ryuk | f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f

Analysis

max time kernel
124s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
Size

436KB
MD5

e7981e5d16518ce4a1e70974e676b0f7
SHA1

562f99603eccfcc94e7328cf8f72d26301dca416
SHA256

f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f
SHA512

98f9842718275de8dd67a354121885d14506de52669ea2e4fc927ec3d292f9f405d23e45be19ae1ec875cecab8cfa532a77a1e6291f8ab869e8de30c98682ab9
SSDEEP

1536:gnAgQXhJCxVUzRTRf+TlNXQdDYp3d7Ye5gtFTEllM75wXwtQyHsWSJcdH4JNMwoc:H/yDYslp3dEe2FHQQIYH4/MIq

Score

10^/10

ryuk credential_access discovery ransomware stealer

Malware Config

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Renames multiple (7054) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Modifies file permissions 1 TTPs 3 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exeicacls.exeicacls.exe

pid process

2100 icacls.exe
3040 icacls.exe
3052 icacls.exe

pid	process
2100	icacls.exe
3040	icacls.exe
3052	icacls.exe

Drops desktop.ini file(s) 1 IoCs

Processes:

f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe

Drops file in Program Files directory 64 IoCs

Processes:

f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre7\lib\javaws.jar	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\OMSINTL.DLL	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0301252.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105338.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02287_.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\RyukReadMe.html	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\Wks9Pxy.cnv	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01046J.JPG	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\RyukReadMe.html	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187883.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Casual.css	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00459_.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\RyukReadMe.html	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\micaut.dll.mui	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00670_.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\RyukReadMe.html	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00345_.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0195534.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107262.WMF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01243_.GIF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Uninstall Information\RyukReadMe.html	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10266_.GIF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\RyukReadMe.html	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\PREVIEW.GIF	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exeicacls.exeicacls.exeicacls.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe

description	pid	process	target process
PID 2724 wrote to memory of 2100	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 2100	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 2100	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 2100	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3040	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3040	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3040	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3040	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3052	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3052	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3052	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe
PID 2724 wrote to memory of 3052	2724	f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe	icacls.exe

C:\Users\Admin\AppData\Local\Temp\f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe
"C:\Users\Admin\AppData\Local\Temp\f55a5b28aada98a9618a9e10f5b4a9b46e4c5f61fecc962927e2815be6aa898f.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2724

C:\Windows\SysWOW64\icacls.exe
icacls "C:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:2100

C:\Windows\SysWOW64\icacls.exe
icacls "D:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:3040

C:\Windows\SysWOW64\icacls.exe
icacls "F:\*" /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab

Filesize
22.8MB

MD5
e3432563f3b3a75a562cc59cbf91d35a

SHA1
b079a64c6f19de501d264ccd25ef8de9c4cf50de

SHA256
ab21d1606e3a76eb93abc4ee8747e74a674d72f0ecd8d3eb640508f0049f38d4

SHA512
a53f68c10fb927f48fd340678905fded299946c0f7e67e95982ea37c06aec57e0ef93f4aad3719fd910871aada228bc92e6fb0e101f62cd1a01daeff7fa392e0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.msi.RYK

Filesize
2.9MB

MD5
4cdb26cab8d7b7cd3024245a4a2eb41c

SHA1
f74495d47de4995b26b4426f819be2dfcca4af26

SHA256
cfeccda2939ef3e6c66aab3165f134f1c74ad9bbd7987d87e9a6b0d90c4dfdff

SHA512
5d2bb8527a3f4d448687c46500c271de5bcdef008784ece409c209e31dcfe12df5aa83fda60d7947dd435be55e1263cfc2437036d0dfda3c59aa640a17f9e804

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.RYK

Filesize
4KB

MD5
059edcafc203c5f63ca0dad3aa0a12bb

SHA1
7df3917926e11777536564623f73291837bf2649

SHA256
3f5c77b8c5dda4ef956db1d0b7a78c47d13ed0c0ed28acfafba1a7e591dc5b07

SHA512
2e05de5f2c6514cd2e52ca5d5bf5c09a3c3cc588bc76664e42c1d2519910493ecf527a636ae0a4f188266f0386b54ef200e524f6fde1161ad9068ccc0db383fd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.msi

