cb96775a5
SHA1 a743f96061ed316751d7a8cc997185f87d9f0774
SHA256 9e1f4b49be266b00b78ca3823d2b882b38b180bcd3ffc5918972f12cfdb33474
SHA512 37924b1345bb660d0cc8d1bd082874b9ab862d316c4e50da9a2fe6eba54b547756870fffdf35cba79c7b2eb4358e2b3f4d1b58cfa63fa758f6ee9742c12a9c66

C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt.RYK

MD5 a9936fe954ae768e17b056859c6c6446
SHA1 b285963efe589403ad1ee02df0b9c8160f1b6c21
SHA256 6df9555a5fb898507fd6f379b67e3825014ac752acc42cb144fb05c8ff522489
SHA512 44b79c922f69af28ffa1241fea157e079794dfbcad5b170857d3e7732de611466623519159865317a9b9591f7fe085b819db95e1107e3a1fae411a26779e0aba

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\11_All_Pictures.wpl.RYK

MD5 c58bd9228c32b5fa99095fc34f0555f7
SHA1 6069aefbb54723a48433030fc5ad254930ff557d
SHA256 8d2d53fe5e0e63a5737adac6b336a0ce3eb810d180979ab6f1ee21fd7e27a677
SHA512 1d9a9da1bced0a1cfee8eb6be3b21a2257cab3d4cba881519cb0e2ee94b515d92aef9554f4f3727662b9dacc1170420303265bdfc8ebaeaa60221780bc6a2d98

C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-msemf.RYK.RYK

MD5 8f9defe3a225df9281cc291d48951b97
SHA1 3cbd23d6003f15df9b562420ae3911abfe3dcd5f
SHA256 7122a5ac50ec6e6095e29f3fdff235f0e823c822f24a37242b8b5f5c968ce8fb
SHA512 a3557fa6e496937b2dc098db782ee383db3ef6315c2d0c3f83863c46d71c66e4a36f7dae3a317beb13fc8b7dd56d731305f77dd8b57d8bc60831ef9debba1143

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\08_Video_rated_at_4_or_5_stars.wpl.RYK

MD5 1641de47842d2ed5e38190df51f84e46
SHA1 274132f659ed65917b5e3c4ae9fb0c37fdc8a544
SHA256 bb4aff5c46da54d63365d955fbee1286640cff1b95d72893ed8eed07e6760ca2
SHA512 ce5ef02948e41c331f58146404d80b044e15ad64666a7fb494a55106797cd19ae71aa5b6effb6769db1d5b3adf041332919d8b9ef316fe144614028b1cb3bf10

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\account{A0C4FEDC-1D79-4DB1-AF15-B1B38ABA0529}.oeaccount.RYK

MD5 2b189bffb6b96381cd1dc4080bd1fa3c
SHA1 e523d9fde5f7723cf0ccf41889b411ef179629ce
SHA256 f13d3add3c8018915721c5fd2c859f70329e81b35995b039b28762f22b7fb8ba
SHA512 9872134a4c45639b0e60dae6748265d9c5580f59ba09655785c381caf6bfbfdb66cab56e4420d1ae1a20bdf0c1a58bcb684670b51c6281f7ce6bd657f3d0c7a0

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\account{335D35EF-6326-4566-9533-4B1C895AD143}.oeaccount.RYK

MD5 ffae17d35ab049702a4d97dee3dd049a
SHA1 d69862de2a047e9132452eb0a3f344cdf4513db2
SHA256 90dab3949d6adf703ae4b2fd5f7aa56622ea60a44b20f8d89a30cc2fb80f031d
SHA512 8c91dad8d70b058b9f78dbe5eb92bf3d3514f34c498a2484bc7cc3808b6a412ee3d3dea4a5edbb6c54a28c0927b960e3f37a036d57ae2ca777452d026aa740df

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{07765EA0-4869-11EE-BEE3-62B3D3F2749B}.dat

MD5 fb83a14d7fd80ea5b0856b03c9275a82
SHA1 f6b8d6db3c522caac24a097556c0d465ca362f9a
SHA256 ad36e1a96407ebea8079452921de66387ff0be7e51e935f064c7b1f1db7bdd4e
SHA512 2ca8809fe2746a803f95c4fe0b4d088b0e49d9b50114486052e09a554e50b6fb79bada3a35a3e2b711b726c36ddb324b54b9bee05c43b9d4e0dbd4a6b2e086c7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D8BCD081-486D-11EE-8DC3-56C242017446}.dat.RYK

MD5 f0f1139e62a62c904faf443917a4d568
SHA1 2e5cca2ce48ccba722535bcef95ff02ffb0814d8
SHA256 35a27ae27753c912c44f55d170f4753a19f96c5bdc14e8a5ed642a93b84422a1
SHA512 a709e99933f32e29c026f236dec2fcb7e291e59f4c050b5407b9cf8b6bb4b85cdabecfbd4ff7b686ba9c252008f6d194a8577ed5ad1595c1ec7f09efaef47d63

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\06_Pictures_rated_4_or_5_stars.wpl.RYK

MD5 16c6e8f63c8b299fa390c333a476b83a
SHA1 b13c7d0afdc3d1940c9ef7a4003b4385a113bfa7
SHA256 f81c14fb9bbedc864e1a4df20247bb26a5bbdc8424559075a2e1fd28d9e5507e
SHA512 b0f4c5d45083f4976cf3dbc6a548937da52f24abc593f277f433b84d18f976c1d7d286253fbed69d5bec09fdd6d476e26ee36be2b3ece6512b71395e4b00d9db

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\04_Music_played_in_the_last_month.wpl.RYK

MD5 56bdf97802ab28f37072bc318423316e
SHA1 7aa6a57ae9c67cb78d47a5845fb5202eefc323e5
SHA256 41d98234ee87522b7b95dfa2b68e41efd043a15633386a2a5fcbabfbfd9bd866
SHA512 6dad99b48bbb2884b5383c9b399a2e2ea495bee79640b2e80442cd6ba8143172127de01555ed541ec20a48dd5491417a41120f8cc08b3fa7624ee801fad0cbf7

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\02_Music_added_in_the_last_month.wplock.jpg.RYK.RYK

MD5 86edc068116b37dea555f81f12cf4179
SHA1 50c3b8e357927f019a239011fe03bf0baa17ce32
SHA256 d8d48fb6a0399a0d1f08d693045b581a88ca70c64537859c78f5ecefacaca3f0
SHA512 0694aa00d5c5e15fa0ff1148ccbdc7b5304563b863fdd2285392f8b3a3abcbd3f1ccc92a6ee17f6e2465b38938a28badbcb75d043ca9faff33570f41640f5605

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\account{72ABF4C8-5198-4CB8-973A-28AB123CE9B9}.oeaccount.RYK

MD5 9cadf438f1e8a7ace65f0b5513ec7555
SHA1 12a643055aba82425542ba3b20e54d567cad51be
SHA256 8fd7a4e8ac7b3aee659b24b6eb2228085a1f1b87c25942a39cefba13a08e92a4
SHA512 20352ec75386c85546b64a194fce4c958254d5df35d8a9fc290e005fa89399a04536ba2ffe9a983f8b5761320ba7e8eac2e21e50ca8bbd2f3b1f49ae0c4299ac

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\05_Pictures_taken_in_the_last_month.wpl

MD5 eb7b9fad89e145a2adbb13a0bd6df992
SHA1 d352485649851cefd72cf96429983c962bb6e614
SHA256 a9fae11bb5a459d3b463ba248d2a5a7ff56d0cd893fcbfd72a8efe43cc8a3cfb
SHA512 a660b8587031dec55e9e927c7d20711d65da0547828f1c903bdf5c614a3770d3a541c91afa26aebea53a8897ecb4e3294e8ea3d67c4c3b39d7b7ffb6494490c4

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Admin.bmp.RYK

MD5 062344e5635eef955fe972bcf401960b
SHA1 1f3ca4d4ca0736fa9bd7c69d5b64fc613a0a4ab5
SHA256 5d17125687f31c8f0a3ac9d3f32db08acb0cb797c6df79cd93aeefae7b5afd64
SHA512 733c05953bfd4a7ac3272d0ea7111008bc1d13dbef531e8299b90f35b81b964fdcd163832046d2104a46e64983e48d55471316de3f89bd083e4d019add95afea

C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20230901_012943179-MSI_netfx_Full_x64.msi.txt

MD5 7b8c5971679b656952982a8f30ee2870
SHA1 afd8a46c4e025b56a797dd5203a39384ebd5b321
SHA256 4e1d31f4487fedc5d018d56d6b3be8d8a94bf5fad1bfa4080e0da590fa956bab
SHA512 3a58d4486eb51cc792cfd37f7a6de601bf377ccb3cadebc21080de54a2de5b5b1f60f7dc4fb834db2d1310405df4ceef43068fcf786109ce3b6bd92d106299e7

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\07_TV_recorded_in_the_last_week.wpl.RYK

MD5 388da8f9ae441770a9d5d6cce1efd5ee
SHA1 2a185acf7ee7f13d053fc08032623ecbc64eee72
SHA256 134cc486ff04ebf1a1f3ef8fee4155bd6df21ec5902c34e15e436e1555913d7b
SHA512 a36c697cf5d6f5a7821ba014dfa192bc093a0c9b6848f1caedbd36eb48112ae2aa69b2bd91b3db16142f4e80c5f95192e4066f6458af6240b36ae89a9ebc9fb3

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\09_Music_played_the_most.wpl.RYK

MD5 eb493cd3a575e4cc32e25509ab28376d
SHA1 bf04ae6f85e0723eccee617f6bf48912473a4a62
SHA256 0b4d6a8dbd5d640badae5e2a6064e52d842f7755baf7f669dffcf954486ea1ed
SHA512 83561cac86cd824a26f009c9fbf6483f44875c50a117a87528cdc9fbcef8944dcbf580ebe81a268711fb1f79fffcf6bd98f0fc747394eca564da730668797041

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\01_Music_auto_rated_at_5_stars.wpl.RYK

MD5 51fc7adf57b3badeda8e74514bed2afe
SHA1 a5057f6211216028ef2f9565bcd8b6a617b64ad4
SHA256 fe41c0c680d851a4b7ca29f1229cc7b5dc59a47f3ffe2b2dd469396e9cd21a90
SHA512 22699b67a290e0452a2b65337b548314987810d0b761b3b0109646b1fe5ef143321cc3c762b3d9e63ffa4773b2396c745dbde74e0997a0b59e3c0c24271875ce

C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008526\03_Music_rated_at_4_or_5_stars.wpl

MD5 1309dd5e509dc3f15945a7695f173d2a
SHA1 50d9dde0d130a814bf1be501c4b91707fce4ef0d
SHA256 6a521671eb2ad6517a8cc42fdbb9cd30d22d0e1d00fd57ab2816aace6e425290
SHA512 075d272ced4f3582a63e0f9622992bc8fc0a0c23f79fcff386c1f369e128eb467c48587bc13a53305782e3be7c919cf147014aa54b123d7f054b8f4a46c43d10

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JavaDeployReg.log.RYK

MD5 8f88428b6307b8ec60cc1fb2121415cd
SHA1 df4c53662d28ecff5b71ac05e07504acae03ff11
SHA256 eaee9ecd2533d6f78259ca49c19e6c4c5eecb61ebf7ba7a31a46d562516e9f97
SHA512 79ec6c5b7006c4fcc0e0657682378cc3dc9ffc8340e4d825d14012111fad8cc896b0a7fccb6e99409cebf6d20226eb9f93163ace307863b374db0ba16c95c3f9

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\java_install.log.RYK

MD5 81ed8eef640c006c170a8ee80b734a58
SHA1 1c804485f403fc909d42dc9d5c8cb2ff2bdbfc99
SHA256 46b97a54e83d5d73cd0f5919127c9d120d9916bfdd7e2a3673ea3190491a3133
SHA512 55361a5a2876f4dd56be2efe3d5a0853f9bb29db9ad93a4dc286077b580e3283701bc7c14cb233bac82b37ac4b5178382ec6cbe02d694d56cdc19c1e38e4f4cf

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\jusched.log.RYK

MD5 0aa335160218d058cff8ff52a7e61c16
SHA1 23f52c933368780738987bdde423ad0ef51d5f22
SHA256 dc6a84b06e08869aa25ba583e54d6b3b453bb7439deb68de35fe5c8779306408
SHA512 c1f8fb9874514376fc5924cf07368a1d805eb8277b68f62c565e0471cca626c198cea5f0f42a59ebc9f66b7e3e5ea5039ea75b0361d15910d2ca10fd5c70df0d

