Resubmissions

25-12-2024 03:42

241225-d9c21axjdn 10

25-12-2024 03:39

241225-d74ryawqfw 10

25-12-2024 03:37

241225-d6fzgswqbw 10

25-12-2024 03:21

241225-dwt4cswpdj 10

Analysis

  • max time kernel
    55s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2024 03:21

General

  • Target

    4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe

  • Size

    143KB

  • MD5

    b77cc8a1ede23a80a4a4c9d0a8b40735

  • SHA1

    254c97abab837687c779b57c7ef1bec4c1e2351a

  • SHA256

    4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581

  • SHA512

    f94546161808210ada027d03465f88336de4f2d24581801566f7ff17a9641b389c43946a98275ed637759a0205b8d09f9028d26bb75ab44e3f7038c5b4667ffd

  • SSDEEP

    3072:dgKsEF7Wf33SdvlRmhYHP+CPt1OOxkgQe:WBwK3SBDmhYfFQe

Malware Config

Extracted

Path

C:\RyukReadMe.txt

Family

ryuk

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. This may lead to the impossibility of recovery of the certain files. To get info (decrypt your files) contact us at [email protected] or [email protected] BTC wallet: 14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk Ryuk No system is safe
Wallets

14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk

Signatures

  • Ryuk

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

  • Ryuk family
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 16 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Interacts with shadow copies 3 TTPs 14 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1116
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1164
      • C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
        1⤵
          PID:324
        • C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe
          "C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe"
          1⤵
          • Drops startup file
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2296
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe" /f /reg:64
            2⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1648
            • C:\Windows\SysWOW64\reg.exe
              REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "svchos" /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\4bb0d8eb6b93060941730c65ac5c11625b805f91616841cdfb887d8461aef581.exe" /f /reg:64
              3⤵
              • Adds Run key to start application
              • System Location Discovery: System Language Discovery
              PID:2552
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\users\Public\window.bat"
            2⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:73392
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin Delete Shadows /all /quiet
              3⤵
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73424
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB
              3⤵
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73492
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded
              3⤵
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73528
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73556
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73600
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73628
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73656
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73684
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73708
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:71104
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:72600
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:65084
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded
              3⤵
              • Enumerates connected drives
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:64632
            • C:\Windows\SysWOW64\vssadmin.exe
              vssadmin Delete Shadows /all /quiet
              3⤵
              • System Location Discovery: System Language Discovery
              • Interacts with shadow copies
              PID:73740
        • C:\Windows\system32\vssvc.exe
          C:\Windows\system32\vssvc.exe
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:73448

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata

          Filesize

          754B

          MD5

          dd36d1b3be43612aeb915498f103fd9d

          SHA1

          b3d96ec37753b95e863b606400ba569dc6c824cd

          SHA256

          5573a022d67c113fd2986b9e36f33124d2baf86e65ff7cc08f18758927a8671d

          SHA512

          d2f06d11906284dee28955ccbb3c8ecb52e8583446ed5819d674917f2e4151278b49e1b48db538136ece9f25583e355899d9d8f6f5252283b0c4da297825b119

        • C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml

          Filesize

          562B

          MD5

          cb517da26da789ea2eacf996d5a3d892

          SHA1

          fd321745f53ae98adce110c2c709fa5e0646b014

          SHA256

          3ca0814edec760710f12841f0768776e316975230f7595e950a84b5ece7ce0a3

          SHA512

          b6d310f053859ecf8286911724fda0f943a620914fcfa7e52b877c4b5bc840d948050bff2d03515b662ca29010d20f3f2b34bfb1c04357f2ec912f7bb04e7597

        • C:\ProgramData\Microsoft Help\Hx.hxn

          Filesize

          674B

          MD5

          ee895e8d54c0f9670be6589b891945f1

          SHA1

          fb136990128a4147cabfb8ed293f61e71c23ad61

          SHA256

          702ff0d7a71e40c278f6d0c6b876bd276cef2ef56c1828c10dfac654c443eb2d

          SHA512

          91adaeae226bf0fbc7d4928296a03239ebbe6cbed2505b1d8b33dfbe7974883fb163aaec5120951c90d86d5f60f1419f2650e9f501ca100588465d31a5987340

        • C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW

          Filesize

          13KB

          MD5

          6755f92128f0159d816a2319148ff5b3

          SHA1

          407bf5af4c927d45d772035e99bd121b5b5ee00f

          SHA256

          e6246a1d70a31866a3e2097530022ecb0ede4b875a84553f084977e3fa8b0a6a

          SHA512

          7da854a20b52d2214f8e1a6f2dd67b009f5a6bb9f5be79edbbf83ffeb8eef3aca4c412ab5a1843d6a92ce49c385372d4c16c1ae93fd36b14c8cf9df3d5f669b7

        • C:\ProgramData\Microsoft Help\Hx_1033_MKWD_NamedURL.HxW

          Filesize

          13KB

          MD5

          b1409cf2ff3cafa7f29a3a739031cf4f

          SHA1

          bb256315f4a2fa811841512d92e9299869cb2b7d

          SHA256

          8b9068bb2cfcb30d17bee1d7522349fcadace3341db3f5f9cbb0cfabddcff57c

          SHA512

          212487a6503908e99793be63bc2716377b49d2ac1fa40c313130f6d8e395565f756d075270c9a56d030de72e451677568cc6b1fedc98e61f5ecfdee2fe3b065f

        • C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH

          Filesize

          10KB

          MD5

          2c92e9a8f888f6bff46dd70e01e48662

          SHA1

          b02d0475887a40ba3b6042a1c23b5885d67c4489

          SHA256

          0d738a708efe2467f1563cb5ecc7ead70fbd8a205f86b3cc497ee8cff702b39d

          SHA512

          40068849b1b1d66daf77238c83d881161d458170aed94defb6a25b3f944301ab86e9ec36fa1b69ef5fa205f8b25e2a16401614e69edaa4c29c149ab8246edc84

        • C:\ProgramData\Microsoft Help\Hx_1033_MValidator.HxD

          Filesize

          9KB

          MD5

          095786009feea5cbbb1219130e693162

          SHA1

          31c8f31c05e3459d5219d0ccd6608c975f6fe46d

          SHA256

          6bb60a2ea9a53abbc5f459b9d18741bdb6b6d9ef5940ec1883834f8539e9eade

          SHA512

          4e96fee66d327e2db865d2ae79ef0d914b2b3b8c1f6f0b59f26f5c074add7739a8dfbad1d38cb8fbaa395188e16eaac343ccedc78a5c3596695ae62c1635bd46

        • C:\ProgramData\Microsoft Help\MS.EXCEL.14.1033.hxn

          Filesize

          626B

          MD5

          bbd65964337d2863a46a826e05cf62ab

          SHA1

          449073aa65dda1ee49316f6ccd4504afd3a1782b

          SHA256

          c2eecd8b6a92953a3a1d603105dcffe8ed036072c4fbbd5240eeaeac3a94bb5e

          SHA512

          add2ec41167082b1fbb7b77b6b7aa435b9f7b10526107e81e8828c24b129deb622937eb003090d5097912d3e8645c871386fc0c4fa2e63b1f13ed291dc4319de

        • C:\ProgramData\Microsoft Help\MS.EXCEL.DEV.14.1033.hxn

          Filesize

          658B

          MD5

          0c041829232265f773760050e15a0d81

          SHA1

          1e292c47c73749c4ab576954c1b3894ad18cc9cb

          SHA256

          a4f117825847342487c48db0489940922b84005fa64964a4dd28e80681613893

          SHA512

          bdbcac8ec07a94ab631f85c9b8fa002fb3c576584a8c8b996a3841e95f4e2e675fd5844e4ff26902cef57dd69733297c474e11eaddb06ba1c21f4ce5f3aa254d