Filesize
23.7MB

MD5
0284416a82b96d62eaaf2a1ea5ceba2e

SHA1
35a27de240de0c5559edc3f2f496d7bfdb24b9b2

SHA256
247466e9730849ddb1fb4ce710cee6b7f4a40ca41c94be36557f50e831580ce1

SHA512
c346e7c6f855191a5842fdf481400e5de2d3fb8f46cb16adb4970ac4dff7cd328eb0d8050a9ba31c84905220c41190a861ebb461dc985ec9631d774b748554bb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ProPlusWW.xml.RYK

Filesize
17KB

MD5
ca3628471847582ac6c6409f730e2fcb

SHA1
28ca82203283e759fbac95e91ceffc938563de5f

SHA256
1f64b18abf23b0cde138ddd581d658acc92fe07f910bd371e484eef903c62ad1

SHA512
b4bbda4c458ff30dcc0b54a670af7dec9295f04a8bc0410351f3f4dfe29d97ee566579ebdbdcb7fbddbd0bb1bd6f09643b3d3db16007aacb007e2bcf1d5502d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
31KB

MD5
f322fa33f94d7e8301871f14748619a7

SHA1
ef8866ae9a9ef18f2eb9f2e4987f226a056681e7

SHA256
8fb086b28fca42fff17e473cd110eaf659fb9d834290ab96d7e12db19330cc7e

SHA512
0b0e418eb244514704af446df73edbbea3a925d09af6ff5c186c02a7571aaa7a0f3d51c6dfa6d80044e376e76cb21fd4fe4ec0faedb0865f15c6997903d164eb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.RYK

Filesize
699KB

MD5
47fd3450e5bddf455f31c57e042c8dba

SHA1
3435a6ad7b4ed4bb2c1b357192c0c12095323ea5

SHA256
26fc3f492074b7729088dd6bca97a123c3023a33a401872cacb33a5dbd74ced4

SHA512
7edfba8c72b403b9e1ccf7930cd11541592e2c3f80b94822ef0ecfd386d6aad51f7508e803c67d6e80c40a96e6216a006fa3a6f26377b3b66132687745f3570c

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelLR.cab.RYK

Filesize
16.1MB

MD5
6f14a0413a91da4eee7d8f39b51bfac8

SHA1
e459d626d5cc8270afcd9f058d606c59d59faa32

SHA256
3c0d8aefc5a6c6844ad3a6ea9b96c60544d83c61e711fd80105cfc94bcdba092

SHA512
e23d89a61b2dfdb0ddd8dc67359f31c3f4130df0a0a15d084c5716dce54d2aa8a3f665f8a5a03eaf315079dbd5cd4f8796a286fda5fb26ce132956b22c987e2c

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.msi.RYK

Filesize
1.7MB

MD5
bd5358b205bdfbe4687fc37fa9a1a063

SHA1
c48a941c976cf3545cfea5f7012bd3660593c6dc

SHA256
c96084b50620b06be6a9773ecbaf4c1275ded2c1b869e1df0fa2576a7e510612

SHA512
84cd89dae38826c23e3a13963f126c8bdb24ca75af89fa5816217be721b1896221a85eb54d2c48b857dc4917847f424bf8c0153964af310c425585b8a934e2f9

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ExcelMUI.xml.RYK

Filesize
1KB

MD5
071c61b902fae9a9e17de5c89c9ffa6a

SHA1
f28b1876626c9dc53d5077d59aa8586a1ae5440e

SHA256
d3d75723bb0cae947bf4620f56556d97b6e7290d519ae4b5e090843ff4fdd880

SHA512
7365aa289075ff2f4a2ea7c0d4ca4de58d125f8193483250f7bcbb0e6a30694e0152445ef57501d615bb4f47450f61d8f2a8512b23b55b2509ecc4c31e9bc6c5

