ryuk | 59a777daa0a5b26077c69c7cb26b7f72be6b38604b7caea7c6aef0e89991c748

Resubmissions

25-12-2024 03:42

241225-d9c21axjdn 10

25-12-2024 03:39

241225-d74ryawqfw 10

25-12-2024 03:37

241225-d6fzgswqbw 10

25-12-2024 03:21

241225-dwt4cswpdj 10

Analysis

max time kernel
61s
max time network
121s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
Size

143KB
MD5

b77cc8a1ede23a80a4a4c9d0a8b40735
SHA1

254c97abab837687c779b57c7ef1bec4c1e2351a
SHA256

4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581
SHA512

f94546161808210ada027d03465f88336de4f2d24581801566f7ff17a9641b389c43946a98275ed637759a0205b8d09f9028d26bb75ab44e3f7038c5b4667ffd
SSDEEP

3072:dgKsEF7Wf33SdvlRmhYHP+CPt1OOxkgQe:WBwK3SBDmhYfFQe

Score

10^/10

ryuk defense_evasion discovery execution impact persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. This may lead to the impossibility of recovery of the certain files. To get info (decrypt your files) contact us at [email protected] or [email protected] BTC wallet: 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk Ryuk No system is safe

Emails

[email protected]

Wallets

14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Ryuk family
ryuk
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchos = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe"	reg.exe

Enumerates connected drives 3 TTPs 16 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\g:	vssadmin.exe
File opened (read-only)	\??\H:	vssadmin.exe
File opened (read-only)	\??\D:	vssadmin.exe
File opened (read-only)	\??\E:	vssadmin.exe
File opened (read-only)	\??\e:	vssadmin.exe
File opened (read-only)	\??\g:	vssadmin.exe
File opened (read-only)	\??\G:	vssadmin.exe
File opened (read-only)	\??\h:	vssadmin.exe
File opened (read-only)	\??\H:	vssadmin.exe
File opened (read-only)	\??\h:	vssadmin.exe
File opened (read-only)	\??\D:	vssadmin.exe
File opened (read-only)	\??\e:	vssadmin.exe
File opened (read-only)	\??\E:	vssadmin.exe
File opened (read-only)	\??\F:	vssadmin.exe
File opened (read-only)	\??\F:	vssadmin.exe
File opened (read-only)	\??\G:	vssadmin.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\RPT2HTM4.XSL	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\fr-FR\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\OLJRNL.FAE	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\it-IT\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE02369_.WMF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Solstice.xml	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\REFINED.ELM	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\INDOMAIN.ICO	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Common Files\System\msadc\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00423_.WMF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL.DEV_F_COL.HXK	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gd\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200163.WMF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Origin.xml	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32B.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099149.WMF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Metro.thmx	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ENGIDX.DAT	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\WITHCOMP.DPV	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Teal.css	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL026.XML	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0199423.WMF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\TimeCard.xltx	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\RyukReadMe.txt	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files\Java\jre7\lib\currency.data	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152628.WMF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29B.GIF	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vssadmin.exe

Interacts with shadow copies 3 TTPs 14 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
2496	vssadmin.exe
1856	vssadmin.exe
71040	vssadmin.exe
70352	vssadmin.exe
2196	vssadmin.exe
2852	vssadmin.exe
2656	vssadmin.exe
70248	vssadmin.exe
54684	vssadmin.exe
2716	vssadmin.exe
1976	vssadmin.exe
560	vssadmin.exe
2744	vssadmin.exe
1824	vssadmin.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
Token: SeBackupPrivilege	70804	vssvc.exe
Token: SeRestorePrivilege	70804	vssvc.exe
Token: SeAuditPrivilege	70804	vssvc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 2280	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	31
PID 1548 wrote to memory of 2280	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	31
PID 1548 wrote to memory of 2280	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	31
PID 1548 wrote to memory of 2280	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	31
PID 1548 wrote to memory of 1040	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	17
PID 2280 wrote to memory of 2332	2280	cmd.exe	33
PID 2280 wrote to memory of 2332	2280	cmd.exe	33
PID 2280 wrote to memory of 2332	2280	cmd.exe	33
PID 2280 wrote to memory of 2332	2280	cmd.exe	33
PID 1548 wrote to memory of 1064	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	18
PID 1548 wrote to memory of 2004	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	23
PID 1548 wrote to memory of 69176	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	35
PID 1548 wrote to memory of 69176	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	35
PID 1548 wrote to memory of 69176	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	35
PID 1548 wrote to memory of 69176	1548	4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe	35
PID 69176 wrote to memory of 70248	69176	cmd.exe	37
PID 69176 wrote to memory of 70248	69176	cmd.exe	37
PID 69176 wrote to memory of 70248	69176	cmd.exe	37
PID 69176 wrote to memory of 70248	69176	cmd.exe	37
PID 69176 wrote to memory of 71040	69176	cmd.exe	39
PID 69176 wrote to memory of 71040	69176	cmd.exe	39
PID 69176 wrote to memory of 71040	69176	cmd.exe	39
PID 69176 wrote to memory of 71040	69176	cmd.exe	39
PID 69176 wrote to memory of 70352	69176	cmd.exe	40
PID 69176 wrote to memory of 70352	69176	cmd.exe	40
PID 69176 wrote to memory of 70352	69176	cmd.exe	40
PID 69176 wrote to memory of 70352	69176	cmd.exe	40
PID 69176 wrote to memory of 54684	69176	cmd.exe	41
PID 69176 wrote to memory of 54684	69176	cmd.exe	41
PID 69176 wrote to memory of 54684	69176	cmd.exe	41
PID 69176 wrote to memory of 54684	69176	cmd.exe	41
PID 69176 wrote to memory of 2744	69176	cmd.exe	42
PID 69176 wrote to memory of 2744	69176	cmd.exe	42
PID 69176 wrote to memory of 2744	69176	cmd.exe	42
PID 69176 wrote to memory of 2744	69176	cmd.exe	42
PID 69176 wrote to memory of 2196	69176	cmd.exe	43
PID 69176 wrote to memory of 2196	69176	cmd.exe	43
PID 69176 wrote to memory of 2196	69176	cmd.exe	43
PID 69176 wrote to memory of 2196	69176	cmd.exe	43
PID 69176 wrote to memory of 2716	69176	cmd.exe	44
PID 69176 wrote to memory of 2716	69176	cmd.exe	44
PID 69176 wrote to memory of 2716	69176	cmd.exe	44
PID 69176 wrote to memory of 2716	69176	cmd.exe	44
PID 69176 wrote to memory of 2852	69176	cmd.exe	45
PID 69176 wrote to memory of 2852	69176	cmd.exe	45
PID 69176 wrote to memory of 2852	69176	cmd.exe	45
PID 69176 wrote to memory of 2852	69176	cmd.exe	45
PID 69176 wrote to memory of 2656	69176	cmd.exe	47
PID 69176 wrote to memory of 2656	69176	cmd.exe	47
PID 69176 wrote to memory of 2656	69176	cmd.exe	47
PID 69176 wrote to memory of 2656	69176	cmd.exe	47
PID 69176 wrote to memory of 1976	69176	cmd.exe	48
PID 69176 wrote to memory of 1976	69176	cmd.exe	48
PID 69176 wrote to memory of 1976	69176	cmd.exe	48
PID 69176 wrote to memory of 1976	69176	cmd.exe	48
PID 69176 wrote to memory of 560	69176	cmd.exe	49
PID 69176 wrote to memory of 560	69176	cmd.exe	49
PID 69176 wrote to memory of 560	69176	cmd.exe	49
PID 69176 wrote to memory of 560	69176	cmd.exe	49
PID 69176 wrote to memory of 2496	69176	cmd.exe	50
PID 69176 wrote to memory of 2496	69176	cmd.exe	50
PID 69176 wrote to memory of 2496	69176	cmd.exe	50
PID 69176 wrote to memory of 2496	69176	cmd.exe	50
PID 69176 wrote to memory of 1856	69176	cmd.exe	51