        • C:\ProgramData\Microsoft Help\MS.GRAPH.14.1033.hxn

          Filesize

          626B

          MD5

          196c9d3bc24e90ad3b4d86a93118e8ec

          SHA1

          5a9ede7a14eac999ca7ff303d97c3358fb0ecf4a

          SHA256

          c9fbf63134ffaf9c81f784b057b3517d8ac3610b71646678975a5c4df9a58002

          SHA512

          e6150b243d9743b4859dc1b079041062d4f061d17d98e3181ec13717fac5a36b88a97bbb8fa82b2ff82698e87b038e5615fe9fa8beb9d8f3e6d454fc198032e8

        • C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn

          Filesize

          642B

          MD5

          5792d087815651ee22b88ca7f2f6deb1

          SHA1

          b1caa72e4ece3334fb71a15e9a38072af2e913be

          SHA256

          605f0e0efd1b495124f4e142ea675fa172d1cc301909f4e694ff575569333178

          SHA512

          0055fdc624875efa1f732dc4f32b8d7305a38b036c3d27f827da5450bae5bede61ae991ea2757a8edda4c61898294645a99adefb7e5615f0fb8376e81d34f4aa

        • C:\ProgramData\Microsoft Help\MS.INFOPATH.14.1033.hxn

          Filesize

          658B

          MD5

          99ab568f8962f12f1119995756d331df

          SHA1

          3bcd31771abb7cd3e59192189f41af68617de50b

          SHA256

          29bcdbf65b76fe6bfe1dd2ce2319d0aeabc72545f87a3734ed85f81f2d142768

          SHA512

          565ef94dc86397bf45f8e7734e9fd0adb1543fd97c0867128c36fc936139db8fe96a5b9eb20dccbe835a561bf80b4709d23da3a0ce72d78df043c002fadceaea

        • C:\ProgramData\Microsoft Help\MS.INFOPATHEDITOR.14.1033.hxn

          Filesize

          690B

          MD5

          f88dcc7ca78d303abe3d483b13601cb7

          SHA1

          cffffefc66610b802609dc02541fa784efc7c418

          SHA256

          913e268b9949c770ae3e513c4d223a79852aee4a0d5e73dd02355785d04a9592

          SHA512

          edb84eb22b68c5ff11392926ef82e36def80c2066aa40797c7386b7adc15a1d7baa32eabba53554193ffa478ce26ceca4d0877c14c2a1dd24fab856c04dccd15

        • C:\ProgramData\Microsoft Help\MS.MSACCESS.14.1033.hxn

          Filesize

          658B

          MD5

          6fb53f0e690620119e8ebc916ea5bf2d

          SHA1

          d0065d0e22eef618d65f76aecb4e1d2beb20fc60

          SHA256

          4dedc10171680368b1f78dd381e63841381b55e08d203c3b4c2fd0f4660f3e8f

          SHA512

          1d8e5c31c343e0caa156aef56ec5a12bf14c4b26f5e01120cce707698e9c886d89f98f19d7ba95e9fec790662fdefaa47da5f706279aec01535dff7602d850f7

        • C:\ProgramData\Microsoft Help\MS.MSACCESS.DEV.14.1033.hxn

          Filesize

          674B

          MD5

          0d5fbeaf2c9259bbd2ace1362be0c3cd

          SHA1

          b662e24c8a5a3812bcc562e4581bc805ab434c39

          SHA256

          7bf51e9d0eea392fce1495e94f73253fc1dee44dc7ec49b326ff3b259240922e

          SHA512

          323f6f1b95735285d1098c031148910b18fa86129ac74e4c09eef341398ad4c640ae64d10f870b351cb9bbcd382552ed0658366ec9571b5c57ae05f076ed6bb8

        • C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn

          Filesize

          626B

          MD5

          a2ede093345e8852c46a90447fee344c

          SHA1

          e398cae9c1426431a2e1f14620f0853746f4e54b

          SHA256

          99ce6f4b61adf0b05391d2f5c9221dccd2ad4f78120e149121e6d504d0fda5da

          SHA512

          b5bdc07a40ad45e31af87586ca82fa9055cd6df77213a95dc5c07109ac3aa715abacb3801f8055e8dc40bd6ba748980ae55dcc264f5fed67c19e9b69412e86eb

        • C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn

          Filesize

          626B

          MD5

          030ab990540eb0c2a9101145f133ef08

          SHA1

          b611414de2ecea20a3a6ba374469b880a4a4115e

          SHA256

          417eddc0c00d26c0b466ffd28f870f6afef25fa7c700659945eff6cf0710c9a0

          SHA512

          9512f0eadde7cd6ed83eaea88a2cbc34ce83db74a95704a9767a2ce9a15de466650bae54ae896e16e39e7ffd7d2af9fdfddfbc617ed72d1ca9820a957df42e27

        • C:\ProgramData\Microsoft Help\MS.MSPUB.DEV.14.1033.hxn

          Filesize

          658B

          MD5

          da01f08906c89cdfd42b92815a1c69e6

          SHA1

          476f3fe7111a2ceeb4941225c907761b3a4295c7

          SHA256

          21c7ba3dc494d69d29ef4f2c1846c80d57c275eea1e66bdd54fb9b4f2aa1122c

          SHA512

          1b4dcca82422d27f9d3a8a874ac8e2a068a12bb0372160b113d2f21cff0287531d234df9712bd323ea4e63b51dba027ee13d9598fa9ede67691d431c414635e7

        • C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn

          Filesize

          642B

          MD5

          165c976309e0b4a350cdf9b8ba64c52c

          SHA1

          a4812540a9c142837d3733586a044f7060ed2368

          SHA256

          74170c6b9523ca51d8a2e1d8670993c3ae3cd696bd2b01ff6f3647ea3dbdb59a

          SHA512

          8ed5e6cd061ed0836c35d01c876d46a0a3788f527b65206eba46cd9ab9de9c340d110b6f4a52cfbf7db7c57c678fdbe6efd74709592ac3c87f3a8378b7e9b2a3

        • C:\ProgramData\Microsoft Help\MS.OIS.14.1033.hxn

          Filesize

          626B

          MD5

          6e2c35c70c89767f1a3c3f34e7f8b757

          SHA1

          c7deb3232686be6036a14c52edc4df3fa3f1a00b

          SHA256

          28edbc2cf7dbf022ab678de44e8200ff666f7368e63d7930b73c66eafa7ed577

          SHA512

          617167d9b4c0adc5d808632ff447ad82577883fce1e337d48188c17870d774c4c6e2786e95387fa37af307ffb56637c8a9cad7aa08357709f8ac1dfdbb09a5fa

        • C:\ProgramData\Microsoft Help\MS.ONENOTE.14.1033.hxn

          Filesize

          642B

          MD5

          786bc3d69c74364f2336254c4f201b75

          SHA1

          be4a084c4d047d7cff483d5ed8908c2adc38f0a0

          SHA256

          b78b480e52f892176942a57a2a0d2ba69d4972a61e63f0f1c8558a1edfda5e38

          SHA512

          dc368897171d29c9f20a80e1b237b06a76cb4122e1b83947cab4b748651e07968e838957235b90ef613e929ee8f357160cf198a269c263185553a6f43479a2ed

        • C:\ProgramData\Microsoft Help\MS.OUTLOOK.14.1033.hxn

          Filesize

          642B

          MD5

          097c9fb10fd199c0817f23205e0662d7

          SHA1

          39d0b8347d14c1f552246b0aa634e8ba1d7c2eb0

          SHA256

          ee39f750e0fcfb22525b6135cb6dae99dee6be8d7f9b62699ce037d01795c5c9

          SHA512

          877ee7239067d2e5bbf8e3f44e93f195fdbfe1c217d58b7da0d5d137741ef5d1e332493c8f664fef78b412cf5180928d83acfbe889fdacb146c7e063e8e997de