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Low\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGI2D48.tmp-tmp.RYK

MD5 91473887ad9222384a1a998af78b9fcc
SHA1 a4db95e570b13790ff8d504e0b3d0fd75ec2a313
SHA256 01231887e25b29d970b5170e9cf67ab7ccb2c34a3840dd44c99750c35da25e1b
SHA512 646e20342380810f73ead6f666aca7d6c1b7b66bd03b28b163e90774fabea726b7a6eca9720e71dc1816678cc00eae24e81726f97481ab7b316db78f0189b2a8

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGI2D48.tmp.RYK

MD5 329fa38ea602ccab4c47fa00db0d6c8e
SHA1 c9fdc3ef6b7c8949e391a93cf3e95e51168f06d1
SHA256 d27bc897d59a4eee68737dcc227e43c4927f4aefee1494edbb8891a998f396f0
SHA512 9eb6e9c8f2891f68ee115cb20b0561bdf5dae63e6fa3f9aa1063e6bf4a8383f94faa593af72ddd9090d982c143ee7777e9fbaf75f018d717b48c6291bc192d63

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log.RYK

MD5 cdac578e0580dd88b3b8c7ddc7d590e0
SHA1 1d837214c8b09aa555e2298ce034706650653a65
SHA256 6b36caf51c3274c46ddda5736b72cd5091cd99ded4ce7c6fb4770599ed664843
SHA512 4bad359473830e3e89b6ca6a3aabd478ceefebe8a6e2aeb3101454f1143ba77c074507c912db0b1cf2c294dc9ad696bdee2ea32c5ffacee7226134720394a29b

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK

MD5 16a347dead98a1937831c76ad2a0de6f
SHA1 2e7773d43ae6aa9a3485a2defb0cd9a7f0fe2467
SHA256 e217a894a16892b0bb304a160a6849cf17c1b04170e9f0b35810271b0373b76e
SHA512 77181b65b428320e3cf7893d7ed20b1c85ec63d11677427875e3624e9148949c1315cdcf790748207ffc3de631f03e620f6aebfd223c4e316869ee614c479c58

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK

MD5 9d12530f971ebf8025fcb7e1395d7544
SHA1 a43b15944020d060ef7dc91dfcc5d45d7b200a65
SHA256 d24c4e2e9f9de1956884d71a5b392d366f89ea9c23937da8f0afb07a23c16e67
SHA512 17fa2edae4e88ac73fd2164805bac717ccc28cf91574ed8d1392822532cfcd3f9c76e640b011ec4a30bbc86a3e9627440345be1a7923dff1aa5414951ca35656

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK

MD5 58e4585361eb8d9736669466e3ac2e7f
SHA1 1a2c822eb92a4145438a1615fe75d6b5174d69e3
SHA256 57dbdbc629eab441d3fd88f76592db623ee2ac0cf42d975e0a6ac912a6802df9
SHA512 d56dce0b8a7daa83bdf326e7fa3fcece7548df96afec313b9fc27de547f971f67e426a812ff5022ece52f81ad46344cd2989304ca13385b038d281efefdc8efd

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK

MD5 175c625984fc10392a24dada614dc0a0
SHA1 0f7420d3cec5c50506a1332fac74698bd7d8e8ea
SHA256 432658848703e1a1d81c5a371dd185734b3369a75773f74bbaa44e4ac8a8dce0
SHA512 e9ec9f3f03bef1fdddf1741671bb160e2af9fcbfec3e972fda64c7a9fd1372a4f96f377e6cf2aac19ee5dc06dae6966253437e802094cc5d574682e29729f287

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\WebCache\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Ringtones\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Explorer\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Caches\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\Burn\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Burn\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\PlayReady\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\Groove\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Office\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\RyukReadMe.html

MD5 c6f80ae28bad8b8fcc6bb729d9e0d8ed
SHA1 60bb5e6334a1316f0fe709d5da2dcda01b427698
SHA256 27e0adeab3920ca26cf68d73ed017e174860fd92a16fc9f150a06c4a1d76e473
SHA512 cfa7cc27dba4e052109052b0e9f0bdb2a91cf2c86ecd73911b018eeab0f2f02d9bed3d747199858d6b88d57b45b8329defce0eb28474fb0057f3e47f2402ede6

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.chk.RYK

MD5 c0a2a0b6d464c144cd0af8a9d782c257
SHA1 45c552e88411e8ceb3151a918efb255469a54112
SHA256 13114ea6d7f675269e76266645b7e45e894a727d30b79fcc0a3fb730aca9a4ba
SHA512 1a323c0a0894d77d0fab349e62fd1f629794a0356949acd122d59de8fb0df1db215508b22b9e31d8a7542a7c2ff3a64f2b4b614c381697e474d514b01cf5c142

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK

MD5 ce3cc89238891cf8149b323f7721deea
SHA1 422f320d12796a424815a24067a04f26885ec93e
SHA256 1692545b9dd2ad3050dedf4a4d12850473b9f2652e04ce10fe445af9b563e3fe
SHA512 4510d31fcac80128a4be916763f57bcc31f2b4023f6787fcd2e317706b311735865aec6050ce42a477bb5860236b5252a203b498d57737b62771fb35abd8f92a

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK

MD5 67d011a73525ebd37b45ca950a3a9e1d
SHA1 104d9373ba49470c0eb95334e44321dbe70c09e9
SHA256 8665159327b19c34c6bdeebfafdf6bda6dc5432b8ab02572068b786ac9bf74e7
SHA512 fc3433c8385401861b872cd437137c1da00bfe3115a9e99750852ae64606d7e9ddd44b693fdf96cadc18a62d4e6f39d8bbcd4404f756ae86d0d950394b1bb7ec

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK

MD5 d885f059a0d78733794b3abb06c54e75
SHA1 8fcff264edebc183f5dd2f264f36d2dc4d7f654f
SHA256 be0d4868a70f8909c6fbd9d1117dcbc35b912dcbb5860016b070f14b32a825be
SHA512 db2939334864297ce4e293f578fd4795298cf7c224163aa5d553a8bf09ba80414b604ef7e9997b4906ff726ae52b998bc49dacc9734a3dd209179b05a2b448bd

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK

MD5 8ca7350e9f5eb3d21b21c9ef1b535bc8
SHA1 1672df471f6972429b43b9aa60f6b308d8308793
SHA256 d9f7655dbe07b7bf308f276b6d72ae968968d366da6885ece42d5a75175fff8c
SHA512 d541a47f0346c4fc5f340bbd9a672c41467d177dfe18e5ae02ca38c2d0a5252bfff6e131ef0e70127b784f277b96a7bbe12de565706f0cbd6f25086c3b5285e1

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK

MD5 229681d8ebedee13a6d60a495f5334e8
SHA1 38541850f5af7c06b13ff9c5acc23be0fe1a74ff
SHA256 c645502412deca788e414d52adf5ef3ffe90f2264bbf4aaf63ce6815dd48b861
SHA512 8289f432529628d1dafe71a8fd0c35868da8aeaa28190ac1eeda3f68ac9de6c9c63e11148a33e0a8b1e89d51738be9672b08aef07050537286b885a802c73069

C:\Users\Admin\Pictures\DisablePublish.bmp.RYK

MD5 9a531a34233f8afbfe7978815bbc793a
SHA1 7736fcdac91b864b1b6bef0ecc0ec5a70cf318a5
SHA256 1bc32418b60fc2e61fdba8e31281d06c42e6e17407a1b3fc3b006e23657c9aff
SHA512 34d0d460d104f44aa809e359d463eb6c7d214880d7f091f01c5c8c7872bb1ca2201331dc9fd765b5ed7ea2e41317dcc7dcdc9cefad2a4dfe0f8dbb0babed924b

C:\Users\Admin\Pictures\RemoveSubmit.crw.RYK

MD5 176a11e35f5e52147679958a6c6483e7
SHA1 660ca846696c15a8625cc163dbdf5c5b21dec0e7
SHA256 fab4a295c1bdab0c000e185e86b38ac3a2d382fdb0e101fa724037520092faf7
SHA512 5ae20811c3e341fc30c2aad5f55766f423593d7697d8c4dc466edd3f02f426d929800d77f4896e597fe6bb43fd615563ca583e79b8e404fe851660685334b2ad

C:\Users\Admin\Pictures\ResetMove.crw.RYK

MD5 d5c69bf7f68a3b891d3a456fea1ae7da
SHA1 1a0dde2a256d96c53e62b2c11a987f3a5947c49b
SHA256 14581d89420c4e69760c647e0d0d7afb5e7ab82de535115194934f6b572a28bd
SHA512 d32c5e435de378f9359668eb3c6e86b60bf16943689b4f17b9c238cab0f05a96a0a0e3546b4ca22100726f4eb3fe64f194824463a7c69b73fc617528a42f2cd3

C:\Users\Admin\Pictures\SuspendExpand.pcx.RYK

MD5 464c84350e5332661c8136f807ae6584
SHA1 aeab8cae5ea7b48d9ffe334b99b51ed568a62500
SHA256 a527dbf3a60c2b5354c4c0ecb003b80739756111e55b5f3e07673ad514ee5720
SHA512 df7c21abb69b0f74204ecc54d119dcf16f3d923284866a724fd65b8abe68f04be0272c8d24847c80dc3c1212afeffa63eb44ab9082b80af5ed99dfa963c32ffe

C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata.RYK

MD5 98fa3ef4729054f7039f50f8918875e4
SHA1 dc180f85ded164e350685cfe2bb23e07b6fc6bb5
SHA256 1762eb8061b33b03c06116e2dbfae9fea263a60fa74e9ff49f3e00cf9e186856
SHA512 d620866c03b7656cfd33c1e4f1bdbc2a79215af0aae065e5edd8b4824be470f2230f71098510e59aefcc112768ae7ec225149246c9d4ba09a307fba86a4ca271

C:\Users\Admin\Pictures\WaitUnlock.tif.RYK

MD5 2c99b4ff08fa78be51bcba7b7ba0222f
SHA1 6b11f097ec27f01be2fc05e44c126670aaad8c32
SHA256 ae529df0ab99ebbb5b0bc17f3269b98ad8935d41f63e86e02d5f441a5b13d649
SHA512 477d2579aa60d7e3eddf7b219f7db82606154281368308762326651e81b2fece3462d3f09135bc3640994853940a6cb6b77e031011491a39298fd9e055edddfb

C:\Users\Admin\Pictures\DebugComplete.crw.RYK

MD5 6e9cb6d9c5ff572a4cb776edbd5709cd
SHA1 86a9116bed29e9565858e2ec9f10dcd3f119776e
SHA256 3a052e0193444789ee588fbc530ef321db61b19bf356b5affc31ec85e911daac
SHA512 09f8cfb8e5ffe515dfafbca4ca404e475b52ef8b0a8bea1f2db1bd66e681ef5649a4fb5cfe41b05a91441b3a17de2d711480fcb7c605910b66fc625721ecbc57

C:\Users\Admin\Pictures\FormatUnregister.pcx.RYK

MD5 5cd9e4cc3fac47356030673d05340c21
SHA1 009183782af13a8224854ed89ae01c85126f6e22
SHA256 1e47239d71f8e1de9315c9426a4cc755e489baf2f6994c0fd1897a877a976cbe
SHA512 b8a751bf4843b6fca17eb947e4a69897db5bb9377321ea5c3a80357197cccb3dca54a6e38fb117b4710ca59286a63309c66a3f1a26dff83700ea0124ee9d0ff3

C:\Users\Admin\Pictures\My Wallpaper.jpg.RYK

MD5 729b676a9e3b497da8eaedb06c4ef706
SHA1 9d131f230c1ac4892e0191f58089f5b53dbf977f
SHA256 ddb9ccfe558177fc2f3a63b7469a672d8c2210ef4f1ac682bd770197c8837df3
SHA512 1d7205ec23ae9200b96f69114f2a808500722871d2924a27aa42022f446e90e5d13f06f3167e79fb24ee212f39a32ff1b7cd73edd17aa0fab9804fb7d63f9236