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
2KB

MD5
4807b34c4d6cbb54a014277af6c91e0b

SHA1
5e86e24497701f011e445bb0969037d2fdf331d7

SHA256
9bdcb42f7885abd197c161f5e08df1203ae3acadc50da4ca1e48c8b99e338956

SHA512
d9fd95cff7a1b730b8e18607e90a4450daec790fecde6282c32b5517f3863e9d95848b00142ae72a71f7c5b76bd3c0ff38e02d64d2124c09b03a3c5899fd498e

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.msi.RYK

Filesize
1.7MB

MD5
ea57b7fb2c14acc6f9dc662dc73379d4

SHA1
c356c885bed449137882ece188fa7c709fd6cd6d

SHA256
ed2051b8c33ecf520d10e8f9a5a9a87350915ec60a0329983ac6e5861e9e9c89

SHA512
4f3cf41961e4f33b48a5618b0238cc3b9a047d3058ba44d00c0e317e77136eb4bc98f91201e2e856e1a3f3e16643532ccc27ef7023670cf3a75a76d29507d53c

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\PowerPointMUI.xml.RYK

Filesize
1KB

MD5
1a7dd54b0b8477627a090fcc6975c640

SHA1
95992e9268071d82d2d9a1ab0dbb1d4d7b4cd3af

SHA256
b21fd2da210243b493e9eef3ab80a31b940854630dbc458ebbf8c907c5bc1c71

SHA512
8fb84910c9f618bca59b4bb6da0b8499a892104414dab5cc7c1d797126903428a318e22ea86823b0e3a2b6ae00c7810a2df3ced6cc825d035030022cd0c6d963

Download Submit
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
2KB

MD5
d3c5e50c4b3cb08a7a814183874bab9f

SHA1
fe404dbe76719126aa066aeac76614a64e2bd3c7

SHA256
12ed0a5b53ad67d1017777b065a90807f859d8ebabf9cb616c3bf12ea8f72b60

SHA512
00f7c7594c8ab7f8b0f5f5d629e30fa05abae9c96a82ac3b8df4046180a52834df9e370f969edf8b708df40f4b3968efd1f6cf7522b4397eee4d57ef08c938b5

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PubLR.cab.RYK

Filesize
9.5MB

MD5
518b00e47cbe2f120b7c059ab497ac00

SHA1
5ae49b9e3b0adc089085bc8ed6bdb3e205787182

SHA256
4e0be8ec4cd0db80fbaf3dfe1fe684d0c433b55ed1dcfda141ec38f664144173

SHA512
0798bf97f504c202a078de0385d3f6a987b3fe235a71f75aa4f9539e64e032faab47bfcc3606706264f2f5d7062855bd2190339d64445658b2834ba207f1f0e9

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.msi.RYK

Filesize
1.7MB

MD5
150e77dd4895846a40be91a320d18b73

SHA1
0b82a06544ff444d90be4411e74d2caa38991cdd

SHA256
6dd6d7dd9d8f975f52fa6399ac223d3c8040d3d282946b271240af22fc35a8ff

SHA512
8e9d38490fd1d2d8ec83ac3b7c7ce7baf43248fdfce3b2481c5a204f8235195ba7b9fcaa4770d9a53513a4d93969242d4656094806afcca6d8a0aa008ad6935d

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\PublisherMUI.xml.RYK

Filesize
1KB

MD5
716906235c3a39320c1358174530f66b

SHA1
de7276e01033b0431e64533e53ef057f6d1e762f

SHA256
0e237940dff4eb99d6b45f175453abb8de90da860566e0ba8ce9e25ea2f92267

SHA512
6a31091daa73b88413fef51863d5f16f7562a3974ae3f7ee67cd55cec9ecd909455c2195235275194fcbfbc20b5e28f423524d26a88d50b9c8e7da8daa948d3e

Download Submit
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
1KB

MD5
d8430c5293ae0ceacac00660ebe4eaa0

SHA1
4864584f2420dbb6eb9a5fc616504f09455115b7

SHA256
d9fd23a91387f96390c82eef4cfe7ff685c171ae951757ce221c4cb4336dcf43

SHA512
365fd63143f8f368bab8914aefe3be247383204737ce3e01dcb962cf15c1a9dcb846086e462e2346a33d7889212dad590eb5106e9596a72be1ed6a45385c15ed