        • C:\ProgramData\Microsoft Help\MS.OUTLOOK.DEV.14.1033.hxn

          Filesize

          674B

          MD5

          e9814b0286b62e960159183499780b24

          SHA1

          1409a5890143a4bbc96a18b584afad02a1fadf39

          SHA256

          cf662e619902346ae4657c4030490859a508d558c5d216e0d6ed72bf355d9bee

          SHA512

          40e3474ccf64a5fbfc0a591bd5cae57ab527a8086bb450dd4b00694af80c3966306a2cc89e958cd5d0bc32211371a75c731cf64a8acae7b33c573eaf39f1dba7

        • C:\ProgramData\Microsoft Help\MS.POWERPNT.14.1033.hxn

          Filesize

          658B

          MD5

          2db3cd4315e4510d0241686265bf48fe

          SHA1

          328901b7eac1090d6b09d54d22cac2125327ea74

          SHA256

          e4df397e7ca60786dcf19050b468035e772ff9e4daa2c41f2bdd1cd94e729c55

          SHA512

          47b4919553c0a7989c4aec2f98187c564208ce63971cf930098165bdc71b60d8261e4314c24728995f27889bc7b8b89894abdd827230e5c664dabd9dc14394d6

        • C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn

          Filesize

          674B

          MD5

          4e04dd029ed9dc795d047874deb76002

          SHA1

          b679a92cd620400c47a6ce7e1fea0302e2096dc9

          SHA256

          8755ffd9237482ee7be2816f1adde68c9ebe14bd9445d13ce39fe3840b064857

          SHA512

          a85584e837caa5c90ef4190a30447fd2cc45ffacf3cf6f7bb06b4b08650d7f4aae03926b982615a1721f60f48ed563ae44836899f4252b463e363027f578e392

        • C:\ProgramData\Microsoft Help\MS.SETLANG.14.1033.hxn

          Filesize

          642B

          MD5

          d3d5f5e82f9005bfea26626ada5cfcb5

          SHA1

          d400b1441428a3451a3e29404ca8a98dd6edd382

          SHA256

          7fef8df3cffe01d85508e0591452ffb6f05b13f24a2fc306ede821a381b122b5

          SHA512

          62082ed899bed95d7d846644445240e3570ea0c6d6e1f71b202a64384b5ce4f585e7af89fb6467f4d1b36599d1976ad3d8df536156e5af8c1de2b4caf3900958

        • C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn

          Filesize

          642B

          MD5

          bc689f812052d04288c9420ab9af62ec

          SHA1

          79c8f0af53a24961f44a75ca6bb1078bee858458

          SHA256

          df4aaee411aea05cfaf055ec079e4ca383a30ef1f920ef9fcf268b040ac8f338

          SHA512

          38bac2ed1d3e2acd313a623ced5d37c422a22ef8c5b17695d75b9b52b3d76caa01ad58ab8955cd63a12c312ea5b0efa19f7c0b74b2054f8aba9f691b6a3a1d59

        • C:\ProgramData\Microsoft Help\MS.WINWORD.DEV.14.1033.hxn

          Filesize

          674B

          MD5

          f269e89a6daa7f0b3d6e3e137a8648d5

          SHA1

          fee47d5e56a2024595abb19d94d2bfe2a74b13bb

          SHA256

          f21c6f70de3ff0f29825374d8342c16ad7c4d0608f2ed0ace553e9802ec999c8

          SHA512

          f3d3c8a6677b1b8d120d20a171e20539afb549d396e50905050716a375b5246de49dd0487b7179e706bfe6385083f4321b32517bf141b6513b334400165199cf

        • C:\ProgramData\Microsoft Help\nslist.hxl

          Filesize

          6KB

          MD5

          7912a1c1a67490cc6cad63a6cce58ede

          SHA1

          1bd4a8b7a98e089d649cc69c31dcb109580cee42

          SHA256

          93c01645d7519501f49ec5a03cd571689ac801dfaaa3ac1f6fdff1a30591d8c5

          SHA512

          3a2086028d5eaee5bc76790d65c7ee585e8536a6cc1089a29a902c8396b2bca1285315e9c228d0699d8651c97fc602d1d422ebff550c92b619ec2149160d3eac

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_CValidator.H1D

          Filesize

          12KB

          MD5

          acd478775f99223a0f18fab29a9fad81

          SHA1

          8281e9ec324090cca74166bb92731d2eb8aba717

          SHA256

          f40b05c536fa0548144b9755b93fdb8f5d40725dbc96aa2712b616718633f628

          SHA512

          da372201867a2dcaa59f27b495d9bb7a1eb837c8a05058d640d9294663ffcc20d10f24cb76c203f6102dfd3a3ecd040b4d0ac4cf53c86b8ab5baaf39d2cb2506

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MKWD_AssetId.H1W

          Filesize

          229KB

          MD5

          9a1c865317b6e39938af8c99d5db8439

          SHA1

          7c30fb933774f8a65508b6fd7c13f0a44a086226

          SHA256

          8ad1708c0df9c80a82b233b1657f57cd4ea92a4540ac56b7e5de541b887a9734

          SHA512

          c5a40034790fae897a10a3cd238ded2eea61445f15a290e9687bb69dca8e6d4fb66005093b471ead2fe4145e976c8cedf8e18eabac846869158c222e5b91ad00

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MKWD_BestBet.H1W

          Filesize

          409KB

          MD5

          46817b35b5bf26e28d2485be6e3e101b

          SHA1

          19ce4accd7961d112948f75097aece49bd43d8b5

          SHA256

          a70aea23f77ad9c8ae34682dc8c0395659e0a0cc06dfab07049aea763d3ab648

          SHA512

          7c9be431bb3db45c52cb4097feff2174251bfcf076dd817544d31392ce308417d70f5a44c00c2e3b4bed0bc6b455bf42af285997b95e8e7456c0ab98ddeea1c9

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MTOC_help.H1H

          Filesize

          531KB

          MD5

          de068c17413cced546d12e615d0e4921

          SHA1

          8a93ddc3f30d47f53c22c41173c44a1ec36128b5

          SHA256

          9129456007297ca411baac502ef89b8271f55684aabe5293adaadd0c9c9b050c

          SHA512

          728350d4682631bc7e3d6ff96abae267356a1dd1cbd3c40949c375f05bc150f1900fa9b3077f730bf02c77831f718b8e23efb8b66bfe33cfd171fe831a4c9305

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help_MValidator.H1D

          Filesize

          14KB

          MD5

          54c0b2d8481ce7b69162d4cb630e613d

          SHA1

          ba8bccb2ea3175b396569d7856c2b4870b5e6119

          SHA256

          2e4ca589e9f8abdd4a8addeca51fe0cded2efa8f2df86fdb58fca278e4320143

          SHA512

          64f4160c8af794882e23348f4e5d187cbf9f95c67b528a137403ac6ad3f8f0384a24b91826a33efbc4c760ebb50afb0280078666326fe5228e232f23dfe44562

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\de-DE\Help{45EACA36-DBE9-4E4A-A26D-5C201902346D}.H1Q

          Filesize

          1.2MB

          MD5

          7b46cff0af2da691cc783c3c1dd79934

          SHA1

          6ce590e4498dc06190b1fa9467dab649567d416c

          SHA256

          a1730eacd150ebc202373de18f0d6a4661e7c7e49fddb9ef03c3ea074a2483a3

          SHA512

          d39107530928dcd29a4fb57bfcc908f5a789a000d6ca046755a15340ca1278d160c3b364fc4650f1edcc211b310a4d8cd1c56859eac883a2f413639906a6d552

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D

          Filesize

          12KB

          MD5

          e27c08b40e5bdcc5f7315b855faaa8bc

          SHA1

          d7b26936e1c96ba3cac6c13283a082148a2c753e

          SHA256

          3d8b554ffc89db657b0fb8c262781bd0a5711bc3c0e4b2a6052d43874b840844

          SHA512

          ef22aaf5fe1e4d96815d89a747992e30d3a03065101ec430495e785cd739b5933b2cf193fc0b6fcf28ae0d55d21e6e9aa8dd35527d8ce55a441ae653f1daae5d