C:\Users\Admin\Pictures\ResetDebug.svgz.RYK

MD5 a41c1ffd3b4bb306e4d7e53ed3dfb111
SHA1 61c8f19b81efdbbb79373ed1d50d20762a34b0bc
SHA256 d17e29a7300a8f6a47f4e1b9ebffdf8fa90064cf75926e954587f1b1010c88af
SHA512 6d8f4b01f22aae6547eb844d800c564c448a0fa6210165548c196c12b693a4789fdbfd3e673a800a8a7843ce3351113b8a75cfafd5808b99bbdb0273349f8fda

C:\Users\Admin\Pictures\SplitCopy.raw.RYK

MD5 9bcf11ffb4808a851bc4356ae3ad09ac
SHA1 ff373aa8212723461182104eede831941510ae29
SHA256 7fee9a23e346a66513844c715ea4d453b46d831bd7221c82ba3d4c453e131ad2
SHA512 937b10da2067bc3d16257eb1b79684504f24ab7c403997b907f302a694e6fd988cab670ad02e4dc4d92983cb920531fbe84788e63adc44d9e31badcbc39bf063

C:\Users\Admin\Pictures\SwitchDebug.eps.RYK

MD5 b09a13cb7179ab217b4ac7f3686b98f8
SHA1 16e4a3d4271b6268b26fd7bb84eb6d4903195a0c
SHA256 265d409d1165687f83147de58094a88e0ed78bb9a1d5ff9b89485f5eff2a8c59
SHA512 08a7261f43c6c3426d7d5b5d9523f23834285d0dd2b7e14fea9aa1e67e03aef1fa01ea0cd849cd86b57b72a2b90214749ff7f82cf5b1eb5fa32e4fd525c7c613

C:\Users\Admin\Pictures\WriteInvoke.ico.RYK

MD5 ddcdeedf8900cc7ea45e531577628c3e
SHA1 a7c27268de53719f98a8219ac2614b3b6d8f8bfe
SHA256 f0c3f9b7937768ca28f605e7f61d247c97b8e611aa351846dbca3a14434eea92
SHA512 aa6ef40156a901b54436aa7e2cf98a23ae4b07b77c7341e2a244677c25aa34248ac898ac9ea5e5834582e9952e0d2057aa2ca4d5b7ac02221434ae42e8d54c48

C:\Users\Admin\Pictures\GrantCheckpoint.cr2.RYK

MD5 759256511ecabf13847bce18f1a5adb9
SHA1 79c6e5861dd430fe0490ff05f3b2e84063e01f2d
SHA256 b1d4d10ec4cacc8f47ee3fb5f7df1c142df95ef8a753d32fc635dc9f753ec7e8
SHA512 8819e3eb084a27afee6f7d1a2aecdd15297d947682770891502f7d8218fb6abf42a53c9de320348157972e1c1e800dd4817ba5a1c64bf1cca24ff68cd79831ab

C:\Users\Admin\Music\FormatUnblock.M2V.RYK

MD5 202cdf2f136adfb464d12d8f6970592e
SHA1 7ae890bababfde8ff9fe83d5f8387130f197e840
SHA256 5d8e8a5a21f71999a2a9c6fedba24c19e35b1a76416339b23a3de9ba9bd2796b
SHA512 b024728c616eb836babba433a4af6376a321bd44a2d9ab0152c5c5287683b86d60ad162189327d5182becf6678fd6666f2e205158614646c6cc741eac9753ce0

C:\Users\Admin\Music\MountDisconnect.shtml.RYK

MD5 55b31d066468cba0fe8c77ed37a9ff14
SHA1 be88736009a1f304df2404a77227aa6f7b219e1d
SHA256 f58a0a015737bc182a67a200a3d477244b6fa86e274f616e6c2336bd9fca6f45
SHA512 eaecaf2d3090f7cc51898e6d3acfce0a4acbc4fdbb761c2a00dc2ad927f6e9102568f14fc3edca2eab308c1c5d41790a4c47c848ebeccc944bae74d97332668c

C:\Users\Admin\Music\SendImport.xhtml.RYK

MD5 aec78ebce12606d2d0eed3f0fb1c8815
SHA1 b6ca2e1d9410c3537f977b89b13784289ad330e2
SHA256 9ba150d5dc9db21ce1c97a197c363caa729354fe9cd4ada89228aca466dd95f5
SHA512 0991561d160e26711111d261df6ebef83dfbe5ff139e79ed236f01ec9f876e247f852e8b4b47f852c08f401251fe3a24658043d8d79c045288c712c27c4d8ebd

C:\Users\Admin\Music\UnblockRestart.avi.RYK

MD5 ae0c94aacb135bb18d16e04a528eb626
SHA1 50774c0da8091c844d44e0bac368f613bf7bc830
SHA256 4489a5208efabe2daa7082d98c94a8a7851823878e6d68100473df39d72a6363
SHA512 4d511d5905f25570edde22e86fc6cae2c60d90e3e8a07158aefc548b9d296f8112b3d586c10151a45107730816f3b17e333bc38a4e0156706da7d6b723a7dfeb

C:\Users\Admin\Music\WaitReceive.aiff.RYK

MD5 ee9d7a6bea45102461a2964d91304c11
SHA1 bbe2358785ec83c70c5156b2c20e89bc345872ba
SHA256 bc5ae1a87bc470f3b57cd113523ad84c93e7eafafc1f25662ed19a8270cfde2d
SHA512 21c0f3bd2bde150907b3ddf572a467919a3b4bde201bd994b50041609fea406462ff5d83aa7751223d17a52ec83892f5b144fb00593728328edc7cb71e460722

C:\Users\Admin\Music\AddClose.tiff.RYK

MD5 c7970c7ad658c2a4c8e8ca0f6a748feb
SHA1 7469179253c0569fc1d4788ecb4e7381212b7566
SHA256 71c5cf94b5a097e20f1f8adb0fca1f602532272c475bcb87bce7db0595289066
SHA512 ad789dea747aec55dc2371fc7afbf75686e9667af05ccc70f6807e838e11c5a43baba33e877f19033f16f04cff2dbca2a11e97ed7fdbb9449d686ef5d5397cc9

C:\Users\Admin\Music\InstallNew.lock.RYK

MD5 7414ad3ce84d4265e661b7b7271b7a35
SHA1 249040bb5f25b2cc219def38ee816bac771efaaa
SHA256 d5059948e1f68e126a348074801177029803e0a7cffc27c09fbfb57169129f6e
SHA512 aa481464d4a894b9657f11ac0a3a4bea62d5addc5d7cb590a3b7b06c9d0043f9c722dd83775f1a138a8d1f6ef670c569b62f8fd91b538bda0ab250f0ca25af47

C:\Users\Admin\Music\ReadSelect.snd.RYK

MD5 b3c54965585198082fa4516e722af321
SHA1 4d4776b7f61363cf7db2adc5009a1fa3c3037638
SHA256 22d9133d38b9cdc7365d68c6b28cf72500a1141a7f2d744a41040e89734cc4f7
SHA512 e18313b36d01891fbf01879d9504a1b6082627129b77e0498317e0ae549303626df4a79b6d0a7b104bfe57edc6382fd61109db6560313b673ae773a91a24bcff

C:\Users\Admin\Music\StepSend.wma.RYK

MD5 c2360926044d9c792e4100d19c238324
SHA1 aaaa3ee9742a74345ebba7b28446cb89ff0deba9
SHA256 ac40787b862c423bc984d3d5625f2ba5516fcf99d865c54598ccc5812b9a15da
SHA512 832826007b1b544dde3ce29b43cbded2da1b2d6ea66231a2e1b334833fb204c115d7a9e147e252329ea2cf9e32d388951d180c1dadb78d4bbbb0a83cb7ac3e8b

C:\Users\Admin\Music\WaitDeny.cmd.RYK

MD5 15720689d3c127dbe1be132754a06ece
SHA1 4d9f613d0243ebf740d402a123244f8d50180dcd
SHA256 ab271f5a6bfb7f4a687be97d0352f068d9ecc111d02ebee565e2423b1110273c
SHA512 b5c844573ab8f683a587df15e023ae5b4559659702fde77382bdf4e934d3814bae24e5a6fac6201c34e74b5436161bfbf9dcbb076cfcf8b6113127f0b9a350d7

C:\Users\Admin\Music\WriteUnlock.tif.RYK

MD5 8ac9711e8894960a2ba1317624870590
SHA1 292a29e40d755bbdf41a5c9017b55a4a3ccf28ec
SHA256 3c9c07616f1d7eecc5696d85f2e18537a992b8d4ec683e5f97fa1264ca21c030
SHA512 18130f2719437375ba10157fc6cbe6fe59ae1ddb0804d5a7e3fc3f695e22514a1d235af6105a546b974f65ba13c8ee8d5990ce29f77d81169b115928c0be1247

C:\Users\Admin\Pictures\AssertLimit.dwg.RYK

MD5 28e0c101c912bab8d8298d244aa1df46
SHA1 9ac45f046a74eb37bdc504da9ac55233ccdda598
SHA256 6dae82cc382359e5cd5fb88e808005f5e62332f8abe630c179a954347c38b8cc
SHA512 e59e1bf0a2985eaaa608790ab292e4153d74403e22a1b7d125859dcb356acda0972be3a4c664c648eade39c8f78f022b6d9826a995ab50b93a51a1d93e32872a

C:\Users\Admin\Pictures\DisableConvertFrom.svg.RYK

MD5 3893bd23128bf5a22ecdb62ae44eb255
SHA1 5458b15a393c3996a2f55d67be88f2993ab43de1
SHA256 6bd0f5dcec2bdbbf8761ae578e5a2ff70de2e246917bf7a9beecb1e2da165768
SHA512 32ad72c51d025d3e50500185473341c171b59f55690c5a5455c2ff2472dfa5da16729c5dbfb3d0a1cf5fc7b1e485b8c6ebf9343da69522a815a11324f5f14c01

C:\Users\Admin\Pictures\DisconnectEdit.cr2.RYK

MD5 8a2a4d03a1ab6380cdb0fd8b73369e18
SHA1 d01fd18437b531c3459b63b0d845e578525dd1e9
SHA256 d9072e00db41cce15f242e2cef15c282f771623f27c581607244b584025825af
SHA512 7d5428cbf74a8f7fe645639152889f08e185cd77c3fc12264484ee839edb5c0b0be07e688eff2795ef93a0296e575250b4ba5b921c8e78db378b4221477d9894

C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico

MD5 fbb2eafe424ddce8f2f3372eebf47c79
SHA1 61097972ce28c0319f332147b6802c5a232a5a87
SHA256 7ccc1445f59e16964789cd356636a94455cf1744fce1b23c9a5499146b78ca9e
SHA512 bfb7b788e64b98f27e048d450611328a5d6ece79d32bf5725b4e9dd8a9bf9ab2f0ed4176ad408c77eab20906d56df4d749247fbb9141102d31efea902caca3a1

C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico

MD5 c0bfe66bc3794e2592f836aae20e2818
SHA1 27f46442e788631b6500290f94390f3e958012d8
SHA256 287606f6919e61f04cfa98aa9e7b27b7565c613251fbe5fb65ea2ebf6f5ce950
SHA512 2fd2e5da434587d58d879977b4bffb565bf7435b0d93c589ccd6fee0ef5f3f7fee1ec37af26a9ff7caac1b0b9e10fcd05e6a8c864716d6d0bd230459ed94a117

C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn

MD5 d1af96bf6ea6b3735d9fbd4513692806
SHA1 370ae77c8d2ec0d823f234c507526f64e3e9cf81
SHA256 a459c9325d8100bd160ae3cdf4a8f900cd08e4984537506092b9efd4f2579e1e
SHA512 38852db3578d7f49f36eb977f9696868ee92b507062100b825c46abda2a1bc51f403b134e554a8f52ef78b39eef5b34275c9e5092ade7c459c0dd97ad050cf38

C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn

MD5 76f6766e592117658e4697dba1ff0de3
SHA1 cdc14f2d8160ac217d7d1b848dc904adc8853aa9
SHA256 90a19b0434ab3b4337ee2a8d3a0d0a4e12a19a2503be605e94f9fccc86b1542f
SHA512 94c795542ae0396f10447843443be78881fbd51cbf307224ccb27f225c5519e571f85144219c262143b5279b6a0ec9201f8fa4b9e01ea3defb05462934c1f549

C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn

MD5 1e3cba1ac35fe71560fa916fad685f50
SHA1 119253efda346dc7708751a0abe6ea8b60baab58
SHA256 bc76c777d16937db0b7d43c334ec446c211f454c9c7c50094225413e91a743c6
SHA512 d0b15df4af68cf5c442ec8906a2a97c6ecacf31e6b5188ccf1421e26d26e3e37f9c087cac475f2d27d2959dff6c0c7827531ab3ca40d5fad40e3e3376525b62d

