ryuk | 55168b7e9ea6dfc4ae43b2c51ab94a082720a3164973b21d5396ddaf6b4e69e4

Analysis

max time kernel
142s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.exe
Size

203KB
MD5

3771b5d22f16f77407b4a1b1aa17b489
SHA1

0849b2d413a7909f98f63ea293491b47744740bc
SHA256

7a4fd80543cb92d3636bf1f5588b25ffcabe0dc3ec5051600316522c864627a3
SHA512

c1c4c02b96e145db7d735b187c64a500d553dac70905e3ea930831f4f9536a2132ad97487cdb279316b7f858f3e86d288fa796bdbf23a24a49e664ea4372fa75
SSDEEP

3072:l6kogN6PEISFYnVWN3kbyy19V3UoOvhK:l/2EISFWk6m/c

Score

10^/10

ryuk ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.txt

Family

ryuk

Ransom Note

Your network has been penetrated. All files on each network host have been encrypted with a strong algorithm. Backups were encrypted too. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. Only we have exclusive decryption software, suitable for your situation. More than a year ago, world experts recognized the impossibility of such encryption deciphering by any means except the original decoder. No decryption software is available in the public. Antivirus companies, researchers, IT specialists, and any other persons cannot help you to decipher the data. Decryption takes from ten minutes up to several hours. It is performed automatically and doesn't require from you any actions except decoder launching. DO NOT RESET OR SHUTDOWN SYSTEM � files may be damaged. DO NOT DELETE readme files. To confirm our honest intentions. Send 2 different random files and you will get them back decrypted. It can be from different computers on your network to be sure that one key decrypts everything. We will unlock 2 files for free. To get info (decrypt your files) contact us a [email protected] or [email protected] You will receive btc address for payment in the reply letter Ryuk No system is safe

Emails

[email protected]

Signatures

Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
ransomware ryuk
Ryuk family
ryuk
Renames multiple (2583) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Default\Start Menu\Programs\Maintenance\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Public\Recorded TV\desktop.ini	taskhost.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\B8BOMT1Q\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Startup\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Default\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\U9KKHJMH\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Default\Start Menu\Programs\Accessories\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Public\Libraries\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	sample.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\Recent\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Public\Downloads\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Default\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\Sample Music\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\U9KKHJMH\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Desktop\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\L1J27TKW\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\WK3MU41S\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\Sample Pictures\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Public\Recorded TV\Sample Media\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\TN6BGAW3\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\FP29B0EC\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Default User\SendTo\Desktop.ini	taskhost.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	sample.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\L1J27TKW\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\Favorites\Links\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\System Tools\Desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\System Tools\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\INNMDE1C\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Saved Games\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Games\Desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Default\SendTo\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\VSUVY3HP\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\Documents\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\Start Menu\Programs\Accessories\Desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\B8BOMT1Q\desktop.ini	taskhost.exe
File opened for modification	C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\INNMDE1C\desktop.ini	sample.exe
File opened for modification	C:\Documents and Settings\Admin\Contacts\desktop.ini	sample.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\RyukReadMe.txt	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar	sample.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Riga	sample.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll	sample.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png	sample.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.RYK	taskhost.exe
File opened for modification	C:\Program Files\Common Files\System\ado\msado21.tlb	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml	sample.exe
File opened for modification	C:\Program Files\Java\jre7\lib\charsets.jar	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties	sample.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar	sample.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.RYK	sample.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\RyukReadMe.txt	taskhost.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png	sample.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl	sample.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.RYK	taskhost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.RYK	taskhost.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.RYK	taskhost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	taskhost.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png	taskhost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	sample.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\RyukReadMe.txt	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.RYK	taskhost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo	sample.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar	sample.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\RyukReadMe.txt	taskhost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo	sample.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.RYK	taskhost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sm\RyukReadMe.txt	taskhost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\RyukReadMe.txt	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.RYK	taskhost.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boise	sample.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png	sample.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	taskhost.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.RYK	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar	taskhost.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.RYK	taskhost.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\RyukReadMe.txt	sample.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\RyukReadMe.txt	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\RyukReadMe.txt	taskhost.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png	sample.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar	sample.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.RYK	taskhost.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv	taskhost.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\RyukReadMe.txt	sample.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
2932	sample.exe
2932	sample.exe
1116	taskhost.exe
2932	sample.exe
2932	sample.exe
1116	taskhost.exe
1116	taskhost.exe
1116	taskhost.exe
1116	taskhost.exe
1116	taskhost.exe
1116	taskhost.exe
1116	taskhost.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
2932	sample.exe
1116	taskhost.exe
2932	sample.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2932	sample.exe
Token: SeBackupPrivilege	1116	taskhost.exe
Token: SeBackupPrivilege	2932	sample.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1116	2932	sample.exe	19
PID 2932 wrote to memory of 2712	2932	sample.exe	30
PID 2932 wrote to memory of 2712	2932	sample.exe	30
PID 2932 wrote to memory of 2712	2932	sample.exe	30
PID 2712 wrote to memory of 2804	2712	net.exe	32
PID 2712 wrote to memory of 2804	2712	net.exe	32
PID 2712 wrote to memory of 2804	2712	net.exe	32
PID 2932 wrote to memory of 2904	2932	sample.exe	33
PID 2932 wrote to memory of 2904	2932	sample.exe	33
PID 2932 wrote to memory of 2904	2932	sample.exe	33
PID 2904 wrote to memory of 3036	2904	net.exe	35
PID 2904 wrote to memory of 3036	2904	net.exe	35
PID 2904 wrote to memory of 3036	2904	net.exe	35
PID 2932 wrote to memory of 2624	2932	sample.exe	37
PID 2932 wrote to memory of 2624	2932	sample.exe	37
PID 2932 wrote to memory of 2624	2932	sample.exe	37
PID 2624 wrote to memory of 2820	2624	net.exe	39
PID 2624 wrote to memory of 2820	2624	net.exe	39
PID 2624 wrote to memory of 2820	2624	net.exe	39
PID 2932 wrote to memory of 1176	2932	sample.exe	20
PID 2932 wrote to memory of 1316	2932	sample.exe	25
PID 1116 wrote to memory of 1860	1116	taskhost.exe	40
PID 1116 wrote to memory of 1860	1116	taskhost.exe	40
PID 1116 wrote to memory of 1860	1116	taskhost.exe	40
PID 1860 wrote to memory of 5944	1860	net.exe	42
PID 1860 wrote to memory of 5944	1860	net.exe	42
PID 1860 wrote to memory of 5944	1860	net.exe	42
PID 2932 wrote to memory of 3188	2932	sample.exe	43
PID 2932 wrote to memory of 3188	2932	sample.exe	43
PID 2932 wrote to memory of 3188	2932	sample.exe	43
PID 3188 wrote to memory of 5496	3188	net.exe	45
PID 3188 wrote to memory of 5496	3188	net.exe	45
PID 3188 wrote to memory of 5496	3188	net.exe	45
PID 2932 wrote to memory of 28476	2932	sample.exe	48
PID 2932 wrote to memory of 28476	2932	sample.exe	48
PID 2932 wrote to memory of 28476	2932	sample.exe	48
PID 28476 wrote to memory of 30492	28476	net.exe	50
PID 28476 wrote to memory of 30492	28476	net.exe	50
PID 28476 wrote to memory of 30492	28476	net.exe	50
PID 1116 wrote to memory of 44968	1116	taskhost.exe	52
PID 1116 wrote to memory of 44968	1116	taskhost.exe	52
PID 1116 wrote to memory of 44968	1116	taskhost.exe	52
PID 2932 wrote to memory of 41580	2932	sample.exe	54
PID 2932 wrote to memory of 41580	2932	sample.exe	54
PID 2932 wrote to memory of 41580	2932	sample.exe	54
PID 41580 wrote to memory of 39056	41580	net.exe	57
PID 41580 wrote to memory of 39056	41580	net.exe	57
PID 41580 wrote to memory of 39056	41580	net.exe	57
PID 44968 wrote to memory of 39020	44968	net.exe	56
PID 44968 wrote to memory of 39020	44968	net.exe	56
PID 44968 wrote to memory of 39020	44968	net.exe	56
PID 2932 wrote to memory of 70912	2932	sample.exe	58
PID 2932 wrote to memory of 70912	2932	sample.exe	58
PID 2932 wrote to memory of 70912	2932	sample.exe	58
PID 70912 wrote to memory of 67776	70912	net.exe	60
PID 70912 wrote to memory of 67776	70912	net.exe	60
PID 70912 wrote to memory of 67776	70912	net.exe	60
PID 1116 wrote to memory of 80336	1116	taskhost.exe	61
PID 1116 wrote to memory of 80336	1116	taskhost.exe	61
PID 1116 wrote to memory of 80336	1116	taskhost.exe	61
PID 2932 wrote to memory of 79096	2932	sample.exe	63
PID 2932 wrote to memory of 79096	2932	sample.exe	63
PID 2932 wrote to memory of 79096	2932	sample.exe	63
PID 80336 wrote to memory of 80384	80336	net.exe	65

