ryuk | abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842f

Analysis

max time kernel
24s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
26/09/2024, 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
Size

200KB
MD5

592d8660d2670bc67e91e1cf2b80d7d0
SHA1

b85dcbe81d1f9c7877ed742bebfdd07216358d74
SHA256

abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842f
SHA512

040c2e18fb5b5ccfab1b604e96022c056e2c1a5bba8fbd3a0f6253f7fe9262f206b6e9aa508cc96bffedfd493735e4f274de114abfe36be94ae585f23134d172
SSDEEP

3072:FzOCLlTCrLBExk+bN4ejpMT/JUVWaI9shNI8:ROSTCRExkwOmM

Score

10^/10

ryuk discovery ransomware

Malware Config

Extracted

Path

C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\RyukReadMe.html

Family

ryuk

Ransom Note

[email protected] [email protected] balance of shadow universe Ryuk

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini	sihost.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini	sihost.exe
File opened for modification	C:\Documents and Settings\Admin\3D Objects\desktop.ini	sihost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
2804	sihost.exe
2804	sihost.exe
4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
Token: SeBackupPrivilege	2804	sihost.exe
Token: SeBackupPrivilege	3884	StartMenuExperienceHost.exe
Token: SeBackupPrivilege	2416	TextInputHost.exe
Token: SeBackupPrivilege	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 2804	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	50
PID 4280 wrote to memory of 5000	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	82
PID 4280 wrote to memory of 5000	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	82
PID 5000 wrote to memory of 2948	5000	net.exe	84
PID 5000 wrote to memory of 2948	5000	net.exe	84
PID 4280 wrote to memory of 4812	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	85
PID 4280 wrote to memory of 4812	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	85
PID 4280 wrote to memory of 2624	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	52
PID 4812 wrote to memory of 4748	4812	net.exe	87
PID 4812 wrote to memory of 4748	4812	net.exe	87
PID 4280 wrote to memory of 3152	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	53
PID 4280 wrote to memory of 3588	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	57
PID 4280 wrote to memory of 3788	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	58
PID 4280 wrote to memory of 3884	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	59
PID 4280 wrote to memory of 3948	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	60
PID 4280 wrote to memory of 4032	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	61
PID 4280 wrote to memory of 3660	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	62
PID 4280 wrote to memory of 2416	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	75
PID 4280 wrote to memory of 3672	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	76
PID 2804 wrote to memory of 3468	2804	sihost.exe	93
PID 2804 wrote to memory of 3468	2804	sihost.exe	93
PID 3468 wrote to memory of 5772	3468	net.exe	100
PID 3468 wrote to memory of 5772	3468	net.exe	100
PID 4280 wrote to memory of 5136	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	103
PID 4280 wrote to memory of 5136	4280	abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe	103

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3468
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:5772
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:46736
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:52012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2624

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
PID:3152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3588

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3788

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3884

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3948

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4032

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3660

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2416

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe
"C:\Users\Admin\AppData\Local\Temp\abfba6846b2f85b3b25dd71a5d910c356b64b04797c3a527e7f2f0c69137842fN.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5000
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "audioendpointbuilder" /y
    3⤵
    PID:2948
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4812
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:4748
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:5136
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:9620
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:39124
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:46392
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:51488
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:54036
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:84396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings\Admin\3D Objects\desktop.ini.RYK

Filesize
578B

MD5
732a35d618365a1825e58065713fe30e

SHA1
de0619d869bcb48e641d18925c30bc9cf1ed03ea

SHA256
b872c0ba51a7b115547da717aeb1ac470fd81ae565c457f46edc61cb47b296ea

SHA512
b1869161d7175b8a1e1fa45b4a593930874a6962562cb5c0166045c54c514f74ee11f084a958d28c49e0dd59d0b36a0029dd7f8dc37e868bfdb92caf93c05320

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK

Filesize
418B

MD5
4cf126090e1e2aa11ceab67ea71784a2

SHA1
e016a922470e58e9a21ee5232ab84bfedbf0f1fb

SHA256
8e7dee35015233931f9f5ec69c5ed6afb9076b216b8a6face33e09ae68bfa952

SHA512
6fd7d9aab8eccebe10a2aa4943a0e87336768ae00be92683450b02e434439d09e4adbc88cd609b53407b0b5316a90ab0e1d49a4f022936e18ea9e59c157b2487