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W

          Filesize

          229KB

          MD5

          2cc6f5844fb400eac4942d063c16deca

          SHA1

          5034a417cf435211fc0274f8d171da0fbedc3aeb

          SHA256

          0f7ad6430c99312849933e825624feb8354d30c46eef1ad233a15d1dcff891ee

          SHA512

          334c5050b4eaca757a02eed3808d65d9279ea05e1968693e95789042c60136fe88315d4a28281a1d014e3880921ea2d7fe4af63dfed743afeeca357ffe605d94

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W

          Filesize

          201KB

          MD5

          20f0ad953d4e0fbfea4005880b373e37

          SHA1

          c423b8702492ceef6cb2e46a739d8cd46b06eef5

          SHA256

          6b92f4e497b02a34ec2e1f6ffe2ab49fb2558b1200f513f6fb06b72596820b65

          SHA512

          a15c07e527d253ecae1b4232e3f0762fc159d6fd569b4a1f5159abac420961342371aee4a131dbb8e7fe8a94a0ecb8b100a224e25d7773fe44731f2ebe2d2148

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H

          Filesize

          491KB

          MD5

          2e5278326a29d8a17b3609d6e6c4a2b6

          SHA1

          79b3e50b0865294bb3d8b24c88372070779bc991

          SHA256

          c9e8caa2649542a2e93206a1001ac3b1a672fb522a6ca403a1e9bccb5cd52a49

          SHA512

          b9b549a49365c91af8eb1a0ac908778162741a4db22f5035b88a2c333492c58a173b2e82e9a68a7c5d042f22d0e7280b0a0ee296f4aff09e06c47b281cb8d7e2

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D

          Filesize

          14KB

          MD5

          bcea0b4c1234dd065b774cc775a7012c

          SHA1

          47adadfecb80b53a1dde460d4b266073eb842dcb

          SHA256

          09e27f9db906af99b8633564a1ff662ed8abe80f999e5460abebfd32262a7b96

          SHA512

          becf6063213e8a003548a0049cc42d29948bf0a4a8d41d75f3db2073d7a37481fdcdf2169769f1542091dd8c0a5252f55bc7604a1fcdf254b7c862f4fefe32da

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q

          Filesize

          864KB

          MD5

          ebe1c4553557b13ba4689d9ca68f5553

          SHA1

          65ea2b5b7a39430f99319377839b93a280a5fcee

          SHA256

          28822243974f255c0920ecacef3b9badbd58a852e65b09e854b4c103aa0a6203

          SHA512

          4c90609bef49521b35fafe605347f0ccdabe468d80ddae9bcc36fab294cf75b8dbcc6426cfa84ddf3b120afd6834dbf09108dcd3ef31f80fe4e8d7efa8c0c90f

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_CValidator.H1D

          Filesize

          12KB

          MD5

          04e4f482638c95047ae94f6e8269ef91

          SHA1

          8b7b8368f720c9af393451c4ef619f7b0b1c8336

          SHA256

          b11de74607760ca380f8f75f4ec110b0dd7cbe2480f68c1db94fd86ff6bc4cbf

          SHA512

          4c6262c1c8091fc86668b3d6a5dd2343415be8e9071be3b1fc9795c08a0d0c4fe515fbaca8c2ca2d39335a1086a65f68314fcaa9ebed64c7f233059072e3fa7e

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MKWD_AssetId.H1W

          Filesize

          229KB

          MD5

          f37a157d9aeaebb33211a97929e54844

          SHA1

          52e66b63d4fd9687f7f68d5d13dd5cbf76da5d5d

          SHA256

          d20c900967155df01c64e7c68f0ed491701422202292ce3254fd26ec4629f789

          SHA512

          98228112e95d72e4fd208c5d5843deb4eecc2b8e8a88eb0dec4711d13fa5db5b8ec2a2630aa54a02efc50ab2badf2b941861050725e0a6b61529787f7e760752

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MKWD_BestBet.H1W

          Filesize

          425KB

          MD5

          392fd8659664ad9059310b290450fdc2

          SHA1

          332899554919fc8ca0e623aa8f86368cf80c3a4f

          SHA256

          64542c51ab498b7d07aeb146b7770a3f1c67afac1c30d28ee05fecd980ce1bd9

          SHA512

          e51baddfb70f5dc34f752dfd81a9f631cc9808b4f0e9d191424747adfff0e114c9cfd8baa77442850ea7e6c4cf26a316b8e1221414d103c294d16ae14815408b

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MTOC_help.H1H

          Filesize

          531KB

          MD5

          9d939a3e384a5b6cf8d6773924a5e76e

          SHA1

          5d629a8679760b18479c6a41b658a06f07d50305

          SHA256

          440993abfca6a10f86f64ee31b84c7e472a163ff6218e8f9bfd3d69e683ed649

          SHA512

          42eccd7df99f003c60947f4522c18ca024b756e8c9fe886af8c831e0f2f558809f321615454a3cf3cf528fdddfa9ecd8277090e38337bdef587bd8f36eb10e1f

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.H1D

          Filesize

          14KB

          MD5

          97fe732c35df2d24c64b89718e810f6e

          SHA1

          cee231fb04590707ed340878554649707b206903

          SHA256

          efb38b92a45d4e373f490b39a6a9a15a5c2e201e3e66d1aedceb069e3ddabb21

          SHA512

          04daf5a08865aebb6e7598dff7ee9e668f5fd8fca47ddd39312eb4ea6169ced1e56cbc0c1814823623b2366a92bbad77011870a53b583c8264f63a502beb5060

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help{68DC71DC-2327-4040-8F03-50D6A9805049}.H1Q

          Filesize

          1.0MB

          MD5

          c4981f95bdc46981824f999d903e662b

          SHA1

          25bd9b0117beef66a2b40213de2221e1d92f3561

          SHA256

          7d002acf73a7273e1ee298feb2c4fe3d5d6024df2fc6bf97c532258e7b126f8f

          SHA512

          799fff55b7da023df311e60444ce83d8e8f1784d7fa0d0581421eb8fdffd690b3c79067e8787f5bde1afdada69ffc94c4f46b9e508dfdab93879fa3765d4c307

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_CValidator.H1D

          Filesize

          12KB

          MD5

          e0354fae9999fac09602b28e7760a187

          SHA1

          02471b6337acd4df2b02d75f0a07af7eca96ebf9

          SHA256

          d679a4347bea0735a116843364413f1da99c48806735f69a16651738fa624727

          SHA512

          3f9c3694b04a6d315ededb007c2fe5d85fbc3106d2b4a189d3f8f560feff843b2dc9d643b851d387fb8f0c37f42f7282135412db966d8b10f2a0d8e309d4af9c

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MKWD_AssetId.H1W

          Filesize

          229KB

          MD5

          fd2dcfb1f473b009b3147a32e61689d1

          SHA1

          33af199efafd4beb6a0ac280960e872f5ac6fc2a

          SHA256

          ff0b20d2b68d77edf402ca2b7bebe9cea65a21b61128ccdbe10e7a3b70699f3b

          SHA512

          7779996936b06a787792b2ac4c8840c1945b8cdaed929616ac1140c5ec80a63f82d0f9349675cab7ec619fb0588ce1c9960e47074556d43a7a6292e355cee590

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MKWD_BestBet.H1W

          Filesize

          421KB

          MD5

          bac3ffb486af3304cba6c41e75aa2185

          SHA1

          69f8643e20e2123c3c6f7e0bb55a8ae6b5cbcbf7

          SHA256

          a4fdfa28a6443f48f653b58ae5f287a7191d0653d296cb9407e52b543269ea42

          SHA512

          cc2577afdfe50291872a6dd18ae05005c44b20327729916b7e4a728372dcdff90c524b436d5113f230eed971478d9839ecfb5b0e616278e4c54a8248b8f10c8a