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1860
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:5944
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:44968
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:39020
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:80336
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:80384

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1176

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\sample.exe
"C:\Users\Admin\AppData\Local\Temp\sample.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "spooler" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "spooler" /y
    3⤵
    PID:2804
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "audioendpointbuilder" /y
    3⤵
    PID:3036
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:2820
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3188
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:5496
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:28476
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:30492
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:41580
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:39056
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:70912
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:67776
- C:\Windows\System32\net.exe
  "C:\Windows\System32\net.exe" stop "samss" /y
  2⤵
  PID:79096
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 stop "samss" /y
    3⤵
    PID:79252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
1⤵
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.RYK

Filesize
64KB

MD5
037eef27b9dc96ed5ed3027aa75ef2bb

SHA1
cdcd055dbf4f9e984e4dfc2b55be745271f128f7

SHA256
5f86e953e971d1e545d111a2a5fb781bf18b326693a7eee8a64f97ffbe2c9657

SHA512
f022776383459e64afecccf55490e25029afe7753eb11f78fd0d6bf8cbad961ae8cf98c47dca42994ea4bbc4807889b96e0e7b328973fb498e9534fc3bfa69ba

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\desktop.ini.RYK

Filesize
434B

MD5
34dfa07e577eaefeef750b3b8e91b3f1

SHA1
21079d026ed319b67b918b29a410f4d9782d12b1

SHA256
d48498c13a6ad270d2702093dfdcc5f8eff6c87edf4c2f83f5123718d902730d

SHA512
2e2d9594c352a83a971731d849f75f7b49e2a2540c3b6759795487cbaad44d50d782fe1055993ff970c9bf337afe1764f80d36996cd1429f1be9f4344f65a076

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Admin.bmp.RYK

Filesize
48KB

MD5
742e63f71fbd254bc70476158f2b3dc7

SHA1
88fbeb7f35b57839c9d60a7f44a551cda30a2d79

SHA256
2a853a45e3d5eec725ebd18fdb60488b94c953fbb58faa17653bd3d4986469cc

SHA512
73c8590151d076176eaab2c635b1a8ce8986c2338cc38db5db49ded5fd926b52d3f85d56418c5646fd427f589d44ccb5e0fab902109939abea28857cf3cab909

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\JavaDeployReg.log.RYK

Filesize
5KB

MD5
8dc0d4997c1abb8dd9987b949180a0db

SHA1
7f8d7190d3225b4870387149ec790af2e7edfefd

SHA256
6f1071b8810c12a181616edaf3d0f95eb9c07e60c5568a883d627e05199a7915

SHA512
c4a7e121477aa7ccb23a7164261500e279fa24c7fece4297e26fc14049010ddf7a7d88ac96e5ecf268132e7c2a2787c6da38374ef40d3f8b917d31e965be98f2

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGI1575.tmp-tmp.RYK

Filesize
9KB

MD5
3a128ff6866f0cd6873679634db1d161

SHA1
300406f75c311897729b05678e454647c2af4c98

SHA256
a852d6ed0d1ad3adff73a3d5c68e700ea21ff1d1ed93e617abb683e100901466

SHA512
2f1a8cc9e506d85d7a3ebcb3b756f9f536c3d0ef33975b766a858506ba9c6eeb738d8794af69923afafb0b270b232e14553be4c83c85252eb0869e75abaafdce

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\RGI1575.tmp.RYK

Filesize
10KB

MD5
c2137145eeb3dfb98cb782e6e5b84655

SHA1
536acd59deebec043a936c9ef990c48cd41ef821

SHA256
b9c23b6f87fcd94887077db1f016ea31d26f34ec5da9392a5a42c22ac2078aef

SHA512
cef274afdc2b3cda6fddf70fbb3f9e396391bcf2cee476096296de0669deeddbfd12a1fdeca3f5d3a61d473114b283f5ee7210e0a93ec62c7068d7e1fc728193

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Tar5476.tmp.RYK

Filesize
128KB

MD5
b3ca85ba3cb00303ab6107ff3e6109cc

SHA1
8ca1462e3937b6e77262353dae397675ccc77928

SHA256
db309878927635906a3ca7efeaf1a4e6b2fbba87c1ab96a658cd2d7eb92fa0f7

SHA512
781b715e294ce876027251854ad807f57c870f014518a51e54e7b0c9bde023b1d314b213acea196258581659cdbef31c5f33577397881727481b4ebb0f10c771

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\wmsetup.log.RYK

Filesize
1KB

MD5
c90cc9fc67c0d82b6d7b67799e47f10e

SHA1
cedb2e459850d024f8edc85a915b3c19071b51d8

SHA256
200ee2d6d7e85a525791e9d878b44279aaed139cc5eb2a62f73d7fd3afddb735

SHA512
09de6cfca396cbcef863f719937bc25b77af640ac5c0b7f211518334650dbf6d970c16dd8a9320a59a43e2bd596aceae6059207c6b982470861962493e146364

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\desktop.ini.RYK

Filesize
434B

MD5
468ce2f9f6601e9c2368c427c4fd8fb3

SHA1
1a3d05c955c998dafc45f33d235d0db371852fdf

SHA256
47a892a6db4cd99916e9f2d75a2704932cc39c13e9309a6df6efa91ebf078fe9

SHA512
6907743ba0023184c3513687aaf70fe02dd2521843b76b7863818949505540853c22cb78e3bf4c40f4a759c3c51d0937d31dca7c22f4c8d07f7e6cf710eed341

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\IconCache.db.RYK

Filesize
763KB

MD5
f85499c1ac66409b7b7edde36354cfc3

SHA1
d93b0646f6d188c91d469972f7c2b2728ef0d62e

SHA256
154aead95ca6c364892ce48d8c29a4a5447e1ddb4c0e88f3cced149c49a7fb20

SHA512
eccee09fb89aaccbea888a30d93174c6a42bebd3ead1897d4ef28137ef53e9f58fa1adf25cf8a6d7f50af5b718c89258ca7628dee5656d64c99cceda696cc9a3

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\desktop.ini.RYK

Filesize
354B

MD5
92d3c787823623d4686f9d4e2a28b2b7

SHA1
94a8ade35748374eff0a3830d15b3cdbe7d9df71

SHA256
37f8d72d4a6970d2ca6ea9885f42cac104fedf4cb5f47f047e74d38e6a33921e

SHA512
eee5b6c47dd717e05b2d03d157938e1f78f1042257ce205a89f6b178a8ad388bc774a1069666c1473853b2cf6dd72da34dee6acdbaec22caa9abddf4306e30d7

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms.RYK

Filesize
7KB

MD5
0344b9206568701f14601ca36e1e8c5b

SHA1
7eeced64c9312a5ebe629cd6b89eff14d8ab9ccc

SHA256
a6d512bb9247e13a9ec0419266431d5432c610d0de524d8abd9265adbebf8955

SHA512
3e87b713bbe3ca4d4be74107b4a51813228d42a611606deac8852884f85d469c7f0d18539368fecf5289fd5bb57906bc9426112d89a921b809e9a4dee82c4845

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.bak.RYK

Filesize
12KB

MD5
1d7c6e595da60af05e9da7181ce142c4

SHA1
7c44f64a32c6b88fcc3d89769c8a03300240f62a

SHA256
23add347cc2a839798bb1c7cf033abfe1b20b862f48c275694b04b70134e68e5

SHA512
686fcb4bec7ae62d217cabbb379a76d7095b4d0a2e8eebd166f01193b1e975ccb44fb62892e646a94a40e5e8b84e88be1bdb5ecfbf91091b59e1a8066f45ec0b