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK

Filesize
9KB

MD5
85605e190bb85cd84019cf7213336abd

SHA1
134f655f64ce25e83bc907f946a91bbd244e6367

SHA256
23da24195aecd13e96623e6e9e8fa73cdada0420de820ad87fe84000f31971ca

SHA512
5573584496a0da03d56d61780ba481fc8d70c9283f337cf4568c3f69e6a847dc72315a6c37ff3034f7bc4adc22a2c8554f3c05f8d7da94ca72a4e4f9f714a26f

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\AdobeSFX.log.RYK

Filesize
2KB

MD5
0defb8e670c099d861943c3610be3156

SHA1
fd8b12e7a29a23839bebe76d905f0f3fdb007c46

SHA256
592ba13bd71faea3e025e752fb2984aec9615c7208e80058b97e09f66de58830

SHA512
a8ddb41f25b4f4ba20a8084e10c284f05cfc56389319698207623f4996455d06a41dc7dd21c1029da73a8576fcdb64f82c22884f3a1dd69aa3b36c0d4ae1c4f7

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JavaDeployReg.log.RYK

Filesize
13KB

MD5
0a5ab876bf59441849084cdff5e43c4d

SHA1
83ca9bfe9e2a52a8c9ddbb8742594419904efef2

SHA256
d0575448970acb15f52fd83d9675bc0a003a8f999064f1f2049866d62127c3bf

SHA512
c41d68394f3bfdfa8a7360e80a6c669aa3f036943e90c1f24dcf1dff196a889be67d4025575166597904ebaf8b85b23de73fa7c43900b2f4330add1fd4ff92bf

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aria-debug-4168.log

Filesize
754B

MD5
b80343a0b30167ce1ce65e411e617d50

SHA1
d74c67f525535c66b011cc8adc76038ff5c7882c

SHA256
8cbd19cc610a1430602f9f8fcbd2f0f007de9be7ea89e308de6fb30b3ca6d29a

SHA512
fa033e5d157fa6e4a2f034527dd6e830fefecaffb0ff6ee2612eff1d9e9bf1454a7a7c2929183aecee3eab91c7cbd88dbae76334f82359078c3216712e48ce80

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\chrome_installer.log

Filesize
6KB

MD5
76cf73fbf24982b59d6fdd36ddb26e5d

SHA1
c79c9de7f6e83161cdaf5d901cfa31475599f505

SHA256
e1cc49ee04345ee561477d2ff575bc759fbb0e71cdaa0fc582c98b2bad418613

SHA512
074922d9f9159095f936272226070271420f809b8820ef942f3665df7ad8f696694622ed5ddf4223d9aa9ef38e6e12a0edaac1a50f65ba69ef6f23b5f2d3f207

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_vcredistUI2A84.txt

Filesize
11KB

MD5
5bec735c251d7eadebee9cddf327ddb0

SHA1
f53f3ffbf70bc1992c2cdb7d363373ddaa787f16

SHA256
8283dc5341dd50291ea8a733f26f93bc467789d188711e0f25a15eb5ff8cacb2

SHA512
c2fbf275546324f676d4177b7a07a0958bc55a7fcf6a46b4dc4110efe8ed10f5f45d9c05e1b4d5ec4c75e661a282d8ae3d7fb1776c721c4da3feaa9abb6d7c98

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\dd_vcredistUI2AA2.txt

Filesize
11KB

MD5
88aed0d562765e28f7bede11f2ca4a9f

SHA1
9ce0980a28c3cfc938a7f95962d46b2035a0ee05

SHA256
436bdf6db71e55f14f567063b32b71fecfddf44575b15a730af57787d857d58a

SHA512
5d00fcc3ca5853b6981418ff8b3c14d3105482749b2aa9334f12e139ca9aa1ee39723bce76a6994254424315c82517d493f4747b6e881b29a6e05daf5348fc52

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wct53B.tmp.RYK

Filesize
63KB

MD5
ba2b4af5e9fc802dfbfdeb1f26caa1e6

SHA1
154da14755e8b42ff31a3f87e1c36d7fd6f81b9a

SHA256
edb49c90a72666da7b97c616631f786a87340decc492a2ce09e2bb80daade377

SHA512
d358cdac8052e60fde6bee8e343d3c11fd9a980a6feb3b93b3ff2cde3436896206dd3f2076d75d7f1d08d7177be18dac7fa714262d678b2ba568d77b0898b22d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wctA822.tmp.RYK