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MTOC_help.H1H

          Filesize

          546KB

          MD5

          4173c77512075f73ce1a1621db90cad3

          SHA1

          09d95f97012e1131bf3a447fd77388931abf7c00

          SHA256

          192420ff7cb53acbd916f7417b3d20dc227d003159f223e850de3bf00084377f

          SHA512

          69f7ac63c4dd20463f7e6326bb9ceb0343db6b8a61b4f7fb46d29cb8ae9b43c86152cf890f2e62c7955f555c47ca3ecfcc18c52bb3b84d8439926ddca9a89649

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help_MValidator.H1D

          Filesize

          14KB

          MD5

          65f7948aea2d949db521a89ab95ba6ae

          SHA1

          8392450de8272c470abe4462423263362d5e7758

          SHA256

          811ef7f941e58533daadeeec3f63733f6ec93a03cba6de7f2b72313440518442

          SHA512

          38cdddc8f8b8aaa58af3653792599f3b4ac4379a23e2de503705f6d18f65346aa153b126fd9de9e8b67d0fae62bb40bcb8875c6b0bf0a3e1258612cd4c80110d

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\fr-FR\Help{92F2118A-E813-4A4D-9DE2-F96A9DC02C53}.H1Q

          Filesize

          1.1MB

          MD5

          13bcf9ff1c9c4bbc2354a82df2a053b0

          SHA1

          b7629de7737c02f7b22e15ee575b78828c6f9298

          SHA256

          132b2a0ff04c086e078c1f7298c28d0a74de190e4ea31269101e3190b8cd97f8

          SHA512

          c3bc46a2ecc35b2fca8d02bc10dd669ca8e329626e38829aeba1894bdcd746f97a147cebfbd5979836789ae0a79969025306ff2c71328cec54b2ad55ebd66560

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_CValidator.H1D

          Filesize

          12KB

          MD5

          be6ee70f1f4613d81d4c95c34f9065ff

          SHA1

          14bf8aa9f11cd6f0e470ad39ad1dfcad578e7d96

          SHA256

          c07ecb8c28ce1fc29cc32231890660af673d1eaa786d98eced86912e1ff2c436

          SHA512

          9198015d8bbb913a8bc153f2a8bbe3424f76056052cf3a2b047bab4aa62d2f3348d82a88c8e8cb63eba078a2a69b0051e159b0dda8e0d9201be6067c576b27b0

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MKWD_AssetId.H1W

          Filesize

          229KB

          MD5

          f18084a821694ac7a6c7af05ea3f0e02

          SHA1

          dfc78034d4238f1de4c86cd9cedbddb4fa991438

          SHA256

          730b659285e0f79f35692e619fa885f2267a92f6b425d8f8e83b5e971d95c410

          SHA512

          4b58fb30a9a332464887675d47c585a1e125e57bcc2b6d55497ac01323cf40a824d71c67daaec05d880cd515b093595dd690657061dd8732c4666623c5a04726

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MKWD_BestBet.H1W

          Filesize

          421KB

          MD5

          18a82212b1043a6d143ebda0e4a0c78a

          SHA1

          6c7d502b46c6a5a6bfccd6b646f56bfa8b279fd6

          SHA256

          4660b8f8d05d40d202d7436115f57631e4a2e2e21c8ca7b7a8eda27635d9adfb

          SHA512

          0ff749f39a03c6b4a6171c5c1ff1b15ea4c854c023f865a67f5417af10bb5e39bc3b22597bfb25ffad13de34af953d89c5fc26ff38ba8873153a97ee9cc21d0d

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MTOC_help.H1H

          Filesize

          530KB

          MD5

          e16939b0c3a08ec88231c9455ff84823

          SHA1

          2a80cf15b64cf6b5b560924d136987a98cc31ad1

          SHA256

          2795317a8794a8c586bd21fb140fde2a1d0e50dbb3c96f041275d957ac850532

          SHA512

          e7c94c119235f741d5a2139ccd2e705046966439869a34309ce2acddd44cfd8dd123974553a5e2392df1f58ab8f3eb28a17a237b8a037e06f5a6f5eea93a1299

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.H1D

          Filesize

          14KB

          MD5

          48e76c5d51359e640aa66bf5a10b52e7

          SHA1

          0570fb0939719b00e293456522e529dba43092f7

          SHA256

          45dd0df3fb354c9c844418ff4312e64bd50143c7d2e8cf8ba8f93dd4c86d7281

          SHA512

          0e4857d28db849264c983d5df31e544e0cbdb03bbc7b45e131cc0409b3fbcb4920d2c22ca80c5fae00e9e1b824f243274c9d1dbd31a1cb7c852d6a02437cc027

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help{7E352021-69D6-4553-86AC-430B0D8FF913}.H1Q

          Filesize

          1.0MB

          MD5

          c498c53c74121e5dd3207fecbe47fc2f

          SHA1

          689468e499da0a7257757dec7cb939ece70eaafb

          SHA256

          de7577727d0709c9359b76caa66ac6aa69ed8489989ace4497c120f2af19dc85

          SHA512

          cc0ff70d0277d6770b3d0aecf0e65599a9a641b83364dfa689339825374db8526b31b3dc221bbf1d1d7f5d50ddd4ac36603d3cf4d2f12beaca7f968f7abe1f84

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_CValidator.H1D

          Filesize

          12KB

          MD5

          9b634d5004c9b636a22cc61e03ae3cfe

          SHA1

          058fb547d1d4d05d090e363396ac424c0cf69a2c

          SHA256

          63878073d50f15439dca731416cc93a6738671fda929fe01e7e3860273c42bca

          SHA512

          69bf4b7b2f73fb63a3ffc58bacc292984d6dc33050206d7dbbfb37c18ce9a74bf4f7f8ebd850b56132b7e355184de6a5a275fe55a7805ddc0557220aa4207eec

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MKWD_AssetId.H1W

          Filesize

          229KB

          MD5

          3512b2f4a52f10f76f1fd7fcca444a1c

          SHA1

          d4d67e261e5aedae14e07477acc34c1b998b2340

          SHA256

          f81a9e604b3973e46a47bc66a7b7632a363a67f9646ac0a161e7777500cdf46f

          SHA512

          80e46d69d30be730fd5797d1a25f53a62e273cec8880c85a61fc52bc2d684548c2ff209cee60365496fd3b34aeaf3d786be7b15cbccdf510d7e71b905c1dbebf

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MKWD_BestBet.H1W

          Filesize

          357KB

          MD5

          aa9867f0836d55ba4e16bdd0431a90c7

          SHA1

          2dc19879d10296c859c1d263c55e899e7d3217c2

          SHA256

          b85f435d2fd402f3b6413da17cbe9408aa05333a6aecefe132b5495f0876949b

          SHA512

          4c4d53bf4d064beaa2b9ef141eac7bf165a8baa7ab024a94c142278185007d793f9526f7323c7c8e08056e6872a3b30722ee3fdb359daa805fb40ed0f24f9a5c

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MTOC_help.H1H

          Filesize

          352KB

          MD5

          3070c83694a49328908f0e3359b192a5

          SHA1

          42954b36b551b992cfa063a6a532b197bc083725

          SHA256

          7b6b3a172aee6bfa379f40b828fccf824009722bc7187d56fb6fb4e42239234f

          SHA512

          d5113a86d02ac873200513566e39a1f796a42eb5c0bbd4db4b6407a99d1727d6cfa6345608e05602ad7d6e507af3fe6642d531ffe4f424853358dfb6fc653ee9

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help_MValidator.H1D

          Filesize

          14KB

          MD5

          aa4d2d2bab67e28a233794d546c38d9a

          SHA1

          07265aba5a5770df0b8f9547d1cd6d2ea8e22476

          SHA256

          f2a44de80396e086fae3a60145e9a00c9b7662fd29a602522a0bbd51023546be

          SHA512

          417f9198c5de842363eaa5223352531f0dad6542985660ff43b7180a4a69d0e5aabdce65253edd5a48ed1f555432edf0439d193a6e26dca23bee977057237785

