1d4342cf...361f

C:\Users\CIiHmnxMn6Ps\Desktop\symnfa.exe

Sample File

Binary

Suspicious

»

Mime Type	application/x-dosexec
File Size	442.50 KB
MD5	04d6e259458e75519c77f11501bccd22
SHA1	80816507bfea171098aef2cbc3657a97fc0c0e26
SHA256	1d4342cf02142227e7fa3437f4ee06ed4ef3d59a136eb2fb4e657e1bd782361f
SSDeep	6144:wkfudA8gWLb65PoYnk5cRvSwMgmBzfmBggplC55xxqy1S3/+amN547ZNUU+Bgd:PuHLb6loD2VSwMdKBa3YVmz6Zq1BE
ImpHash	0a3fb1157e1ae5c73dfdace0bddb5907

File Reputation Information

»

Severity	Suspicious
First Seen	2019-02-26 22:14 (UTC+1)
Last Seen	2019-02-26 23:47 (UTC+1)
Names	Win32.Trojan.Filecoder
Families	Filecoder
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x401a62
Size Of Code	0xb000
Size Of Initialized Data	0x64000
File Type	executable
Subsystem	windows_gui
Machine Type	i386
Compile Timestamp	2019-02-17 17:16:34+00:00

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0xae87	0xb000	0x400	cnt_code, mem_execute, mem_read	6.61
.rdata	0x40c000	0x5956	0x5a00	0xb400	cnt_initialized_data, mem_read	4.89
.data	0x412000	0x5d3fc	0x5ca00	0x10e00	cnt_initialized_data, mem_read, mem_write	7.03
.gfids	0x470000	0xb4	0x200	0x6d800	cnt_initialized_data, mem_read	1.47
.reloc	0x471000	0xe30	0x1000	0x6da00	cnt_initialized_data, mem_discardable, mem_read	6.19

Imports (3)

»

KERNEL32.dll (69)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleFileNameW	0x0	0x40c008	0x112fc	0x106fc	0x214
CreateFileW	0x0	0x40c00c	0x11300	0x10700	0x8f
GetVersionExW	0x0	0x40c010	0x11304	0x10704	0x2a4
Sleep	0x0	0x40c014	0x11308	0x10708	0x4b2
LoadLibraryA	0x0	0x40c018	0x1130c	0x1070c	0x33c
WriteFile	0x0	0x40c01c	0x11310	0x10710	0x525
GetWindowsDirectoryW	0x0	0x40c020	0x11314	0x10714	0x2af
GetProcAddress	0x0	0x40c024	0x11318	0x10718	0x245
FreeLibrary	0x0	0x40c028	0x1131c	0x1071c	0x162
GetTickCount	0x0	0x40c02c	0x11320	0x10720	0x293
CloseHandle	0x0	0x40c030	0x11324	0x10724	0x52
RaiseException	0x0	0x40c034	0x11328	0x10728	0x3b1
QueryPerformanceCounter	0x0	0x40c038	0x1132c	0x1072c	0x3a7
GetCurrentProcessId	0x0	0x40c03c	0x11330	0x10730	0x1c1
GetCurrentThreadId	0x0	0x40c040	0x11334	0x10734	0x1c5
GetSystemTimeAsFileTime	0x0	0x40c044	0x11338	0x10738	0x279
InitializeSListHead	0x0	0x40c048	0x1133c	0x1073c	0x2e7
IsDebuggerPresent	0x0	0x40c04c	0x11340	0x10740	0x300
UnhandledExceptionFilter	0x0	0x40c050	0x11344	0x10744	0x4d3
SetUnhandledExceptionFilter	0x0	0x40c054	0x11348	0x10748	0x4a5
GetStartupInfoW	0x0	0x40c058	0x1134c	0x1074c	0x263
IsProcessorFeaturePresent	0x0	0x40c05c	0x11350	0x10750	0x304
GetModuleHandleW	0x0	0x40c060	0x11354	0x10754	0x218
TerminateProcess	0x0	0x40c064	0x11358	0x10758	0x4c0
GetLastError	0x0	0x40c068	0x1135c	0x1075c	0x202
InitializeCriticalSectionAndSpinCount	0x0	0x40c06c	0x11360	0x10760	0x2e3
TlsAlloc	0x0	0x40c070	0x11364	0x10764	0x4c5
TlsGetValue	0x0	0x40c074	0x11368	0x10768	0x4c7
TlsSetValue	0x0	0x40c078	0x1136c	0x1076c	0x4c8
TlsFree	0x0	0x40c07c	0x11370	0x10770	0x4c6
LoadLibraryExW	0x0	0x40c080	0x11374	0x10774	0x33e
RtlUnwind	0x0	0x40c084	0x11378	0x10778	0x418
SetLastError	0x0	0x40c088	0x1137c	0x1077c	0x473
EnterCriticalSection	0x0	0x40c08c	0x11380	0x10780	0xee
LeaveCriticalSection	0x0	0x40c090	0x11384	0x10784	0x339
DeleteCriticalSection	0x0	0x40c094	0x11388	0x10788	0xd1
GetStdHandle	0x0	0x40c098	0x1138c	0x1078c	0x264
GetModuleFileNameA	0x0	0x40c09c	0x11390	0x10790	0x213
MultiByteToWideChar	0x0	0x40c0a0	0x11394	0x10794	0x367
WideCharToMultiByte	0x0	0x40c0a4	0x11398	0x10798	0x511
ExitProcess	0x0	0x40c0a8	0x1139c	0x1079c	0x119
GetModuleHandleExW	0x0	0x40c0ac	0x113a0	0x107a0	0x217
GetACP	0x0	0x40c0b0	0x113a4	0x107a4	0x168
HeapFree	0x0	0x40c0b4	0x113a8	0x107a8	0x2cf
HeapAlloc	0x0	0x40c0b8	0x113ac	0x107ac	0x2cb
FindClose	0x0	0x40c0bc	0x113b0	0x107b0	0x12e
FindFirstFileExA	0x0	0x40c0c0	0x113b4	0x107b4	0x133
FindNextFileA	0x0	0x40c0c4	0x113b8	0x107b8	0x143
IsValidCodePage	0x0	0x40c0c8	0x113bc	0x107bc	0x30a
GetOEMCP	0x0	0x40c0cc	0x113c0	0x107c0	0x237
GetCPInfo	0x0	0x40c0d0	0x113c4	0x107c4	0x172
GetCommandLineA	0x0	0x40c0d4	0x113c8	0x107c8	0x186
GetCommandLineW	0x0	0x40c0d8	0x113cc	0x107cc	0x187
GetEnvironmentStringsW	0x0	0x40c0dc	0x113d0	0x107d0	0x1da
FreeEnvironmentStringsW	0x0	0x40c0e0	0x113d4	0x107d4	0x161
LCMapStringW	0x0	0x40c0e4	0x113d8	0x107d8	0x32d
SetStdHandle	0x0	0x40c0e8	0x113dc	0x107dc	0x487
GetFileType	0x0	0x40c0ec	0x113e0	0x107e0	0x1f3
GetStringTypeW	0x0	0x40c0f0	0x113e4	0x107e4	0x269
GetProcessHeap	0x0	0x40c0f4	0x113e8	0x107e8	0x24a
HeapSize	0x0	0x40c0f8	0x113ec	0x107ec	0x2d4
HeapReAlloc	0x0	0x40c0fc	0x113f0	0x107f0	0x2d2
FlushFileBuffers	0x0	0x40c100	0x113f4	0x107f4	0x157
GetConsoleCP	0x0	0x40c104	0x113f8	0x107f8	0x19a
GetConsoleMode	0x0	0x40c108	0x113fc	0x107fc	0x1ac
SetFilePointerEx	0x0	0x40c10c	0x11400	0x10800	0x467
WriteConsoleW	0x0	0x40c110	0x11404	0x10804	0x524
DecodePointer	0x0	0x40c114	0x11408	0x10808	0xca
GetCurrentProcess	0x0	0x40c118	0x1140c	0x1080c	0x1c0