Filesize
63KB

MD5
98125404ee1b1d6f9e8c65414e787351

SHA1
44b55674ce9dd4a5c969378bd747dadf70835f35

SHA256
e4464da6fe52e3425cc068dfe702fd3b8c59aaea3b819761fda088ef5d1b4fe6

SHA512
c9b513077fb4966b042d1e05a16b46d8e1caee1a149992a106656c006373fe8eabec7f376890cd42b661cf7c3e83be74f4c409d4c18d5056a9b9800db1289263

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wctBA57.tmp.RYK

Filesize
63KB

MD5
c677b47cbf76f4c5edf3464298169850

SHA1
fe553824e6a75a5e38ae0f66101fb07a685f8310

SHA256
278b58f8b5232e8f0210515b624f8d67b038819c0abeefa6e442d4abac7f193a

SHA512
a20600f8356389436bcdfdb28bdf71e7e6fe10c3440d12368a257047ecf2ed6447e9d2060c70fc8ed71b142f0edb3e667e9931ed0de005ab826c3b383dfd3f79

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\USSres00002.jrs.RYK

Filesize
3.0MB

MD5
cea9367229f27d34df8d81f94cf54362

SHA1
e25bf4d29d1c7f9754327500b0b1ff4225b9c233

SHA256
f33a3de99fdca5c496564906afcf7f0dc5d685decc6108d77ac5f6aa9f6898bd

SHA512
43c36b0a6b0c57fd4826f1e740a230118aa5897c17d59dedf68061f5685ced0d84ed9c2236d7b8672efc933387cd45e029b0cff69c329c050775adf8d3e223aa

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\L.Admin.cdp.RYK

Filesize
1KB

MD5
057a73902db7861a07ac3b21298605b2

SHA1
5374895fba969cf875c7e6e3840bae391147ca03

SHA256
440fda7181231cca2edcb60245593e593ec36e9c930d06163f943c266fbcd6a0

SHA512
23557fed57bab8645b3c6545f7c84aca58f5e38d4afa4ab10ccb96496b41371f104edd58abaaff01c38c5ecca14487f14b9af6dbcd4822743dd490316274e99a

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\ConnectedDevicesPlatform\RyukReadMe.html

Filesize
627B

MD5
33a16098dc13170ed9b6e5aedbc7eb1c

SHA1
bd45502133756ceb16a360925f7ddadfd32ad412

SHA256
ae9839649c789d0808e7078a3e4c7ca7f672daad1d0c5c384d8dc5cbd83fbafa

SHA512
8d26f60476b804578a650259d946e87698be5d8fa1b8faca439a23d08025576cdc82ac317e32229cca0f161337b5f5d14c0d8250a7534daa5c9c490ddc375f92

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_ea0aa4d6-aa48-4733-9e64-85ab59ce35b0

Filesize
52B

MD5
93a5aadeec082ffc1bca5aa27af70f52

SHA1
47a92aee3ea4d1c1954ed4da9f86dd79d9277d31

SHA256
a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294

SHA512
df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst.RYK

Filesize
1KB

MD5
4125514ce69098a3b4e2ee1bb499280a

SHA1
8a43ea1fe87bf0b2eb8ee4bb21b2bd5e1c547c57

SHA256
33d42cc2b652e78a8328d6804d2b04ad0725a99c526ebec1622a0d5647fa9eb3

SHA512
a686924a731f22db201e0c5b3675a7b67a8856bd03b89eea85255aff806da33c1cca94f7cd6d896c603c891c47026e92e9f4cdb706de40f28a50de7143b3c139

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.RYK

Filesize
80KB

MD5
b708d70c5c40b7c90ee392aa4c2ddb30

SHA1
41eef5c684116432002bbe35faefd71d69df33f6

SHA256
952b5d2edb737bfeaa5ab739452a79da078d1256c5696b13587f05ab6118eccd

SHA512
1a75cb4206c62ec3b052869a07b28060f713adf8982e46a47e609aa5d56e1ee8dc2247e44d17bd80531e3a64aa87f2b29711c7c98449c039d7644fbcf9d4576c

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst.RYK

Filesize
9KB

MD5
eb90bb13ed3bc0fbbdfb128ce4d71583

SHA1
bc191960e8e453a708d4be4efdc7caf389cf47c1

SHA256
e8bb6f8778aa099a55a248901935b10538c52ef7de7e3367245722a2c937b908

SHA512
7d05005069604e1a46d571cb6a52389de5d04dd49cd2480bdda276dda98efe9e32fc3d2af1c36919dd43e8defb079ce27b5cc3afa0ae2ff3ce28cf5966169253