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1040

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1064

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
"C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe"
1⤵
- Drops startup file
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe" /f /reg:64
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Windows\SysWOW64\reg.exe
    REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe" /f /reg:64
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:2332
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C "C:\users\Public\window.bat"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:69176
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin Delete Shadows /all /quiet
    3⤵
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:70248
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB
    3⤵
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:71040
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded
    3⤵
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:70352
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:54684
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:2744
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:2196
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:2716
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:2852
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:2656
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:1976
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:560
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:2496
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded
    3⤵
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:1856
- - C:\Windows\SysWOW64\vssadmin.exe
    vssadmin Delete Shadows /all /quiet
    3⤵
    - System Location Discovery: System Language Discovery
    - Interacts with shadow copies
    PID:1824

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:70804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata

Filesize
754B

MD5
491a27c356b792352a3e2f4854473cf2

SHA1
455281686a2daaf69fa89968c5bce6137f39ba79

SHA256
bc42d77549492d468da555a21f893daecad8d48b77e559250c01da6ba23126d9

SHA512
50dc394da0ed7925679ba0d73f231a69458c46a13674ad98aebbcb46bcf5781c5fe49e1e6e481b9b687cebddec3fdd0b1337e951a7262203e7078b983dced8a4

Download Submit
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml

Filesize
562B

MD5
1aeebf5cdb3d5558e138b9cf1e67208a

SHA1
4454ad1319fdd8abe6ffe8309a1205c4cc65d6aa

SHA256
1a74b69fd981d2b3fb43780eb650210b430271b6bb2f433298b0101ce0dad898

SHA512
0927684074313197b4ec3b7f5d140864e0895642bf6350ff6510e7f7b3d2ecbeda5f67e32fde0a9b8dea53e562e61f3b4b800100b1e08d24437b01943d6f7037

Download Submit
C:\ProgramData\Microsoft Help\Hx.hxn

Filesize
674B

MD5
ac0d52e40fcd8250855f127739029dc3

SHA1
01988423efdc7d1a3960d01ecd8de253c1616912

SHA256
396e7e497dba4c0de5093d269dc55f1a076418ffea2000a903b4ee09484e041a

SHA512
c2814abaaf0414f714087d4056098675229d0c209e199f4cbb9e7a1cc84866622956ba0888316a73c8ba74b25bfa86f27496ecd7b455ca3bfc24f6dada9c2b20

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW

Filesize
13KB

MD5
29abccc1bd9779158e8fabcc022345fe

SHA1
dbad7d6607e88b7c06831399dadc8c7819f395f5

SHA256
dbbbd6a84450b18adc05b57ca59daac4c92f01acc6895e4196f5cf9b61ae3ad0

SHA512
58cf591c85035561a8a253a2e71213285454b595f3da4b24fabf0f5893c2c0eef6a7782e800ad4418e74a6fbe0de910ed8666228f8512e6be961b712640e701e

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW

Filesize
13KB

MD5
66dca2d95564de00ddaa2f9e354a68f6

SHA1
cf2549c0d66ccedd57ffeeba57540fde29d16b20

SHA256
120072cfd958a2f168c427616250429bfb0a73d83f49f46fb701bf6f1eb9178b

SHA512
5c80e78bac36868f8466007a7993f9edcfff6df6ac9e8499ba0f46a65a0386015c302ddf248fd4453d7583de7cc9ac062e657fe61b814ed71bb74c8d5bfcac8b

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH

Filesize
10KB

MD5
a8cbfef2ae6b1583652639665af331ce

SHA1
bb8ed420e7793d144e9af8989d52ba91707066e5

SHA256
965ab060d1447020125131194d2254a68cf3492ebcc885a046185631c5cd40d5

SHA512
7ea74c1069c421d8a490f1bfef14a3000ae59f6bba8d392c21073982c576e1b15820ce344ae8e620e297a8e0cc5be31fdc23cbc94ad6db11f761bf0feabe0762

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD

Filesize
9KB

MD5
29b07f23567b20f1b48d0407e33bace3

SHA1
038a8ed1b5eccec115b0bc5b8f00788cebcd7925

SHA256
70962978596903a1e5a6655db85a0c6a078c88957a2d389e521b3c782d7ce725

SHA512
3d43e9c6f31f5d37765c13dbfca4c68df8ad8a68d5bffe083c520bea808160faa613d25b172c69b9826aeca2e41e6dcf6c8eadf772e70b88a19c4254c83b0148

Download Submit
C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn

Filesize
626B

MD5
037f571a377d5d321101ff049146e45e

SHA1
9a0b4881877fd71ce504f7f1d4815990a207a2ac

SHA256
2a4d9b905b6764ad4eab264bb43cb920c06cf8c24ea0cfb19292debbb0b4192b

SHA512
8cbf71868dc1075c72076ee2a1a73efe48c9229c78b836a28bf5a49295b540522fb24e511f63b9ed9e26e339fe6ad53125629657b384b2f19392e77b73d9af43

Download Submit
C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn

Filesize
658B

MD5
ae212a06d74433605ccda074e4642ffb

SHA1
b50a50ff1435c603f93eb7e4dbf43c581679a2e5

SHA256
893b9e40415a4e4a5c1e831426a9f4ffbfeeebeafff48a5ae9a9d8322725907c

SHA512
72d7b6caef07711ef3d3f0fc01c40c9c6f8aa13659c0cdbe8d9c9fc4103c4d2e5f9a2f34ca8ac5ddcff0b1b44c114b7510872e41b5eae13fe3ffb52ad34a6cfd

Download Submit
C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn

Filesize
626B

MD5
f69d516ce91530e77f4032b7a8655b9c

SHA1
6fc1a386dfe212e7a6c3b2d27feeadd961bdb764

SHA256
c059c5d4af8fb259b2f00a900f044f7ebbc62d9a467e9aba0c63b7d8004e304f

SHA512
4329224062b9e0821c57a31b17db038343d46bbd4fd5df6cbb63f49acb80558b9dbf8d482150fb049dca1adee54dce759a8ebd9e01f40583b06d9723bbbb8097

Download Submit
C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn

Filesize
642B

MD5
fe3b4068ba74ac7a38c21c1070781ebc

SHA1
3dd035fd49026320929f3e9ba9672b9a16766b8c

SHA256
3da68349c40f056e7d7120cf17a032800d5788f9c7c9b90633adf041d239d0f6

SHA512
95867852e8a8e0e4136bd187b417f52d8f7c8a706588b6aff27bd5a73b98abc99d01be589626f5e0661bc1c31eb4b3aa4b4e316565db0ccd1d2c7a3f86706b66

Download Submit
C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn

Filesize
658B

MD5
81c076b23a0621cd77f782b13c8453c7

SHA1
3c8f80d3e6a52754c9fcc472a94983027895b228

SHA256
c635d5bfc22e377d703985b98a4ba676df461448d387d8dff0f61e0728e3d80f

SHA512
c881e8bb6be7488b72b308e7792181637179dc148add8e86a7665a8462c6f704b85a70abd612915f12fcd8117226119cd5dd5eb453e26e1b4335ba61abf49cdf

Download Submit
C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn

Filesize
690B

MD5
930eae8be24658c1bc5dfeeab1057fe7

SHA1
0c14bc51649a94a37fa4ffaecc912f2ec323036f

SHA256
ba6574252fa675e9fe181f4fb5654ef5093f98bcf17eb520146a275298c83e3d

SHA512
ee4c772375f57ffc40631f89108f0879989abec6a6a9b47a38c4187d1779006e1801ccb6a22f15c9909f72b9adfd6cb1ee8405cfe126af7f665f3b47a1690f3a

Download Submit
C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn

Filesize
658B

MD5
9af94044910ce826052949a465ce2389

SHA1
564ce7097370b34e405c0d6f641fedb7bd44e656

SHA256
6debc72df45a58674bf72c68cbc58e076a5870e3dabf28bab3cbb2d14bffe370

SHA512
0782a0d9ff056292caab7f7c0d7cfa5619974e0fc56ce7bb7e2b0465ac3278187187c68aca9fc83c52f9a7b3d3b03d5d3ff0d74d968e2659e60a4248de76056a