SHELL32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteW	0x0	0x40c120	0x11414	0x10814	0x122

ADVAPI32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SystemFunction036	0x0	0x40c000	0x112f4	0x106f4	0x2f1

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.bmp.RYK (Created File)
Mime Type	application/octet-stream
File Size	784.33 KB
MD5	9ce5ca70571523db2aad14686621850f
SHA1	c4688e7054769426a96b6cb270478d3974484f50
SHA256	3205b49de41b2e98eaa6872b03b48a5b689169f39b01dcb7bb4efb78fb4f429f
SSDeep	24576:zBULrNPYuFMlSsBSun2Z+/78Vd53xzdvx:zufNPYgVsAuZAv5hZvx

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.64 KB
MD5	bf25a28a556d74e7e41f07d8c9a6ac26
SHA1	bd8b0fb6ff90b8289650dcacb100620605bed23d
SHA256	3e1059ced26467b29d20073413477e69b7b30504c7fea76e06c16ad80d06a570
SSDeep	12:nxnJNpKipgH3t5l96I5qVaK5gVuXhru6E9d/ZpQM7so8yiKmOqArKURsn:xNKqgXt796QmaogV2hrqWyAFArHRsn

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\189.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	28370f29899258417c535969c5f94d6b
SHA1	375d9e9bb71a8baf14b664da843a64cd46e66f41
SHA256	ef80b50a562a80f185729e24aa9842dc2269178ecf850bc91f00de67c5115f29
SSDeep	12:jEMfObfUmoP9eIEHm9N2PVmjYG8hVVwy7z3KN8MBon+:30f/oVe09NiGYpJ5X6m1+

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\XPS Viewer.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.38 KB
MD5	5d710f6cc567da3fe7073422b1cd0274
SHA1	c7e8ae725989ef735acd24f28b9232c81b301a12
SHA256	e2de02c161dfc02799d0ca4b3198c2abaa2d5f969713cd961068057369003c1c
SSDeep	24:3Pgso61eGvndu1fLpGyLiYafZikkHZ6obh/xA2BxStQntJP3Z6caHJ7yLAbQeF:34t8eG+GNVik0Z6oVxFSSt1wcaELA0eF

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	c760fa2416902fd7f67fe56aa9a7a49c
SHA1	43050ecd961def482a8fbf18a7078c0737f5c933
SHA256	1ee55f16e0bfc150370cb2831ecc14be22114fd4af76e3cc1a0a0ed52576c606
SSDeep	384:ZderXfZXaUCCCB128lWgtuvcRxaC9fcl/u2LkxdfNZX5Iez2SJS:ZsrBXaHvH5tXDaCg/u2LkxdzDz2SJS

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	3ee75fad0c5a50aa6673412f0a81eff8
SHA1	bde87006ea9ca2d809a5021b22b98920b4f2f22a
SHA256	2e120b317376c514bf45e3010b72f1b3089f7e064d84cce52bb7d883a1d8dd90
SSDeep	12:I+19BSHo1EWIFrJkwOB2hn2/xJGy0t26k0:D19BSHwSFCwTAL0tg0