        • C:\ProgramData\Microsoft\Assistance\Client\1.0\ja-JP\Help{E1E8F15E-8BEC-45DF-83BF-50FF84D0CAB5}.H1Q

          Filesize

          1.2MB

          MD5

          329099bf5ae95b2c87b37145da692533

          SHA1

          6059faec925d9d7a287b68c75808a3b9e8d87d25

          SHA256

          184f39141984bf14f491bade17adb0bf61e650785079b18e4cf9c511c5fb1b63

          SHA512

          526ec5dc6c72a34157acbbcf5a335dfc36daa6c3ae0ad49fad64bdd5809b52dc5c379c4317944d5a54ab6e61638cd5330a1f3686b3a16a264783035aee23e484

        • C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_4b15cc6c-8bd6-4727-90f6-cf303c4bde6d

          Filesize

          338B

          MD5

          d8486ff4828f98c91aaa6e5923449c9c

          SHA1

          bd82c13cc243b6c5ff655b3ae91986ea2bed44ae

          SHA256

          a167cab5826f76227392b82fa10db907e40e259c5d579b26191201ff60b61cff

          SHA512

          abee331e22358dc716195aef162b01a9f4e60d9541e157d999ae99ec5723cb85b8ac17024368ce908e323a8dc841b7fc36e2188ebec53577911a82df3b947711

        • C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_4b15cc6c-8bd6-4727-90f6-cf303c4bde6d

          Filesize

          322B

          MD5

          0fcfb202a23bce293f7381a908fc1961

          SHA1

          a41885418645db6ab9445c49ccfc56f9ac09cd19

          SHA256

          9ddbd8c2e64eb0efcef9d571d84b522294e802853175adb96d14233f1198dea9

          SHA512

          ca24c8d91dc3ce68fcb427995828f2a73c123cd538e206478ea01e4d9d5327db1bb28ed69e5c87e46ce592e726b38333ae1baaa924641e36ff66c69eaa79174d

        • C:\ProgramData\Microsoft\MF\Active.GRL

          Filesize

          14KB

          MD5

          1dbf73604bd61b0b9b1982e70bf7e126

          SHA1

          1b7c9686eaeb1b07a5b5351e5a35c28fc4d368e0

          SHA256

          1672cf90a31b411a9ec9f63599c30854f01d81b10ddecfdab1ca7c1890f293c6

          SHA512

          703e72be4a0b79cb82aec9c4fc2fdf359c7a59145a251bd0c070805b430949b7ecdced133df715ae2912d3c93da0ac2a819a7a02918debb227108947995d50ed

        • C:\ProgramData\Microsoft\MF\Pending.GRL

          Filesize

          14KB

          MD5

          0f97fcaa5365ad7495a161ea3a5b81a8

          SHA1

          003bfe01b414f11de55341acfc3db944d44cdba4

          SHA256

          5947858eb56fcc22e9d2914ea63b025401238e109838447f459db0dcfd786f9b

          SHA512

          2ee59cb8c0452b2bfb40eb55d48bdf07f23a5937647df901b87959edccb00d2f25eb0ed7e9cb9225014addb57619a8c7f0d4ca5c244eb5202a99a8c5918211c2

        • C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico

          Filesize

          5KB

          MD5

          2324cbc25a66bb0b06f4b4f05feb7426

          SHA1

          cc21e6428093a57dd5645b214b14015084f773ef

          SHA256

          0c711b034e6d4dff61ebe38e4428cd90b0a2668d5cfec0026f23c3f9570016cc

          SHA512

          1025548372e5f75ccde5dbbe4dc8724718cf7a31f7264affe42d9d5805a39eacb0f5b1a07a8b495b1702d3657d7ab2088d1e09d6a363299cf0c79ef1f9e639ed

        • C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico

          Filesize

          24KB

          MD5

          88ba10f46064fc77f61d0148aa6a2b01

          SHA1

          03d995214475e004179f27d40a8c9c17601638d2

          SHA256

          236cd7e7ed0650d18ae17a63e1f636432ccdf7410e92ad11e3b55bbdf5f73be1

          SHA512

          e61b719159be1d3c55e81bf58bea413dbbc65f15fc3526f0068066ab844e36718bb369897e9b596cd2cf7add689c1348c24f9a8f1dd9b197df29521fce304ed4

        • C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico

          Filesize

          341KB

          MD5

          370dd7c96473377cb507453c0f204b6a

          SHA1

          cf325373e6386ed67a1105ebcab0aa198de89a65

          SHA256

          3872d923e9f8a0e7ddc361cc9e7a11f79f9af5870fef90d1786d3c9e6b794ae6

          SHA512

          582f2e56acec1c4adf8a26a0e9dbd0798c8536f831610967293ea0218253016d532193d300ffc244961316f2f0a6a6541fca73984a1c0ab6718f98d7fc366b23

        • C:\ProgramData\Microsoft\OFFICE\MySite.ico

          Filesize

          24KB

          MD5

          43af27b85a0e0d80b944f28812c2de8c

          SHA1

          e753e182860d6d4ad004eee209cfb94c9a0a4839

          SHA256

          cfac979c2e360bfe502ff32f80e7724e1a3adc97660aca5549b02c8120e9b406

          SHA512

          11603f6898ff1d9085685fc33607dcf9a44d524ef9dc00c1cc679dc400ba726f847ea221f37a2bebf568ee7f52197e4d1fa9796072d36eb289dc3c688b55d04a

        • C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico

          Filesize

          24KB

          MD5

          1280aca5f7bb1b23e1eb5161d29e634b

          SHA1

          4c98625c83feb1b8ccd5eee5d65075a9e0504c62

          SHA256

          0b3307947be75824b905ae68935f4ab6ce98861e1eabd6ca4dea9f9cc39cb1a9

          SHA512

          0052e0df038d67406b46575fbe250f62996950f86f10247df3df2685b79b6b5ab06387508e85baad9f3da9da3a4ee4a7f31be2177ba6a503df6c2130a036561b

        • C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico

          Filesize

          24KB

          MD5

          b58a5c13679d1014923140528e4c2ca8

          SHA1

          35bf21ae137b7b80701179849a633e20493e0b62

          SHA256

          fd3ab1c2a3bffe01a7fe7173b8862ebc47fd267fdbe682a1f1ca3d07a0414783

          SHA512

          230c37b0f03e6b78ca86a2f650f1dd22e33b9f3421d1f82edb3c8a08f3e72e86ec91fbfb02dec217e2b2861d12e95aa588a8820eb28858e493a39721465955c2

        • C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat

          Filesize

          31KB

          MD5

          912b6717c55fb9d23b39648b80312b39

          SHA1

          978505513224ff2fc2657c324fe5259326e2e713

          SHA256

          9d3726defb3c8789cd035b5a75f3659a6463508cf2bb3486cf3edceddcd215e9

          SHA512

          63c46830e639dad7be0e4010d06db28f68509d73ca730c5475ed794471b27ebe0e7450e7f6d4ccec7e1fc6e67dc7670f15e26ff69ab6b79d40010c9b535df843

        • C:\ProgramData\Microsoft\User Account Pictures\guest.bmp

          Filesize

          48KB

          MD5

          e5488db7758b63764f4d67365aaa611c

          SHA1

          b6a6e65febf1343cf938898f27abd3983b4ff30a

          SHA256

          145110d9e6e461130c9466102e673a064f8986150fa339b813d676c127eadd1e

          SHA512

          b01804edfb5fdd6492ee8b2c02aee8d9b553233d4959f58b7429ae2da72a333a32f8e278e31052e4242672f4d1c8590af502d99a5014b34a0bdf6345ce9bc6ed