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\brndlog.txt.RYK

Filesize
6KB

MD5
677702f3560ac4f86af7d086a2a53491

SHA1
13fc53cafa659633f045244ce42f9bd3edbd7280

SHA256
cfbcb2fb8a0e14514442be2fcf5d8ad3c940834d8d59741ccc95852d8a2551ff

SHA512
6a320f52fe4795543a9df478b6caa572b94bfd7ab82e15493394993cdd8d8c97ce8b7cd4b8054b6b704e39949cd9a82d37534640f33acf23fcf90e38ffbc24c7

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb.RYK

Filesize
68KB

MD5
30d02fd741fa3a73c45b08a851bb55f7

SHA1
6adb11daf2e49ff957cb9d54fa32a5f620787249

SHA256
43a6a7f43d836070787bc17e5299cd153d601594af4b506fb59f663fff5935e0

SHA512
fceeb39fe771ca1d4aec9c268c3d83549479d137f57454eb8ff14c0b96740c5ccf8344941df33f3c32305a9888a5f27d2af7e7a55a6abde95ffba215341296a0

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb.log.RYK

Filesize
2.0MB

MD5
69fdcf3bc67350bd00e0e010b80bbb24

SHA1
1610c37077c9296d0ce54b80ca54a9cd673258c7

SHA256
a0690c66dfa3dd09a5f369ac33e608b22f902778de97f9a50ef85d5b7b6a3bee

SHA512
50ff11d7655513667169717be7e36ebd955ea0dedf5a839e81e040512c3db9df8ae2a331a5334b619e4916838a6bab82ad8e465da01b6dd10429c82abe2005ca

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edb00001.log.RYK

Filesize
2.0MB

MD5
277d1d8d3d5b8b9c8db86df1bae32f99

SHA1
3857957894a0812406bc7d11a1d1ab25124ef68e

SHA256
c7c67a63ef58f4870bd8b2742dab9ecc4665816f1aea594ceed0368753c06542

SHA512
4bfd7fbf59d6523d60114036a597050961c9e2cd34b6b89f8a5bf9ab3333114abc071f69eee4676802f8a061bd386193bf42de61c7188aeceea28c65ed94146c

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00001.jrs.RYK

Filesize
2.0MB

MD5
9804b2d3a5508f5a5791878bc790c95a

SHA1
37adbda3d249c2c66a2fd7b81e314992579302df

SHA256
00ccea51cf6675ad81e353cd6e552c2c6b76c7ff5ddd654ebcf09e76775aa521

SHA512
056b6cbb3c92c501befe46ccea9058cbab56b30221edffb447ef50a3259757b1c055c30990158ba1528f34168cf46a4896953c9eead2de490b8bdc2b141a4e6d

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\edbres00002.jrs.RYK

Filesize
2.0MB

MD5
553a35c2e7d432d5a1cb0e3126e738f1

SHA1
98b400ee0c1d53b397b0c0ba1be41273f39d06ab

SHA256
0bc5226318ef3454a7a624eedef50c7289c18dd8cb2782ee89f298923b06e58d

SHA512
8e4135bc430d7e7b5d36ae5ac883a9c03711c6a325e4cef8e0e9e277065293e183086dc220a8cee9766592be006d3405fd5ac2b75fd7fb19442366357aa0d4be

Download Submit
C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Mail\oeold.xml.RYK

Filesize
546B

MD5
1acec9a40b816817b66264ee032a0a36

SHA1
d6aeae0b487cd4e6bdc2cbdafd92baa03b6fba1c

SHA256
d9d3e07770e1f57f133f000ca87e4a1104729b61a6fe0b34877450398d5f2c3e

SHA512
ac2d91249d9bde998fa0856f23ba626ce669fcc02a02a45dd260c2f87eb78283a0482cd35caac330fde7e3cbe4963bb51ef43c09f8e7bbbb5f5ab9ee74613fd1

Download Submit
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml

Filesize
562B

MD5
558839ecfd15d98fa08b1a24f40141ed

SHA1
a447dff9723a0c42da34630e9a2bbf1ef8f99263

SHA256
253cadec1c70c13c64fafd89dcac13642dcf681fac79de0a783a2bcd9a900bfd

SHA512
04d13c69c102b5df64bb3ff85a4a0c2860183f8dd9c5f2ae46225a6fd3dc0bc17bb24d6baee6ad6f674ef0d4b1c77b156042980d535ceec5762163e2e6981670

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MKWD_K.HxW.RYK

Filesize
13KB

MD5
084d1e57a88552d445cde03488bd788d

SHA1
94772b94a30a84491c42702c0565faccdddbb0d2

SHA256
7f54c01d29bb81ff7344058a75e313b57e3c39a12b3844993824448aa588a023

SHA512
5e16e4f2bbd4c58606655f1001a3b9e7c82f5834c4c69f1082c7db766774ae876bac301b6c8c301bac8e813548954c82c0d7582fc8c25c2972affc7ae225303c

Download Submit
C:\ProgramData\Microsoft Help\Hx_1033_MTOC_Hx.HxH.RYK

Filesize
10KB

MD5
567a852c2c4c89949aae6c6a500a1420

SHA1
32180ae29061bd67a65c4cb237f1998cd867332b

SHA256
95acb21fd11edf9240bcfb5dfc4228564108c32435e7cd15ad6192f55c88e354

SHA512
1bd381b064ffb3118fef1d4131f3cf88e4262a864644e86f2342aa8b77e2d7e75e7417a1107c9afcb80993b4be5e33e778168088c2f3b237e6a294b87107cd16

Download Submit
C:\ProgramData\Microsoft Help\MS.GROOVE.14.1033.hxn.RYK

Filesize
642B

MD5
0d0947e63f8cfc21cd2a8bb045410c35

SHA1
d51cdaa08b924b9c9d712e121981d8993b1a5419

SHA256
8b6c98923949fa032c04ebb9ba7dedfa160f6eb1589f84c9e7025add7ce28457

SHA512
cb2d3087a40c357be0bcabdef6359923626fc21d37c3f683aa6ddd7a3283fb3329421ee5023a945ffb907c333b7413a857a8b976b53fdfff94040f426fc3853d

Download Submit
C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn.RYK

Filesize
626B

MD5
7450fe379a3e030e4f4467c5ec4b60ae

SHA1
f89d094cce6a0bbea06acc1f295132dc702378cf

SHA256
5b9a34f8f6786c39639def249c91ad7708a2a34d61a5cf5f3e1653eb296ca9cf

SHA512
175511379e9b06839704a4c1b6830408c53249cb720ac9f0ab2f2ea720125a927eb01963bb1c8a6c045ab171fa0de164815e0bc2edc457baffcd26ca460ab8b2

Download Submit
C:\ProgramData\Microsoft Help\MS.MSTORE.14.1033.hxn.RYK

Filesize
642B

MD5
30ca5dccaf12ee807e1bed63f05b51bd

SHA1
5d0f7eae188cfd9145eb5c2bd73bfb2ac28cfefb

SHA256
4db5245c98be7e1347d57447c7fdd329a9964962f93e567408ff46c7a4c52d48

SHA512
2ed1903bbecf484aea109a881179d47056aa4bf2314121ff997a20e831f712fa24dadfd2ead29c756191ce3e1f473950fba99f5cb06aedec0b03bbfd3cf09d47

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08e575673cce10c72090304839888e02_38b42d9b-3e83-45f4-8789-a30be34574b0

Filesize
52B

MD5
93a5aadeec082ffc1bca5aa27af70f52

SHA1
47a92aee3ea4d1c1954ed4da9f86dd79d9277d31

SHA256
a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294

SHA512
df388c8d83e779e006d6311b2046fcf9259ec33d379fc0e2c6a4b6b90418f587a12c5c23acd488413a02568ca2d3effe04608ec7c791925c7ed53dc71093ca45

Download Submit
C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico.RYK

Filesize
5KB

MD5
e52c4a2425ffa8e435960bf4bebbe76c

SHA1
70096b6e459c6eb66b4c1c346986f36b68da1132

SHA256
1f5e8d7167021a039071615f7159a9e7223f25751a469e5737707a04e51a55a0

SHA512
2bf4419e4684a67b1665ac92f33cb91c31656b45dbdb02d5457e55742bdd21dc44a9a204df6e61311584077e57ab5afd1f90fa84b018d457a13e4b5d1a7b7744