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat.RYK

Filesize
68KB

MD5
79692ead34d40500aa09481dd2c4aa08

SHA1
81f80f7797486003001923a4cd9235f5fd7e6dbf

SHA256
ce84c3d42d48715779f6df9b3aca3efa4aafe7a78e0a65fb402c681667d78c53

SHA512
90dfbbbd034c47f56b04f54e4cbfe6e9472501b048f119ea404c7cb3683cc0c1b0317f6bdb5e1ad4dcd08850260cd0363743b96812394ad4ffc0767d08eafd39

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents.RYK

Filesize
12KB

MD5
e58a8abcfab2f2bc02d83d67bc66b371

SHA1
0416896c4ec75ba6b89d9b3e685196ed253729dd

SHA256
98f5522090de22e06fc65f4d72b69a117173004536a4d75b4608b0640f336437

SHA512
a1f1156d478d4c13bd4c2a69d601030826fd6fb4926a9e8a6e9cd1837c621d9df1b0ed5e8da2f21a6ebe6cae424a926dde46751ebf541cf4028d22439118e473

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin.RYK

Filesize
32KB

MD5
7b22750008249361ab3aa4bc97c3a849

SHA1
9a7341e5d75e7733009d31e268ea91bbe7536c0f

SHA256
ed680995b03d4e891a57743be25b73aec8072f623c2625e5633585669a9745d7

SHA512
05ba537f39ac39c9b0d8cfa92887776ea5bba4273cb3326d0b7c99496dbc941409dab78998206a061394608d0b6b4c4983c4fd1f01209918dea9803956351107

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\ACECache11.lst.RYK

Filesize
1KB

MD5
be6d7e42af330e62a6ec1f05d40c21f8

SHA1
9c91cda54e4a75da59af1ec85c1fa9931c470975

SHA256
7971f91c8d343882eb2a8d8fafa55084c57423b2a2f9f0a1eb03f14803f68828

SHA512
12d3365a6b233145c7546c80c3404972ea0f38c43efde94e6b39d6da96accb225398178382863bcbed43f7b5198746cc55081413f5a9da45dc8e95b17c20b05a

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK

Filesize
2KB

MD5
fb4a02dae8998aeee4f53be2ae1dbf61

SHA1
4bc2ba676cc795d38fecd10d54486cf5b130ad4d

SHA256
62d6df430a6ff702f045680834556f5ca49fd6e42a695853cd5b4e0686b3630b

SHA512
dfa3f7ff116e30e30765a0a48160d132049c22dea14ff7aafc96e8713f7b792dba921468b9b2d1b8d00f5bd557f4140b731038192aa66212e4a2f5f43212b667

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK

Filesize
64KB

MD5
bd9f8620aa3d9574c91bdcabb6ec113c

SHA1
1ff54ac6ba237f854da975b231fc52319aa3894f

SHA256
f0e8f2b0cb365f6fab320ee42fe99486ab61119a6914c814bfb76cecd5fb118b

SHA512
e1ee79d77401c8eae9ecfd1aec74da5bcd8b7108b011729463c903ce0818f68826124713ad5f732c2c68ac279629e8f3732036827e42d8d3220b300fb3d47015

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jcp

Filesize
8KB

MD5
db1e2c5eb41c35ff606a41d18f351798

SHA1
37ae5c8a9ab4663c84e3c7c17ef57e7bfad5db18

SHA256
523107595a277d0e869c3eddc6f01202601e1fb51e7c9f70972e670d6e5b0fd9

SHA512
da4bb9304491302ab1d6c5dfcf63b9e327f0603e8387610b784e81a28418f4a984c5c303028076a68a8ed45c11073a08053ede7bff402943401f3d8f5bde95f6

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USS.jtx

Filesize
3.0MB

MD5
3761d9295484dd54d482bbf315b49b43

SHA1
6a14e218541e2b899b52c5dfe182d850f412d108

SHA256
368fc307b858ddd604fef83d81fb7ae7112601977af22017f57f22b8d5573318

SHA512
105a321bf7d8d267626e1a3e37800850bc2b2cd12d605bbb650425f8ca624cf7e3cf3cc8be2f5305f4bd43765eacd90ce68a612539f830ca51eb59ca56b532fe