C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn

MD5 32d5b56f027b25acbbf649424741afeb
SHA1 55abb330abae03cd557f82386497ef448dd8e203
SHA256 ea69c5de21918a3c0f1071f4d77b196641670ed6205ef9a55a0cc5b47a906d95
SHA512 94309fbfd68485d50f426b0e9f3f0d105bc4ad020761f2fae7bd8f892bd7001f1f0737a449a5f3840a9e1da010e392aebfb809cbbc29943ddb5b6702eb64303c

C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn

MD5 ea6fa9a74142ea32ea3f582fa1cee737
SHA1 23f806d7aba6c72a4cbfeb213787130a80d1a744
SHA256 740e02a3bc318452388e8f5ad86b36ea48d858e5e8501d179af6b606349dc23b
SHA512 f44deb12c1c0c43d82a925e31cefa82f63ef8c47dc076da6025e80a4e44391eab178545161a9538f46504c87dbb2474b3062d6c5c070045e8b1844dcdaa6a3eb

C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn

MD5 18e691d072bf6b29dd00d5ae167796b5
SHA1 64831fa5b58a48ffc31791baf3679883abeab2e3
SHA256 10747076a64dc49bba15f95b9c3b940265352bcde6a9abb312144b640a6b2177
SHA512 cb1bc79c561ac1feb3d4448fc2542d46a9bceb2a7b489b09371a1e8c7dd14eb52bf30209ca871c85eb21817aaa9998c691d1c13deb201fe5eca843d7aa698201

C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxHRYK.RYK

MD5 4158b42bcd40b774a77db51d4d3fa9d1
SHA1 593434705ef9f6b46f7759e02597e27a47ef6515
SHA256 56c7e88aeabadc18df7c9badd26f743a758d310f6206d2f3d6c7421842a6b991
SHA512 3e8d035413ff20333afae0ad76c9d19cf13bb13beb5b0cb499c837170648092ebc215c8710595fa92ed5a0af80b3402b5aa79bd6b83a9a78a74e03abcadee955

C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn.dat.RYK.RYK

MD5 d7f37c35fcf527c93cf2e0108872b413
SHA1 c64374f7378c2fbc607917e49044cc056939ffe8
SHA256 aca302395ddcf1251a77c7c0cfad6709eb0bae96acbbabe6a69cb4712bea841c
SHA512 0398a3e663cb8d7c182a5ed23b43efbe7ff2f26b3f7cde859ca1ccc248452fd237e3f0e717d8f7395667791c6431e075a7c994efc22079df83e32895737c8198

C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxWmeScan.jpg.RYK.RYK

MD5 d0c65089f2333d62c6a4ad542e768724
SHA1 9e44fb824d753979c73da9741944379155198eb7
SHA256 3144ad58cf5e1b77ea8b412c191a584ab1a9934a1b105d9bfaa85cf54d98154a
SHA512 b8dbcb66d28e6b1849d190a4ecafdaef60b0906591cf8798e55e3b7b28cd89d8da178b306452b7520815d6f56793036ee4d60c071207d83bf3d68509edf65613

C:\ProgramData\Microsoft\MF\Active.GRL.RYK

MD5 7a55b9e4e93ee21524a9f11ce3807431
SHA1 85a735996234364c02a6bd15950a5e55c8ddaabb
SHA256 5959390e10816d26b13048146bfb16d4ccdc0a90202851c9225b1ccb6e1bdcde
SHA512 5acb8f12ddff30d666bfa52e909ab43a6a1dfa934774e063f0981646f6c8f68b6bb7474814fafdd87416f8d3910b10d9d7cf3da7bc1b8598bde043d12656c795

C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.RYK.RYK

MD5 d6303c5f79628371e8844995e5d0cbcd
SHA1 b455c7470ade97764b21f8764eb66a616cf25774
SHA256 08e77b63b6aba965680ea7d6868e3ad7b0b386fcb58d280b16c737d9589c49b3
SHA512 957bd0cef157d3d83ebf82e478b3fd6545ce17fc21aadfda0ba4cd86f7eca474cfe87d0362769277576541786b6f1e3b229d1de82d5526712f68da9f1cff8073

C:\ProgramData\Microsoft\OFFICE\MySite.ico.RYK

MD5 e939cb31b96714a859058bac839946b5
SHA1 aadf66710e86e5d0be505125e6a816fcda0915a4
SHA256 e9cac3fe0bd94f6827f443ffff1e5db76e8f9e12737fcafad9eebae3c0d1791c
SHA512 1f3c53554aa17d905c9339f1713eb5abf7c2b6d91b4257aad8afb6b7aac70b52f19df8b1c0beea387acbcd488f2ae3fd687a3225183bf53cd27b4247c54155d1

C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg3.hxn.RYK.RYK

MD5 8d0ae327362921c2ca4a4abd4ec396ac
SHA1 eda4f22bbe43a9b66fb2c8c92c7984f7616cb3eb
SHA256 4dd438bd6d9654a9efb96c77c94c0cc91b8d844a3fdbba558548dbc812d0d06e
SHA512 99b9d73031219320c9ccd1fbbade03a075a2d3bcde08ce1aa3e929e2bceb35ca473990534c9dd0e95ef91b89a1178d046b65c27439b7c0a023ff38c94a5bd37d

C:\ProgramData\Microsoft\MF\Pending.GRL.RYK

MD5 9d502cdfd87b2233542f4ee5c30faa47
SHA1 850db48e5500f3a3cb8359528bdc9c662ba3e04d
SHA256 665c9336807fa24f35eca5f3883368b3ac7a44c656617c5c95cdd30f2054a2dc
SHA512 c71d06f42d8cf80d614669341cb60403228105136518b16fa1eab5cff20e7a35afc0aa9a57dc605be756977aec001ce67a95a9887c3b7334891e20cdebce9488

C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.datHair.mp3.RYK.RYK

MD5 139210d1a639a4c12397c580890ad0d5
SHA1 05c9ddfae613c6cd293e5d3bbd21145917188802
SHA256 52d3bbbf0fa2be51d30d2c64095538b4876e284f5f0f7e22dbfb106b7a430e98
SHA512 cc25fa88d3f016898a7029b810e4e0da0f81a90da4091ffb0a5885dc904ed56a467dfdba39625dbc0304b70a404b1c2764dc8244cd93dd1277e130e8cb2c7793

C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpgn.RYK.RYK

MD5 2e6369ce05deb82934793a4c7e8398bb
SHA1 3a42dd7cdcbe7f9763d52bd57f83c97a59de6efa
SHA256 ef9a857a7d95fb012292dac351f86e9f1c80586212b0c0e5a0d367a2853e55cd
SHA512 0eb94a63c5bdbe8f9b7a0675d1a94a4c6c8ed016f63dd426b1a3171179e93a65c7d3ae8292fbedf7b581603d02a778128c3b0de2dc3a4725ea2e0e8259ec53d7

C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpghxn.RYK.RYK

MD5 a9b68220e013356386819978a0ec82c9
SHA1 142159c4b6e21f0b3f5797ee1e8c7d8f2e1d0288
SHA256 b10b3b9b3f5e92e5c446cf6cf1ce5ef0d6f616e8d15d0e731074b513ea70f2e4
SHA512 560aa02894f94a79a63a3254195900e3e08b72ce824f8a1938b0032bac4a244ba0a7b10d664c708b20fdc5d54d2445aeea70394cc16419a1d57e077523c2614c

C:\ProgramData\Microsoft Help\Hx.hxn.RYK

MD5 309e3dc922a49e474f4ba0b5495ac0fa
SHA1 9613f248c6c922af34a9d0f386350cc1329a8a48
SHA256 f0da877baa942c748c1d8392e92baa5de73ce1841972cc6eec0f7d3f7383e0b1
SHA512 43a45cf755671cd3d4ca3261e004c757fa5f2b57eb6b38d9b00ad4e6ef858b818d00a02c75bab4217972238ae955531f7bd122049e4f3ab3fabd024db8f74398

C:\ProgramData\Microsoft Help\nslist.hxl.RYK

MD5 1e3d4664abcd9c92115f3a72cf3f8dec
SHA1 3426dd357c73672e8bb1d922585410d3a7b3a97f
SHA256 aa6e56fa1914e07d1232d51737b611e132a99838efbee766f81827555b011f41
SHA512 1551ca202a55685872aabf52d1d804d2e69a62670848a816e6cddde92e4b1ce0e17db2c13a6f7380c3f0c43e006aad871ca16f81a9d635a426c96a355022c9f7

C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.RYK

MD5 34459aaf274dd76ece3325d029116e48
SHA1 8c453bab303550e574e7afc9fd84617441132195
SHA256 587578d51a32ce37002182c3d86acc6632a63bd7509625ff13367c4b9b9dc365
SHA512 1db39eff6376dbb54f4525068c1f40e1dd3bdbfd5818f7741540425ed4142839cb5bfad40b90c2a64bd7b6d686ae0fcbc733553ccb1c8468d85dda9470d68bf2

C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.RYK

MD5 82fd9e48737331cad853d82ba69aa3e2
SHA1 99e6549e7e6ed46ed229366c03a7bade1ac9d2b5
SHA256 cd3202122651fd7b43ba9475f3e1581f6a6fa314b259bc6c6099c44a643e8abd
SHA512 ef37885b4bfa1c0d542fca27b001041d367cb9394ba54e93e4525950249d2933e442f9abbd86600df4df48fbe5cb5306093819fde6be7aff1bf44aeaf5dd46bd

C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.RYK

MD5 2a8eb6ab2b2288a71d12fe8ceabda508
SHA1 e1172d5c1a4c96fae1d8c9ece1fdd0bc2632029e
SHA256 bbb64d940971be71d7945ebb07ce0ca564bdfdd73d5e81ef66b2233784ba58a5
SHA512 2a9caf7c475b488001f1c8c22a79c088eaa2ef5a0a5d50a4a76ec120297c013f4395dddf2334a1a0072eb9542e5da2c51f82082d1b92bcb08451763b5af93404

C:\Users\Public\Music\Sample Music\Sleep Away.mp3.RYK

MD5 e429e01442bf08ec0755c38916f49faf
SHA1 9c113b641e948ece08bb8d47795215fecfbc5ada
SHA256 b1e635747c4ecf20e2f364f956ff78197a19e6c0c17f112dd787393a5cecc5a8
SHA512 cbd732402f61bf91db6725a8b04271d20e38726efef869e7c9bb938a943a80b27bc86039858556e339ea5dc0644bd8d4485d1fe51d6365a424ad738b0de9fbf1

C:\Users\Public\Music\Sample Music\Kalimba.mp3.RYK

MD5 dbfd56a6e674e107d96b91df4c74a29a
SHA1 518aee6f7991db27ab54bcd66a275281224179bb
SHA256 592e963e08c6ccfbb799ff57a0493674d818b959ad2d3e2dc8b72dbdb1218218
SHA512 721ee787e10d9353b0e231ff9e1d3bb558ae9d4d63f5e786b998d9eb3f2188797c08550175d34c9d80596f3e4ba727f8ef7f42934834e01eb54c1462d0d1759c

C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.RYK

MD5 a9cf7ee825158f6600fa2cb501ff9ccb
SHA1 00fe15ff40a9bbcbb05262bae21ab2e12ef2fb0a
SHA256 49c1bfe04397b15857f86dec4aa97b0e3e409016d1d4314f6bc206de5c3b8ffc
SHA512 273ba98234512fd5d617e6d10c4605b51c24ea8e4ad9d0871e6f1f1b35740b2a4ffa38ef69f0fa336d417100af1a0c1f92b112f1560e3c3ff306cb1662e97b5a

C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.RYK

MD5 d7014fc102fb974cded24a40997f1438
SHA1 2f730e2f5be5d9512065fc30c482519c6f82179e
SHA256 989909e03780af8748fc360abf6ffe8ae208f1888da9389ad64bd904ba435af3
SHA512 1249918261ea50d17bf7a166d62a365ca70e2f5931833da0ae4c06efe5d7eecc656d5cbf12446ddd49104854df4823316d93af2112e587d845fa457b11c3c09f