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlkLR.cab.RYK

Filesize
14.1MB

MD5
bfc6cacb07052b6d4bdc098da368c870

SHA1
9657ce69361a0b31afed3ef3024c58fedbfbe9b6

SHA256
844896a8d550e520c399168bd665c8943bafe1b7001aac2f2e031be92a7ae213

SHA512
c72649c0c01edf2ab0d65cbce93f0e5ccf65fc1f855e63875bdc7003df21cccc417108bcc737b71f982472aabb5f679456169ef1936827a084069f6e6975aacc

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.msi.RYK

Filesize
2.0MB

MD5
39dd76e8661dce2e1f448fe06ae8cc13

SHA1
1339fe141d26e3c0d687c739eb8c1efeca541953

SHA256
6d3fd25bf79d283ae70c0f2a6871c8ea73f5158d2f56ef3f48aa98a9b9c3d96f

SHA512
ef20fd90e649711025561898ad3955527534c7ba858f0cae02a4333d44646bc10fc1c3bf9be37b76cea103d8af6c8424b272d66fd1d5a432619204de5a4d8dad

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\OutlookMUI.xml.RYK

Filesize
3KB

MD5
5e7a37f798568079976d6d11bc91418e

SHA1
73733ac10f6aaeb0825a823c56eb28e8c0c02e69

SHA256
4b28b56c362d96cde65f5d81178ef2421f10011ef09ca739fb5691485bb2d190

SHA512
ea82aa6636f762c1c8193401f55a891cb23e8e5fd77dd49bc85e4922c49371de7a0a2194aa41be235568e3627611f3fa757e9fe0297348af73a1928819bdfd2e

Download Submit
C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
4KB

MD5
912c0d32d56650edff4bf1dec861ef0a

SHA1
d16fce89313cd6fe4e234600454c7f5995a29710

SHA256
c495907451d16d0db4758343977defdc780775fc4c125b1a76f94b2a1b899d67

SHA512
8b5cb758a1a16b8bc25d9bd44c0aa11a9520263bf71fb2f1ea8fd4f59b585f81329d3ac9c2ae72884a22678bc319bbc49a0a655253fb0452e6e68e211829fb93

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
2KB

MD5
acad4f48a93755a5c7849b9adc9b360b

SHA1
d2df8eccd2551f166a39ca0a802a1086b74c4582

SHA256
31df119f2372088066dc577c3e4c4a1986259d01adbdec56d3f8c744a6c716e1

SHA512
38f76342072e4b0c14a66263610ca3395193fce2bbda5666e6693f904ae1e67818eb79d73dab5d0985bbb68da72e1f8475e291e0db23313e2be47995a79721f3

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordLR.cab.RYK

Filesize
41.8MB

MD5
55b9f8de3246ea0d8cc6243a550ad69d

SHA1
4dd44a97ac59d3e6ee8847e300118439d9eec2c2

SHA256
72e9b237ade3cbb3233d00bddb1f3d28fd4e13f9f40d922d0543413513f365ab

SHA512
32459b7620a9bbca081dffaf03f7e1bbd9d717bfa1b156b6529f057b48d860bdfd0eb07431bf7a811714660c55d33a1021901b072dafa61186441cf8492a929d

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.msi.RYK

Filesize
1.7MB

MD5
a7acf67325f07733a7471dd346b0ec09

SHA1
05e5685dd190396feabbaadd94e27ea621ad74ef

SHA256
9f3b7efc5df15b21cc74e5a3d609890db350b17cf0ecab9556db9d1cd7eb2715

SHA512
837687754e9afe3017cc58e92cd55eb9113200c7b23c487569156b178152baf43740b4c1287f413f8079a8192b24b237e54758d33a13ff46dbfbfe10c89d77dc

Download Submit
C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\WordMUI.xml.RYK