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Sticky Notes.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.44 KB
MD5	7478b15cb951e611c0a970591dba315a
SHA1	bac1b0aae083ff428c99fa1a3406f3b236feb849
SHA256	3c837c37574ef673c2647ab292c3eec5a6497840846c22b8d3188a891f5e1c21
SSDeep	24:7w6Zfec5or4NjxSZuqMiHcU6vcQ7d9VzbMGHBTXKWkIinwu19pqUnUcmCwHvN48Q:dEc5GQxSQqMi8dZ/oGHBTKx19YUUlCq2

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.81 KB
MD5	705efdc9771d2bd0d19ba721bdadebf2
SHA1	e6675d7a96b6a447b4f1c7308b38838783256d0f
SHA256	4d58bd80f77bc68f1600c07f44c9615a5819ad092c5b19888ad6fb99ce78824c
SSDeep	48:NGVAhKj4xwavgw1Vs8W67Vk0kxxQ01LhVTPOFnr70pIw1w5j/axJ920V3fj9tbm:NGVUO81Vs8WL0kxxV1LhdSr7ijqQTvJ+

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\61\EFAE1E6619D4EE51.dat.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.50 KB
MD5	9c47b5cde8f9e28be4a740089f1b083f
SHA1	165045769f51e8f467e43a6ca75bfe7ee3105679
SHA256	da2ba656f7833954f918ad6aaeb32dbcc5d78ce231123284f4fcf22e158c1ed2
SSDeep	12:y//BlHQI3J78oGYB0eA5WDtm9p+UMVoJWAhTPfxQyn:y3fQIyoGA0ZU3ozhTPfuy

c:\programdata\microsoft\user account pictures\user-192.png

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	2.63 KB
MD5	dfa369344e4a7a05735aaa2ad709a97a
SHA1	e57e85d968a9f704e33fd3399c94dd25810662f8
SHA256	3678ed28c5e1b1270c84e409a46ccbe124b305966c74e8fb7a33ea19728a913b
SSDeep	48:MS6TLXm4OdtEAWzJ+ox7Ih7K9/BuMvAs785tNOg0e6+1V2e7tWNfRRGT5diPBnW+:Gy4cEA2J+ox7OuHvTjg0e6i7gJMT5dGJ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	f08c07acdf770160ca9f24c77c46e8da
SHA1	363e7f1d324dda6795eeb26255a5697d4a7fce15
SHA256	a9f1ea4fd455e0fa88029415fcd4edd345bef642ea3fef66bf8917f5809b22f9
SSDeep	384:s1pnf/AVdidGjwRvm+IFKZSEbhJeVLHY61kvart6:sr/AGe3+IFK4Ene9Y6NA

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	df20b92bbb6bfc735721dcc202a97d05
SHA1	5c8b2d41c6f80208b26a9171f910b0b6162822c4
SHA256	bc67fa908195648ef28379fbff26d64b4a4ca7acf16e44633838cfae1edf8a8e
SSDeep	12:bwR88lq998WCOVVCnEPUq4FmUwQwnN+9OQL:si8EfNCAVCEP0UQI+9Ow

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.018.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	2e9546f59fa8e2e7068e9b169470bb4e
SHA1	188bb513f61311c33d6b8926603b4d7aadac3a73
SHA256	3ede06be15faaeb8613d1752b35be5daffdb2ee236471f12eedf64cc300193b2
SSDeep	384:4eUmc9XPKyJX7Z/9XLtKKyXIAhJZ7mWpTozEh+E/SN:THIfKyVZ/rKQA3ZPpTo4XSN

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	fa647246742b6fb361b947d4d1ed9ac8
SHA1	c3fd00b0df0d9530f5d3d9b8517a64f8c7b51a94
SHA256	d19c17be36894b07ad9415b2581ca43000ce5e1a0fcd387a405a60760931efbd
SSDeep	12:sSNQsyyB/WRzIY5bqdl8pPIjZlPObdr7nO:vSyZWR/bq0hIjPObN7nO

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.30 KB
MD5	b79cd319abcfad5d60a1dc4b903823b6
SHA1	cde312aa1b5a9836b2373c6e34e742ec5409c3cf
SHA256	a5f6f84922289275196933e3345d4f69d8d9df304d8438c530dc55ab79e47386
SSDeep	6:lzVGCN2VFob1J7ArZ26zxONWh5zXO2weCRDXvM9NFzYb46piuxLd2N5rI:GFK0ZLzxONQjOLXveC00JxB2U

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Acrobat Reader DC.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	72be97604257b58fb66ab9525a6f2b51
SHA1	2096842f536df27d69cf807adf3a343a0e36b507
SHA256	6e6495c7e17eab179215f3ae9c70e73634a17887951325ec8e9d32fe86f5d2a1
SSDeep	48:OvkeMHdDPH3QhT9eU9plbhBuapuEtas6pSQ/wfls28bPdsidlPbsT:OMvR3qBeWlbPuuuka5Jofls28bPPlPoT

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\About Java.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.33 KB
MD5	ae21b145423e4a72054dc2fe48091838
SHA1	04315b5a689e7a7301070f80154fd18c36ba257f
SHA256	c8149696df480f7730c0415e829b842a478ce727e0b6d30fabf51efd834226ba
SSDeep	48:GnJSlAFIrX6okiFE0BSWXdodDWsJsJ0d4o7mLws3FoYjHtMMz:jl43Bli9tE/JP4o6YYj1

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Wordpad.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.41 KB
MD5	999121f24b5ad6557232561d9f68e286
SHA1	e35e797667966668d24bed814a557b5426d16bd5
SHA256	2cb77e768fafeb44f9146dd66c6c0d0a76044a6ed130fd53ed0cc9b676e455b0
SSDeep	24:4qYXn1wZHEE+jw7oKeeMysw4baahpRlESFITckXSuBGzcNQD12ptN9lpVvt+:4qYXIHLCwMKdZswiaatlESFIh7GzGqsE