C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico.RYK

MD5 e738d25cd7dd8caa6b0bc4851c0fc635
SHA1 ddd762ec0ff94d0b6d1584255dec18d9c4f7fdeb
SHA256 42d6167a7ba0e42aad7f58ca92fbfb7f4c9b3bd8c1a7568a8dda6ba7b666b4ee
SHA512 5195894151a66603fe73cdbdd9e3042a28ffb8d1016825f066e3baff54814c5c09d74c509d04c3e61bd1db6e7d7a8e05f9190c2d74b3e6193114a849778e41c0

C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico.RYK

MD5 0ebccd3023fc46e6a8b013cb16e048a8
SHA1 eadc5765e08c758ae644b9f2c5e902a779c061f7
SHA256 f3300836968426ce23bd8582722af15cf3922274f3960bd3a637312e6808089d
SHA512 fc756b86c41f225db6e99fece0458e393eed228c69093bcd4cec523d572e14cfc3542381b2eea5c64fd2c8e87e6e868f5501bbef9fef6cd4e590cd09889f1c3e

C:\ProgramData\Microsoft\User Account Pictures\user.bmp.RYK

MD5 77fd259d9cf9e6495e99ff6ddbc5225f
SHA1 d02fd54bd8a855dad83a3b3819658c596029a855
SHA256 2284bf341bb1b1382ce35c99937e80f03f9699dd1f4a2972749ab4324c7e7a22
SHA512 cacd873b9d3feeb8d2d3f8ace6233353dcf258a9d8dfdc358431844e35166d07570d697836dd6e1ed0d88d0d3c5a877f7d1a995b797565d66ed17192853bcff7

C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.RYK

MD5 02b796f5687dd15a2632acc96d7d2f57
SHA1 a93c049f34dbba483e2dcbfbe064e65fab1db43f
SHA256 155e5ad5cb6f68364966b709576be78dc18a1b4be4b38c874d681fc5d83987e5
SHA512 5073840be89ed43b2808934e1b4d82aad80611f5febd5955c3b3cc553c8faee6d43dbd61a1e622c5db68d8666d105faf5f7117f5a112429728357b16add8651a

C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn.RYK

MD5 de42d990aa7b6782dc0b57445ed6e053
SHA1 d609de5b2fb10c766cbc6ac334251b93520df168
SHA256 9eb8863ccc71a948ee5df96e28d7fec2351cf2cf7fa8220cc8e4ab419e0e9369
SHA512 bb237654051435385bf480af156130337b268c262b743f87e06724d32d7373c3874cf0fd4a8bb5567699ca02f7001b0f08ff7e5e9a812ad640ed933ce6d05ca7

C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn.RYK

MD5 e270a284ea71dfcea01b956e1db2e4ff
SHA1 30d121140db9ad888ddf18e5f9dc9e5e98adfef6
SHA256 777c2f6e0183e3ccfbc24fa25e6a4502510e9e749aa6eb10e58e4bf911d51490
SHA512 6e452b586a9f4493ac3e5c61259dbeab57ea7c8baa8f727ce5275a9d30c7cff7b2d355088a977b83a57333db3696387880af91b606fef9cc04b5e42b0679b276

C:\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW.RYK

MD5 7ea169affb4529171153d733ddb3a0e0
SHA1 f56443f918d822177719049f0207af875b7ebf11
SHA256 21aed98068bf55dd72268f9b8273d4670a464d461e108211a0830e69f4a6bfe2
SHA512 b4a53cffed3b07214f564f8f558089f7ccee7aa774377867e92d8c22937743182399d7556fb7abd519608cb213916483501017bca2e870ced025860a7d559964

C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn.RYK

MD5 b87d7abe851539080f44ba2645ef6f36
SHA1 34b072d99da47c1554b6bf00750878d38d07c719
SHA256 ce0176da747b46f949cb7772cc1afdb95510da626e232b467a38aa6122814cd3
SHA512 d962f39d09db2ea84bfec69245152501a11ec23b228056ada05f930e78a22ccfb92edeccb6d77930e5a7b6012a7972619aa5069381fb2f8d3b528600bb3fc432

C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn.RYK

MD5 f780929b3a587ee02d1d3275e7e1b855
SHA1 fea1faa6111128aa9c9bda10af5ed42330aa8857
SHA256 a78b25bbaa687ed5267ff3c2972a5f954287802038761d1e0753663738007473
SHA512 6819f2d5c9f69bd92704f28ab356e45192bdbdb0700972549f50a913bde82e85b522344123bf102860782f6badc25b3abd3aae23236f870ba3037f212aa8fc9a

C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn.RYK

MD5 773334aa4ce34dbf52b68882c42b6254
SHA1 e9b4ffc978376d060950d3709859469b40fb5ef6
SHA256 9fe42b6a040b0e1e980b6c01788d4f1625e18aa2534f387efb90aabf7b4dd47e
SHA512 1f7aebd824742c8c69d738dd60ca9b06b8851fce8d03ec660ad1199868af6f8372307939a156a57a54bd801aa49d4a9f45bfb9a54413144e47e657b428b055e6

C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn.RYK

MD5 f9e4746eabe10979ec0fdbe75d40c528
SHA1 80c8562012ae58a32d06fda5db7505053087a47f
SHA256 3456da755ad1a05acf5a898ac77fa8b30c5cc18616b1bed432787bb4d4ca305f
SHA512 cd9efcacde3aaf4f2a6fabf5e6b7fe8841cc2f04dc5e33012622b67ebf74916ab7dc4ec2a2df33e050d7b52f6683e3664bf06d8b63f48a0c6239a1c3782e6822

C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn.RYK

MD5 52437c7c7d0825a1445a6711cbb9e89f
SHA1 1e5d1f40b280e9b741905a1175afa5f6514db52a
SHA256 a621c952a17208d84aa06029602829e3a824d494665f7cb09b988fa7262132d5
SHA512 202637e3e974e80212473e4e4e16fe83eb03879a00970bc852ddfc12129ef00091834d0063f63bbc740dc88e3722251bb994dbfa5dc5a2163b2a40735937bc9d

C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn.RYK

MD5 40e1d3a3f3fc68edb8fe52cc5bad9f1e
SHA1 e0dc62c9ba716f10acea88102e25db9b3f144e08
SHA256 429ae0b22a5ecf13797ce10768e945f2db274e75be34df4ea0382d9bc405a444
SHA512 c8bfa262814ac6af27bb6a98a3514dcb41c3d23afc184f925d8f1fa8334e3d7bfda5b6c4279ad7ac805c4fb5b72b7396631006d0f3e6b8d3f3b23befe064395b

C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn.RYK

MD5 557c272e67d4027b96cd12382e8e343e
SHA1 8a94343893d9a2074a86f1a52943eebabaf9b66a
SHA256 3f6d8ffeb286bd91eaa8f9ea6a7589068ba4d92590555ccc199f89f99a091f7c
SHA512 7697cce4981eeb8f27fb007716e1ab513606747bac7574c88daeb5081750118cf1f16b1fd7b6df577b695846afb49cc9354876718eee9803f44e174c24195881

C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn.RYK

MD5 4bf3ea8a760864e8cabdc6fda256b1e9
SHA1 9159ba0842b2b69a27f3f6a8a0a13f99c9199d35
SHA256 3e2af97756e582a7465aa6bb87bf4ac2433b075f499afc66511526dd4681a070
SHA512 99540b054472b13a07cb65d9c0a8628c0a1094c09f255cd1d5b02cafcac9af93ed777d1b434e9e713867d1d4181d06b4dcb90d5faf868d16fce54fee7e3e46fb

C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn.RYK

MD5 a8cc2951c0c41d56493e07c3b66c8f23
SHA1 8832b19dd954f49b06682054e24b0ede7acbef6f
SHA256 785282c0c075f5b4e67a8a2073e3fd0960119ca594f5e62d232eb5eb48adc75c
SHA512 44c53db698b3843f199c52423a8a3475b4593a22fdaa1ce04974c5db397c08afe234d86d575a21403bc432b3fb6a2ff9a1e5eeaea1b9369fa3da54852aaa0862

C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn.RYK

MD5 7ba5ee2187425b121b7de04fd1283735
SHA1 a17653c6ab1022838e5c0ea440823d8d9b1d5f08
SHA256 fa47251c91a049e6b5c787511059d9d61ef858380ccfacd651d5c9c4dcbcca47
SHA512 e3ae46d71f17191cd852cc2155e0b9dc24ddf5da9f3ef12859df5769f39efc425b50322905a863e3cc864d2dc8b70e4c57d4de79d1e1793e05665ec41a341945

C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn.RYK

MD5 e64786d7331f4f7277da4d28d908ef72
SHA1 7e64c590e2ae0d868c8d1af7ca3163e25c0ebc1b
SHA256 5862719b16aac826e697e6285fc6a1578d1b13b9c0f1d61064835d770b1e0a1b
SHA512 776e6520efde94548b260b409550ed307972450d90e272981d91d8c356208308dd5fe59ad4410222a7b4a9c0fd657587a7441e0ac8ede18a9c2ebcdcc4159a7c

C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn.RYK

MD5 8056c4f496ddc8490135e81b0c45eb5d
SHA1 afaeb7be8d60773e87a1e0f689e0100820caf1d0
SHA256 4006ac8fe003e87c52ef5ea4f699803a2ee2a63c814218717e0eb5ab518e8582
SHA512 312f069041c31115445735fbf851942ee2ea1caee1443a58c060ffc587692cf5c38bcc4533d3fa61967517e1196ca1a836374eda43904e1fef338ca3577b9d85

C:\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD.RYK

MD5 b345816b2dd37585d4179560dbc13769
SHA1 830c0456e37972f2c7fb43637ab18912ad5b2065
SHA256 942776edebdcc1511b129d44703add579ea3fe304c43709f89d59bd5f32053f4
SHA512 eee96df94417e8468498d2e84dc5046840c607d3c975e756449deebb824aa51c60a35be83626327825f250f900cdcc7f5bc32cef1e058221b76092da9b4ac465

C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.RYK

MD5 c9f72b161c1c392a699e5e54e1eb629f
SHA1 eb9b67c52f5ac06e54eff8cbdeea350267dbf849
SHA256 f7f20b99cbca0bdf95d71fb609020f5cb86a3ae2fe554d2a1d0d9c390e1bb6d6
SHA512 e412003215e771b0dfb2faf87f127f40b63209d3b57150c2683e936859bff18c499b2a4a616dda840d5b06c8d7e9b24260ca80947560de80038ad3c4cf2e52f6

C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MKWD_AssetId.H1W.RYK

MD5 11f7962d3242f1777f89e449ff6cea6e
SHA1 22ec8e97647f07bbd0f0a3e9130f0a78a7a88626
SHA256 33aaeba7b2737e920dbc4338de325431049b25c4d4d324cfaa75a86e31523100
SHA512 df96fec7449c48b89e3605cc91dfe6efd7395c58d900f430d198ba04854e1ab252d36cf288e79e98e711e3b74e57baf0b570a12ce2eade65f0d7b9409f033080

C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.RYK

MD5 d114191685ce46fc896210c933c50a9a
SHA1 06b13e1d4ec0bbfcf18104809e2bae3de758e018
SHA256 1b3cd39ad976c3eafc90407fb09b8bafb67711302bfb99b4796596026bbb15cd
SHA512 868181f41749f1d5c012f2d3021cd49ef529a5d19370d39254e2a7d56f258b93b106671a27fccc0415a402bddedf4db76208ae843641a6d18a97ab12d718904d

C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MTOC_help.H1H.RYK

MD5 322a956b8e4ba75dcb3b6146891cee32
SHA1 b920d8c300d192b3d2b26c8782487217c68cab31
SHA256 7ee82d78faabd395c0678cf47828dd955dbeda1fffeaa451059e654f1384e5e3
SHA512 2fe2d4741fc8bcb4a2b401aef7a7ed98a7f1ff4a7a43c78790606e290aceaa589629bc11d0b3c08c222ba7cd054e455cd64a89aff05119342ba3dca28ae7a7bb

C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_CValidator.H1D.RYK

MD5 da46093b7d7f3fd6adcd65a1a7de8008
SHA1 dafe70618cde475f03bb0bc9a9c6b8f76510c828
SHA256 321db15d60828963e2f828de9771fc92436a131c53f5693f863980291050f9ca
SHA512 1555a2302fa872458f0cca1d5df2bb5822e275bfa9cce65824528e28b181b343796d4b901dcf5afdbf717aa4ac1d58a213e38d177fa8b5ad3fc6f9c4587aa47a