Download Submit
C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico.RYK

Filesize
341KB

MD5
36ec7d9676c3d351e872f844a4a6a851

SHA1
6e55d8ba4208e5ad046a8e24e8da3e0e0272f0ab

SHA256
966f5f5d69f76b32b47c7bc73d2f44140e48155bf800247dab4758b8112a9c80

SHA512
90d4306c0a7336a6c3f2bce684c490ce766e677b88b532a770e689f09432b48d3852a0142656990c576353eef845a87bb77edc4aeb3a6f1170c27a6d18d4094d

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini.RYK

Filesize
2KB

MD5
1caa4dcd396c1dcf36cbc1d462a031e6

SHA1
b9269b12be8275d1238415358b8c339298a80a48

SHA256
70c1715eb1999173b5d89b4d65fe6bc914e4736024cb57cc45862d6fd1ce959b

SHA512
6afb75d4f8471853b5ca5a0385cbf69d5a1e46966ef224ce407b188a04b1ec53e4bb0eb2250ed84081532c60fb7c8d6310241453cf03a81d23eed73f33841dfa

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk.RYK

Filesize
642B

MD5
b40e5216153c028ef0d4c406323f944e

SHA1
9227f167d2705409dcbd54bf87b4f104203b5d31

SHA256
6b0bb382fc278c424c374ff1150f6e4313e45f0673337385c10f5986b012cb43

SHA512
51408915b1950b14ee9fb0c8c16a55b440d17d35d581ff15f2800cc2311a61cdb3c9b84332dc2916fde58efee83a8baa400f6ff75014846fb81dace7af5bf1d9

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk.RYK

Filesize
642B

MD5
b7704099a925798ed1f5f50dbf4b5077

SHA1
e0dcf0aea3f9ea6e8404e9b0ee913c81d90c758f

SHA256
99bbd11889677cd8cb30e3fa1072ba4c932c2c54bc3ac9a6d9fdf71f3c551015

SHA512
eacce585943b8951df4448e13551decab1ac09d3d136209965b13cd21a149512e0039c408dd25e609593ff814cd080be469c8b7b1fb39be05d40dc73947e95ce

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk.RYK

Filesize
1KB

MD5
fff027610d3e2d267b16d342fccd2980

SHA1
a5425f9b357a607fc96126ef173fe503b515ec10

SHA256
a2d3513ad83df799cc65b4be1118c9ae8f2222723e802c858937f1bb35424138

SHA512
448ca840fd1c3681b1a6fea1ae3568063481c4fed2229507ea2818339f1802631e6e19fea2c8da64bf29b3b47aae075f875eeaf11a617226b6be45ca2a0836d5

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk.RYK

Filesize
1KB

MD5
8f68ccd645423d167cdc466bf09f0532

SHA1
0a3c7f60b47f8b51a393f05923ce39000a24bdb1

SHA256
c097684db26e061a764558617a0b12be5ecf916c07a2710bef823575d45fcb72

SHA512
547e89f39858e3432ef1f34d3f0fe27c8a100b41d8eb684ba21f6344140bf186423db962b0966698f6ba22542d7467c7045b6ee48d8c0ef0d84b45b8c1078713

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.RYK

Filesize
450B

MD5
2cddd8a580b1afaab87c4010492e895c

SHA1
a5cf82f97b26cf522840a3d845ff4bce41313d3d

SHA256
06ee8d29fcf349522e2299839731d7f20f04679d22ad47e2e8022003e39103cd

SHA512
eef8ca4701c46dc4e939786462734eb10d6e57d6202005fe69ac4318e28a07d225274d28990f44d645c33734a86268008e299d9be772899472d996b06532b5ac

Download Submit
C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\Windows6.1-KB2999226-x64.msu.RYK

Filesize
1010KB

MD5
bba5d8c7ec8c454a693d0bf60fc9e680

SHA1
ddbfd383585838804c43379bda24c14a9eb0ea73

SHA256
334483a66f8003662ac97e920aaa9c0ef35603c90a752477f1c7e094dde567c9

SHA512
7788f3317ff52b22c1878e55ca7f4b41ccf81688c0eb729395f79bc7de75990ff0e4f2b77dc37f6e134cf4709f622fe93798924eb1792e0bf8c5a65436356b37

Download Submit
C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.RYK

Filesize
5.3MB

MD5
f16ea6a1eb61978bf4dbf6fc308e08fb

SHA1
32b37be08ab752678cd9c3468065a02cd2bfa0f7

SHA256
505086cf4371e3ff0cd7cb930ed541153cbaefe9cc019e4ea1a4a97dce3cdb7e

SHA512
d40719e67bd8982ff8109e9a8063bdac612db05821801d3019886abd5425fdeb4c4d5ebd9847ade3418d4d8bf5e6501dc485d3082d51c28e09ecb2ead1558b22

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst.RYK

Filesize
8KB

MD5
7fbd40f2c9e7b9cfa463524ac534bdcd

SHA1
f35a6d857c453df651b570dd15e3f65a88d8ff0a

SHA256
d45a3b08125b3c0f83b5bad540982fcef8ee26576acf2136bb26aabbf36c6b9c

SHA512
d658617c795be231bf26e5f42453ad954c055be22357835452f4ae4c9684b7374823330665026dcaa384d2b8a49a170bef70cbc0a868489d1a32de1903f28e37

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\RyukReadMe.txt

Filesize
1KB

MD5
34b1045f5480d5c667644d4ab4355c3c

SHA1
e28db6d29f7e5fedae6b95d778ae519bfb722292

SHA256
534ad6a022a0b68a4f73c014fbb380feeeb27d743eacb5a49c2545786f0ba4ef

SHA512
d30b8687663e65ff77e015aa21e386cd08232fe03031b21a2f1f7072e58c3c70bf7964b4c942e9ecbdceb457de3c93bdc842fff69efdedc4438ad2b10293bca5

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\ACECache10.lst.RYK

Filesize
2KB

MD5
0fac1af34885dfed7586b2fabf06ead4

SHA1
db1e2db70817498fcbdab91e26bb6fc76fed25b8

SHA256
98cf4b7e48f49f4b08e72dfebeb7eeee0d685ac5938c3cc09bd31071b99f1616

SHA512
61e7854f99f0db29782f10ef1969bf4707a2f0eb1acf568b408581d73508e4d4d92cec33482e57672cf8d873a72dea0f64b2a8c0134bccc6b76cc7575760a9d6

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc.RYK

Filesize
2KB

MD5
247c5fb6c2c4ebd23a2b95649b8a7745

SHA1
6b408148b98acabaddc609d5efa8fb1502455d01

SHA256
753febeafd8d56ed63d50775939aec4bab1634ff5c0a489807c02b6c19519889

SHA512
306850dd0f463ef8700c6d03d5f50ad95d67e00a96b2bc06080e632c34abc084db832171532664bf3e17579ec736466c5610042ee2b5551dcf92c99bb4a426ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\FP29B0EC\desktop.ini.RYK

Filesize
354B

MD5
4fb9928d5b0d6cf5d58777d31d13e80b

SHA1
a88bc8d1998c90473c4c96c74bc6d2d305465fb5

SHA256
fae03bf34ade207ea1da40dc4a0e1b53ffc4898763bc409509405790255942f3

SHA512
63a180b274cb6e49009077b6ec503db6486261c9c2fec08187a41dd12f947961c93e3e1f75fb47969bca26ca48da223efa0e326fad789452c1d05c14c55c9a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U9KKHJMH\desktop.ini.RYK

Filesize
354B

MD5
ded40718a425145fdeb80c61de229970

SHA1
b1b57b00241de1fca6cbc920112aec1e6d4914c2

SHA256
122d233bc19c131f0681d586fe2b9e3d5186bff03f24b74adb09c9aaee9876e9

SHA512
0b26b482a2a86118492c0620e0237f79c5a992e7b3865e57a74de4677faa52c33707c06cd9b4ee4c3e57a86c57e3b0c72d5e85d91fd022d3da8e42bf46e0c52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\VSUVY3HP\desktop.ini.RYK

Filesize
354B

MD5
4d5dbe3d9803d888df23baf0e3065e32

SHA1
ee8c7da037d0cc1fe4a2147f481dbc6219c65bf4

SHA256
b16aea7bffb68692d74cc31f5b392b02c43384e1e67d28fd78da6fef8b771c43

SHA512
f3f29019015929617aef1f56f76b4e79d4adfeeba320eff8bb88aa43e3f5dedf25a3c33d91b0156d8da5b06b370c5e58298642b0dd302e80e18fde1c9c34fd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.RYK