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
a74c675525bd5771e15750a34af42355

SHA1
d4351fe77f8806ed91787259e09f935e7b658785

SHA256
1740d0451ff79b6b693a29aa950cfdb53daff645d608b8a7455901ab731cdc00

SHA512
5fce272bf6d75066495acb5b0568c62a9e5cac15da497029bd9d42ef61fe297019b34cd9d6190981989d171cdbb3da4fe1d680b851e891005a812375aeb03111

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.vol

Filesize
6.0MB

MD5
0e7ce23a373f384ed353f584606b4815

SHA1
8f4b6a589abb5cf4c613c31c961d907041c10a15

SHA256
521dc55d4087e5c7b1c745570bee63ba10712f41541a9f4318eab367bddcefbf

SHA512
5746da5e9934111315646b4546ae204aab7e1b762bae4d9214e78aa63b2b61bfbec79162c246a64f96ea51e85984f24df6cef5fe0dc0ed962508941f652a5637

Download Submit
C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.RYK

Filesize
4KB

MD5
2455a0400e99fdfb25467301d0be1507

SHA1
7cd6484ab707963f264e3abe1712ee65ec2c6ef0

SHA256
8ca2cc7d855d7d1570b8e1a070a983d7ee783443ed706a31cfe68951e20769f4

SHA512
5202af263d7acc57b9682b71af7d1965e796ef4f81b6efc42d44cb0300f4fea25316f379a0b9e3059ad68023cda35ceb242023dfdec270e16d59a281a2db0e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D.RYK

Filesize
11KB

MD5
c0cfa5e89536301cdb2e83de4c768bef

SHA1
6710d748b0227d7827f3bcc127ffcd1d72ed4a79

SHA256
c22435f490ea8c77fa0d079106ec0f9327c51114f212069e61d69569cfc5738d

SHA512
3cc4e0478a942f6b09b6cdcc5a83abfad4296719f751a70df0f54c51d391b1eaefe175742a4cb2b7641c81d2aa4a897a0c5b11976171182ed9a1e8bf080978a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat.RYK

Filesize
434B

MD5
fae31b7f41de6da3fccaf31a13fd2db0

SHA1
d00f2e7c6b6a637f97048b5fd547de578a386827

SHA256
e5b9f02dbb302829d223b68620d781b42b0a5ba6f1181ef41dbc88475a65a9f5

SHA512
e06fe3c053a88231e885fa2610756c423b6ef26aa184ecfe76739bda5216ed95e2a58af63803cb31e8a8d421c142b123466d63a4b1a0b556e6d01467982671e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0.RYK

Filesize
44KB

MD5
d07070da34457266571fc9ba6fb9ad90

SHA1
12fc6d5d9c20fa6a7554e780d06d1a8a4d43ceb6

SHA256
372170724d0269f3d836dc4f9cbafc7fbd7e88d2de48ed3124f8a731c7f4a203

SHA512
a1e14ac3c931889b1da9cfced9dcbdf0301a0844936901f971bd4d435af8d41462f1d16084361d262805316cdeee01660162e3f9138d3963e378061115ddfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2.RYK

Filesize
8KB

MD5
9a819bb65534f908c8556d7b386bb0a5

SHA1
c8840ae5b0a861de6bc6462f67f31bee514ad5ab

SHA256
d5b4a4746327d5bbc55136115ac453f608eddecc133e7681953540dac4ea98d9

SHA512
4fed9fef5f67e91868dbfec35d668c37261250336de556e9b3239df28c87c11bfac170f650db415145f64b70e97b046fa09e12941148b792a937c1e69f23cb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3.RYK

Filesize
8KB

MD5
c864ad1e5734751109a0c38ec3186893

SHA1
2365aab5f730d1d75f4c1a4476e8faac4ac089ea

SHA256
0e88a0ec22d793fc3a73fdf2d50564518d0eadff536e44cadf8adf6dd822a263

SHA512
0b4d67624c908d34d8d37a1ab869905449a5bab07e14581c57a6d7c743e5d725df075d26a922f7983da42010e69aed638e725eda5634a13cdf4958593f74f031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index.RYK