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK

Modified File

Stream

Unknown

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	29d63779dc91fc4b7da0cc5ec414c451
SHA1	67eb0245d688cff8edde5a5bba60bb322000e595
SHA256	fb72290f73d7d13f4e011f35ae9b48884d5c0b485fb2ce7a531e968546b3c58d
SSDeep	48:j4wjErpmG4PSKbc7OJXjFLtKljWLPLmafyFGSgFqgf6IgVhEy1Ufp6zfgWU:j4wAVUPDbc7YKlaDL3fSGS+IIgV3kpqM

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.46 KB
MD5	0fad7dbe16d35ff9d91f34c8d4e45a3e
SHA1	9b4385b9b72ea52b194bba5d893b6c5d9c0ed8c1
SHA256	6e03ce055d9e7aa7eb57a561d6a08988a3d6a11d66bea7d01a6d135181d5c9ab
SSDeep	12:EY9UdKd2qemYxzwz7pSQqOto+ebC80fZVPEJlcF44QZ:EyUIgq7fqOve/0BVtZA

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-32.png.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.67 KB
MD5	2a8cd5721de9cdac4494ca0631e10845
SHA1	fc6d47fd3449af027cf15109d421c1f21022b3b2
SHA256	b1676ef87b0270c77d1fab4c406fd3b6d7a7a64d7e8b713d2931e3d45fd7ece9
SSDeep	12:VoMqgcVTvUZ1oznCK6s85ATGNXpUPh5eP7jpL+VHMP8QCjWOkf4+F68wyb:mr5sZubCaIaIXpuh5eP/BGHMjQG4+FgS

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\03\324.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	7d9258757d557b3ca1cf8038c8610ad8
SHA1	6596abe6eb6766569797f891c94d65584b6cd63e
SHA256	968b160d810d5b98a85b3c8b43676b9a24b75bd9d42080de395d33a5e88e4934
SSDeep	6:rAOqF4IoHLJM0toQsp3327h04ms7CwfhLGSrBfjyeBAyEGH9Nw8TTTAkd8PZL+eX:cOtrJBtvuaBJN/Eg9pWPR+eVwY+zTy

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	625afda9892eb294c1a9749144e8e5fa
SHA1	42607b0769f644e507598cd115be583b32e5c160
SHA256	ef9457a1a97ebe77f6a483e2c7c57c86d3dc77f471233b6a02f0a474d1fc19e2
SSDeep	12:mmqbUxZATwce08mkRsGXzWX9jhsvqUNeCBI23CS:m/hTD+HJeCm8CS

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\13711.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	35db5be44bfafafcd428039d08beb63c
SHA1	8032e4f39b9f8925ca9a4f8c51156e2152a343a8
SHA256	f756ea8179facc9e7bdeb6ce456e528e481c65f4738e8421fc5258f0d18d54d2
SSDeep	6:AhvYpHW2hyWTY8Ofzd3FqnzgIIhXmwobPtChAODLYPaGQ6VhwJvuRVnluyaP+J3z:AJYppYDfzdVczTIowyeRXHGv0h4roel

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.46 KB
MD5	df47c7f823fc9204c6c41487f741005e
SHA1	059729407d5114fd89dad5df746986cfd44c5478
SHA256	d35b0fb34beb249c8651df396b94c78b4c1c2898a2721a3add68170d634b69e1
SSDeep	6:4LSav4VQvk+TC/ajxAqo9o2RGQ9nu5h9q99fOC6BKaabCKOlcY53sm3A381/P:Evxk2DxVo9o1Yn+h9q9tOZt9ym3AM13

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.021.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	8.28 KB
MD5	5953cf626150923e94a99bb251db096f
SHA1	6caf880d50c7bb27b96a34b1de0c2ab82e12baab
SHA256	f3d81bef59ff3af4a2be802bb006c5959609b17a4cc6cc4cae41459630deca52
SSDeep	192:WqlFIILvsI3IcaZfD2ZPlvlrYHOv7IAlTOP:7fIIgI3I1ZfDSPlvSOM+TK

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	71e954f49812a366e994a0390fa81b1e
SHA1	25f9dabc7a7f2872b9ca5b1467253b7b50649105
SHA256	9e1b491ceb889cbbbeff500c90fb58bcff571ef6b2a540f3b9e7f89695dda24b
SSDeep	48://kIYyLK6zyNkM7yUZIYIUokr3iyKZuhRXb5KP+THktowh+nhvibCxMeN00kZczD:/RYziEyUZIuokr3BKZS8sHOdh+nS+RWW

c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\15\288

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.41 KB
MD5	392f1b4635b6d3ab3b2c4a3fa467afa4
SHA1	c54550aa798d3b9081ed416cd88f3ce9a6ad3e30
SHA256	5d2db654fe01f380ec3ee7d9350602b4e2350793a5d5ce8f65bf0a608f00bc28
SSDeep	12:Ha6eypeQhUtCU/J6pg3wzzIkRbT3zyOK58w2mZicIn:Xey5+CUsI0uOKJ2msHn

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\286.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	595223669a0c8b13c845bb5615578ba1
SHA1	de57cc02dcdce85aefb3e6812cc568965711da92
SHA256	39b604a72995f186c4522b8475c7caa795574cf60d35525e63c0e4bb79a6aa6a
SSDeep	6:qEIOqdku3zjtNWiXVwyZW+MLSxaq7651ziwDmAiY2hG0ZAoPOXXDrvChEykXj7pa:PYSqzLWrScsWRLTnIAKhGbvmIBANhSS