Filesize
28KB

MD5
8ef6888cacf06131fa35c3c670e8acfb

SHA1
727c17fe3667fff6d450a3f0b7ff95fd0bb4b09c

SHA256
f90bcb69778bff14f640e5aaea981b76e4b147b07be757a85124c9afd8c83fbb

SHA512
f5c415f1953212612a0f556e186dd3850ebc570b7bc671bcf25bfbf5df3cfa47afec43a7609161e5b8c874862f19f87a9268573eabad0a6e7199d8c84474789e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms.RYK

Filesize
28KB

MD5
63bd77304332d75d10a42aba9eebb8b1

SHA1
92170d2f089685034c968386146bf593d738fd39

SHA256
519bf413ee77af237f367196d7fa82a5a157bb7c9395c8434778bd12b1dd9079

SHA512
313f3b8c3e19928d24b05e1855ae9e32d1c7f2851de8bfcdf119a2258e453a5e78c355d9c49568c7b98325b7837604bfa07ad24fe56ba8a06a0f3db2b1713246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.RYK

Filesize
149KB

MD5
85dce9373dae248b857e879bd33bee28

SHA1
3d75f2b65c46974e13f401e02113c5763049788a

SHA256
c5b37feaaa6fa3cfa425645f20f76b8e09bfd0ac7e46db30407505d73893bead

SHA512
681ed02b021e359d68d5ba25332c6f045ee5e7f2cfa39d5bc14f0a9735cfa13d091969d0acfabd98b1d3a42f286261413652acab24ba78bbded305f888545975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore.RYK

Filesize
2.0MB

MD5
cd1185f436c24a17c991e0b33d9348a5

SHA1
c355f5d8703003da6a5353e82eafb4d22a16a2d9

SHA256
6e5aeb7d56acd908027a1be51f54e2e9c6d095fdf684a4ca5463881403325ece

SHA512
0c94a9b68d5361a3fc68fcb8e483ee734859187e47c8af744e0f264c266c72062d1a92067450895ac053b7e6eaf8ee318c6e9d080ab7ba4eb973e4c3a4119af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log.RYK

Filesize
2.0MB

MD5
fc567d2241482027c1ce54fba6fd40b0

SHA1
40ab1315663dd9c09b140ce6b8670a6d74f48cb1

SHA256
63528b898210e1a096b4488f318eb69186f68b7f8b52e75fc1fbb5a562f56805

SHA512
e444bb9e3579f98f07ccfe0b2318649fb5c5c72ae827b9cff329a0b49d9bf5772b21e04060ce15e5b8472f5d555c604d0321254b1df95b91e152cb7a5e85c415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm.RYK

Filesize
530B

MD5
a15e2002ceaab6909d51ac9fa0315270

SHA1
a69fe9e4273a5a121568eab133d8f88f6dab6f78

SHA256
4f60d93edc9d6220fee022ae699c14635cfc8e3a5658a38f0693610a1ba3ea69

SHA512
b1b17430dccb9b8f96b1b073997ba209d90d9302ccdbf51f0d52d570edfc1887cc9c8e884c612d55aca8747d81a2c4c4ecfb2f60abaee9fa323f4bbc08abdebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg.RYK

Filesize
1KB

MD5
ffb737b8870d746cbe8bccbbb991941b

SHA1
6e39a9916529f8d9ab6cef07fdfa85dda25da92c

SHA256
875e55ab28c16132faf7f27061eb4c14fa50c5881060d1a173471879551f187a

SHA512
3ab16da33354c1c87f492975c0eaa50bf02e404ce5463d6b163ce261557227c3e199e7e6f2266f102d35f374a32f777190066f27c928f54643f336bab70afb8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif.RYK

Filesize
4KB

MD5
522f5f86ded02972c7f5531cbfb72d34

SHA1
962963770e2c30a11f8b22df65b3807c6c763b6c

SHA256
b84081d290b3ce609c82e976593afa5b15fcfaa02d1b8821fff116154b8c68bc

SHA512
e41b6febc523b2d28dd836b69ed93d82ed1cd2ef29d61ae3a4659786cd2da8ac7c24bf2384f05b2a7ddc96c868aaddf9b15089ae849a4a379ff9f6f52524e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini.RYK

Filesize
930B

MD5
d3599bd82da856cf952bc4a5c64f4918

SHA1
c2a156cfea78a00fa167e8b68ed2fa9f05799171

SHA256
127b152de552ecaae51c197946da8044bbed6f0483b52dedfc308bbc19aa2b1a

SHA512
2f67633259d5822a8528e5c97c37bcb7b20aa66820f5fa3135346bb8d8f8df1d285f3440cdc920b5d3ae25b0da28890080b28c24ca4c04383570dd42df2478df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm.RYK

Filesize
514B

MD5
6c64e83e61344d2ee93fa91584046130

SHA1
8ca23a6cb56864171f14fb1785d6cd38e86d04d6

SHA256
d9319dd2d23bdc57d4292f1f5e2b6ff9d9cfbd2300cc7cff00cda43fcfa97a0d

SHA512
eb32b1175fec4219b8db060b25cc88dd24b4b547b9ae557796a30b684ab4b3bdfc84f9253a738db506de039bdf7669e1d9d67abc3fc76e6a1afdf4f60afdce38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf.RYK

Filesize
5KB

MD5
d725385deb9cda07dadda2b143353b70

SHA1
475248d92d963b69d70b41e9ab8bea872f487361

SHA256
6699688f76f4eb4d4d65afd216ff79b68b50b773fc357358b23e1d30f2708ae9

SHA512
8a86b0ab5b0fdd67ced6f707f3ea541d9d2d48964c88af0643eb6446ae7907c8c7ee4afbd9248d040a0dabbee3e5e77dd0b6cc82f05002159622848a6eb66057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf.RYK

Filesize
114KB

MD5
cfcdbb40114dfc5ebc6169ffca1f2d6e

SHA1
c064b0856615a2c8378edad6053362bd11320555

SHA256
751d9ca50b3b5e962c32826a2c3f40778cb34aee6f010c89c2be8e47470490e3

SHA512
cff19aeedcb4d7b9bfa82c17a6be4e347a8e92acfb35add5b8533c07adf6a3f543fd08effda9fae9dc78241eda55d083fafb0a8db8069d671189bf3904faa264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg.RYK

Filesize
6KB

MD5
a1a27f4b06992074d0432f030d3c61c5

SHA1
c258171bc0c916e48fff4c0caa096c732e78f446

SHA256
e52548c6ce6337f027a788531a375e5d97df649add856a7f71de7be831595059

SHA512
a1398efd999658e395b20f2034863a4445c11d5eb600aeddfeb8099e8e3f1ce496e0d68f31f582fd16f16c5352fd0cca57fc95122b60097bdb84efae0d62b8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf.RYK

Filesize
149KB

MD5
cb058a7003c1547135d7fc39deb8b6d2

SHA1
f4d820526eb56e286f30bf759d9bd148c2a73838

SHA256
88d8fe83f4d37a68e0a64199c22f37e4efea724f31b7321a6d8fa0d5348a3b68

SHA512
068def40c3b082cb390efc08ec4f28d0d400d002fef5385f3f89d0786b663fa96228047a53c088aa5136ca41cef194b4e48116a83b3ff05629a4c2407b30eef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg.RYK

Filesize
2KB

MD5
05116cba426e07442c85eac60bfffdea

SHA1
022e01bf5b7b0eb6a18f6796fbf4fe032473edaa

SHA256
900319f2772d93b7875554bb9482c49d5ecc538206642789f0d9124707941baa

SHA512
9f2913d5f5905f052d52b9ec158215a0a4ba76f39f46a7e73e33d7a52b1d4260315751b84863e3f6997d1a8efbd126d489edfa2297a09ed02bdb0f634b6fe660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf.RYK

Filesize
25KB

MD5
be59a4a4c68adf5484d60045147d7acc

SHA1
9e8849f7cc3fa72078fd45db8519c9557fb7c406

SHA256
018053dd11e3064dbd942d3aada3660c319dbc0ac52ac37046b7a53b9023f0be

SHA512
71e72eafb7e3c2744c65655c0047a6efc1e0bb8ec2c60cdc61f6ffb7708839b1b59926f4d7200e62447452144de0d1a089884be6c65435e0a93c26c509f1a0b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm.RYK