C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help{45EACA36-DBE9-4E4A-A26D-5C201902346D}.H1Q.RYK

MD5 da1339941a05831340268d3a9403a890
SHA1 5a2f70a2a2f66cd5caaa1e7d5b2e9262a019b6d9
SHA256 ad4de65b629cf506fdb16d1a6eda9a84d9b70cb93500e3a3ff142461f8feea27
SHA512 80b4aec757cfae19cf1a58c13c97cae0cca25b5c343a070943fc4250d875786f230c4beadca2b06752ddef39a9ee67852b5d4f228780f7e4e872ee619a653130

C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_CValidator.H1D.RYK

MD5 f262f0bc119cf2a2c8028b9e70635f96
SHA1 d995e18849f0a518d69258fbab6e358b572b8401
SHA256 925788308b2b720faa68f539670e9cceb5e061a10ba0d742093ce5e7a7ae296a
SHA512 f8a823d1e8fae31c60f6d4a6cee150d6c4acd1a84e9072e3d76bc4d2f6042876ddf66092c0da72611c3cfd3ce94e776bc420e928679411ac6e3f172628459c39

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help{68DC71DC-2327-4040-8F03-50D6A9805049}.H1Q.RYK

MD5 5ad09c663748d44f598cdf539d0d9342
SHA1 3b0f795b1b7b4499a0c0ef2d91851ebd9f31934f
SHA256 8909085acad9f0520ca5af6827455ff178554f09c862fab19452f31955e41b9c
SHA512 61c452922a1b14aba42401ba450f09f83b150e1f1a4630eaa26a77b5dc6b164ca13b083e7614a1063c41b7ed2838d2c3f78d69135d5ca42bb56c6632a3eb556c

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_CValidator.H1D.RYK

MD5 26de224751e37514cf8595bdcb6c942b
SHA1 829dc34a75600f0c51f3a9ede77ecdff7b34530d
SHA256 6bc5768c4b46cd5fc7351f1a55b084ace7c9a5a4293d8260bb8692236acc01ec
SHA512 a75c9874cdbbb849c53e621c8a52266abdbf839ad5c2069ec70d2af85b2461584ffc609be72caea311c6d92bca2781d4e53e97097ea9de3744816eff50b88ba0

C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MValidator.H1D.RYK

MD5 1c70380105f20f119f1d78c4048146b7
SHA1 50f1b40ee0cd56db4510968eac40b2ebb8b5d097
SHA256 29a201ddf38d72f91cdfe6f938c4494cd34571e6458fd390c9625d476b9ddbba
SHA512 400233de781ff93c8574588e8e7e1d63f06417f7206831264ad86abb96edf4f5fcd019fa137635734a27ec70b3767f0b4a480e05f7cccb377cda36f372b6d579

C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MKWD_BestBet.H1W.RYK

MD5 ba38d6a816c775a1d76680fccf46cbc8
SHA1 3c6e66a8e258bfefd9d4ffffcf50fbfd0074f063
SHA256 15849e6b11357cf2c7c2e96eeaabad55cc1cd04aada953e2bca42baa3e965fa8
SHA512 84d5af4419a9c17dfe908c445f8a52f0452b61ad4d8b13736f687c8f5fbb81154050f06ef722715b10e7aeaf0739c629f7d37e0a7127b2cb5f427dec70ff294e

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.H1D.RYK

MD5 88098048ea3a6702feb8d03f0641f3ca
SHA1 45cdc9f9e01416d48c676754d47b77120fad6919
SHA256 a3c026e925a5d991b387bb6624a5d34c09da74499353fb83b52cf405cd9f0c10
SHA512 718f7ad8c8b60cb9cc7458c3fde44686b6ac533a085121e621288b836b815a1af25fce971fd4cf2bec97e797ed0f23a264b9d6f8f16a66350fe6a9053c583ddb

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MKWD_BestBet.H1W.RYK

MD5 6049971284cef3e6f612fb4087c683d4
SHA1 14dd6812117fd2383649ad7b6ed0e72563d2580d
SHA256 0c210b2a3b056f2a1d22651a66c45c972b27d96bff5ee70537aa16ba00ea057e
SHA512 189dd42be3b1b760e891d20ee986c05bf322b16eec1b6aba897ad3c44def2f892408ba1fb2c4f0d694b27233b96e7cb213b17cc9e1c2d8a75e3cc93fa199347d

C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.H1D.RYK

MD5 eb2c4fa461b0c76964f18cdec121264c
SHA1 222da5122752a83bb93fb835c2fe536f6767ec01
SHA256 9710e37d962608891dc34386bf0da7356b6cf4e9e65f0ecebfd6f24790af3878
SHA512 16c91bf74e1291c903b542f3bacd47548b156ca6ef86171e77a12422569e1ea6073d1106715ac5dc44b6d25baa988b37dcd68e26532f7a8d1158ccd341670e5e

C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D.RYK

MD5 047070d561cdbecdb3b63c9bff71c76c
SHA1 a900b12e0e219feb5bbb274b244ac186ecddd198
SHA256 be095661a4997a4cdce9b8418d934bee6acbf86ee22abe36218fb85b26fc4e26
SHA512 f76f97dc7373f75fe5ace22b200d1b87ac758351c6ed123d70ab9a825f6e913dd7f48607d09ea30f398129802f8e7862ab8e2abbf3892b3a11d87e4367472bc4

C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W.RYK

MD5 2b3becc47688ef786fe53a61cb684edc
SHA1 0d252e9ec72b331ca2b64e39fd21a0f8126c3e60
SHA256 039bc88f78310f0d4f585c77a678b10ba7c877e9bb7d8d6d5b796ccbbf5ea97c
SHA512 f8e00fda8ad69f236f2468e6b9669b3790026af251d5b1ea668b6d9cff1d6efadba87ea10087ed2bac8b0037b26aa5f310ae0da3165f08e805907c68775de7fa

C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D.RYK

MD5 531ba91b035a107f2b71dcd416d51256
SHA1 e81fde8aa1cbec85ffa0cc15e738a8734e00a934
SHA256 19419896b52cf5f5932372a07381ac5591ccffdea43128a1f1bc9485e18269ad
SHA512 60d7ae2b3af1de1aa5774397211c0efdbb0b57c01a91422aeb7b90a6ff7e0cb77de6951d41c8df4c81e74204fedaa7d603d6f1dcf9a5f5dc32ee4e2c891923f3

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MKWD_AssetId.H1W.RYK

MD5 6296bcd4eff12d827aefa7ec1a154acc
SHA1 a70d80024aea29a4d635ddfc0a0cbc75a147df13
SHA256 e062813d7fb99697564badf021abec10ebff50909a97dd2e571a4dc85e254edf
SHA512 41696659ea6e45752499f36437cf743ecc809372efa87db636bf99643c85919458f1ce37a87c8caee379bb37fe95be79fc1de31115024b33aa11307da6ac8eca

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MTOC_help.H1H.RYK

MD5 61d0b5f58875cf1d03a8a8ee90b06718
SHA1 03ea8402d980b97785da382da12b67344d02c627
SHA256 af34343592eccf36967cd0f12a4a061fd2ea0d70b0f9319c0f460b2e094cca52
SHA512 3eff4442035711dc2970c6eec64507ccfe572058efb8b5fd9f9d73d5dca411702d0abd65ebd84c93e68260302b7fba2ad06ac91b421ae0043c8882c659228a92

C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MKWD_AssetId.H1W.RYK

MD5 05c1f32e7d821030059c03c6828eb4e3
SHA1 15a6305c684c00679f91c7891cd8ae9c4be1537e
SHA256 600794726cfaf0b8755bb306057c741ad055a487e3a1ae850d1f1243d78d78d4
SHA512 fecbcd5d33d8c6ecbcf643aacc6e6092c45d9065487d3881191f8534af6edb1b756de4537f907595e28dcd39e05d98ad096ea4ba99db3e5b61c8318cb4f5bc36

C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MTOC_help.H1H.RYK

MD5 31d3b0fca32037bb0cd482595ade35e2
SHA1 da99d10283a11061c6f598e70ec191515fcf9229
SHA256 dd6a9e9b6ad9727965446f9c33683712dce9674f6864a4b55e971dbe52d1da4c
SHA512 114c07ddd6dcf78db55c3cf17e451d69b1e8296d6adec2ccc6e3816966c445e6d373f41d96bfb19bbac1c13d0041ac9f3cb618e5a79723b421601f7c2dc82e9e

C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help{7E352021-69D6-4553-86AC-430B0D8FF913}.H1Q.RYK

MD5 fbba3e3db6a4ea98e3635e3f129712e2
SHA1 7a702dc48c6b81b66062537c646bb2f1e23cb0b1
SHA256 a7865c6e3b3c065485cd5fe85e20fccbbf1795ad1f85c4a97a4e463c57ff55e3
SHA512 25726afe1285aa5b5c7048ed37c8bb3d88dcf88352ac6118f09503545a680bb0b5ce45d891a444a27fd175444617eb0d431a1968e021f9f1471d41e9a0673adc

C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MKWD_BestBet.H1W.RYK

MD5 0959eec831cd164b3b6f4539f8e979a4
SHA1 d5a0d15fd30fee9de31731ee99de83b8c4c3fcc5
SHA256 5b015fcf785e408ecb3ebec8abf3a99c84031732ec0ffe1f6a50f907f19895a0
SHA512 5d8e40fd16507ec5b5ed602a8539a2197e9093311e55a60b10e0ad760ed9a15199191d7d89b1fea609e62b4151a987d6e129aa6b8a97a800065fcc84727a325d

C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_CValidator.H1D.RYK

MD5 c13b7f2a2a81ecc2c37edc287150f375
SHA1 c9c0c5303d2a2ba2a7f385f9d588620dd3a0c2b3
SHA256 ceedaa104395cad1e58652ff4a40fde946ea51809c63a63b76cf968cfacd001e
SHA512 544695ccac59cfe85ac160a197d54a5ace9a4bfa142c41dbe4677ee25fbad01c1af5618e2d58f2fbb5ce3ea526af4ad165acdfac07b0500b3ca6ddede26478f5

C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W.RYK

MD5 55b56934eec5dac75e0f1260a822403e
SHA1 012131cfb96f9dbbc2f49ae92c6fc266c811d1e9
SHA256 25541a7df278b3fc9f3db2108f0ea31312576735ab4d6d02b5fc04dbea5e2824
SHA512 386d497d28efe40625b9e12002f70b872c4ec0f62a9ad56e03405d93a462dc3284e34172cad2e7b8fabee89899bbeeb1211966ac6312598571d929e080686457

C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H.RYK

MD5 8aff8744bcf931fa619a3f487c703849
SHA1 23e9e5ca745727ecac69a95579c95d2b8653e57e
SHA256 881a2656e06051f973880c57453e2e80a124878bdd28a885374446a2dd1e4d91
SHA512 5d8c827c8cc6f1f94f4b8134dfdb9467604308ddf539c981e659cf1afac1b11c8e8fce7a6e81841c2d4651af9b485143d6a4a6a4393f9e861e86252dfa17a034

C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MKWD_AssetId.H1W.RYK

MD5 4c5b18c8b5d5d1a6d4b1982eaf96b283
SHA1 9bc8e005f466938ea8ee63b10cef4c6aeb3dd8ca
SHA256 3faba08058569eecb461c9cc7f13c04683c4550ee8a676256bf1515df3cf063a
SHA512 6cd43f1628a40b3b4f5ed822fd4084d9d113d8255cbcbbc317e9968b1e1c2fae491e493ab66f41994f388ab17bc962929b7546a0e88574c3cbc5fce0d337126f

C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MTOC_help.H1H.RYK

MD5 f91e6bb108cb4831107cf7711ba1b7bd
SHA1 76560c69382de0daf8303fae147c853408f28c88
SHA256 c52f2834e3453c669af06d7b3d3c2e95369a275f51b1dcce36156f94e998b841
SHA512 a8449057d30b3db805171c72e879eeeab7f4748689216e4e577c9e9d65da793dbd08f4a39b4229fe0e8027b5149ab7863f5d166deeb5eec7fa9018bab853a34e

C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MKWD_AssetId.H1W.RYK

MD5 850cc3f079009d4d3f3af449a9858a81
SHA1 fe37993ad24cc47a16bf5eae6f78c3ff005a2027
SHA256 805ffe002abac89bd67acc27126f63e1e389e174ccc6e0e4dfc5dbcbba163b9d
SHA512 22e0be89af0ed16316d4bda84bd9edd45eca6e160abbb4d1c22868aaa095bd354f704ea5155425641418c8efccaaf78291a82c7848f0ca8693de4a15333f523a