Filesize
2KB

MD5
011e6b79c4291a823c7d8471f6577443

SHA1
1d6b710ca5e7d63249317744762f47e687ddaf9e

SHA256
b5196b99294cb8c35e312478b49314b22664fe9746a7a8e3dd24b731638c6b02

SHA512
3c869abb501c7f8e0381ecc1826903ff294cec0712a3b6c2cedd74f5cc6e70f653c00297a1a556a12aaa67887afa2a00f97df74e13c6188ee8adad1bd6128182

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.cab.RYK

Filesize
10.4MB

MD5
97ab0c85a51d138ddd18f0f8624144df

SHA1
29e4fdc6a2657d438fae66f89d8e863f6d484174

SHA256
29b95cc237b8bc4cd3fec312ca65a0e96800717b1bddeb73dcbcd14bb21551ba

SHA512
ca54a911f3fb5ebb421a71fe679cafff370674ae4c481a9d924a75f874eda440df11af95b6f42027f65a9d2f2e1d050bd9bf7cfbaaa7e8f5718d4c30c0426e6e

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.msi.RYK

Filesize
641KB

MD5
1d9dd70617486b14c90bf004677959e0

SHA1
1f642bda536830aee7d50a92bcb358ff6c7d0329

SHA256
42d50b97016fd5929f6000af3007b422505f37fd55753954ce4fde980c1008c3

SHA512
9ff20ca68a33af3f7bcf36bceb7202b926b24a65b3009cae7c0255f730fd4822a573c6997edcb59c8cef2f2f629ba301d86b85b83367b0f210bbfd62f41c9068

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.en\Proof.xml.RYK

Filesize
1KB

MD5
8987b923be72b3a40edc465f5e5e46fd

SHA1
e05bd3aa3354261279b7ef58aeb87ac77cdcb862

SHA256
13a347591bfdf7a44ad1051c3266f0fad9c51951f995a36318cf8f9a59a95284

SHA512
70bf38307957dd786dbda5a95d8953e0467b9611390863ad5ccb807675a1d8f898405471d5413e00224667d2f02a6b11d1f8fc0c4eca28497b79edc68c1a6c69

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.cab.RYK

Filesize
12.6MB

MD5
7ade2a530e02aa90ea0791e7bcb79236

SHA1
54037fb1a5a39baf5bc2a18343db2b948e7e7014

SHA256
649fc2b035ce796dd7152d299bb96345ce3d16a14a56c755e55b43223f53ab7e

SHA512
e93c04f55cce18d6eff8f1673b25862c2d518962324d50a54b491b784bd936287b9f7d4a838b3e6e2ce94f31797345aaaa86fbb2d74b1b7cac5e5b36ad9349b1

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.msi.RYK

Filesize
647KB

MD5
10f2559323a586b1a6d71459db546dcd

SHA1
0f57aeab29d91f8c7140a48bffa51824b69ccae6

SHA256
eb313c94414c47f725c362fb3c6a7530a1d086cb0bf1d391ce04b2a08d0fe2e4

SHA512
7931c8a4f0ed55958551043340da0c3d95eff2359ea261423808d91f5058f0b232f14a85a461d8070835889c83447fded669a39cd54af6fdb4157321dd1886f5

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.es\Proof.xml.RYK

Filesize
1KB

MD5
474c7adfe7298126491a22ee27d2a1e1

SHA1
4e631fff862d6e6d1835a38dae76c34eea147430

SHA256
41a980406d87417f88bcf0b6ca1929eefdc8ae87f3917a0beeb0b9d86b9eea26

SHA512
fc9f344fe3499e94bba77cdba0c5990672142f76f81c0bce1f7c7351fd19aa16af927cb52203f4f7a8b125ace8fcb435cf3b697f8a19705c8dcf5d4f6f9dfe1a

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.cab.RYK

Filesize
19.5MB

MD5
2f6d5dd0eb4877d221aaeaf7e8476094

SHA1
e4b21380aefff6a66a3db0db9b896e78605b956f

SHA256
c8d6eb75bb769976a54c9cbaf019f43775102465bf7ee1c194e09f2ddaf4cb42

SHA512
4896c782b6ad8852ec8d1e691ddbde84eca29f2d16f5e2258067a58df850f2404686bd006d921e963e7541f6e421908b39fb3302f19143f47c6092a939417f83