Download Submit
C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn

Filesize
674B

MD5
ea6fba2fdbb9a52f9bcdadfc8104e8af

SHA1
c615dce986067de73a0132b8cf7b2a06e2f82975

SHA256
0cec9c2d920faccb6b69ab736bc2994bc49e1c33e3280f116b823e7fcdbbf17a

SHA512
1a6554ea7edd2a58ad02a8bfd05405fd8c96a09cda910362c988c61b7be8f3242e2c6be8a69b281ded490516c47020d8dbd3215c42a491035a0b47f9772408e1

Download Submit
C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn

Filesize
626B

MD5
aebd4d7fa415caeb12c18b64d01e069a

SHA1
c74039c495ce4291bc3dddd7030e0fb392f4dc83

SHA256
da49acc8d44ca74fe542dd2c03e9b0cb4d3e12e48ad7bae57e51aca43bc48005

SHA512
206a1e15eb8de716fb9fb23a0ca609d6879d473c94985b73bc83099ec1d5b93d1b45f29cfc732938e2c020ba2121167af9559fc38769187ec15ac83abb670bd9

Download Submit
C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn

Filesize
626B

MD5
43557f16ccdd3e467256373d88ca953b

SHA1
d341e22852f898c5c7e6e647691aa6ccfe487951

SHA256
529be686110dfa8eaac43c4c692de5f0fa0aa12ee46447ba127b800df31cf20c

SHA512
5d22dddfe3c4715a234069536ec366ff4fe7c27d3ee297eb73dbd328d5c7b7c9352c4168b3a85d8ec950f574754e96b485927a659eea9e49bef53cdf34cbe70f

Download Submit
C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn

Filesize
658B

MD5
424402d0aad6922ba9a072958044d724

SHA1
2c0b38b4e7d9eac7639877b2a063c3bd238048cd

SHA256
424a77a28fc27883db892d8fb2627bd65b1e0ef4c83d5ef4a970832a417491a7

SHA512
6b549b3d89becdc7eb12038bee6652a7d4d22fe716ffdf6cc8edd4b5a449139419fc6deb0cb976fb96ab5d4fbb882a406908d246f628cde57d67f414545d7555

Download Submit
C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn

Filesize
642B

MD5
98994693e04f784ee357ac628e3d25e6

SHA1
f494d6dec94a21b6b25cb678fa5117b3b86be124

SHA256
d932f98b827002249dedcbc97e868fc68264219fa3d5c6bb5149262d891aae5c

SHA512
1d09939316504899a09d0e5458619adace969fb26b57e43f42871cac2d497810eb0be34996d6b483c71b9c2d48e2d9a302e68c7e40be6a27012d1d0bdeb962ef

Download Submit
C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn

Filesize
626B

MD5
51d57490f875f8bc9771e846f8a8893e

SHA1
9ee866d84fda9b7e89771ab6b24c21b4e1d62b31

SHA256
0174e8838e72791e6e58a4394f2407a82673cf6719ef9e99b38004d564e1c807

SHA512
9c6b343cf02b76022fe2b134bd3a465f03fb167f9dfd3144d7731b940e94ab396c73b9b51946c48c2cac403f036233a75d281dd541c53d271cd3ed04cf68f579

Download Submit
C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn

Filesize
642B

MD5
60993386c3b80efeec2589be501379a7

SHA1
e3071896a8ee3aaaa78016ffe2807e4fe25f2d70

SHA256
da3f0b35a88c0f13141f586dd5f2c57450aed997641ba43a98c427dc49668704

SHA512
f935ac58887060b812b1be19d52b0ed921778d4797a1238ea8449cc37fa068ee0dff13ad9ff25f0868cfca6cfe91b12d863929ae8d1cbb65ac44e7a39de28b2f

Download Submit
C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn

Filesize
642B

MD5
ec79e363b1eaadfef3d13522137a6661

SHA1
d53181520ff8d86d55d0f17f694d9aa9b9116525

SHA256
aa3ce72b7f66c589ea90bddb7aaa8b03ef17ec74b973eb7e838c46d849ae8187

SHA512
f1c3fc772018518f118b4234ba2bd0d1dbfbb69c93f299b55f52c33cb4aaa1dd785a5bdc8aaa34e93e01c1eb7c0a70dc0572da197f24a68ee4bbdc4d309be876

Download Submit
C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn

Filesize
674B

MD5
508d4764d58412ca84b0708c66019fd9

SHA1
ec28ce6b2512c7ba3baae5118eced3391f1cc3a4

SHA256
fd55558c343f4efa473a5b17b8cb4f6bcacb931b1851e31933de2f512eccbce8

SHA512
9859bcfe08f29405b8ff0c64407064051997a6b3e582d61cdbfc797bf150ef73d11d18b31fc28e3fd7a20c55f104b82bf22fdd3b0cb26dbc8a4777d9a374067e

Download Submit
C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn

Filesize
658B

MD5
685dcb5fa2d11d818b1d5e165ec188db

SHA1
09ca37fb82ef324c950812a7c73dc5f644b9f469

SHA256
86a910ab555173a93ecc3e87a244176e136ffb69ad3753428839f4d6561a88b5

SHA512
11c6dab07567eed66f68d39b969cde37a5f84f0253def6a417d44e109a85736b68feed3d3472516156d19e28974b0fe1faa16bceede213d4a091edf9fe2f3c02

Download Submit
C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn

Filesize
674B

MD5
8633b86d0f984f791ba38145582b8447

SHA1
d4ba089f5fd43199eb4d7b2d40aaba7bfa5b080d

SHA256
ad6821694baecb745ed93df6cccc103a6fe0a485ee1f6f7369e3330280b37a40

SHA512
9e52febc57d060d5f5d6eed574ad8f58c0794c011fad41d32089226cb173fcb07fd00e9424c7d37761c5bf25a32470c892095b2d325e57a9a12d24941bcac0c8

Download Submit
C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn

Filesize
642B

MD5
21c2769ee43340faacc00efe81913a36

SHA1
9ef11071a1e251a7f852869ee1cb987eb5ecf0b4

SHA256
3c842851a3f4e7e8356f8304ddf3e51fde3dabac4eb7db1cf4e9e2e07f83bd1a

SHA512
e56f0d28e2fa737bac1780a5fd68c21fc3da8e7f0d2d306022348367e56c50d413ce591b70483656e13b1522d746991db85d9ecbd7c67c5c60b6bd624143c530

Download Submit
C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn

Filesize
642B

MD5
549bd9d5627f5cd8006f8f190aef374d

SHA1
de1ba8bc5378169008e2d6ce5a3f2b067824c346

SHA256
e69e138846662d3544219fe106a8d5de25ec13b01d4ef87ae90e21020ae2e291

SHA512
a7eff1f20e70856fe6a30a261aea8b2167227954de0f4817f9794edb1aaaa69a228dff2efe7dab08178f18281a7624669f7f96c4c953b7e198dec6a5f255ae1d

Download Submit
C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn

Filesize
674B

MD5
87b524115df5634d37db60821b465ae5

SHA1
03f26e305d4b14af24630d3db0c7b34d57c03391

SHA256
2cd9459f36f2be62ebde4194480baa89ffda67743577418ee84080f13b6b133d

SHA512
7b8540737c55d5ab186b1b99699143471af76a9c6e328ec029e01e1a56a9595b4c9acde3e77dee99e7c8c816f2c708559b6d662174b678ec5536bedb17d12de1

Download Submit
C:\ProgramData\Microsoft Help\nslist.hxl

Filesize
6KB

MD5
ca5fef4b2ec526368d012a0622c2b3d1

SHA1
45c3dc8905c6326bc2c3189c70902f814e415fd7

SHA256
6e642ae8f52f98a676d5be3eb1937139da2a5aaf5ce4d210d0b76c26accaf36e

SHA512
c9c2370f3c175bab283e82be884608a3f0edd5be11bd19bbab0b714ac7fc1003f5a231c046452409d2ab15c5eaa3ca47b15dfa6b898ab7fcc540a534272bdd36