Filesize
512KB

MD5
8e3353a452d7d766eb625f53d8b4d36b

SHA1
fc000b5107dd313b56b9631e626ef74dbbd83f21

SHA256
0ce6a10829a574641a11da77ac9e9489e348a69488b4717ed7a2609d021d382e

SHA512
aea4cba6ce766562171bf7c5a01e8dfa1472a26806e94357526b306d1c7331743ceb0df66184cd08f4e1714bec0f34164e9caffe770d422de58390b6893d54e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7TBBQW6D\19.043.0304[1].json.RYK

Filesize
754B

MD5
7d3652fd02d96dfd43d7b34d2819d43e

SHA1
c04428d177bed0f96df92b061cd22e2b848362f4

SHA256
496e3b6308f2f9e494e216799eaf58e07757858b6fd5d1b049f020d855748d53

SHA512
70600b5e0b295c07736e8db8dec3b515e8a117521eb0e18859d639f4262bdcd73d5232abc05ee5c1832908d6bf672d874ee3d04377cc4e1885ecd31dbec4323a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7TBBQW6D\Windows[1].json.RYK

Filesize
994B

MD5
9626bad130a012676c52d31e53ae8933

SHA1
24a90469d140290ab6f970bb772a35621763fade

SHA256
b019b9cccce3451719ec8e1d89a4aa1110e7c5ac655b15896284df7fbdea5321

SHA512
ebaa67a6066517b14b65d01156b24effbf1ce4e2bf64228009b5ac6bddce31c08ea463f894d9284a847a6222168156cb5607bf55355524b0be77b408495e8a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7TBBQW6D\Windows[2].json.RYK

Filesize
994B

MD5
bff9f1d1dcb21ed858cb4e703a02b9f5

SHA1
8fa4ef725c138363e30806e0778eddf227d6f360

SHA256
45eb1de0054c4959538a31aba414f550161599adfc4f3f9636991d7bc18816d7

SHA512
5f813e5e7c67547c05b3afd3b90b0a9793bbd58aa9bd7e46cd04ede8000b71d39c3adc321a38df0a7bf6932b9ff4c4c4d66931d47d67249046846234388408e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7TBBQW6D\Windows[3].json.RYK

Filesize
994B

MD5
d0f15d93258e2733568666cac8efa41b

SHA1
7d788284174a24a4ab634f106875635c70f9b2b9

SHA256
7e40b842e59a49954b67a1d1eff35e96b7ff03f6757a359421c1fe62d0afd359

SHA512
5d7e1c6dc2ab774d3536fc2417e50d2ecd39644b239a389dd6c0fddbaf518e1010992f7fda66eb3d7c746dfb0d7c0e4d57e0f54c081565bbd3a3d39c65b26e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7TBBQW6D\Windows[4].json.RYK

Filesize
994B

MD5
1f1569db25945bc3958384a72477fdc1

SHA1
57c67d8ac508897dda5145a05c5f507a2c4c109f

SHA256
e38ead88ae4aafa61f1e91dcd656226c1819a8b770c3cf285e7f29b54d6c2eea

SHA512
9d20017b859735f42cb3ce5a0be4733e9e5836e4a834f9761ff8d529bd795e50b86d16bcdac8ccf7d2f0a7daf941adb6f46370bd493834da50e4ba5d3f350e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGWUB7UN\Windows[4].json.RYK

Filesize
994B

MD5
c9d0af8aba1d70c60ec97644d99d40ef

SHA1
c18ead0b65ab46f582c0b1f17c621e58e6298c82

SHA256
98706402988b2e630699f44e8fa2568f4fb653c75216e65ea6e1e05c78584f1f

SHA512
4735b753ae989dbf70a22037aeb8541c87b5f809c3b3ca115c338e46408c94357c884b0c7fd48e729b2005b9891cc979e87fde8d92c44cb4e6199cbb4478ba26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FGWUB7UN\oneds-analytics-js_54b1724af1b05e2ba3db_en[1].js

Filesize
88KB

MD5
f2eb468e1fd7b0d921285ff270ea3716

SHA1
3be4090df79c6a0fd68323218ab7195bb9449286

SHA256
393c0de3d96e5ae49461108f68c9d9c28ab1e1dda1cf0589d248474c2a58841f

SHA512
9d7ac6ca3c81ba3391e35a59f75c4e8db2ebf7be1f0bb73faf61d34f1c5f44277cc5e359f84df5a5a158731b13e687d5dae1e416ce87d50e6821766ab26953a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LI43KEDR\favicon[1].ico.RYK