C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MTOC_help.H1H.RYK

MD5 3e84f999305f6456eda0c3f814a4c1e0
SHA1 cd8d90393ebc8da6bedc52098400cd647fb560e3
SHA256 0f3715c0d4fff6cc7bd024619e6723930049489568089f19f947b306f8bad2bc
SHA512 5f0d86171c2d6f5db8da82823c5f568ea5c661a7efe2b391a1d5ba3a875707e3fbc2dd69e504cf82c100e306624f6217e75d763566eeb83a71e04ca02ad0a939

C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help{E1E8F15E-8BEC-45DF-83BF-50FF84D0CAB5}.H1Q

MD5 8d6a0a091ff6b67e99e9e158f1e4e68c
SHA1 0608bf9367207b0a5d5fb999fa44f2e0c736b8a9
SHA256 d2bad43bdf31668213d1900396bc8e59e2b8cf31787522ea537a6cab9510795b
SHA512 c450f5a764bc8320a7d294c26e382c3a73156acdf700e268569bc9a26b706d155b0dbf89005d3f4c8c8e7456f24b24c74551f30c1d26273fbf2000f7ff423153

C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MValidator.H1D.RYK

MD5 36a3ad123ff44b27dc5777b33511e8d5
SHA1 eaf923f5f4c588b065cccf57d182e73262165bc7
SHA256 98ebd328811af020ac0f83fbc2c117eb05bdbb6529c91274950bae346c90dc1d
SHA512 9897444224dc94ea917fd711d55835d4384f27880aff025bdbabaa7434bca1c9152f19139f99d100e0b0ce7f00c34ba2271ccc73412f32108af4259e029e59cd

C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MKWD_BestBet.H1W.RYK

MD5 c3c4469a2b82171f0eadbdfd7ed3dc62
SHA1 e2b0688534e69cbe2df1c1fc4ad6f27d00537e34
SHA256 024c1309c4fba1b185920a240791764bc2c396d2fa22a442d3abafcf2d5bc572
SHA512 eb2bc2293035afb5810162feb5f1a69d0b3753447f6a4cdc1ddbb633953396ac06d801c4bfffc36b44ba4e2cad9647a60720abce7165d3736fca3a45c9670cd6

C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MValidator.H1D.RYK

MD5 e1b63cec1df1b29672c8101c6b0e8474
SHA1 be246701e71d255ef06d9822a34d4da5b155d717
SHA256 6c1dff5d5a5fc54fb4d436a28fcc88d4e81c9df1231125a57b49ddf12f6b33d6
SHA512 a07966cb047bf0d25826c5608b9218a0437a6e02b96052b1b3dfcf0d1e101936b487027c183ef644274286cb0b7807afb08de174bf66b8a333cd93a9b0f2705d

C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MKWD_BestBet.H1W.RYK

MD5 ef8ec6b0fc7d46d1618947e3db977e92
SHA1 30a3411abf75794c021578741976bf11bc7b10d2
SHA256 a704d0cf393171ba5a06d12ee84996eb7385c563c921e6aad1de6799855ce6dd
SHA512 b84e847d33d48c2c2e074b8363a985273b90986dd1a3533d56079c1f4a688a3c4a1bcb6f92b427139b9aeaa68eff28b0edef399c0b64118fdf26bc415bfc68b8

C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_CValidator.H1D.RYK

MD5 f204d0223fe39f294a3b130b5f308b9e
SHA1 155b19ce7b9834d98c6242a17436375c4ca0c45a
SHA256 781ab4518cfe8e1072a2bbed2b481da224fc6ea17d56a3f06c7cd4687e5e350d
SHA512 82bbb3cea3d145a28e9414fb24f459786957792d9a1a661271390a5a173fcec153a7fed71a0f36a2775a1ab11c1fd4f706428487a8500500931443dd4b3b24d8

C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help{92F2118A-E813-4A4D-9DE2-F96A9DC02C53}.H1Q

MD5 38b5d0883f40df16cd47fbd0be0c12c8
SHA1 3873823b3b9a0fe55df914755c027d58e2e5cca3
SHA256 ace41fd03c00d477d16c1e4f59edd3c2ac6ad753e56bb1460302df999930dad3
SHA512 90bac345c3f251ddaf8c2e17ec380e63b8e278aabbf59f26a3fa20b8579acc4031f416cffed89c0914c31e9dd238bb9eb600c7a4f25405bee50ccc327685da81

C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.RYK

MD5 f6281156814e12003ef0417389164c9b
SHA1 993800f762a47af5db786ec014684a06dba3fa8c
SHA256 707a5db38866d75e18c78a6a956c1d3b4e5b9eb1b78f191e75d326fdee37466f
SHA512 2b92c159014d10e043301c52b2b0611531ec7c9d19ca2f5374326dff68aa2ae014659d14980a1b0c7b6a10612f39b6de32a74943aa2995f51b4ca524bb061b49

C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat.RYK

MD5 4e6a31548462b01c66fb57359cad2e12
SHA1 78ec346280412c03736742fe6ebb42469b517d98
SHA256 a03ff60707e3546ccc552959e8b0916ded8958e58f1436e76261e06860827d72
SHA512 bd3954bfeb82ca0dd2bcbead58961badec079f0c3d18745ffee18e1330904b3844c1568a44febf828623a14ce023b551be4c822ae4720e0cb1b0e43ffe4dff46

C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.RYK

MD5 3cc43e2f047773f4c5b51a68db99660a
SHA1 7129a4273a751a5e7e40643177b9b241dc0005f9
SHA256 5f734c6c81a377d9eed71e422f72e8ae22f6b7723a5305c3f984f29e0ffc275b
SHA512 dcbddd8b0aa56a4737bc69c224bc68522133b99a6292ea8c38700c3047fa064f5af41d6f2ca1378bbdc05f8ac888048759d06a1fc9bf10d6faa99d181e35dcb8

C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.RYK

MD5 79b6b2db5ca45ebd709b5ce7fac1386a
SHA1 abf717eec5b3b40c69b5ecbcffe03af9552a43ec
SHA256 9c85e117f284564878919a16d4f5762f844d0e2cbe53c3b925aea805d42c4137
SHA512 ec6de8bae80742b7dbb06149fc9a8867707557e39c172ff318b9ef6ed1b99d81d81672ea69de60545aae8a35e511703071930157aba80217ae26b3828023a31f

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.RYK

MD5 3b4e13c3aa5d411083b51a3cd2e44a83
SHA1 5aea9c75fb0c8df62119330e9d51f762c55b6f38
SHA256 302f99fb26d64f99e3964ae5f57bba4b7e66485342129efd81c090ce0e9f48c7
SHA512 667c36be55e604c51369d5b1418845fba79339a2082aa65732cbd5d9d88e41c9c163a223bc16d24e07d31dddaa685fa20e179030d99ee40f7411d3dbd819fc16

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.RYK

MD5 ac44728b0f4d5eb1895b4be13d75f586
SHA1 46ed7117bb664746fb2f5d3ae9bd439cedead778
SHA256 fb1aaff4b82e4adcc7014748b19937b3c6ccd754cfd1f302a4a1f9e700320df7
SHA512 7a1079ae3dbf23962c3fb0a52d7e7ad61d83af4d8b28cf3a0dc6a5b655118412697fa1bef11170d6debaf8390e5e8f6d87b1279325571eb4ab8ed057304b954b

C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.RYK

MD5 49ee84db555f97a14e61b5b4c7e8f2a1
SHA1 26422258652618115b9d193a9d469f9c7666b002
SHA256 3f02f6b62b5463c6a7c1e277c3f554479cea129756d6d19cc9781f1ece58c0dc
SHA512 47daaf1dc9d463044d5ae288d885e50a4ea18756beb7469d9adf55f9059c68b2a61301d2fb6cd4d472c0e41612a4c3e217aecf15b6e79949748094035aab5388

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.RYK

MD5 c8bbf087c72d8f9910b23c2a520cb6d4
SHA1 7a16d8fe1d83ccf8be039dec9df2e4ffc4eac389
SHA256 8e55a3497531a6a6427f3d9e469b955108737a4379c7fd83134f27dd7bca4d25
SHA512 a34ce2a0f19eed36b13f9f3d3c9e81162de0d5e4510bd4a80e5da00b224717aa6b1bf5fd710ac02600fef0bce07e4475b8f29a93ac2d44434977426a6716f663

C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.RYK

MD5 911645741b6fefc4231eafffe4bbddb2
SHA1 7ae4c0855a219c9c1b409ddccc2d797a270c653d
SHA256 88a8abb106727c6971b6d5e8aa4fbd30bdf0dce8e04b3f3af7443bcdd1df01fc
SHA512 c1d61d159e5b8bc65d39d4be8988c36f9b378c5731cbf3028c3c21c08eeab12af107b8b3522c843e90f9e623cd8c541e8211f3db3b4e88c305f98ade63df4970

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_f8462d6b-7d99-409c-b6aa-08f77c38ad4f

MD5 039a143a78d070bfe08075a78df50c9e
SHA1 f4ff6ea6e0f2b4db2e82523fa51e53e8946bc675
SHA256 b037ab5fea4d58843cccea78dcda1d10417bc4dd756d38b952ebb894048e8f94
SHA512 acee81316904abe76f203682f8a2767e7571adc112889ac3c5426e251ed460d860f98ffc2545ecd56d3f13092fd1c5e71612db55b45615ede13d8852ef1e8636

C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.RYK

MD5 7158aaacee6265e6bcc6e85315f4da52
SHA1 6d34ff29e74a226647f134f057c5addd40c49248
SHA256 10f65f4d67f5272bb748611d75526a75ad9f27a2da4a7bfbb7ac3be38a5347cb
SHA512 547b7e4f7b0a1cfc1dd19d00f3911b54ebd88ec43ab44272942ed804e38ff43e0f62782649a01a8a4321c37f5f293b19f181ca53cd09e0ea7f0481a9a0730106

C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK

MD5 dd75320915f1765d15943c8d0813bf65
SHA1 0a1537ff1e2c745cd97837d719f20538719adeb4
SHA256 780d3234c0c49b5508d62b9ba8767105edd0a657642b279447de9ef0b0f3798f
SHA512 0b93139ed76a0ab78205313cd89806cd8987f4e04bac1c0b9b4e691adcee0f5924d2d4737f49fecc1f8b041ce9410b874337e4780b42f93deb6b617eb15b19ef

C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK

MD5 26c09667682aff96bb398a5887a21b78
SHA1 d2b6c2918da6641bc67452c75b5c3179aee1baef
SHA256 46321189e8b1da29878e98450d1bc63ef18bd184bc48443c886fa5a9c040268e
SHA512 b2b9eb3d5e4338c9fba103acc1a8edbdc76ecdc5221de619063c5aab1c706944421807b126b36a3b4a46a2f256639e1379243ebd71d10e23a048a767d0a8a7a4

C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.RYK

MD5 c2ee446f7911938a9bea076ac2b59e24
SHA1 2ce5c1835a1ee0a26c5312f5c019d25e98785053
SHA256 14e68f8e388ec3bbed6fcb8c65ddcb88f265e3e0f63d1249f4142c7df56197f8
SHA512 e7fef8b1701628e896c083eb22b0ac58593b16ddae3ba4050c26b8373c10580017078a6abfa41da4a12be340b13713f1fd4dc8c279893d03c7ab00d70b534f94

C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab1.cab.RYK.RYK

MD5 214b64531bc22d37b8ae2e769b9fd784
SHA1 9be110ca308c3cce09cb34f78165d263e575667d
SHA256 038ec0ae3534e8cb26f948485837014aeb6e4101b89d0a002e81ba4ad7285674
SHA512 899f600001a6223cf03f46a4d158c9c98afdd78d10d9feec80f5e6f22528f8b781ed7b0d96d90d506635f77a5fc04f891872e97b040ef9c4fca0c3a198c7ed2e

C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cabRYK.RYK

MD5 9b9a9a37e8762d8c7001294650484444
SHA1 607f3395d67c3d5972b4621e51e559639cec948a
SHA256 9f1517b1ff533ef858a70da83ef230125b18a63d68d14d2e90ac5ac66e65cc58
SHA512 6780048e4d2bcbe0dec28f3d439ec47f38b4c4376013f1636e3f9accd764ee7a86b882fa161403c97f6d99614ac74108e85bbb056f1c0b5c054de9fcc00992d4