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_CValidator.H1D

Filesize
12KB

MD5
a3702ad2099bfb47c4ef0487cffa04a1

SHA1
5735b8eff4840a28f958c2c20e5ea94907b6f919

SHA256
d215b7dfdf55a0479a194255b5a665634b6bcea4e25c7fc199f35b8203f8438e

SHA512
fb62bb49682b0477574576ec666f6a9c92226944f256dc910ff5d79c8fe01250d57a32543d99841fce742befe4b14d3b768301d22fb4cbea09c2022e4dfe2335

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MKWD_AssetId.H1W

Filesize
229KB

MD5
dfa1dd8605de7e45a03e99730a62e84c

SHA1
8932d0f20e9207a7c6350e367595d9e66a7680f1

SHA256
24f0d33bab914d9d05188a3f961bad245d5c4733ea60d3421e1c1ee9e990bb0d

SHA512
93eba90240d3f267862e4e1870e9eaffc06a9662bc854549039b39337c9a4c11f868e9a54a5e872f389d75cd25c39f7b0fb7310f9da7beb3b88deed062722c12

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MKWD_BestBet.H1W

Filesize
409KB

MD5
a7840e301e30cb462d80cf99b0cf8e01

SHA1
21f1319b6ac7990d88418d466659d583af969b67

SHA256
c2505dd6091f9047a260f582a3291a6a44dd623c0b45d9f40955e360c9c2eebf

SHA512
f060da4fa34ea6d10b0bdfcd9427f83e2e1f7fe1a3ecf4834a75b8db584d4ba3b0cc62a3988280ad4846a957cf7039792fb41601eceb630c777071c93c1c742f

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MTOC_help.H1H

Filesize
531KB

MD5
6dece6c4bdf266c8006d81e4b786cfff

SHA1
c79c36cc29e86885a999adb89d57fd4e2d29bbda

SHA256
b2a744cbdde231fccf68e02f3084a3ff785d5e8446acae5cf304452d094ea822

SHA512
5fe057a07a685aa2547a2d4a74d0b0227d4214b5f1bd61fa5af98332981e19f0b22f6be23d329bd8f815372db9813fb296d760b6b49fd991821ddfc1f0ecc11c

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MValidator.H1D

Filesize
14KB

MD5
7036d3487c26d89a566454ee32fdd4b9

SHA1
60957964376703c372fc577f1b3454f8ad752c11

SHA256
69d9ea39dfe2e20b6c6407a57a4376313971dd77743efe0d5ae4d846fe59b2f6

SHA512
f0d84d066108565b8533fc694c3d2016849ea5d3c4c52525ed5c46d6f4caabcebd6bbc0c7b2c74e6b8e99ddccbed95bec7fc5bcc0dd53c5bf527b9d65d2a9b69

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help{45EACA36-DBE9-4E4A-A26D-5C201902346D}.H1Q

Filesize
1.2MB

MD5
e881a4d02be29e0fc61864fabb2f6c6f

SHA1
27cc6edfaeb6a4d38f4a969b7cb2391a3fc3ef49

SHA256
2a4b38d0552da1df6abcdcea1e825edf89f6c3c97ddb3bde33248e76f601faea

SHA512
51eadcb2fbf7ef08d8e47c3800107cd4430560f3dac03b2de0f961455571de51a5b383a91feaa8bcc1355e7f50575d6d3ea795f79fb95b95b28e5bbb3a1dd6c2

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D

Filesize
12KB

MD5
950a9781b2a3ef57c2046a077ceb89d9

SHA1
32455c7d34f6c3ab408c21cc93eb61e56a46ec14

SHA256
966812409d1001a9689a0af4ca74bcfa0605fd0cd1e840ca2fd23015d3f09b03

SHA512
1f7e8f948758f4a40dbad7a70444dc176706f78bee9e30fc27cd82b51ced6c70b65a7fca0bfa23249132346d998e7dc9b8a964e9d4a02fb12ea0c70ff3f23eeb

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W

Filesize
229KB

MD5
982a422a98bb3eaf565d150e0b8b40fa

SHA1
75a397f2ddff79a26601ab0a5343848447902ff6

SHA256
b9b206988cffacaadf737fe90ce922052e17383a1480227fb1a84a23bf152fc7

SHA512
11bc3e65d114cc05e7751713711907e93320393a29b1fd09c590b40b6eb9414657f3ccd47e72a15d3d7c72c3da7656811f536bc8d8816f49a08ec1bbc4fbe2f6

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W

Filesize
201KB

MD5
df726d0f86be8fcef10d316d09b50334

SHA1
56895625ade408ef383383958e1ed192b671cc8c

SHA256
3c2637b9b654f1132f31820a7ac1229cf042bd25aacc366d1cd28e0cc6d8f689

SHA512
a2b1ed8bc871d02e42844199c78e656b5cf1abb56ac3acc197e9ece9cc3fe8bd3eee2f8fab427419308f07fc008493d88ff492c5e82edc71fbd7a62950e09ec2

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H

Filesize
491KB

MD5
cdc5f4dc3a012fd9ca7a8eb4058db05b

SHA1
7185e631e38e5e3174c59f907ebdcb7c82730d30

SHA256
69fb6c838fc6d6fd6ad46b24c23e9ba9cefd2bcdebb585fad2890153eb21538c

SHA512
d2ffdbf14a80c1d1db4604bab9273ab8c8ab8dfdbf749126d3f2a555e46ba7ceb863b285cf8b6e30436ba605c02f51d24b79b4aab4b20cd50347a3d223b99401

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D

Filesize
14KB

MD5
79fa7a75b6ce6d6b5173449ca4d17fb6

SHA1
a4c8be408488ded1d63cf3c001215156e8eb7754

SHA256
9f0677cfa49e3a2ffcba68c6879c2b49cf263e16aa6677ba5f993d6dcf24570f

SHA512
355b64a70839f05e03adbab97961b6ea9374136cbb0fc08ddf7ddd9c2c6fbcf76b79954d5f353c6d3523b6e9b4a57844e140840e4894493ac6c1a620d70898cf

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q

Filesize
864KB

MD5
ec55d40bf09d1c9b19440d47b2e53470

SHA1
2979e7ebe49a08504a948a2b683e72824368b184

SHA256
78894b2562331d9e76180b7ec5ad21fff3293de6546ad4e497bb5e733b2831f0

SHA512
08a106fcc30bf959066074449f1fb58ec7bd0f9da04f7b5ed521a396d55486994d8d2bc72232d18a2c8229a8d4c62d2389fa71fc24e2f7af2342a719be028e4f

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_CValidator.H1D

Filesize
12KB

MD5
973fbf699ec497a9195236abca6c87b1

SHA1
52a676e626d2abcd907056a7241773ae6b011bf0

SHA256
d41cdf1a69d661a4ddc61e260cbbcd456993c9eff54c14dab4b445e5b7f979fa

SHA512
667dc265120345543622ec40cf151149fe4f0a0789eb6c13dc5f4d4600c69f80692e682a2cdd42133f6c805f0f474ffdf6a562f994227242194a8248e3e9f1b6

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MKWD_AssetId.H1W

Filesize
229KB

MD5
f93e8b51eb1f313d4e5245609475372d

SHA1
1b9dddc94ee2f0481aafabd64c8aea87b331dac0

SHA256
25b27632bd4b48c7dd09e875c5b05b0d50834ec4bbb7bd00514352b9081e3efc

SHA512
b6f0029a5438a088a07e6ed8345d2db893e6dd9e9a59801101e2e73ab6e618194b1adc8a096c5b0f5f9bd215cdbdd8279f64672903cb7ab0cea4937365b0994a

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MKWD_BestBet.H1W

Filesize
425KB

MD5
bcb8607594a9ef1a683e77965de47248

SHA1
16897c3f1f3fcf0103930767e975fa3324a4e188

SHA256
040f8a1200bdcf525dfcc6af7c8e1943137b6291243b0151803425afb0ae3edc

SHA512
df95ee1289ed8a0640e37df510b835ee0aa176d868a2ec2c57e5fa6925e589c4dc6d3510bc4fc273da2b8d1ce7fa309cb317d95e80adeab3ff1372188707d7b0