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	bee95e37d1d1207094e7bc8fbc4e615d
SHA1	ccaa75ec1a439e07ac3b2344695bda2eb8018299
SHA256	363bc7f727273c56ea5938e6dc093f3a81e33df8787b4faa0acc294a0a15ba87
SSDeep	384:/Xh1L8JFvBrn3rY0dBN2Bhp+WBandKoyUot:vUzbLZ2PpR40ohot

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\259.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	0a829fdf530f48b23e78593aafc0e46d
SHA1	a6fa919d2f13f77b996b3ab26bbdfb102baa52a8
SHA256	4b3e1b451abd77648a51bfb4ed4dde06432ea297ccd1df150f2bf02fcf82bfbf
SSDeep	6:UKeCsFy1jzHbtQNNaqwObEqkpy4AR5xCE0xVo3OGZeh/1KauesHyz+A:UKeC317+NNaMh34A/xCdxe3pZc/1BLj

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.RYK (Created File)
Mime Type	application/octet-stream
File Size	14.89 KB
MD5	7e8342a691ced2bd8e17aa5d87f7b50d
SHA1	90d9caba4a89c196b1dd9c4f99526aea19a72c89
SHA256	d8dca38d5b5dce2b301da7acd9fe3075c6eb74548e2507f796321f1461094efc
SSDeep	384:xqUSPbw/fAe8x6UZFBjT31/FWmgk0HZ4ayyay7W+UEVy:zdfATBjT31w0Ly7SEk

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.38 KB
MD5	014ccd9ea90832b718c4d36582e83d2c
SHA1	733ef3afef366cf2a2ae09debfc4fab27bc68a83
SHA256	8095e1179a41ed8824da9ac2fdaceb80d7ce43a0250ec9e201af6e8a229bdc02
SSDeep	48:vS8+M46PFNG9OvE5kGgnkZs9KJR69K/QDzbekD7P0cLEHSY:vD+wtEQv+snkK92R6dbekH/Y

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\261.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	9260ee84cdd948a7f0a616e239a7fce4
SHA1	090ecd365ce9e3070e5711484deb32f2b5fa2b54
SHA256	f8f033a3b676a5b81bcb148c7ae3c0dd424edd6f4b21b6cb4b4bcf22402f4c28
SSDeep	12:HQMLjQvKBo3LOsld8NRUDgall+6j2JdlE:wMzBo3LOZ3UDgI+6GdO

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	a83e23a51ef16db4bbb813f7ec7be29f
SHA1	696b6d2c3ad500ba59e4b2e379e5bc3c6d222316
SHA256	7e7947dc49421199a2f630c15a18eecb7ebeb35fb5065b541ae54265b9eebaf9
SSDeep	384:vu5Esc/IREC+IiMvL/jP+rOykJR9EM0PSPMFDjfQ:vu5cmDiMrD+rOyuRKMmSz

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.39 KB
MD5	5251638440810f45dbd987be0874e715
SHA1	a6f45667b8fee7cb676d637abd0326b9bf20617e
SHA256	d00886f46f8030aea9b94c5832c7c4dca66b38a2b31f5368d87da687ecb98c30
SSDeep	48:6R3Liso0kcGRbKWU7NJuuaHzxM+HkYcx1F05SIVSyKUYhza/ZTW:U3LBo0kcSKndaHzdHkYcj0SUbKUOd

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\13710.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	dcb79fd22992132709451cad76f83b93
SHA1	55d150bb9df3c94bca510132c127672586b3b86a
SHA256	f4b6b54f8dfaf44b8de7f2592bbf5e8dab37523b2f4fddf3f698e7bc79201caf
SSDeep	6:D680DfR03rsbyn1kZU0wv4nHgV+rypvTqfBNQBV239APAqIArH9X1jte5JMcf8fR:DXAby1IVwv4HCnRIQj2t47HY5JMcWj

c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\22\323

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.41 KB
MD5	bf75632b64bc8a10eecece74e0596571
SHA1	e43a6d06aaabbc77a316a16f64de97652b5e5c07
SHA256	750cac35c9f3273cf1371fb226b0212cd1f5828784a6f310a284006aaa321fa0
SSDeep	12:GbpIxwkBShYWA95D3hC+aFs1IJroGR6xhI1zjEwn:MpIxdBhWu34r2QrXR6xhyjEw

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Check For Updates.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.35 KB
MD5	13997acab674989f0de606ceaaca2278
SHA1	6994a9a64afc8a31a15d818038f658d901aaeaab
SHA256	4f2cd40196b3f48826a238dbc495e302d72d64d7ababe959f0e3611e99b80b20
SSDeep	48:AQovPJDhxOMc/KthEogJ+F8yhW5gfL39TwSQLBLRn8oTQHM6IBL52HjxZ:DuPJeMcShngJ0pkZBLy+R52DxZ

c:\programdata\adobe\arm\reader_17.012.20098\acrordrdcupd1800920044_incr.msp

Modified File

Stream

Not Queried

»

Also Known As	c:\programdata\adobe\arm\reader_17.012.20098\acrordrdcupd1800920044_incr.msp (Modified File)
Mime Type	application/octet-stream
File Size	10.00 MB
MD5	095faa39cdbe7478a562659e7d585492
SHA1	0e54bd2bb6b536cd3ef852f7006e905f3f90f7c9
SHA256	ebe6a8e7c91a602f8154f257a71838acaa19fe8417516a43ac997ed186f1ab02
SSDeep	196608:gRBx+kUOs3EAel2YxWCqoM4ffR/uRVr8E7ejFul:gRBx1daTCqSIGS

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	6781944f1fc1fc62a0b9cce2c3922864
SHA1	ae9e3a725e52644cefb9d2592dacca5700a664e4
SHA256	fa23639146abd1c65d8357ba957584162b587cccc40533362047de97e206089a
SSDeep	384:VfARKfvnLsr5tvjFwxZ1GetLj5+/yw5WZNAuT42JXa:VozvjFwxKeNj0WZ9Ja