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.msi.RYK

Filesize
652KB

MD5
91dd720bac4fcbec3695995460c1e895

SHA1
d21dcad8327906ee9f7c28f76d31550a47909475

SHA256
2756a5a8dc000eae4441ebb9af813dd6b3a216bc0c0da583e15045a4c2dc7a95

SHA512
a7e6a45c52c8a40d074a0a3ca71e4aadb2f0ebfd64039596262eecaf51f80e9b7678e235bd8637275297c46d79f6fe8e68d30419fbf00899b1cd659cb4d65bf8

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proof.fr\Proof.xml.RYK

Filesize
1KB

MD5
28402f7691eb881e4cb4995b3df21147

SHA1
8af587bd206fdd41e13d309b983dec6519753192

SHA256
b8c62638d83f51b07f9b8b3f8fef197b7258fe0588bc711edfd2f68538a47576

SHA512
0adad8dc369dc402415fd99551ac951bd72159a0837d002e3bfeccf031ef68fa12609335e736987446cdba39cbc7b1d692ce9ff3a6874379fd78bb12e2ccf9b5

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.msi.RYK

Filesize
635KB

MD5
7dbebd2e05b94307748ebdf65e4f16e9

SHA1
56e84621cb4bcfb0443754824937ebd4db4efc6e

SHA256
b2a16aa54fe9fb811c91fb2b963077e9ab08b80bfc8bb6d10923d4bfdbc2f65d

SHA512
e8f4c5eaae1b4f7a703fd48e2e515157556ba267c136b7aa004aca6feeb43bba5b5fe98d933d438d732a0824d7b5175df094fbc568eb13712b8b1079989dba9e

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Proofing.xml.RYK

Filesize
1KB

MD5
2fda5f0aea2ca929af77714b3841e8b0

SHA1
ef498fbf0f175fd8fbea098eec5cf83c328c9a11

SHA256
e67616025e77f55b479b6ba1cd27cafcde148d1a5b654c4f91d39c647bda2781

SHA512
c5a6992c2bde0c286dae487fc77e292ffaa37c867b327ae1f22f637a09e561708df8dd4a6e02165939483a029924e51fe8aab320324dbdf28bcfaa810add9c10

Download Submit
C:\MSOCache\All Users\{90140000-002C-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
6KB

MD5
dde035a9a7e432a532e3e3417d620f6e

SHA1
fe93f41598162fcde4e7c0a333cffe4bec8248ee

SHA256
ac00fc152d4b2033400633de5cffe69c53915a9b623b502a5fb6acd94a5c8861

SHA512
3fba1c211d94767c254adeef7b5dc7822992932ba312216d84d37e02210f7f5e0f935eaf038f511a8ea549052987b647e2cc7f1841322bdc7315045919933b17

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfLR.cab.RYK

Filesize
15.0MB

MD5
e463fd77a5ad4c4b5c485a43a9a11b7c

SHA1
f57c7269b7819633856181358c2297cde178b96f

SHA256
3c5872db116c978abe2e55280969d4ffbdc9e431c2d91db47ec8051c01ab129a

SHA512
7eeaa06ee173d1183b0bfbd616008e9f634585c2083a3b7989a9dc206c662c2af79780657ef4c4acf4176aaae3f3d8722a374e2cdc639759a194c766e50133d9

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.msi.RYK

Filesize
2.3MB

MD5
53491cbd8bc2b83ae77c8d7799096fd7

SHA1
9912e9e84bd823cc5720e99ace32e092460422c0

SHA256
9f0f3d70bf1ab4a1b88c9bb9442bdd1958ea772b69ce60530608b81fd5582d02

SHA512
943dfae5cb285ebecf6a44f5f60e850502ee18d77b7aee278a36efdd821eb1101ab2622a741bc6d2294074482338b6158a8d3129db4ae49e61373a94afbcfb5c