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MTOC_help.H1H

Filesize
531KB

MD5
285b511796d8df9b7c5cc225ff4728a9

SHA1
d17fd69c116063ec4a69dca2d5091bbc4953c260

SHA256
a4f3464aa9a26ef002cce9c289cccb54078e30b66b3cfdfdc61307171ff2ecdd

SHA512
6710d9cd44263f82ab256cc4cb767516e999c21c176c299d4b24a9af96ab8ce12ba17bf859bc5d79a3993f0c9df71774a54593823d6617386b612b686a8957be

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.H1D

Filesize
14KB

MD5
e3041d929787517d34a53c959c982659

SHA1
90a0095b0a88c691d9bbd07f3e779fc611c130b9

SHA256
86dcba4abad9a9c09fee38cb63fd002a0cd82becf856bc0064761a1f76e47e1c

SHA512
dc8bc5c307dc9dddad6f3c3bcef356a5fec9bff43f04d833043a26152493131dfffbc658dc270e41147b53bc41559c66d2f2f018f55c846c380d18b573a15db6

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help{68DC71DC-2327-4040-8F03-50D6A9805049}.H1Q

Filesize
1.0MB

MD5
a0bede4154b0a8378d1240f4e96d8817

SHA1
7802ea9cbd956f956824086c95d38f2538e26423

SHA256
ee9c99a12c86674649904246a27f7eaa996cf26f41ecab8c55fed46ae140798f

SHA512
1e141611e9cb99e020d0d9a51d262849e1c57e3ab6324f7cac2784fa4dbf98deb644b2b6a5f7f735424fe265ed2b687af0e866872f8b166b90ee6cab72d99a5b

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_CValidator.H1D

Filesize
12KB

MD5
38fc2ec7adea3ae4cb0852f133aa4873

SHA1
ad830f1a4b46b3dfa240ccf0164602a047c33f28

SHA256
ac4e3f7d6da160f9c6b34dc5b20827e17a54b360d0e22d06a055c343bb616771

SHA512
23156bee33a96df44bb52c46e987dd22bbbda6506570f5ff395d90450b1caf4b213d3e3761308254e029c692d1c6bce7224990b4bc08d51a4253c52220a13e2c

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MKWD_AssetId.H1W

Filesize
229KB

MD5
bb550aa9f392a416d032b09768630e75

SHA1
09b146a3bad9fab9f8523b988fb4e70e7b6b7cb8

SHA256
ab3e67cc84c288fdde5a0e86677d165375328db4321daecdd0fd2e20e7dac787

SHA512
cd963c6be9b817febc676e1e39149ed27dddb399659cba6ac4618c10dfd189f679041305f18536c6c2c275872cd49ac39adf867d04c09183c99d70955242b477

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MKWD_BestBet.H1W

Filesize
421KB

MD5
6f10a85dc4ed4a7054749b4ef7addfa3

SHA1
e054ef59712c6154cee86f5811d7471e3d77947d

SHA256
414d55d96eaf73807dab593ad95eb25dc9a98506487efade71adb77bf3659011

SHA512
3760d8db7981c6d7167ee753148b96bc7fca68ab877bef9fd604acec85b2297706540b9d07bb417288a162a7c5dceb24b96313f581d927a81cdeecd73178722c

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MTOC_help.H1H

Filesize
546KB

MD5
2dcacaa7905c0782cec01729d8e67a82

SHA1
28876fbd9b7ec8ca6fd27197577b259c9035e5b4

SHA256
8a37a8a5edbdf8142ff26175c2be01542093f1d0f3bc8f8a058be58558dbaa83

SHA512
9d31b7be55adfd6945627eda73d3bf1cc5c418c5509b47e25639acb675e6aeec3cd177f28ee049753865ba730b6116e5595a228536064c4a3d718abb0a400899

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MValidator.H1D

Filesize
14KB

MD5
f197002dd82aef2899eb441cfb6f04e5

SHA1
ff05c39533669061c6a39ca7b36027a9cc7d242f

SHA256
30580b8e3c364660847da67d3ad422ec862bb85499aaebaf570f5a08f0b789ad

SHA512
e43b6d42ea615a96cc97b66adc3d2eaca39dbcb80b54d647776e5aabc494f3ce552f7b6880264ae2daafde1616fa76cffaaf698bf3697d56b0edd1dc0da3ea08

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help{92F2118A-E813-4A4D-9DE2-F96A9DC02C53}.H1Q

Filesize
1.1MB

MD5
08dc607340c64ac89a3e979b07bb7226

SHA1
17d7be89d7e6057940f9190836e9ca3c122c748e

SHA256
bc6b9217dfff482b6350b171ca052c21d5c3678bda7e7651405adfb327eb437e

SHA512
cc6ad8401a8cc4815c92edb8fb0f5ed03f38ad49ee4397ce15c177abcafbee418e49ce516ce806e8ee6c03c8e1679cde479c1dc4c1d4d0e663634d3b87392551

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_CValidator.H1D

Filesize
12KB

MD5
7280166df05301a5c69578533541ffe9

SHA1
b24933330e0e9467fbaa42a77b845a88d08ffe56

SHA256
87edb154968367fccfbad0b73c73805485886e0b742c6c84ab7e9b616517e103

SHA512
cc127759f784c8038fb56a1ab73c7ac234cde48545d8415b69a1ae9a8ca95f851198869b7702664775f08df13898df08d46fa4da383d48e919929ba4222d3f79

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MKWD_AssetId.H1W

Filesize
229KB

MD5
2d9d7810278779befcd44c3d1c476172

SHA1
daa0adf232e4165d8af29920780df9deba59af82

SHA256
f5c9a9f2c61798ff682626c6c8955f6148257c01fb7a0ba0a82f12b3975a3252

SHA512
3ce1ba9e217fc70754a57480adead9bf09945d880bdf728a331f30b6e1a439ee77af5ca4b2d76d5fefa59ffcee867a3ce51ca02422fbc41b4123026c17c7f057

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MKWD_BestBet.H1W

Filesize
421KB

MD5
b73f22dae760c23a61ca8526e82d9309

SHA1
0cbeb8bd2fbff75933f2a51f65e3eed2386b9aed

SHA256
726cef6f467c39a8f81c60378aa0dda76181bf4f26f84440029725fffc608318

SHA512
79d6c6ad0d2491ae746336937567b9059333a9b88cc7d68bd4e95aa6786b781037427f401492febce5b8c4fae9c8016740238e297534c261a8bfdeb7e65cf6a3

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MTOC_help.H1H

Filesize
530KB

MD5
72b06bd52b618b093c9a748340e8af3e

SHA1
5fb06b95860ecbc464accbb6d9cdaf2bfe1290c6

SHA256
9c78659b0fa95a25ec3e29e9c1e915aafb2eff00f3bf1044c13182452c8bb9bf

SHA512
fa52a2332498acf8b526bb31cfc9232cff7d1cb4ca6f52dfa43010cf6304ee8c5401c9a669be4592931a761a3d0f05df2bd71d5945854916cc602db56567d978

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.H1D

Filesize
14KB

MD5
41db8f54d7ed0b9619b043d0296acc58

SHA1
71093a64a591df0b49d6cb72df812c9f12d943c0

SHA256
bcdcf9ec95bd1e0bbbe8cb9890a6b69e73c6fe4dc782b95029333c24e6062fa1

SHA512
94c2922d3b41b3209545fbf009949e8f7589742f74f7f2a97a0cdcb9c447d94dbb7c168faaefa1e1a0a80b1d310ed0992247096614e88fece45c146183f502b8

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help{7E352021-69D6-4553-86AC-430B0D8FF913}.H1Q

Filesize
1.0MB

MD5
538260b72c044f960633274b6f1a8d68

SHA1
80b212ab09ec9b6f9a6b7dc3f0dad79ead07eb35

SHA256
e1e985aeaf61e81e007502dc3e7801c27a9d3b86af0cc2a06005700203098a53

SHA512
17806811f81ac9af4d1914fd5bfb514bc9bd5ba317521d55e1044fa40f7408eb58babbc2a5ccffa66c00d81db179e161575ed38d53dbdc566e26ea47aaae6bb3