Filesize
4KB

MD5
4fde5f04670d4233edfb0bb750fb9869

SHA1
ed9fa29ab3324d88142e63c386ede3c00b7292d3

SHA256
a5a539081d0f83b0fbce247cb783e63e0c8628c3a3ea43df5462f8f4e044bd63

SHA512
998e0ba5e54e8c71580db4c8d2adeafac40e2f3e48f96e98f112862f43783bf21d3ad749c63cd28b6a6c6aa215af8029015b86dec65eef743a00b7593f0160bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LI43KEDR\legacy-polyfill_KmsRohwP7CX2KxuP0I3N_Q2[1].js

Filesize
134KB

MD5
32d2c0071f8cc501b58033d76b518024

SHA1
9c662284c51897a9ffe0016601177ad127cfe656

SHA256
0675cb2ccbc2fcc40fdf77c97a76c8ae714a87289ee66c8b5cc8f27c60e2bc44

SHA512
0266a7338b12b14155654710295f12297de9134fec2761d6d5859aaf6acdb838521f8d2d8b19c79a116c3f92a39665bd4b139fa8345846d41ed27a333fe5e695

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\imprbeacons.dat

Filesize
3KB

MD5
358e2789aa899aa31a2662dfba6e2c9b

SHA1
d5ffb76fd4621f4690abc1ddc93fd911a784a867

SHA256
9bc019789cf6560f67ee350f62b66db5eac92248c0fb495b177d53c6c8263df2

SHA512
29b813a277dfe706e24db91d3e9fd1de60d7b5e746fca9472b3c2057e7af60246ae4c2ca5658f1885937f99e8a2644c116e6b7260bc3a0022b394d5ff389a9d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000045\1722604492

Filesize
6KB

MD5
bbebf104c4d2bc9dcb2c42f65e65990e

SHA1
63659726b5266a456ef564ec21c458e0a0cf18d9

SHA256
d82af996cba6d1d2431e80fe5a318a5d2e0edbdd2be9e97d42210be837744d01

SHA512
7eba8050cde6b32a2bc0c97f6ab682be57a2362ef18135d295a6cbfc742a7a1e2b12709bffca2959468de59ab54ff6ac30bd48a6fb8afcdf207bccee471ba4e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\88000161\1722601890

Filesize
6KB

MD5
a3b1bfc481c229a9d48842acd1530083

SHA1
1c0c0ed093dc9d859b06167106bb339bb0d47148

SHA256
a1f1276483f5c6263e09143e66aab7ceb5c542efdf309c23a35438069476f112

SHA512
386b3c07146de712bd560c2287a4ec3665bbacf89008c041afd9539cc499345ad959adfcc83e0550739fa4ca4e845a98310e1c50114b19b6270f7b8d352e743f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000045\621254910134408babbf188ac357ed4b_1

Filesize
2KB

MD5
9cda012edf0ae755eca92be398635c2a

SHA1
c59ce57230c27b5501934043d92a4256da3f1462

SHA256
bfe2205e1d7a1d84bb90f835ebdaeabcd21b18c02335524f74a9d9fd5fb0e821

SHA512
8de92bdca6f1489a0293dfaa7aeff88d8cd4f27a455051749b0147e9edb5f21db5681156a1ba09abae2cda56d116f8d5a576e0f7eeadaa467274f84709a4129a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000161\21ca9b6b9fe441b887f843a92c3e6316_1.RYK

Filesize
2KB

MD5
02d2b69557ccdf536c17223a767d21b7

SHA1
dcfbdad51bfeb411b2ee02f078a5de8c22415e78

SHA256
320cce0da1c5519b633bc1cc69e7a0a28077d0f0e8ad31a282379dc791b62571

SHA512
3db08f84dd2bae8c69a900224f111ee104385eb8257e85e832a0f3bff80621f57fb553f650934959bcc621661c9a440cd6aa9b9832accce6e443d295e16c5318

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000163\cd6bf6d2a6824bd0b67697c85ab8a967_1.RYK

Filesize
2KB

MD5
dea0790262834d8ada87cc11dde7f828

SHA1
dcfcea31f671a1a3d2285f6217449ffbccd8243d

SHA256
39c25f367cce84aa365d3adb1831c2bf7f4fa02cf1b2cca54ab95bf2147f4460

SHA512
c1c19eed0d374b11b96160ceb0b3a635aabfd38c1ee714ad4bca8f881e96f0fbf3850032ec016f7c0dd31333fb82fa5f5ee091b4dcecb9d710589582fac7e0a4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\TargetedContentCache\v3\88000165\e8125524554d4aca944463fb6c1ec106_1b207.RYK.RYK