C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_f8462d6b-7d99-409c-b6aa-08f77c38ad4f.RYK

MD5 6a626fa42fd3d0e320706cc175b871cb
SHA1 095189e4e6eff627afeb871abafb4b4b3892498e
SHA256 856ee6844543ec1bb2e03640544c1c81d797596f346efe913aed288c2828cf6a
SHA512 219043ce9b782cc28d5efb3cc6f64417e802958c6152066366aad67e7a394f2836136391188907150ccb704d02de697b72060d8a9104e46e9d08fd0f76f509dc

C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm.RYK

MD5 37e706a895642eb6f22fe0967ff7348a
SHA1 7172ffe220e01f5cd655ab9ca8cf431ed4c35b8d
SHA256 b542754d3555984cdb4d31bb991f8378af6453374bd1fe46698025f6818adbb5
SHA512 2212409e73a92a4349e3887a9f9714b2d8cf2624a5465154f07f70b844f8f8c5b73fbda7ae4b4f6ccb1295eff617551cd7e1906c89f5552c6c04a8c504b5d3c4

C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm.RYK

MD5 96e83c8b1bd60149d3c43ec8f4587a5e
SHA1 a8ce6255e1049b04aaaee8f5253627ec08a41f2f
SHA256 f75eb10689ad19c246b46a042bc8bb69bd65da1292dc346fc24621bc4f8b26c4
SHA512 5aaf19bf236425832cc5bad0fe227fdf469b93cbe739060d6e7e175a768edddf627d921780195d6037e92445b2d79255f907611abbb73b8661bd88ccb3b87335

C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK

MD5 0a2b118265ea1ec669b18012519cabce
SHA1 377b2eabe06a8e14d83041a101b0cef363e6b88c
SHA256 cc4aa19c7cecd2dc1df2b32c019705a8e66939703c62d24fcd4bf1c0e9ef1cfe
SHA512 e23215d99ef08dee9ab7855c79018d148334eb5fc29716505ab43420bd111f8429d40f519ece9797fb749c2bd46277fac178b64400fa46a1cbb080cabc0967ce

C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK

MD5 0e9cc9a64be0f3d230a2450d61605fe8
SHA1 326a76926eb6b5c78e5b80377064264ebf094170
SHA256 e6862e202f60e05af780f90737e83aeb6aa69b262a43f31581b87ecc85af3faf
SHA512 a53d15b75e9dd7c29807191546447130af5e6afd07197e0042aa99cc7f39373aff47dc189be6f269d7c9ff2ef57d2c9c3d32d6b8cc3dee555f4b2576f1ab289f

C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK

MD5 838d1764cd1b91657a1346cf545c870f
SHA1 1997cd1fa0d83ec483df4ff5788a4ef6631a66d9
SHA256 9697670bd61d3dd79beecdb55a13123ea3d85c6c9d3f67a52be4d1e9752edb50
SHA512 558823ffd88a2378d69d07a682053056a00cde1606e6671b6796ef4a5c2cf42964caf6cb4cec3f04d4be101c6c9cb2afd9c0280a3bc5fd37929aa1bc05f0172c

C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK

MD5 c294805663ea34914572fc43a17b51dc
SHA1 f3333ae5a3f5e8c28138a5040ae85521739661a1
SHA256 ec463803ed037cbc31a317aad6654bbe4bdc3b9923d8ca34826eee4cde78365d
SHA512 64b54cadc76d85f5c3abe06dd5a23256ee4383983773f379daca34d68d89ee372f664e57ad30d4bc6747c57249bbe2ff37d20eb214d5ad0df1183bea014b1b36

C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi.RYK

MD5 f2178bc50c457941bbda7cae7e817a6e
SHA1 4696e2aca6eeba7e576ed652cbf5bc18c6d27282
SHA256 ec1cb61c992a5c1f87744ae0ac4a4227e27854d8b9cb224c83493fea45ac242c
SHA512 de70eebb67d26822e63b7a7adde6a2f5c88fa69ce2ce30d03d3b73a5199edb60567440f278120da093c48c2bd8fca56eec459bfc3bc8168ac0a1f2db64e3d0e4

C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.RYK

MD5 a4a89cb79ffc7e001322ee8f6c1bb8fb
SHA1 ea472d9709c594ca7625334caecff8d7ccc7faa2
SHA256 fbaaafec8f8ed9db9f8e02e67bd9802e66f857c02fca1cd57914c1f8f68f8b4f
SHA512 a83179d3ee75a7979bfc29f47bd9e32c6495a888f37603ff70b28bd59562fa96f44355bc535bdf892f5145058b6b48fc0b124343adfb87d185c2dc8e06ad9afe

C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK

MD5 89abdf8631894b917a9876660070f1b5
SHA1 6744853aa06a9ee55122db08e36759b284ca050f
SHA256 4ec723e39ce3df873da4e91d2252d8d9a272e8d52370b1318d75ad9c30b05a95
SHA512 2817d69231b8053f3e6cf549d1dd1569a6e7625e350e315ab2c39e0738852fe0b6f755402cd6d1354e1e3e2f4f07cc1a8d06df94f941c6bf142a71e051df3c49

C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.RYK

MD5 97339af8c4a13442f7dbe3cce6cffc21
SHA1 154fe92f0aef553cefffa29b48b0b7283b02c391
SHA256 6f8e258dbd4bfef27c13e9fa95ef694a2ffcf041e8841d456282f339e47c82e4
SHA512 8eb713a4e99a3e0a3376b48cd81cc30d98e11250a92132dc3dae2a9c44cd78acf1c75db580f9505f6d3c091c2842efc2af0b4ab26ce32794366550082d6533fa

C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.RYK

MD5 577013425da283a2820e69eb3c8548b8
SHA1 d2142113af532a033821dfb3c404ec4b7e448998
SHA256 d82a702efbf0b5dd3b6eb6440f44baa8d0bf21e7d88098e650ea669b1bf559f6
SHA512 5c889fa98ce238e735243dd5d9c750a6c4a2d7ae0735d43fa586325f37de3a3820d7aed168f6e7f39b31d6b9ccadf7027dfde3873ed6fe93abd51e011ece8d1c

C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.RYK

MD5 bdaf46850cfb6a9ab66028e120d0c2d1
SHA1 907548c13af4de61bfa05abb4b7217a2d165ff20
SHA256 5cffc9a538020d0d850da4b854436ec8bc0619491acbdcf4cc09e12e33c55cf9
SHA512 001cf27c4c2eb09dc3442016b64a167841b816fcaa677eae19e20040fbd37d96bc008de736e6313d0187e977850725be74d92a9543b8a156091b26b84af7b52e

C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK

MD5 22d23cec3be0a46e73fd842c9b8f58ed
SHA1 8d564c80a87be23e83c43ce6323728f03790d6ce
SHA256 3c96a1c112227fd446b608aa723e495111a0cd11890d392edd00b2b29fb19fa5
SHA512 7ab0ae22bbd9570b6f464be9b55bf6bba171e90c346d2aaed02fe01ca7dd02091fa4d1e575aa378f1a9626694386992e285dcd753172959845174031e3d89167

C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK

MD5 8bb772d68a8379ce08e294b477734bc1
SHA1 da707813028df6b62b6e45b03b968b5dbc80b6f8
SHA256 4e78423651806bc89e2fc503b98750a3cb768e4e8a9a23aa19a97e655e9907a8
SHA512 de38fcffc860edeb79f1e4e14974b1863fe51042a38d4f9835d1c64f7d68bedc7365e726d2b6c286e491bad44cf53935ee63b2e0de5c462dd577319f597c4b55

C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.RYK

MD5 2d710783ab7740cbf8518bb8aabadb45
SHA1 a77dd1cfb149a45a3112fc28a3cd0840c206fd30
SHA256 0fdcb6222c1b7b0a68bf67787b81ddf0247113b9339238db35ee08ae83ccd15c
SHA512 963b009e8859e79f0d598c5f119ff66f8367f4673faed4dcde9b144ba744f05ee90175ce10e7de08846f621c830d7409fa014c39905601bef45d3b6de69fdb9e

C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK

MD5 b23cda52a06ec189ecef26a0d225b7d2
SHA1 413905fa687b5a40cb2e0a7599ebce5402fd0d4b
SHA256 4ddd46e065f7e2ae6bf06db6c71bece7532cb0453f4ae9e8a0a10421ab3f6204
SHA512 7ae0caeeec1b76d2dc557a5c273d7281a4b2ddf7b2a6cc85b879e746222dedca94f539956d2c21c51f65bd1e17109cd6d03a53ec5753a00436c184cb5f2de6ac

C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK

MD5 79e6b2c2f517f4c38706e0525c2aef62
SHA1 491ee9bdc4760957b3c24b42555a1862fb38a443
SHA256 d2b156d16b11f632b6ee64c8a963b249e5d201df1c72fbc1cf26f48a28449dea
SHA512 d3a6aa950d62971e07932df958d01d792e2fb91224af14dc1fb8ee9f714ea4fd4c2793296b27e8ba5d3912d435e777c700bd1b4b59b102341d2c711bb8a0daf5

C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.RYK

MD5 45c5cd0a7b3e311224cc31264f32a79c
SHA1 8e646bde9e229445313eab4ef6c5e1f947493561
SHA256 88ce069d21734708aa781784a0e864c37503309ee79d52c6f99f16372cac0cfe
SHA512 9d793a9c0ab9d28d6d9679d728f27ae587b788661763e21c8df148449e20b66ebd6512b98e545ac72dc958c5532f3519e7a0c8f411547d9f33dff418f1ddcc0d

C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK

MD5 5a286940935b9956d16662dd7866fcc1
SHA1 373ad7865f497015ce2ac64f5ac528e76c5f0b15
SHA256 4f036ca80bdaee00ef3685cffca68c49e4ed90d9d8b5ac98971e70d049ae768b
SHA512 dd3d983e1df63ec97307df902a8bf0f398797a44134260eec3702d1f250c2880ea4e9a4f58f90b5e010aa341de23cb84daf8885f9a7b2de54098d673975a09f1

C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK

MD5 bd93aec7fd4d9788c85e84e8dbcdce71
SHA1 7769d01f6d6febb57bd820cf5282d08e80ac638c
SHA256 ce816c446a82406f5c2c51dd6ddc2768313a00b90604f588d19e9b9ad8243bd2
SHA512 e42581e3c77f9f23646a20c88eb5bd370a5b11d5044dad0867c1234773b0d819289fbd40fb01eccac551acfb349adb920ff5183533d59a7c8baf31bb040ed06d

C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.RYK

MD5 a4badebe1ac7770c43c6331b20af3169
SHA1 042639fc1de2d319d9a1d20706639941cc6376c5
SHA256 ed0b176b88f48814573d18f4c2e289b83d74e36bd9472d66f13c6a6edc9605ee
SHA512 fd8aabca23fd7553069a6f76e8265aef466d6925932c230394e12165f30931f8782df8f1db680d554bf571492c3831c668eda4d26d6fe0869d20a8e774f0ab28

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-11 20:06

Reported

2023-10-12 14:08

Platform

win10v2004-20230915-en

Max time kernel

37s

Max time network

70s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A

Enumerates physical storage devices

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 32 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\system32\sihost.exe
PID 32 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 32 wrote to memory of 4972 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 32 wrote to memory of 2316 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\system32\svchost.exe
PID 4972 wrote to memory of 3056 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 4972 wrote to memory of 3056 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 32 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 32 wrote to memory of 4824 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\System32\net.exe
PID 4824 wrote to memory of 4448 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 4824 wrote to memory of 4448 N/A C:\Windows\System32\net.exe C:\Windows\system32\net1.exe
PID 32 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\system32\taskhostw.exe
PID 32 wrote to memory of 3260 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\system32\svchost.exe
PID 32 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe C:\Windows\system32\DllHost.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe

"C:\Users\Admin\AppData\Local\Temp\Sample_5d283d656ea1e5165f2c7b8c.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc

C:\Windows\system32\taskhostw.exe

taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "audioendpointbuilder" /y

C:\Windows\System32\net.exe

"C:\Windows\System32\net.exe" stop "samss" /y

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 stop "samss" /y

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

memory/2296-0-0x00007FF6200D0000-0x00007FF6203AA000-memory.dmp

memory/2296-1-0x00007FF6200D0000-0x00007FF6203AA000-memory.dmp