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_CValidator.H1D

Filesize
12KB

MD5
20f322a372fdc50389a68fb4f4b077a2

SHA1
a0fb140e779039d8c7c38c2fc71612b2dc07cc68

SHA256
2b201cefdbe5a40bb1b3fe967b65f8112b51705a4199316b99598b4186efc5eb

SHA512
f76a8755c8ee723bacccd56201eb2a0a19ca11295c29eab1986e4c7779b29021a90bea915c25343535e92c6c6b5cd9bd2fc90df9229ac2770a3ec09f5c4fcc36

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MKWD_AssetId.H1W

Filesize
229KB

MD5
ba7ba75edb996d1d961e11ad42022e71

SHA1
dc9078d9dda943f535a7e79c3a7b184fd4182817

SHA256
c8c8156606fa3ee9f78c197ca906f56dd62841f5eaccb514f6efc4aa5a25b86c

SHA512
775c74b6011cdca7c7648747b61b68929edef18039964382d35462edae7d3e920ce5695a97bdd1e42764a7d8cee757f55f521fecffbe72af4399539bdbc32a46

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MKWD_BestBet.H1W

Filesize
357KB

MD5
fb6f6a921df8a0d409d40692e959471f

SHA1
da5f750155d013bdf81ff4e3b112472fa485567b

SHA256
f4596bab6cc0015f783909b5d59b2c4d0f930942b5cf5b1351a30e1ca3a5f984

SHA512
571bdf5d57b3c3b77530ee43f7cda398ad43a5a787a9c009136646b5b17952d9d6c846a9bd82ba0c2ebc4cd43961395d8675ec836c73a9b99d10e5e27bb8170c

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MTOC_help.H1H

Filesize
352KB

MD5
7fe089a4df11ddc98d375478ac81e820

SHA1
2656312dcb4ada691d4e0290b0f1fa34081151e2

SHA256
c2a5ab57db06c9eaf67317ca242e8f62f1a86c4d82dcca26b33abb18656d52ca

SHA512
12ee876a055d8c12efa91ed9d9bec074c10ee40a45a2476587a26ade1239f84bc7399ae51cbcbd2fbd102231389a832a870f023bfa6c1fc1d245bed2d08f866c

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MValidator.H1D

Filesize
14KB

MD5
21f5cdf4353e4bcdf17791462b2aa305

SHA1
ea33f2ee0d17f5c8189095480954f029c30dde31

SHA256
a62b8d12e7fd0e320fd3278f43d0bb23fecadd39fcf5d22a8b13b9641e2fd620

SHA512
7d7abad44db568810519083ca551f71e894663b78ec9f33d587d17facf849a93eaecbc8f74c5cf941edac0216c2c709126e94daec3dc63bf1f68b5f0b9daff50

Download Submit
C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help{E1E8F15E-8BEC-45DF-83BF-50FF84D0CAB5}.H1Q

Filesize
1.2MB

MD5
c3f7eedeb0ea66e5b5561fb60d026600

SHA1
19d321fd6946df02315b985f89418ee9c3e5e1fb

SHA256
323e23be68453a363aafb1e36aa46d039f089dd40e873cb2044c7c02f08ca19d

SHA512
dd2c4dc77e4f41e6a72adeb64c6267c78d7683d78b83995d96d883c01e9994189ea7211ab0918b49a79efe2c454d05d438f5553f12758f39354dafed9e343d66

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_9d81b961-0275-4281-8321-63119951606b

Filesize
338B

MD5
586855c674eac9d4a6af392a3228add6

SHA1
04466c5a104dc8b8da1140cd1a337a3d0b3841bf

SHA256
e0b931190a7e3f80cb2be6a816e3fcb1610965d1c68e1eda664182d1e3180693

SHA512
122d31467efd95585f6fdc5b9b34a86bac9efa47fa60adab4af032c029ca1ad0ef80f8bf927e1c971787ebfd554ff1f289a028ab241c945af5156683041dabb6

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_9d81b961-0275-4281-8321-63119951606b

Filesize
322B

MD5
38ebda7ecb6b25f020adcf81d2902a0c

SHA1
11dfc62079719b9370db1f5b34a04f86422f2b83

SHA256
ac51b087236970d76a720763c2e11819bddb4f154591757220e564466b01c02c

SHA512
1da41ebd3f4d4e0aa2dd0c38980dfdc24237c9e4e3c329df16787085301d478aa91bba6bbf2ecba87ac734701bff83e6f7b9199bfd4b21c7875b139376efc0a6

Download Submit
C:\ProgramData\Microsoft\MF\Active.GRL

Filesize
14KB

MD5
07d5f1fbf1e5d2ede2850a93e8f3c339

SHA1
df7c294402eec61418453115fa1619280046d0a3

SHA256
b13a85397f1fa7ec27888b6ca1094a70436baff38e6f22b3162724927e2e717e

SHA512
5eb47d9e7e2fa7eb7b510802f2043fb43d46bb83274e0efc037cdeddcd9b63df8d63a64a75394e204866197a3259a9b0b509ebfc0f5e8e36bac807e36c9104b7

Download Submit
C:\ProgramData\Microsoft\MF\Pending.GRL

Filesize
14KB

MD5
217e7ca16546e0edfbc3c0b17b04b416

SHA1
e13558fbdb230b7b13eeb05719a06f2c993da775

SHA256
bcef503deb2ffcf8576d9e0870c34c13e805d194796ecd4e834d9ca39b1f5c7b

SHA512
f9234053b5a012c568c3ece6b148e3aa10ff1a82c73c81c8d32adc6494f221e83cb40f79cb64d7aa19609ec1e9717a115b54085b54adceb8f7cb51d6e471b653

Download Submit
C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico

Filesize
5KB

MD5
089ae964f6f70f0426395c4fdeb40430

SHA1
af07bf2d6d75d19ac09e81f35eb9d55c36d8887e

SHA256
1d1d8f045ffd8aa1bb74cbfe8763a8ee8443d81e61e520ed05f9d511392908eb

SHA512
ec6d73ee049bb7014ceed99f40f8c9cde12e974538e532d1d2bfd117577132892d68ae7f18d6fb0d548465e04fad359e331e40e94c72106002936bb3867a2628

Download Submit
C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico

Filesize
24KB

MD5
9ed800f01c61646c6f11af5fef68ce1d

SHA1
0ff335dcda06a675a2479a67721c99b2489411a3

SHA256
7ca7be8119311cc6be4aea6a8f334e0139500860346112fd4acbb40372e08318

SHA512
b48db0eeea6365af2040d715f130eb5b5c02a995c795f3748d3a0c30f45374fb5872d55aa59c7138d9a22770d15230e92fba3ae8aacd42f59c2e60770830c31d

Download Submit
C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico

Filesize
341KB

MD5
de4bbf04dfe4ed3f7c8813f394f98c04

SHA1
c1a7d6261197608ab75c54b02dc9b46c68b2c88a

SHA256
864b1882e7e195244c0fa0031693fd1a9bd07d3f3ff636adc6b5e6b71669641d

SHA512
70b000ca848168cd508dc6b63fb161ead639b8cee303dc135132c55c5ddacfb51dfe6e193ad997f7259801d5c09442a10bdfcf3cf4bd5ad5b722535eb844c68f

Download Submit
C:\ProgramData\Microsoft\OFFICE\MySite.ico

Filesize
24KB

MD5
ed7c678ce5a127126c3f7bb45e2ba44b

SHA1
a72b1d3d657f82be49f0ba1168dd0922ff009e79

SHA256
9ec9feb6937f616a42b3661f71311020e9e371751acff763e51dcae4c585abe5

SHA512
d4cc2ee5e2316d944b92704749119709e71f3edb3d2eca465bf8e034da272b104d2dfcdca1f0cbe394af3d261a8e8c39561f162196fbecd1f2c181a01d8f0da4

Download Submit
C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico

Filesize
24KB

MD5
8295a867bc622561f2487c3fe8602f8d

SHA1
7742a32d482c31fec833fc67b9225d08c222977d

SHA256
bb336ebe629f8bb84c7908b8134b23155b0c2a1044e137904f0e48a023258255

SHA512
b2b64c689eee282cc11efd6e4a3df5d52e84917fb8b01db0babc013f5484aef90d3f5ccedf1ad288c325f28ee069823ef0cac2a092c1928ebcbebf150e1e18c8