Filesize
514B

MD5
a8af3455c51f6bb3baf5f5f6917d08c0

SHA1
2e885cdc2d8513b0756eef6b6449c212ade4b45c

SHA256
04dee78ac8088097ab696dc94a364b7bba1aeacdeda3828e0e81c648515d6359

SHA512
505c455e58144b5798b8b9e313f05a0b6f8eeff7975dc28ba46faaf027e8035cd695018c298e623db6f4c7e11a577102e157d4632ef342ac6baebf2b8e91b4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm.RYK

Filesize
514B

MD5
b687f2958fb756fe43f45b6eacd468f5

SHA1
bcfed3963b91359af451a16e369df7e00dcef88d

SHA256
f8346c05a21057cdaadd27987428759a5abc1b39a52543a6109973c51d339c6d

SHA512
516420f75a99f82f417d1f4a5251f82dd435148aa712d057e3768ec9c7b857768fe260898fea27ea364af52de76db06c82bc132e38d55a3736f3d738b9c530d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg.RYK

Filesize
4KB

MD5
eaf1a2e9dddf2ebc21ca596484f536aa

SHA1
c24531ac6540a9d4fad03907da21fffa3bdf68fa

SHA256
fad0e771e906d498e414b920e75da5b5e8c2692e086ca1ed1372e13c50f6b76d

SHA512
256279a5bcdf2be2f4887efcc79779036836acc3bb7c128dbab55eb469ae10970266601beadfa5346dbdeea904957f917982830f61762cbc944526145a134c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg.RYK

Filesize
14KB

MD5
97d8b9c362a1da2599abf289f477fa96

SHA1
98c2e573dc1b6686e9c057e1f5175d0416fc6830

SHA256
299ba1432a7f35472d2b19a00f15fffcbae9ed23434501f41b1c88773137357e

SHA512
17adb0e7ca434bf018c5902d446a23a1b336295836a39e4ae358efb3e28f3217c4d6a51eb353d0c57275f6eb2cced1aaf0b230549f36614538b4c6ddcb0f72ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm.RYK

Filesize
514B

MD5
e38d9934be4e593a4cf6bb6129d7c2f8

SHA1
827d3f4a7f869b9d38773327514fe529a39917cb

SHA256
6694751d646243b2d89ad5a7852b207baf70e07d19fa019bf394bbafacc2a634

SHA512
00da1a6e0c83d48212b554e528bec4a0f1e4ba0f6dadbf59ecf61d87fc6aa6f4b50acd20d383a1fa0fa305b900782be34f4d694aafbf6c671c44712efc66c214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg.RYK

Filesize
2KB

MD5
40d150bc4e6669358a1e5271e71d4398

SHA1
ad605f10171a62b427118e39fe7888f9870cae70

SHA256
f10e034ba4caac8e506eeaef582704d66b56c04f50f12b7922db9156c1a4f030

SHA512
de1e11700acfa7106d4167bb6f475933484b5341a87e7edd2d4a9ae903e1c7319efbe863e0c92b5b0515f98de4e3549e114374167c3d7c082b8fc563cf99b86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf.RYK

Filesize
36KB

MD5
89309fa23eebcc3128288c5341cb355f

SHA1
ca45ad506aee8c545fa5bb65329ccb48ad7371c8

SHA256
c32b7929e2d5d4c0f49cdb07db28774f7e246c6d4c2f0f48187e37afee4f6e8e

SHA512
6f447453468c38bf779ffd5d15a0dde2fa1f74356b945986bf2139ccdd377bd37ec410f6bc0dc06b2d56c6c88506583a7c2ec31580fec199719b0d55dd2b1101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.RYK

Filesize
4KB

MD5
e5cf1d70faf1e75a31d711c57c99ad9a

SHA1
51950d8d3e9a40ba9ebd262a05352647b7366913

SHA256
8f29f291f921eeecf40439198f6aed24d62ebcba5bed9fd1ac8c9413aed3fe73

SHA512
c87a407fc9830085d287da38f6aeb969f695f77745b66b5a75a7dd575cb9815084a3774c3daa316436d2aebe559cec0c42db47c7d544a6184030467100707a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg.RYK

Filesize
2KB

MD5
60878662a47d0407e49af7b53ce06607

SHA1
66ca2117bc7c9cb813c36ba7e6ff3cc0e2711939

SHA256
53e12deca13db63e583c8842b690a91b2e6d4abf2d1108454732766413098cc3

SHA512
cc6fdda3d37711055aa3726efb04d82592dc851b9550529a9220985c4e87d313431663181286651469ff390f3a5d8023263a0bc30be82539cacf6b1a9c55cd06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm.RYK

Filesize
514B

MD5
57563509bdd1a2065ca1c55f02577ca1

SHA1
1c33014cdcdc872c9fdb2e399abc69d3a63ef216

SHA256
639adb60e75b9a75bca8c185a9b7952e08ebe52a175f6e336eba8ae717ea4f5f

SHA512
e3d98778048063f440c25d74ee1f814eb0e65ca9e85a94fd2cb97fbf656d8fb2a3b90419a5e318e5f352c79ad28e6376cb7fbc636b4e7b1ee8fb018c3891b4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg.RYK

Filesize
10KB

MD5
3c6848255ce146d1927f8f17e4f85922

SHA1
17aa7057b27aa7da12c43e09ac3d82c933213dfe

SHA256
161f328643621f5f7685b58dd87c7a4868d7f7e567634fda6ba1deb11b065f4f

SHA512
b77e46e503c3731bee80175b932a25b38ff1bca8fec9444025adb02d0bec05c6c6e6dd81a0d33ca500362bd1350e44cff8df2f44ae3c78d17b4ec7c7e1dc2ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm.RYK

Filesize
514B

MD5
1acd7a29b287b381ea06ba62bfa4f2cb

SHA1
de7d928758029de745561a62d9e56339deae04b7

SHA256
b372e781951af6e3706f875abe77f7a8dbef4fbf9b3fd9a734823c037ad0f15a

SHA512
ea0c19ea1f21c9effe0d5265ee443362c0d201159413137ab5404eaaef7e9943482f6b56d4f2d07dda51c8b9cc98b5da9c54fb9fb8865cacbff948dde8b0a067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg.RYK

Filesize
7KB

MD5
8b08c7b6777c13bf446f6b86db711cb0

SHA1
ee6a057256924545b64a00ff2c5db86d2c64813a

SHA256
476b48897913bef3b1b0441f86eb13f845f82e37120d84daf79e26f4c2739fbf

SHA512
14bef71dfefe9649eb460e4fbed47425b8bc0538a3d8da5122fbe5d1d6de9f02303020feaee7c4610d40a5f416ed20de7258a82ce2c678b41702acb4679321d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif.RYK

Filesize
2KB

MD5
8033ede612633a6aa7685259bb2c9ce3

SHA1
ed0478f71cec925c6beb90d5988c0b163a2142a3

SHA256
385dd5482251bc71d4667ba68de6ca31ffe82f7865b2905acc4f3975f64fe4ad

SHA512
f3469a4e6c9290eb6f14e69c34081c0357fd4ca9b2a9947cfc332f2183e98d4b98e62788ca2df2bc950f68941cbf28268c9c1d66b6b691a099b6cd040aeeacf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg.RYK

Filesize
3KB

MD5
6dcd29db4811d0838de17504907a2c70

SHA1
5cbcbc7308bbc135ddeb9e133e4bbd4dd12e78fc

SHA256
5aa3f7749b4162e7341ce3699c6e24d598bba99aa862b8d39a191b9496d4da19

SHA512
228fcbc81b8f74513fc8df71ff60243b60b1758032dbd4f5d9d7c82cf28f9d8697753b5ffa90275d6bb78ad3c532418b107c7d617a79c7a75379fb6c00ceddd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif.RYK

Filesize
4KB

MD5
c903dc6bc8c1521f182af034472d1d5a

SHA1
7a9fccdb6f504b062655f30f19a2df7009e3e227

SHA256
ea66adf5d3777971f7bd1433093353658af05763e730dd2630726cd043fab3a5

SHA512
e16ae5919d9de959dfd1fd1414af878e24c2fbf89958a7be0c454eb0b68d13ab1bb1c1b53fa359511593e6c77db8f565303da1dda064a9cbf78b0cdc941653b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf.RYK