C:\Boot\BOOTSTAT.DAT

Modified File

Stream

Not Queried

»

Also Known As	C:\Boot\BOOTSTAT.DAT.RYK (Created File)
Mime Type	application/octet-stream
File Size	64.28 KB
MD5	6e48e19e0886eac333612fa2e99f8023
SHA1	96744f7909303af9090ae47a76e41edb03a731f3
SHA256	1c3e1dea59ece439a1f2017398c10fab8e8f51184eeaedfdbd52d02e8d707ea8
SSDeep	1536:/Ps0yoopRFvUp+xsfYQ2qJgcm7/vIZnyyaT6MZrYo9/w1B2G96:/PlyjpRep+xamum7/Kny5JrYo9/w1gGc

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpDiag.bin.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.39 KB
MD5	1e86e8aa2affb4c523ce95f39c9d2855
SHA1	cf53a76a7211c628fe60b7f289a2053a09cef88c
SHA256	b8db1b7e17f7156f35cb6dc88ca77bbbe45beb9852fc95490533d5f1ca999abe
SSDeep	12:V2pgt1zfkfxrmwx58BYrewOQ8cV0v6feJ:V26vkfJmwx58BYrebQNV0SmJ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\263.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	e314d471f98f73d3dd62604fd7ddfea7
SHA1	07a672f364fbfec5bfe242809b3ef3c3797ad25d
SHA256	90a84369b8725eddd2afe281a8c8116dd380f8aa68212f1c690a5aaf99a49211
SSDeep	12:RwLsgboYR4RETdYRKRvvnMYLCOuji9wdT+HfhX5YG:nYoYjxMY8ji6dT+HJX59

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	383e19bbe28ec72d76dde73a8bb641cb
SHA1	a6f630ab949f154ed50a3d7147b9a6dc7da9b171
SHA256	cf26a515eaa16318193585cbb373e2c3c266ae05ae0181f548f003de357750ef
SSDeep	6:woMHcauxOjxtV1E8JXAe6iUh/vl5U0rJJ5RfXzK2H3lfl7YN6Ng4Uo/REjdshn:w7HcauoLE41G/E+JDfvIN8U2qjdg

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.64 KB
MD5	436ab3304d8b873d810cc87057a97c05
SHA1	05f6b9f01c402869b793ab3f763081f946ec4bf7
SHA256	59df6f424a8cdaabc43aef5c28e73bb299cd830d20d908c8d078a23acdc3b858
SSDeep	12:zHr76evBqISHraS41AJILK7KgRwRVYbPRtaONBTShCBcAVQlRR9F+KfTaHPpgZ:zL76eZ+b4dkPO25SYBccOfF+Kf0BgZ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	6252d44a67eaaf5eca31a1d22919028f
SHA1	5bbf03ce8df9b0e0def8a93c8800accd792296ab
SHA256	c10ab43bfd38609d3fb70c89eab79a111dd4f677157655bceb83bd8c32a20e58
SSDeep	12:W1h4LueGbPHiYwzKarTobMRTE2SVGZj4yDee5CVM:WUw/iLzKKIYg2jZMs

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Devices Flow.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.42 KB
MD5	a5b81558735503a12d07bd4949d9b1f7
SHA1	e72155f9431cdcb586ca672b21663e461670c876
SHA256	62d70b204ac256e00c6339fa6b6ca078b27fa407525302497f823a00b3c0552d
SSDeep	48:4G5pKEXbbSGTyOi1Iung/y5DdGT5w7vjxvWwhNfnko8+rDEnb5OGBeoGRs:3f9beGOruymFw/xvWindr0eoGRs

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.63 KB
MD5	b6b9667135c28867eb8b0d9a2c9ab082
SHA1	5ef46b9ab8a2170cc4feda092c44603292b066af
SHA256	719637be00b991ef67e482e4e3faa3e9217b5c9b497d12cf3e227adb024fea9f
SSDeep	48:7HLbw8dvrzF2bfYqUQbMWHAqwABx4/dEbE6OBDNPLF:73bzKRbMmNz4lEbE6QPJ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.44 KB
MD5	1bbf85bf8d80c2707dfd86e9f5eac340
SHA1	1a2407f6fb7f0f72dca03c83ed47e66be37a402c
SHA256	c597c78f930b4cae6aa4e00bb028fc4e39bce28b81fbae5f67e1227aa8868137
SSDeep	12:pkt8bIySXrnqUsP00Q+dRwK7iolCgoDHNwm0Yk:Otdt7ncPK+dRw8iiC3imhk

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneDrive for Business.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.42 KB
MD5	460b5756adfb11ad91290019d7c1050b
SHA1	605fc04caf74984986e4104ed56997be6da76b94
SHA256	63949ca75f9496dbf6e36d8d646639ef4a61018f5db1b7e76c86a244d275c9c1
SSDeep	48:eABwLVZBoeAQ4o9eYswZ9RX+U2hCb1YKmyFMdmxpP3SwKfQYmh6:ejLieCJYpUhCB4kMy9SwKfx3

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.44 KB
MD5	c1904bbc4d16c09d11924eec6ce70159
SHA1	3df3b3c384159984af846493892fc3c368b02bed
SHA256	e6d1d9c5d642717fc39bd29a10070a5ea2a32109f3e99d339f8bebb6875d05aa
SSDeep	12:B0KWp4vtYY5t3gMbIWNAJxwDTg+frCkWwX3vie23ao:B7lYK3gXWNAJxwDLRnviBF