Download Submit
C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico

Filesize
24KB

MD5
1aaa76271179fd603eb14f7a3343713c

SHA1
ee404224d54a2c80ab049d9fbc4393949217b633

SHA256
5db2a76b6882073302ffde43f2be1b329d19f6c37d2abb55b8cccdfe5b01e4c9

SHA512
c1dd18de7fafc0d8d481df129b7bf399bd8204a18cc9a32702084b05372002c2414adfc0837fd5c043c2796f009d099854ada3666d712f89ff66ad4cc7083a88

Download Submit
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat

Filesize
31KB

MD5
b8d0ac73932248275bf471959d91203b

SHA1
aa62f816e99b29983af5b1c75a24404bbd2937ff

SHA256
c492ae9f38c72316f617e9de98d2fdcce9c03330987240f3aa40e6daf5ed896b

SHA512
e94933d49390248af898fbf445d1f5bb9f783dd9fc13e4934de2be50d1b4203da104aba801843435e27385215cc1db15f24974656b16b062d4d21758fd15b98a

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp

Filesize
48KB

MD5
bee4df3968a7ae581cd98c3206b1d8b3

SHA1
fd2d79948228a04ff1394eae423adc3e6ef39d8f

SHA256
0b077d3e8728dbbd2c8b2a1ae0c1714986a6cfc83578459ba07162be70530c2a

SHA512
33dcf0c1e395036e58ba38de7d5b19d00c35da05233b2ac825ef1b6c1a2b1cf3714b4f18203182f5801db392ea32b681db171332bd758f7e6fb3081128b5da98

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\user.bmp

Filesize
48KB

MD5
b2e5637122c327cc93fb0ffe80ae5e20

SHA1
869a58fdfa357d9e7cdf1a875eadbd7453ba12b2

SHA256
78ed9861bcd46ef3c396767da4f5d518e36f52cb939090cc899a5bf107a2ca2f

SHA512
cfca9895ef778fab1ed894808798bd33e0f3ab1cf3e734e2df8b7c29e2cc40140f0d1bc0f5c2b648d8b2dea9bd71284204d61c8f8228b66209bd30fe60b6fc2e

Download Submit
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm

Filesize
914B

MD5
f52d8bf16f17bf3af31427dcb4391966

SHA1
109e1074deaad1bbabf5eff45eacec109de60a8c

SHA256
7a655367f0aaef0a9722ff2d88323f294e77b02ae36bbf1c1bd98433ffa7db57

SHA512
2fadc5a84acf74474e3bc375dd37d2183452a98e05cb4141d39cf93299b44c648cfdd38927792267a8e820bb5680de00e051afd684d573b75d7ff833f53387e2

Download Submit
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab

Filesize
5.5MB

MD5
9dbc38fbfab8cc6fd323e9f2ef90c869

SHA1
ae1b6dacaee21c4f689ecc83c648339e869a97c0

SHA256
c5eb9e30b448af517d24c350b7d3b39f11398667923d898f46072fab4b1c2ffe

SHA512
d00b30c7cc1befe737c2a50f2d483ae902076d86841e175989153da1d97ef1593d3c5232c30f05cc8c8768cbfcdcb0a71bf589be84150936cb458177790f7937

Download Submit
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi

Filesize
148KB

MD5
c74e1eb53c01f2314207d904cfdc601a

SHA1
dd7526abeeb3d7ac110be619a0ec08a7f13a2482

SHA256
28e445a84e3ef05f063754636585a75ebb68e3ca6693bdec503b1d7ae6667f0b

SHA512
737a8abfbe60678a16d956be0eec0c6cdf347fe24c5495a314cbd810cdfe8b65c1ad8bf9a1c9f42b6978cc7c480b6465a5b52b31de908cb97c55b20df42e3e58

Download Submit
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm

Filesize
1KB

MD5
ee9a41f69b5aa327546537540ef88667

SHA1
033848eac3e0997c0a8cdfb8ad3d0e99db7866a9

SHA256
a800ecb0fe3893e460e2dd38805799a2eb7e3436c785caf165e903ddf4b275ee

SHA512
651c5e79400338c4f56d5861e61e801ba8f4e1bd587de613e6d2c05c379ff847bc4a51ed569df2547430382d5d6bb83d47e3b96e72a4df5e683eb1ce91c7e67f

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab

Filesize
5.3MB

MD5
1f1407ce688ec78d752af4158235648b

SHA1
6415fb117fd7855f0c9cd76d33ae1eb8b2533129

SHA256
960699c19de28f5e85e23945d6626d856e27d54aff7a26ab59a2b63b55f8f98e

SHA512
48423c446e425e5f07c542986a9632bacf5579a039ef3faae87b5c0386fe6bae8555121cb0170e87f644e351358329f9f365b837a5c86fdb6d42717c17c1c055

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi

Filesize
140KB

MD5
38de3fcae883f4d598227273323fe406

SHA1
d7baca5124ac99f62c5951893cf97630cab640ef

SHA256
1e20f04aab2864760a68f817afede744b586a79455603cb018eac9d3351cb17a

SHA512
bb9dead21ba2c61a46cccfcda429e4a06af69a3d8822c86baeea1d24d851be3be697e3223213c9646b9a55cbf744dea820c10e1078529910e477a2d5f374917b

Download Submit
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm

Filesize
1KB

MD5
5a37c665db6973a6abe8b0e08f9e0cab

SHA1
1a4c940329fffa8eaa6fbbcb8b028ccbb7768c99

SHA256
e8644e0870a153bdebc3299042c9530a9ecdc12b070ae300777ab659de98dd3a

SHA512
4b34c06d40d446762da6c7e9b62a7f04f789794d7669a65325bf0162aff3852289598dd64476424cffde7092976078bb55776c38f8b2ed90b0fb3dad37342c7b

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm

Filesize
930B

MD5
51473d51f30eb58031e3378e4e5d00d2

SHA1
f491d5abd1fcbbdb445f2cbeffa108361a6244af

SHA256
fcb09db763f995a37efbf58c81a505f295ea5813416ea03c324facf160ba85f7

SHA512
5c6635365a74c57b8334e1a6bbacb8b55716cb9cd229a06902c0b5406920242851bd54b9f925e55531061c77df0d470f51ffffc6553308086dac2feb752e017b

Download Submit
C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab

Filesize
870KB

MD5
5e84de272e36f979653f4e03348062b6

SHA1
3fbb10094de727ed9b6925c97c1e4ac8c843cc22

SHA256
802994b240360c7e0ce5882803dfcf1bf53a87185f57dbc45fa992424a0b09cd

SHA512
997dc2efd601a5afa20aa368ad18e5e703f23c4e0e71490a06c13c8ca241fde8a5fbd090230fead716cf95565b6a5a8da3b1665153ffd1334497860a5b91acf4

Download Submit
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab

Filesize
5.4MB

MD5
4abf6b0102baeff491fa0f7cf4af629b

SHA1
e9bde0e1202d20781d300a125844a3ac2d067bf7

SHA256
35e5dcc2ccb9ca2c4879534d7ddbb16a3c05ef4cd6e41d8d1c3cc5ed89097ba5

SHA512
1e1b69583f807bd30d6b10f93ed416f8daba63e086c4e0604a3d1e1e7e9b7ada04b807bb443411da76140c22d062669e3d47fc6013e109c138163fe03b36556a

Download Submit
C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi

Filesize
180KB

MD5
e47349dfc04812d9cc0c241441d7f0b3

SHA1
99884b9ab2cd2a02466305c8ca102a39b4b6634e

SHA256
3e2373df44638dd0a8e2df66e13c1d44eee229632feac0ac94a8bd8f08cde2c4

SHA512
6936321adc5ce27977c1aa7dd2c3e64579041dd98ea41fc686c10fd9baf32391fd2a97a6932a21c76e398950d3a73f1af1a599c2dfbbede9a85599560c9308d5

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab

Filesize
4.7MB

MD5
4068bbcf3c9798129957d703bff8f543

SHA1
10ed7797db25e346b21955d5c176001aacc8b52c

SHA256
0276da6036e1d5628bd264531a29990dfa6698cedd3487bda137329404e62e17

SHA512
c2fdfb21db9cc35415b388ad0abf2add3f9105d54bb56166d4efbcdc166b02d73e8ef9f519a13db9a3fa76eec56b607c176600306a3d1e1d77d3dcc8a3067ba2