        • C:\ProgramData\Microsoft\User Account Pictures\user.bmp

          Filesize

          48KB

          MD5

          8e9ff57f16ef2ee3d81a9ed6c372dc71

          SHA1

          a82b2ef5ce86b176715b49c8584e5fdfa16b2b28

          SHA256

          01e1172b0d75bb3187d5a8daaadcdad71518de03a845b5c88b81bcae685747d8

          SHA512

          6b113124bc2b1d385aa799d45a7e9622d24e9aabc8e540a8aef69d3bba93ac39cf42ea429777b4f2da219799f83709099480045015ac08d69751713c0a44aafc

        • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm

          Filesize

          914B

          MD5

          ca6960000a3e4ff32dd1f2b3c64a55b6

          SHA1

          96b2d17b9377ab173c3c1d33da576bca694090e1

          SHA256

          9c1e1f9e0216930866ef39dfcdbdbd3c6a98a4c1923adde0b1f2dbeda411a6f6

          SHA512

          a251317c7be2f31a2570fd5b0696f1db866971401ccde5e8d0724d013e9adb473900c71e54095639026407f5d74da28c039f4006665f1005a0071cc366756ddf

        • C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab

          Filesize

          5.5MB

          MD5

          7766963a50c20dc5e151e6db0b8a85f3

          SHA1

          3a4c7c7c8bf801f53018bd05b313e6bc90689ad4

          SHA256

          1730957e47b300db7b85c3bbc85fe760c72f2af9468868c024d15cc347530f37

          SHA512

          b2f00560643072b89915c9084735845de449de7072d22265f05c1f5d37887653369c8c4f4a219e44b1890554b86ccdd4e77f8f031fccf3a4af95ce7ebceefcfd

        • C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi

          Filesize

          148KB

          MD5

          4bc785609fe1ae3a4dab561ed86a069a

          SHA1

          7ceb772f033adb3f4de2218944ffd3b1c5d01798

          SHA256

          2191a06d833b90f9cc265ce46f7a9142f0a1f4b477be64695075722ea20a49ba

          SHA512

          5a206831c2e6015825ba58c7f8ed0018cf88973e7220de4fb6ad04966c5bb3f820b557b54f181dda5ea2c52a7c4b979a40839f7d7d1e9b7a35a26db74bcc036b

        • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm

          Filesize

          1KB

          MD5

          5849e8aca67c1b7c63c69a927c11612e

          SHA1

          83ed381ae2df4c42000f30db6d14936bab22ecd9

          SHA256

          6af0d3001cdd04c42427384dd5e6e354973a440dd07f65aa8fb65a47b405a2f6

          SHA512

          a0adbc220d79287b9f91476d34c5eb8fa49dc97985db43c1419355cfd2164928128e9fee01afaa13dde28e9152cc1f91603d445afca001967d6665497b1271bc

        • C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab

          Filesize

          5.3MB

          MD5

          234856884602e5c7b135049f8018b4d5

          SHA1

          921bc399d70b6049d0d385bc640089cd76b004c2

          SHA256

          5f1cbc62efe17bc89cf993c929378fb5ed28850ca504e2729918e5db7ce1e44f

          SHA512

          283f8724b4c1247b46b8dd4948d5fbf399c71100fff80adc1879ab62a55115810c84c51289d7cb9b23624babf4db2243bcddca31cbae84951b920f87459c68e6

        • C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi

          Filesize

          140KB

          MD5

          17f1e73f0e0b909dc43a477835b3899c

          SHA1

          7989509ab9dd61c74a3a294235b4059f585cd5aa

          SHA256

          8806c6da8bf5d2fa29b6c458f2b3cfb1f1b1e04496c1b0f75e32dad9e802ab28

          SHA512

          c26b14080bca620d213c21e57f07a8648a23c2d88a560d37758a95d59a45863143c7f1920c2314faf8a15e77de2ed62492c76ab14cc200b11f64ef46ac29f8d9

        • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm

          Filesize

          1KB

          MD5

          1e9a18be496a3b46e979d406fe3c1392

          SHA1

          7f3914ba98784270017215fd8a80924276a46e28

          SHA256

          5859a5663da3d489713b7f1b337850e41c280e519142fcf6914be122c70d143c

          SHA512

          258553211c533c19369a53c6f4e66d2f146584b214c382d7a53fb63c6e33108379d8aa419e849c1625ea6553786d84ead422f5c6654347b069e0a93b77445b85

        • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm

          Filesize

          930B

          MD5

          39d83fa2957377880ba89f8b23957e87

          SHA1

          ca4f7df41f625ceae60a8bbe7e4f133e7d6c23ce

          SHA256

          c8862a75684c9cd2c0c70471121696e13927f703686f4d6fc135736603d3d7c8

          SHA512

          5f9caa65bdf34205314e3122ea91def1f44826c7bf50064202c066b3747ba736039a1a41d30c07d22021489c98a959e12cb18c8141fc50b28e324b9f52651bde

        • C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab

          Filesize

          870KB

          MD5

          9a56917925f3fe4fe5769ec28a69d64b

          SHA1

          bee3e5bc5a8d1ca33f306f671a0cf156cdf0d448

          SHA256

          c609f706bd4b7fefa839eddbeb839ba611d97b7042ae17b0d3a9b1f572cb8024

          SHA512

          be6052e87ce8c6513fdfd17a3d88c2be9fd77b164d51ac4c87be27e27e4a50620d563003d0580c43d2f333de0c3ed0928ff532e979e724d7d36967d5f83bc702

        • C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab

          Filesize

          5.4MB

          MD5

          08691fd94e0fcf77179ac7c427c8a28d

          SHA1

          a5c77808e8f2968b39243778e5a1a57610657752

          SHA256

          3124d8deecb5382728157b13c33cdf91d80278799beb81220af9bdcf6e86ab3c

          SHA512

          7a158616a560beae2434000534134756f1ef5c2880ee00b006703e9df1b34fba4ad7fb28f178437df50261c8516d3964f7590fda199f42a058a82051b5e16ba4

        • C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi

          Filesize

          180KB

          MD5

          5ab7e345a9603c2ecca66659468ad800

          SHA1

          866cbfaafe45f556c7449034fbbaa5bb672bd854

          SHA256

          784511717b246414e8c1751763f7dad0e085b13e987d8041ad623575bc95b65c

          SHA512

          b200edb1884a5415513831e18bd5a5a05d063d00ee84f9aada4aed0281b648b3556c1de78fd8052be03d11d973897cff9fef915ddee5bcbbb4d3c55f8a11a3ae

        • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab

          Filesize

          4.7MB

          MD5

          6c2a94bb9f7cff8ee7562acf9cc3758f

          SHA1

          f3d12d242b066d65f6459ac9eeb0f619044ecafb

          SHA256

          1a1f694aa655e41fbda3be4ee74fe80f6b0838386f79ce8b545c3156da2da345

          SHA512

          e31c7873c22921acab795f7d4434dfc2f555e804957c056573819a13c2fcaa822c369844c282d64bbeb6f4e59dc1aa99eceb7b7f8c147568964f1c30b72ab6f9

        • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

          Filesize

          140KB

          MD5

          c4f7f4e84457ee71d20e9fec1b2272d1

          SHA1

          620e92ca02d6a256a9be893aa2aad39747b6d1fb

          SHA256

          be059af8446b377db0023ead4a5bbf1b658b00f29b028fe389433a83a50eba59

          SHA512

          721f82518e7992f8b763607a5ad04bf84f4d9becc37c46b618a9d91bc4e4e20189529eb8ae106e92b222c08e51f72d21ae8ad50dd1931278a06e5f1b540a7111

        • C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab

          Filesize

          4.9MB

          MD5

          2e230027ae903eb6900028b363b72c7f

          SHA1

          e336341b88ab7fda0b858b04fc0498630c0d30cf

          SHA256

          64b001107587e859ab4568234a829900f4ffbe757abf7f3ccd80b6430f05e738

          SHA512

          b6efcfe601555df8b3e787f196375124193e8a81599abf0a8ed1c92599ca6a7ee2883b0a02c97cafe5c3f68428e2d4135ea3dca02cf1f96d72616cab03c49119