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\InfoPathMUI.xml.RYK

Filesize
1KB

MD5
e77149fa0f3832f3a130e3f62c416cc4

SHA1
9e1e6e9cc0632541fb74220d360afd1fc0862038

SHA256
adc5f91497a61b40d403a48dfb2889e2a38ef29e1ef5699bcf7af3896028121b

SHA512
fc54899ae34e074882c327fa9b5f8f15a03c1c3348326fbcd9647cb9cbfca79dd84a076f41b9df971a42113d72743224a3aece6a00c28e70eac754bd2bf57479

Download Submit
C:\MSOCache\All Users\{90140000-0044-0409-0000-0000000FF1CE}-C\Setup.xml.RYK

Filesize
2KB

MD5
10bacbb2eadeb33d895bb42b44831cc7

SHA1
097763323e176a261e1e74fc901e088a95fec7e3

SHA256
59612551afdbf9a444efc122950b91b4f531309801e6b71d861b37ca41897ae7

SHA512
4c844ac8055806b4c23b29ab7cca0da65373fd8ce1601bd5b59937f860990ecf4c2c64fd1fe4a21f427a8806eca489807ee348f17c67d71930d492f21e97cc00

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.msi.RYK

Filesize
1.7MB

MD5
32f24ecc5cd878200cdfbb5ae85fbcc1

SHA1
865760fda87cefbe86b5189c6c04162aa8e793ce

SHA256
6633c60651d5e19e001af2a44691a6fa8829d10682c206954c91da82d8dcb85e

SHA512
1bef337959f366178816c5ecb155216e67453cc271f8807a903372c13565f6ae21e014983714ef70bb3d843786eeb11810a1a6d223a9e35888bba09b16e0262f

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OneNoteMUI.xml.RYK

Filesize
1KB

MD5
4983a39b68a8b2a229ccfec37638ff7c

SHA1
a7767ca0fc723a4643fb9d7156c8bd166952fc75

SHA256
ac5f9199721e5ed32071ee879d2a336ecd662de128b011985186185e6f67e544

SHA512
ff6e623e4d250881fd623b137e21dbf33a83e0ffca766061c3dab731ac8a68ff9f8c4de2fe8faed2123f95e49a963c7b4a99d312cd0ff9fb1549c5381dae79ec

Download Submit
C:\MSOCache\All Users\{90140000-00A1-0409-0000-0000000FF1CE}-C\OnoteLR.cab.RYK

Filesize
16.6MB

MD5
5026e2cdff77827b7e8df642aec0d80d

SHA1
fb2831fe248f0b873d9990de5785683e427c192a

SHA256
c4a74f7695f3f3d02c3466174c97bab10e3ac6a76882d52cb141f9c0a3c6e2de

SHA512
fc93fd572086e36a909199f24c32edce77e237bf8fa9edb9cfd3add1bd34ee40b41f61ef46e127582efc2b60ec761be2674bed887929a6c9ea34847a67601b8e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.RYK

Filesize
8KB

MD5
b111e9274d84d9754ac6bc9e705664d6

SHA1
f97a74ab7903957e442bf1496041df1b3a94c9d1

SHA256
aef301c8d6c79d1b002a45b99a5bcf2dc06e13e2d800ee1fe924e018d122f01c

SHA512
2697fbdff40ef26d767accad0308e1077767ddaa0a3f8fef22f46b8ebcb91eb8a5a37b084a130794a338ec0fa1400d0130aed843ac601468615f348f0d0d781a

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\ACECache10.lst.RYK

Filesize
2KB

MD5
538d1a7224dc09e9fe2b063fb92b17cf

SHA1
74d3a36479109994df0da37b7cd13c4db6259823

SHA256
2b429eeb9f4defdf9bd9e71cd3c062d81b30f1582cb1c514b7196ff38e3b17d0

SHA512
1c8a3132e7d85ce5200ce8b3cc046d2f31194f7c7f7ca9f6ff8223f4b4da6e681d7962875da0f382181ec3ac72010bbfe685d297c339f0e0f52baa38699a0a8c

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK

Filesize
2KB

MD5
683bbae935da265aed4cb48494e3fbea

SHA1
113d1107d6542fb8749bdbcb427d7df995898f38

SHA256
c867305e209f51907dda50ca8b41b237866e11c55e546165e9faf59a2d2eac92

SHA512
ae88ed8f5f6094bd3213cef404c66de4a27cf2852fc25d4c244918f18734ba56304a23a10a9b613358c7fdd8826dbe3b4ad57a9c080d7818e4ef21f8b7c2dbdb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK

Filesize
64KB

MD5
71d0e8f1c02def4ab76cf5c71e21faa6

SHA1
0f888005c020d71cd17e094486b1381753c1ebcc

SHA256
47ab5a043aa6566e8e6a5bf96a1b17ee4200fab64c49539147585535fa4e1ebd

SHA512
f1276141269477f0ea22b0f3b73ead228ea3a9ee3c281ec0fa2f4e518b50f260489af235ca0aa8e78f52fc7f828ade2d2943a2e7ea73b9c30f9b835d968d4ece

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASPNETSetup_00000.log.RYK

Filesize
4KB

MD5
ff23700f929fa43fc3efb53ce75703b8

SHA1
f488355be596ea349220ebed071a3a33dc4869f1

SHA256
bb4590534eed4842cb89f8f30741a20611cba6cac6a12ff3cac41bfa9b9935c9

SHA512
edb4716bdb7d28b62da989e62879f458aa388ce9393bec27431f09d5cc7f28aa4afbfc77dfa7fa1a3d12199aa1e81f3cc3e5a9c3b4b6d02326698d003ed7ceac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASPNETSetup_00001.log.RYK

Filesize
3KB

MD5
2401522b4cd9d4bbdf1d0e459c130f86

SHA1
0abc357c537e2ec0f367bf6f374ba4624d7809dc

SHA256
8e76b1bef83b75212c38350a65c73bc10ba77e701a036ae60b6d8a9e8cd8c62b

SHA512
f2e2cde90cef57130c71f695986132be96ed38af1366a18ae5f0bff3d6fa1929a4d9f6774b39c2c83bec2eb9315e0580366dcf94112df374f04809c7eaf0305f

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log.RYK

Filesize
4KB

MD5
7aa70d3f93490a3ac40049c031628f89

SHA1
b762325ccc24bb264e2b9cd96bb9b8f3ad37f998

SHA256
c96fc7ce412ad14a15780df47995ef0365eb5df1b3698662e1ae3fe2df4b05ff

SHA512
e598a92b033e95beb89931ccb5c8d74ae84ee1c69c71a45dc83695decf5c33a1f7415f9b3789c2b0cba671749937043cd385731c089c3bd08b6ee042518cb3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt.RYK

Filesize
2KB

MD5
8af5ecb5380025d34bb45f398e179253

SHA1
7071cf6d6c8f59175e3cb5703cfbe1a2c8be9cbb

SHA256
09465c6e2bb9112e7da83baef663c44f1773066ceb5198dd0a073f60db9edf9f

SHA512
ed6fcb85cbcab124bbc94c848fed32a1312a584d001365d546811ab4e1a48e91b36d34bde00334f4d32e7af6cc26e39bb8ab249f3faa0faf800720a5cd8d4da3

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI1FCC.txt.RYK

Filesize
11KB

MD5
d0e3b72a4bee0a78eefedf59e4e55ad4

SHA1
d23767be3c4001093f8ded59df2d5779a431e3ea

SHA256
da7ffb1ad052c3b417c0a3869dfd2fdb5f0be439827188fc403ff2ef824651f0

SHA512
00756b55cf75b0af609f5c0a8186054cd1adb6aec8dc3cc439343f0636ff737010e31196201303b51d773a877bfa7ed487025666c9c4d7fabeace940594e6e2f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-457978338-2990298471-2379561640-1000\RyukReadMe.html

Filesize
1KB

MD5
4a322c0ac1e2421584da04c934aa057c

SHA1
b5ac6beefdccfc49a58ef6ac538826df6ddacf50

SHA256
754bc40f679e8177c5e6df718d9f99ef9532bb41dc02d3bc37ef595c1887681d

SHA512
30916154d0a16b130573c9e97f5855610bacafed30d4fb5c30e9a797519e21530c031029a9624d7cbd64fdc5446f1c6264d27906774e5767bf2347f61d93cb01

Download Submit