Filesize
26KB

MD5
fb80e808b0998db69f1df44c16066857

SHA1
accbba9c53024b69687505b62f04c82cbb9f39ab

SHA256
24f6f02037a8336031e64ff2c598cdf9c8acd3a992b719dbf44eaeac7269daa8

SHA512
e7acf07993e9cc136bf97ceb8035518bd1444fab7f62a677fe220f5167cd8e40e1abda376e0582757e5dc2b3cb4d3a4a21b167c2a8dd7089facaabbc391b104c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg.RYK

Filesize
3KB

MD5
5a87ed4a350079dd2627a16ef61c12c7

SHA1
850d2ec6fba36f414f5dc284e295acd023f00e60

SHA256
65ddcce925d0bfe244773c4c0e73d9033607c9489cbacb63d05a75d7b7469169

SHA512
bd916bca17288480014e766bcdafc66da0f60e8e00b2b5513c3d20bb1f1323bdc8d5cbe937bd06692b7ffd68107de4745763d1d039e5320f6d287e4a2db1bedb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif.RYK

Filesize
14KB

MD5
09821410461f0a938b3080e1f0373805

SHA1
eaf543658ce1d58936f2ed76812ae3b6c8e7e9bf

SHA256
6c5a9ba44d568c63b2db73426ffc38a00ae146cb9d8ffa76d9cf3a80673ecc75

SHA512
d804437070e3e792365e0e4b38d7939659a8c7485916d7318fb1e815c71ea467f82d4cf953f576e45fdd613e8fc3f9a4a7b40979f142a859b74b4725998f072f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf.RYK

Filesize
7KB

MD5
da7c340fc1fbf8a4ab20566405e6f8c6

SHA1
e79d6f8d86dcba89ff045beb0954f81764d113bc

SHA256
6e6822ff874818285ccc5adf90d42601bf7e7e4f872dc26114da7d4b76773959

SHA512
db35989b8b9ab44aa9fc486acd8ca79ae061f1d4d6f21e966713a03f38374ca1b82c83280110640706fd7f247fb26e8c7973e555d2cdde133e2586d38c906f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.chk.RYK

Filesize
8KB

MD5
3d5e4983ae5e33547db94586842eb379

SHA1
fbe41f330f78a64292f9409da047da3ba2f79ef0

SHA256
de9259b2d573e07a3b07d66b4adb986ca248b0d0ed560f6d4d51e62c7f45d347

SHA512
b1ba7dd40be0e8cdb8ad8c35b3c78857c23fc62f6ba764952a380d6dd6e27bbdd10dafd611b423e6aff0bb41c400347b887fa830c7355cfa48dc0bdcab5ade97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD.RYK

Filesize
786B

MD5
dea1ae931e4e45ecd1f694604f125c1b

SHA1
d7fff95d948c416ff22ec1ebd8ce8dd441da8f84

SHA256
825b56c8059098966f30b40a4142f893b3b858dfc48aba1ecfdeb7c2643f5ada

SHA512
52468ce91d96680638755e9cea15fa0540a4dcae66adb5a562faf7b0e0d94aebbc80a9c43883808a0b64edbc66b7179d43f4f1079ecb8c6e938bf661b9f6ee6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.RYK

Filesize
10KB

MD5
baa9d3e0f2a7e692c026955009988d97

SHA1
5c3aa3968d58884667cb5436df65225a945b44d4

SHA256
aaa3942e526ef0b3367ac5a38949464a2e1d77612ca2910a23d1b70e518b287d

SHA512
d95feacf4bfb33a6a54c7b5ece1c3ced070826ec0b98f5fbe95da790384086d8290c730f02a3d2d405e9b649b332837020e2f954db861db66f48eac377e62cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8BOMT1Q\desktop.ini.RYK

Filesize
354B

MD5
b7fd6016daf67a4a84772e698373c921

SHA1
c0a390bb7f34daa97c1b740183d70a0134105109

SHA256
cc63ffb257b7c21be2007c0a77208740b63e99daba52057f62f4f4b456b897c8

SHA512
0672aaff2d0e86f9406578c4a9d6d82a19ddff463450bdf35f1b9087914680aba65ab1cc8e20636dbe0659dc37fc8faff7c06d06bd52466526e31e9e388d6869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INNMDE1C\desktop.ini.RYK

Filesize
354B

MD5
ef406a495e6c0e5247867c30f5e0bd67

SHA1
5411fc2f2912e4ae1f89d9d27d6621b53b7f3ddf

SHA256
281f33eaf53f964bd9fa9d6baa7550e8cff8f0f369e0a850918b91ae398858c0

SHA512
a04966d924b65d82403502ded1af246e2477d2a3da95da3cb2162622bba812aab1e08af55f5e5614ba182d7086ba53bbb8185fb6aa43b9de677502c3683c5a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\favicon[1].ico.RYK

Filesize
4KB

MD5
c44ee41a8818c3e6ff6ea7965a19eb48

SHA1
cc859850476ba564995961382f554394ffcc576d

SHA256
992a94825c3e3e9bf79a969bd3253bed8d4f6eb0d42b1e329f99b2c28e229afd

SHA512
d7c98d40463a6e1094c66ce396558c5efb318ae44396a688d2e2b2eb030475ac45e4be43f7989297793e891b2105572179cc0f981c221b97f34035b4b342f0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1J27TKW\desktop.ini.RYK

Filesize
354B

MD5
8f62d65fe5bf6358fb6592390116c927

SHA1
7470eb5aa36bbf2e0ec5c4697da1091929ca27b7

SHA256
256312e454c227df643cebec55b875b28cd31c3ff9f26e9633f0e89686a00a13

SHA512
625b2aa42873d06a7014bc525f391cbc0183a00e597a174875f7e6313aacf28d9033abde878aa1e1644a55b7420ed313d0b7febf31b297a7d6432ae0ca8dd227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK3MU41S\desktop.ini.RYK

Filesize
354B

MD5
57c5273bed6c162ab892d4330e2ba27c

SHA1
1d55b78b4954d17ab4b1c9866c950b43d5f89089

SHA256
105dc2f1ba2ac9480d277ddb5a0642af42b2b0f318c0fd4c3b776947f1cf33f7

SHA512
e41942460d71d8df6b06823ce72904a2d2470a7fc4bb1edb6a5f50a175f7c93f3f3edb27dee7f553f0c9538d8f66b3cb0a386e7ebc566896c47de255ded9f5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ASPNETSetup_00001.log.RYK

Filesize
3KB

MD5
bdc1c34069a94f8277d6a8bd06f8443d

SHA1
fdf9c0bc60f5fbd1874a56a85185cd18e1902695

SHA256
6b2da040ff129412409b7a10ef163494bbbe0a808c78bc59154ec9eaa10514d1

SHA512
4ab287f3d521acbf85d1af90224c4edb49cf2eff5f90f09b59d0211b8affb3f6b264d16c116cdcaca1c5519d58a89e8db437fe9524c54464cece7d974df968ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240903_051515516-MSI_netfx_Full_x64.msi.txt

Filesize
12.7MB

MD5
6d905e4034cbdace5994da10325da242

SHA1
c302aff46790e2363cef4c89c4ae9e94d68786a6

SHA256
8009aba525c717bffcc07700ec6202b4868c7a8675f4ae9a8afb50650d9a2a12

SHA512
1c094662c7a1337b7e417c2c56c5bae4b07e77091423ad554375f7949ede157c41d371c47af014cc7b3bfac3b0b12db394aa50e905dad3cd9fff33870de40042

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log.RYK

Filesize
4KB

MD5
03528523d66a81c7b7d318b822c412de

SHA1
688f59deec423a46d1696fdd20bfa3056fb42784

SHA256
72973984a4996cdfe5ce578294fe5e6754f10d2d82f38ac7b6d7f65a7e6e72fb

SHA512
f1b8d130897cc9b639216d62f5ba0ec6cdcd2c6b8122bc86e47d16ec264b26296bdcda03968a08cefbf106452830e9dd08e9dcf233f167f696795a917ae73e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_SetupUtility.txt.RYK