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

Filesize
140KB

MD5
e34af877042e0d7fa090240da1c202d2

SHA1
8be18fd6a5aad4d351b2d381ddb542414ecdc267

SHA256
61944050a150608fc79d349da613684f0ce290da956bf42e68517de7716c7682

SHA512
ed5e4a86dac80e68bf0bc394953f70d8890d5204224170c7f86bb0c51d2e5c518c3ac4b36735bb28e32b7016c923ff807fa5219b7fd105d48e8cfe066e178e88

Download Submit
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab

Filesize
4.9MB

MD5
7a6d9c09f786d20fc4a3007215b28350

SHA1
64b614d8c007a12ea7b776a25b8468486da05568

SHA256
1cbe9d661cce1486913f5de6bdbe33f81b1385c6223173f46c86c15f6d27748e

SHA512
0fb3e69dec05c9219d19391989ff6a1d543214fdfaf86b33c6a1df688dc2986bff765d23590b9d1180d1d8c2a6daf9c59951b9f5c7c46fc8818f996fa852ab85

Download Submit
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

Filesize
148KB

MD5
0a561c7d00a3784abc638ff727e65613

SHA1
73c9adcf7040080a535f4a9c5a5bee448ee36427

SHA256
c5cea4b03f57f8712d7351adb7cec04e3c6fd46411f110f78bde078f2cb1232b

SHA512
6a69eee15790756b4eca3041b6944a598c2e3e585e78f640bbfdd97fa190fbf8c5fca80cfb3ca8f8761839b6c254f8419ddd8ad81000c3d61eeeacdd914339b9

Download Submit
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab

Filesize
802KB

MD5
0c45e30311273b4882a603f59d53d414

SHA1
10643b0cefc55ba3e37674de31e3ec3ad44f004c

SHA256
920bea85d897468245208c95bb92090b86e1b1c8385f7327482c80fa90364f2c

SHA512
4f6f6b3d4ae663230ab2209ad3cd8acd4e1a4ddc6d91b3c8a3a3a3d4b32c1f642901929566d868b6d95212172bd286cc4f71088c1fad60cca2c589c832f84360

Download Submit
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab

Filesize
4.9MB

MD5
a1ba626300e0762fe86f25b2c24519a4

SHA1
265be54bc45eea3c41d59a25ec3918c6826f2094

SHA256
dfbf6d5584fe015fb32e19a2233f03f942875f38bb1989e914639a0e1639ba65

SHA512
ccabcf0cbe88a5eef8b817a642d13380c80cb074a50512792d8e693206ca0fad233a37881101acfc1417ae2b8091fff97d3c3a45e6a4e1deb4b7af2267015509

Download Submit
C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

Filesize
180KB

MD5
97cd1150b30a925ccbd218e26fe07c31

SHA1
d5e620002c24e01bb08abcafc35c1f857f91d5ef

SHA256
75c332e1ead53f3e64a687991aabf49a4e686d6c6c0e91c09ef3285e60f8be1f

SHA512
e5170515fb2c42b0b106cd51c296495e35873e6f5b0b03aa3e3781ae4b2e6e0c61e048fb73bf64bd271c0a2b8095b4ea4cf51c8bb532d850c1095c59ccb186eb

Download Submit
C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab

Filesize
1010KB

MD5
17b1435063d8bfc5245aa6619fe0a492

SHA1
fa40dbcfaa424a7aad5ab7ff4202cb99ecf8bc36

SHA256
e154fe52027bd94f8ae0a45b66cf79de22ae6b9e0e9ad51b9cabcbaec718a73a

SHA512
639df52a63e0031f152a74a5d6be7a0da797573af8f244629b3342c9108f9b7533da39ee8370067c47bce66cf411a8345636b685b09f0776e676683a7489f1d7

Download Submit
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab

Filesize
791KB

MD5
46dfe540fdb46c55c34caeac240ea88d

SHA1
55af624d7e2d675e3a0abfa7e825bea5dc9e7e1d

SHA256
4be7c399e661a280cb6fbbb8f98fbd2707f9fab290ab056cdf084ae76f9feee2

SHA512
7510730c69691302b76ce6f32808d2b8b3eb6cf0e335a7f09777bc366dc0a4452652dbbbde64e5708761496ea7c06a5c77c6a7c97c90a4ab7bbdf22e2cf6060b

Download Submit
C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab

Filesize
974KB

MD5
105df4aed83872d2d1d3df64b2ce7d76

SHA1
4dc3b95ea134c90c09b9597aad6633028129f165

SHA256
80bcaad0a007907c4ca31de84babeaa675d0e462b9be38b3af80513c3e93c830

SHA512
08e679ebfc93e47d494260c136b8397b4848b4dba378438fb3b80e54304cc348c472e0ba80298a65fd9c5dd9da6e5ca6d2a03f23e76395e73f85baf9404af8ad

Download Submit
C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab

Filesize
742KB

MD5
60f2830f552cc8325f8d527f50ae923f

SHA1
0c749493d6ac46d5dbfca5ed5bbcda1ff69ecc11

SHA256
0ecea62d048534d7ed4a523554459836c9e490a7962acb05822a8bc304ba8d2a

SHA512
49bf9d8caf89b0eca22d64ed2bb0ccddf8678fecf5f1bcf716e3b1380d63d669383b6918505bab6cb41e548577780f25fe98f1cc7f999cf4a954b3eb1fa1b9bc

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm

Filesize
914B

MD5
690a674a9076164cfc6c61dce423cb16

SHA1
ad42c2ac2c0eed7a3de45e829802fdfdc9d4e08e

SHA256
36ee5f22d9c8abb8c59b38302cf71173442682713408fa7a9bf46fbd873525df

SHA512
ed3020a0bbb1e9dde2586ec292291f0784ddc6952c3714a22bccfed1654c962a43115ca60fb47f8458302faf291aef3252396ba3d7db3f1405dee603084b99fa

Download Submit
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm

Filesize
930B

MD5
5d2c004c4211f2f6c366b2398132a368

SHA1
8b55ac162a4ca452650469da1f5bffa66cec4bfe

SHA256
d004948f1ea1c60ea057b1d22a20e711f71b47c87becc4c3e5805968461b3b4f

SHA512
1f870bb8f4043c4680dd3aaf312d54cdab7fcfbee0371c715d03e5d0f153bc337757c25367982d5d589dd805ad1a77e57e758f39acab817e65533deba78b8ef4

Download Submit
C:\RyukReadMe.txt

Filesize
804B

MD5
cd99cba6153cbc0b14b7a849e4d0180f

SHA1
375961866404a705916cbc6cd4915de7d9778923

SHA256
74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

SHA512
0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

Download Submit
C:\users\Public\window.bat

Filesize
1KB

MD5
d2aba3e1af80edd77e206cd43cfd3129

SHA1
3116da65d097708fad63a3b73d1c39bffa94cb01

SHA256
8940135a58d28338ce4ea9b9933e6780507c56ab37a2f2e3a1a98c6564548a12

SHA512
0059bd4cc02c52a219a0a2e1836bf04c11e2693446648dd4d92a2f38ed060ecd6c0f835e542ff8cfef8903873c01b8de2b38ed6ed2131a131bdd17887c11d0ec

Download Submit
\??\c:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.bak

Filesize
12KB

MD5
a533f144041663e9649faf4c5fb9f0ef

SHA1
1bfb5c46ba4df7c236ab4850968c8154e8ab0a11

SHA256
1eefe2b663be0a6f873e3799e76fef9fd46f66baa19d34cefcc5e7e9458d3286

SHA512
3ccdd031ffaea1d39dba54f9bd5acc4c89dea230b812de49e12686dc2630e752573a84550b98d645f0c0ababbc24d412b80ef686be1fa7f13b1679da3168632f

Download Submit
memory/1040-0-0x0000000030000000-0x0000000030382000-memory.dmp

Filesize
3.5MB

Download