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.64 KB
MD5	882485d5140949b615c2aa5551972e77
SHA1	3b358194f72983f6fbcda7c87a854fce3b7dcda9
SHA256	479af70faa130cc183e5fbc3abf1e2951f6cfb470d9d047077cbe74016239eda
SSDeep	48:UTY++U56QgqR6qovknK33pxNgE0lCbzkmxAE48g52Dlmw+QJ093KWpf/2sipsthV:I+6RgqR6qg33pbg9Yb45J8g5pxQJnWp3

C:\BOOTSECT.BAK

Modified File

Stream

Not Queried

»

Also Known As	C:\BOOTSECT.BAK.RYK (Created File)
Mime Type	application/octet-stream
File Size	8.28 KB
MD5	420177e81b5d588254cb266ff886e1b6
SHA1	21a11f7e5586462e204ba1bac51511f4d7f68e02
SHA256	d7abf249fafefeb95f7d3ef44b02210c202e3b5e6f8642cbe099c5a57dc44297
SSDeep	192:d8oNqu7YEaBXDkJbaUCm8XQQNvuk447dsMnIekdR4fN3Hl+:d8GKXXabL5XTk2XdR4l1+

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Task Manager.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.38 KB
MD5	ea6864908039f3431e4985cdb1021391
SHA1	e1acef49ca309d0bf57527b33bf05769e873be9d
SHA256	c9af767c3aad9c814851f8209575aa2945883950e90500669a588a8a042a9e35
SSDeep	24:VLg/Qh1HKfqxmAOVaADXuc+GTDzVuyfwGLaYG+jGhMKb6H3uxnqz3dK4aan:VLlhNccmrcc+G/ZFfwGRDMMKOHb384aa

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	4e94a77c32a6fa69aeae9117f51aff50
SHA1	ec61c1011cac1d4f883fb43767f348304905f035
SHA256	3692c69afa0e608afc2b12f2bb7d16f8807b82bac1320adf7c9d6edfa64e40f5
SSDeep	384:gSci3EiEYvomaxtBwuEFdLrTRguU/rnrRPKTtBGEf:OUEishtBwueHTeuU/LrZKTr

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Outlook 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.63 KB
MD5	b035e1fc1b2341401b6e04f7e6591917
SHA1	7fa2e5d60b8c0be47f46fb6af06f9352c60e542f
SHA256	f9ae7548a61e0d74e9a2948b7a1da2aee21ce88dd5b605608c5402d6eb967bcb
SSDeep	48:q1zuVuHKK8KxccmcgB0AJq6ZPRAa3+3EAQpZ5nfcY1E+VbBTMn5a/LK5o+4D:JK8KcvN9YeSi5fcN+Vb6n5aO5ED

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Math Input Panel.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.42 KB
MD5	320b22529433a6193057ed03798ad8be
SHA1	4893b176a35de20b609e5d8ddeffe46d2e21c05b
SHA256	1243c4b127e6d4c92a46d1e80f86fa9cec7daa5b3b26dfd7476f100af61b96be
SSDeep	24:/NyuhwQkRosswB3vpS9lMfRqu9T6L+cFZDzysQzAzcSexgvq8VFWN8RQn:IuhkRBB3vpHfk2TI+cFZDzLzcSchke8s

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.0.xml.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.21 KB
MD5	e22e9bcbb84cdb870fb9393ad63c76f1
SHA1	45a1da6119648b4083bbcfea2bcc46f1c15199a2
SHA256	16a843994e9d30634d7c18db3fd6e4cddeb6f64fbba8372e0330b82654c2c8d6
SSDeep	48:bhcJh3hCTa+lgk06nCmv9eaHh+e5lzWbDp/WshXq64bzti/izX/bVXWtx+:NcrIFyk06CfaHhN5Wl9h6g/K5XWH+

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.bmp.RYK (Created File)
Mime Type	application/octet-stream
File Size	784.33 KB
MD5	b582be723b9100ce350ea13bcab06cc3
SHA1	6666cd59eb1e66d9a754b7ba499134576fd4d9f9
SHA256	e59dcdca51aac31b2d48d93eebbb50013e8e304a48e61a8141384b0d0c508bb7
SSDeep	12288:yfh8rkzA3pMHAWYWCLCg8An5LZ8Nz7NJUo4z4y0ApKaV75oh06T2bPU/QcCj1Zk:yZW13SHApW4CC2rlNM75E06TaU/fys

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache_x64\baseimagefam8.RYK (Created File)
Mime Type	application/octet-stream
File Size	10.00 MB
MD5	93eff481a09d4743c4672188709ec76a
SHA1	484a1b7a9096b48e9535fde293abda11f4845dd8
SHA256	118d6d609e83e7e53c91c8d330d36d6031a48861577d150c83e9469bd05ee1c3
SSDeep	196608:VyqECAMrm/WyvONqviB7JzEShAmGmuHUeTLrbhN8+TEhJ9WuOKlj9vQy267V:VyrCAvfYlEKAmIXhNm3bYy26R

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	763e562185d7c950e6617074577d3b95
SHA1	5de138ae8292333d5260e6a62ab84052c62fa512
SHA256	5692c6faa62cd0425ee575f58abd36b62569504c326760e8643cab015eadd704
SSDeep	12:A7P4VJWC4qN4yTY4Yz+xUYOpE785KnPEu5RKydpn:2zqN4L4YzfpE78YE8g+p

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Access 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.64 KB
MD5	af51e5c3923d9dfdaa409c2049dd09a6
SHA1	822328de07965db94a1ad38b63602c0d6a8ad34b
SHA256	7566c90f9c5813731bd755cf31fac034234090f1f501675f3c3402c8284baace
SSDeep	48:erAKwc/gwGg9JZPmDuLyq4vH/kvjCknr0VysZxO29+d56LnvnbQFlQ:erAvuJZuDuLyq4fabr0V7x3i1K