Filesize
2KB

MD5
61c871e52669e2eff7076913a88246fb

SHA1
237cc76a9f2f3442182e5bb947dd13332149457e

SHA256
20e2b203977bb438f5e1e1e6d7c180e420f2e59a319de8d7b8c0c1f19a75fb26

SHA512
c815afd2d0181ec2e9a98899b9354ed543872b907dd28920ad63a3a2d4794d879884450bcd3f7b4cc33a5d5dcfd9366d123a65378ab3a7bd1034d2c79a8106e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI1E26.txt.RYK

Filesize
11KB

MD5
1a3859beacacf3caf15572de0c6344b5

SHA1
c9a81da3359b856567a0a360eac45ce48d9ac843

SHA256
21fc6b9184b3d89702f8b26f0b97d6bbd8460beac588bad2d22c17ec56bec27e

SHA512
993ad710343aed3b4c869a04e985bb840e1bcf6cb5fa11c9700dd73e92eb9d1eab02a1ab33e62ec71c3e562d3cbf4120b2bc68701e83f124aba47cc8bf0f06a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20240903_051527_762.txt.RYK

Filesize
7KB

MD5
cd48d55bb9eb93aae961220db5612a0d

SHA1
fe1321d08cd70b24393e88030740c09b2b07e0bb

SHA256
08f72a4f4a9f806673612cb83271e13f7f04f808ea7237d0fb550b46cc883508

SHA512
5426ce0c121090481f50f85c1d6848ad3aa34645098a6e891a5f031c2be3ce393c231740a6fe32a68919e93ded5c66472fae4c8dd5cb30e9e6595aa1979a0c3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_wcf_CA_smci_20240903_051528_152.txt.RYK

Filesize
2KB

MD5
4082401d5c5ca1024b5673c6defa7d58

SHA1
2871eea9ab36bf3c16cb6b16f3daf028d10b2f65

SHA256
011bab7ffa92e2544170593a07cc7db8ea284f8b57ab01b6f37cda86206fe04d

SHA512
3513f1bec50953256cc04ffc4088dfec22ed95f8d7de1142054250c9cbef1efb16beea55a611f31f871db6c80581180897c3668f89e9ee942f98469431030031

Download Submit
C:\Users\Admin\AppData\Local\Temp\java_install_reg.log.RYK

Filesize
4KB

MD5
83e26b003d05418337ed4b834f4aa8f9

SHA1
f44154e460a315ad747839ad90e9dea068b0e727

SHA256
956a5b201d29c744fd8b5afd67cf6bef0ca14af327143bb4d7262827d288e3f7

SHA512
871b91a228d0ca24494f363e60b8d344204b99c6ad23b18d4bcffceed779997dd0ea9b0db96254380d8463d40e5de1e200393b78782eecaaa6f9f5aaabb74e8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log.RYK

Filesize
626B

MD5
6a23512ddd198d57e5f0c5a32a779481

SHA1
889c79fef5e0788e455f1c90dc74b0ca320d62ee

SHA256
8ed0ac2517cdb8009f1fdbf5cecfbaeb6b5f1416de8120612e070bb4563ee2b0

SHA512
bcefc69883fb9430d4908cadaae926dbbb97ec88e428c24f305dfb3fdab9716f93d70db39ade46b7b270f1fe9fc57c8699ddae029e7bb29688bcdc1ea74980fb

Download Submit
C:\Users\Admin\AppData\Roaming\WaitSelect.ocx.RYK

Filesize
1.3MB

MD5
30819a12718e31d9b2eed4524f52151e

SHA1
dbb93b7a58279cacb9172235ba788a5df634d89f

SHA256
d6ce1f448b89c1d484396c211c7a728051f825750fbd54483c0add7414396093

SHA512
bd322ce9626df7f4d7ceba2293418d155fd8473e58c405808b255263960fc2cbdecf978d9f7cd1f6a2beb2a9237c6b60e129269ef75db6b037e62431d5819ead

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.RYK

Filesize
578B

MD5
0f7c6b135b53c373d7883fcd5cddda44

SHA1
5a53f915e81e76cfeaf68f3d77526ba07b6c3b55

SHA256
025da39cedb7f811237d3d15d9e32933d7902d3426e4ce3ab27a02efea87b8c8

SHA512
6cdd7d65f594abe44d60b457d6a7702454634064654247f6a9abde1a4f4853a0b77f8dca2040db4be17316ed3ba0a4aa15387405a5ae3cfb3c5039ac8929eaeb

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.RYK

Filesize
562B

MD5
e0d6bf21108bbe75e6b5ceb6a4be161e

SHA1
a01789a505f26281a42838162809c8f590163880

SHA256
640eb2f9eaf61d1df22c9b6aa619c1d272e32940e65b9ef17540895f39bc8768

SHA512
52f22e77cf15992bfaede729d66e97cbf3760b1ea697a788594d986f8e2e8e05cd9eb9bd00cbcd5769227a95181d779c15883c48404b4868c315734f39ecd185

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini.RYK

Filesize
434B

MD5
899bc93072a3ace18640b5f7734f8bf8

SHA1
a924f74c4f98091fc9210acba5ed8a4cc60a7de9

SHA256
1fd07796c0f124fcfe6725fd240d94ec58aa5ea2f79aa98670dbd52612d874b3

SHA512
22e6fbe6316d3ba0212454c6145da688ab51aff40af15cf5596c9bc07d2fa8c51458cf6adf535ed5308c0bad8779be9f77649638f6da1e1c1665ca8a89cebcba

Download Submit
C:\Users\Public\Desktop\Firefox.lnk.RYK

Filesize
1KB

MD5
cc72b646fd5cb075d5f73e7c2adb989d

SHA1
7581a0dba4baeb4e65795faa54a9b1a3d4daa5b5

SHA256
2ce8d96940fb62e0156ccdb688eb81671d31155fd657747299fdf9a626cd07e8

SHA512
9485fd5f76238db00804fc6f725a7fede5489179cd2776f66be196ee77dd25e67462b828de54bb2f5575e904803668eb91ce81ec08cacea19f5966e435116c55

Download Submit
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.RYK

Filesize
757KB

MD5
024edcae3a2139720c09ca8bac9542be

SHA1
47c8e9df8b8abb18250503bb419288df95d6b929

SHA256
e70ded76db645678e8da56aa9cc37d6720c20e36ebcc3faaedcf274f8280d263

SHA512
2cc0ca123714146a45538ae33a0619d30964c6f4c74a276a13b25d12d387bc9ccbcd4e893b34edbbc336efdb1b969ee811beadb6eaaca850780cc159d5a7d8f2

Download Submit
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.RYK

Filesize
548KB

MD5
3bfc54f8cd098657da604276de5896c7

SHA1
04d6e799601c4e987b115f3afc5d8e246da9884a

SHA256
78f6120988f816568f727a882b77bce0aa07421f8fa778c3efd2044e7d328e28

SHA512
069a5d72a0ec4abb0162bfe5e31e1381bafc8309d13e92b9501a64e8d50bf8eb6826a46b4fba86b4267eeaf76db4a18c468db35705667272acb47528f9078f1a

Download Submit
C:\Users\Public\Pictures\desktop.ini.RYK

Filesize
658B

MD5
82526fffe64a426203726312bb6fefb7

SHA1
7f8873633f3af8550e08d0f276ad1e6e92fc1f4e

SHA256
bcf86474f84015cd3ef4985354688b4170ddcb05e8ca75e9dcc9d0ad4f77460b

SHA512
db10cc7dee6256c44bd7f50bb9e7f720f4988c07f7068fc5c35b6775614f8fcd7cb0e45492a190513ca87c79d95beb2b03d2d213fd1e593433e6c9150cafa0d6

Download Submit
memory/1116-199-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-137-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-120-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-111-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-127-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-102-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-142-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-88-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-145-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-159-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-85-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-87-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-71-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-43-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-229-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-161-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-0-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-171-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-178-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-210-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-179-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-32-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-198-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-193-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-176-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-162-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-154-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-144-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-188-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-125-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-238-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-237-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-128-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-235-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-231-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-227-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-219-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-110-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-97-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-80-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-70-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-52-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-63-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-62-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-51-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-48-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-34-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-30-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-218-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-216-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-25-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-14-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-11-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-3-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-2-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-209-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-195-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download
memory/1116-1145-0x000000013F080000-0x000000013F416000-memory.dmp

Filesize
3.6MB

Download