Filesize
2KB

MD5
3df2707f44f3e237601972e7cb71976a

SHA1
506570853bcde601f5354f9f95f0a100c42cd877

SHA256
4616ac9cc71cad98f9d7ce9a93a49dbe828e2a1f47bea1bf5bd19b47e2044b6f

SHA512
5ae318df7f75eccd2e9fd332050b49afaaa415763afdf75adf64e12b7daa1ed2a02f8d4fd92a9ca53b529d0979439c9dfe511c7069c18b90a52beac1255bc5cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\windows_immersivecontrolpanel_cw5n1h2txyewy!microsoft_windows_immersivecontrolpanelt.RYK.RYK

Filesize
7KB

MD5
955c69dc5b6a44a1ef1c0fc473a57e0a

SHA1
0ede717c10d602b9197889f1c2fadc5d032197c3

SHA256
1c854d70267306e0a31e8ad086aa3139b2735f61a8c8a2e5657abb2b729d9a08

SHA512
46663f1acb0eeb32fa1f4a6df641904a68fc5c6f92d657bfcc1bd6e58df1373bf23d0281d772a4045a4076c359bd3274890dabdbdd670e23c1aeb5e164d9a0c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_Documentation_url

Filesize
36KB

MD5
62790e54ab78c88e94165f5488d7cc4b

SHA1
b2d2264900d0676f4e22fd9fe09cac5b220d5179

SHA256
9451e774d2d2b9831f3f558b2ffec3769f567d566ac0cc0788d68c2c805914fd

SHA512
09ba10b4d7406bbb5f607d0b69c78af944c0a6cac61c988bdc3193b65a9a75eae662623313a32bfcd09cec13fd7c8586f9361b25e9132b432c60328c0692b51e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{91bd4957-c9ea-4df0-9468-816ae744f9d3}\Apps.ft

Filesize
42KB

MD5
e2e918b333f8c8e60040eb76041e1610

SHA1
6a35f8395be258f24274cddcc68b0c6fc7d23c83

SHA256
4374f5cf3105dcb6ca5c18c62db692afb0356f8d45bbbdda93f91317ddd5fccf

SHA512
6cd03c98716684aa72b2d771e6c8664bafd4cdd68eec97a3b307334ebf4ea3895fe51110e7f5e73bd384120bd0295dcf0655d565c81633618df6e01399c943f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{918cd8ec-8a31-491b-909b-45f34600a2ba}\settingsconversions.txt454.RYK.RYK

Filesize
520KB

MD5
1261ece18bb35ea4ef3fda347ff36f8d

SHA1
fe13e286158ef0a46c2bd4a10ee75defc04f6021

SHA256
469a916e4c98197e3070ab0efe6e18f9e19b4affd3f8f8d57f7ac908d9dfc0aa

SHA512
effc524cebc334c99e5a281aba89f9941ac728de1ae67cb99a7d1bb684e5a4b9fea3f9c87c2feb771cabf054a0129058ea61772c43056280cade77c282194b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802123540_001_dotnet_hostfxr_6.0.27_win_x64.msi.log

Filesize
96KB

MD5
7bee929a4f2bf514543fc394ea8e9ee5

SHA1
e23b166ed2fb7195148373b8d228d119d305a7f8

SHA256
d2ddb9b7089c70996f491866bd744af99a2ef9a696b31a3f010a42c35d2a8386

SHA512
84cec4588c78bf761dd7310917ab38b9f0234da57c078dae85145ae4cde29401a6b7b41ccae2d468e0bd74b70bab515de91db871821ccdc539b8fc4108c0be0f

Download Submit
memory/2624-757-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-68-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-0-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-61-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-59-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-49-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-46-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-42-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-36-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-34-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-33-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-22-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-21-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-66-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-58-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-48-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-16-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-39-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-20-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-119-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-133-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-135-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-136-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-65-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-540-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-148-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-145-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-75-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-63-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-144-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-69-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-38-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-12-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-26-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-89-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-92-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-125-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-112-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-109-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-123-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-104-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-71-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-77-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-78-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-86-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-87-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-129-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-126-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-91-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-95-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-98-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-101-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-105-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/2804-117-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download
memory/3884-2111-0x00007FF668C30000-0x00007FF668F09000-memory.dmp

Filesize
2.8MB

Download