        • C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

          Filesize

          148KB

          MD5

          85838ac6cfeb2a42c963c6990440c789

          SHA1

          bd18b0d3881baf5b0a9de01f35d4a0feecfedb8d

          SHA256

          0f2924d2993766c168fbca7261a11c45d029ac47d046b4d8c318d7084dccc2ac

          SHA512

          08a949983b7e65c6faf053b20771c117f61cadaf5e6dc6e4817b45d28ab80e27f06f823730312e5798fe18e7078089e43fd6fe55d445f8ef35138e6d366d39c0

        • C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab

          Filesize

          802KB

          MD5

          eba2df4a52e5c70847ebe25a0b3dd788

          SHA1

          546815cfc476935e6c5a350e232a834f4a463046

          SHA256

          0289e374c521c8389796d5cf252faa005ef9894a6607afc14e9607cd7f4ccab0

          SHA512

          20353b2eaf7b5c01c9683760a05de16765d4928cf1ed5b002f7d04c1f0ab95dfbb4275cf8fe60d801a22eea26294826015dfaa6a2795a63d5ac1b0baf12c75a1

        • C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab

          Filesize

          4.9MB

          MD5

          c372c07a483b222b605f859f89011696

          SHA1

          6958051afb468b7ac1a7e8653bb4a3e7145a2b86

          SHA256

          4e09dba2b63930520e13dd6d70e67172e76b7cabe880cc7395f94afac303076d

          SHA512

          095c42f2b8d423d2a2576d2d9fe557424801155d09c1f710d8ba72b228cf0db950a361227052b0d0bbaebe55613d21b7a8bc33f75a5b51bb8dab4c76c7566087

        • C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

          Filesize

          180KB

          MD5

          87d031c29839ce9d26e7337d63ab6801

          SHA1

          6fc2d97a4ba0b2a568a2e3015b429b4773e8cfdb

          SHA256

          2b5f4badd9005b47e89e54e12e93401b75e511591ddff4d6686449d6721feba3

          SHA512

          7d6b3f2e9772a511d63e1242d503c8c60139bd3dcff5df464e4e20b539605fa30a5de94b5159b875fce25186523865309ad7906d52b030f5b7256afa02ac6941

        • C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab

          Filesize

          1010KB

          MD5

          d513489c4c7850a0de5a714732c03713

          SHA1

          ea65fd302d565f6fa0e67dd683321a30dfd50604

          SHA256

          224ab03c72c8c9a0ae312302223d852e7e19430049a248598ba706ff720538e9

          SHA512

          73303ddbe3a41f6d266eb0ca3bea6fc222b5ee5fdf247cb8dd56b80faf1d7712eb15f6f8b85e88e5ef9c425a4f798d28bc3da89f817fd264f13e26043cf2eb27

        • C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab

          Filesize

          791KB

          MD5

          fd2f1d931c4190f8da5dd860bfadaff0

          SHA1

          836ca976224811762040e721ae5ef5e8d0535352

          SHA256

          70086f7a108c2e35a10c5502f63dfe1b84070598afba77ae5cdcaffb347ba716

          SHA512

          c2b23dc45f62b88ccaf6c35b28230927a9bee0da855f3b5ff5a67d78e2471fe4148379fbe333e0e4825458d24ec0402b368e6140cda6e9f5072eaab41987c0df

        • C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab

          Filesize

          974KB

          MD5

          13a2fa7846b7440f043fb6f46b2a452f

          SHA1

          97d148f6fca4820251c3974d6c6f5d2beb79f828

          SHA256

          80b5f78a050c697b1cc2defd58f07597d5e9ae0a6ae1faebded35c132b636ae3

          SHA512

          23000c13cd8b904ce8ef5eac5f867086adc47038f2d7dedee7ffcbb38559cdbdd5dfd9a6ed3c221159433e98c77108213ae406ca009a1830a03bf1d1a388dcb5

        • C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab

          Filesize

          742KB

          MD5

          2f728f016e64b7d5375211c7733bc2ed

          SHA1

          0dd3c7b704cad26d99c8ed52b5092eb4bb5770aa

          SHA256

          eb059c5b957f56b7ac280dbf6aeb1a844ae985d69446e82aa328922d5a3014f8

          SHA512

          1e6a437a706f903aaf22c6a069a6cf79c6a978234c8eac9c890133159184874c723e8511bb31d1ce617075de6a5abbcf2a60775dbddef834124f747a51854b9e

        • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm

          Filesize

          914B

          MD5

          2b3fa794376944cdfa73bff177fc4343

          SHA1

          a52552c2608c7efddd0939085a462e3bcf5b2bdd

          SHA256

          721252a213917db4062288cba9bf83ef260e0023d49ce6476813b2e0c666327d

          SHA512

          9bd9ec89fee4ebd8aeb5b8b541a75bde4778e7fdd8aa0f92cae4c144eacdf07ca22ebe65e4a7bf1504411c2e73d83fc92a9912e03ea1ddfa857692f6000bb505

        • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm

          Filesize

          930B

          MD5

          e5edaddcd5e74faaafee69fba288a530

          SHA1

          3c6588da3563aa78bb4a7b04e708fe804575975f

          SHA256

          66c979169537fde70b4a31d026ae9041aee68b04bd408d7afa580019179cacde

          SHA512

          fe6fd59dce93907c3c47d80087ad07ba0da7f20e3a7fb8bca5bd0025b5d8d0ea4dd4c2b2634e7303b780d6dc9385a1c0dcc428fec0cf9731e4bcee97a2bd7114

        • C:\RyukReadMe.txt

          Filesize

          804B

          MD5

          cd99cba6153cbc0b14b7a849e4d0180f

          SHA1

          375961866404a705916cbc6cd4915de7d9778923

          SHA256

          74c43a177917b1d57ea2eaf6212ccf3b9012b4d68bc45284349443eed0bf5ee2

          SHA512

          0c9f250c0e2ec9736b072a9807b6c3bec4b670ab2f511e65cf5d79e9a8c9a209eb91736ce2765b52b6d94a57c6aa1c16bb08e16727660699b70608439c8b7cda

        • C:\users\Public\window.bat

          Filesize

          1KB

          MD5

          d2aba3e1af80edd77e206cd43cfd3129

          SHA1

          3116da65d097708fad63a3b73d1c39bffa94cb01

          SHA256

          8940135a58d28338ce4ea9b9933e6780507c56ab37a2f2e3a1a98c6564548a12

          SHA512

          0059bd4cc02c52a219a0a2e1836bf04c11e2693446648dd4d92a2f38ed060ecd6c0f835e542ff8cfef8903873c01b8de2b38ed6ed2131a131bdd17887c11d0ec

        • \??\c:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.bak

          Filesize

          12KB

          MD5

          28b1f0c4082435958d522076cd5121c6

          SHA1

          46850c0a07d8b87e8e33baaa9d68d45c4a3d3846

          SHA256

          a1c693def187fa3c1b88da28646aa080f4da748ef1da3cc25edeca750d5ee91a

          SHA512

          3412e47619aa114366db174697270604692a6b2f8bc5e0ff4225b98a5c9c3fccb49ceb5ff7e95dd4df055245c5fd73f6efac4ed0c7096f4b5a5e886c06a95ed3

        • \??\c:\Users\Admin\Downloads\BackupUpdate.aiff

          Filesize

          545KB

          MD5

          ea01e011fc4339e0b3b0804957470782

          SHA1

          38ca5d386c1a3a19e37cd9038343f88092a82dc2

          SHA256

          994d95e56c43fa46acc6a063f862ff2660515ff94491b81fdbb41b9d9e693ca2

          SHA512

          2e21881c15e6da134c7082efe1661a9bd757f4d3499b9714abba55476f259dcd846a275280d680b66f14b0f8a53060b1796b58633642f0138b6417b247664a00

        • memory/1116-0-0x0000000030000000-0x0000000030382000-memory.dmp

          Filesize

          3.5MB