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	250ebbb180089ffe82a7d8d8332e1393
SHA1	e53687e5f9f16eacc718400d6c68679a60b50e0c
SHA256	a904f9e3309e8a0b79aaf49f54edba3d9a2d2463e50034918061ed0b1bad7792
SSDeep	384:pjQhjDEBNY0OMM/GoOb5vHoa9bfXf23WXUq54HtZAN0/O:pjQhjDEBNYR/cdIKfZ4NZANb

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\287.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	bebf2e1d1628deeb22e503fd69220559
SHA1	1826de8c220a6ca570af750007398f483fa6d562
SHA256	9a0230141548f028833273c11743239c2cb009607f1670aa149a472d62bcacfc
SSDeep	6:y4Dok4SjvGAtQWzAQ62W/1p3P1lAoiqzMOGwF/RBFCgtAnnUEVQRH8rxcMh6Y:KkJuAtvEn2WL3PLNiqIO9ttQcH8uMhz

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Search.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.83 KB
MD5	724ca372ad76045d8eb691d86a572f7a
SHA1	0ff2396fb1e061644f4513e1ae372b108440e1ac
SHA256	cb1d21ab8b7cc44734050cd0b31da71d38e9895ef0ab57ce6f8e4e458c3c3bbc
SSDeep	48:12A83U+By1+g7DzVW4UscZVidXGXNMin2VDys9+E:YA83ULH7c4U8dX4cDyK+E

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\3\0000000000000000.idx.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.36 KB
MD5	a1d1fafaec278573ecc7f9cc093355b4
SHA1	0af3aad604c45d2cf92fe536b961979893ff36b2
SHA256	2b316436037a037682cf785efa40c873d0239b6507569a1d27117e62a0b07ed0
SSDeep	6:/qmphipA8rswauva8eBhqePTcLXxM3wK726aOnOKZ4mKGQ0poeR7jRp:CiYfaga7qeLcLqwqJaIF4j0mU7tp

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-40.png.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.71 KB
MD5	ba4412afe06b8bbc5711659b477cbabc
SHA1	2e098b05d53c4f7c6955c7abe1fb0370bc611689
SHA256	74c8c637b42ec53b4f4c4f5a3e4ab7104808fa7ca1be1873ae0fcc278daed0de
SSDeep	12:OnNP4gi4SQ4paBomdWlLdMEBalFtOKopOTa1QQtq2XoPC3jiqzev+DXdVQm9jGgT:Iggi44pa/MgtOKcS2YC3xzfRjGI

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\guest.png.RYK (Created File)
Mime Type	application/octet-stream
File Size	5.55 KB
MD5	2193c8a35256f069edd30c168f882211
SHA1	b585205867c7bc5a86c26011b6f7fe7d3dbe5d31
SHA256	a2d0f37cba94fde01e8db6f5a453f8fe425aac9e82311d2ba943b180c75a4682
SSDeep	96:HDTpWv9kY8+mF9cS2DSB0/CnrhBhspmMuVJJl2GgNkIbXOltkTZhTYHmFFuxa085:HDTpWKYX1c0/CrhBhz5VJJyuIbefy+HC

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PrintDialog.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.42 KB
MD5	723a04b937a22ae937a4f92788dd5f88
SHA1	969ec4dc06a785629c3307bd88b884c9acec1473
SHA256	5efeb4844f7cc8a9b18af6a23682b0413c3a7ed949a6818e5a73ac56328509ca
SSDeep	48:36qnNaULR1PZ3tw216vLE4FHLvsRsvB0IYIk+4l6dPIXvYrkJ/Af:36qn4cfRcvA4FHDskBhkJgQfx2f

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\267.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	2a0f1f959acd44c21da32738675d22b5
SHA1	8502d47a433b993e4e1f4a37329c9ea4b448e1ea
SHA256	29c12ccc1e8de10cd97f8b15258406345315228ac4625b2fd784d5b0b9b37ba3
SSDeep	6:zxlgbSX3xtuIuWEGFDG8wsG6RS3ob+AXUomCDGUf9gXpPKHOolD7wv3Oecx7hDBi:EGuIuWEGhFb+AXHyUf9ghKHOIQcxdDUD

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.60 KB
MD5	b4e7af78e4ed074999348fca4d337ab8
SHA1	43662accdead9d3602c6ffe8c37d4ab0d37cbc45
SHA256	d1bd1c9e94e56824362ed879fb1c0a2e8ca7e01c6e61c19abc3780bdbf947072
SSDeep	48:e4ml51gPb6jjZXUxeVahWm8i3ytuWNSOv7Neh2+k:eQ4jZXseMj3cuMDokX

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	7f87e4922997c836ab1244fe624a6a62
SHA1	66c115f1ea6131e52bce53fc8f739f51ddc5bbc7
SHA256	29e521d1118f16937511bc9fbe45837617bd72035ae2e7c84b3fb049de726c38
SSDeep	12:kct09ErWal7qB8eDmJk1M7fKjg9q140vToLG:kct0ardlG+eDyk1eCkIv0LG

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	94475675123c38ce9934303399dfefd7
SHA1	b8b7e075c5d84c75eab1297caa70f5d19eb8076e
SHA256	3d1d4aecb1c203d24866df4dd5f1d0956feafdd74aff4fb1fc1696b51ef34bc7
SSDeep	12:ii2/FpsX2v9HVY+h5xtHgq26soDDl0deidYyW:ii2bsXElJh5Apw1IevN

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\MiracastView.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.44 KB
MD5	5ccc40f290651d1865a9d02955d6d0fd
SHA1	045e8bbef6c11998f288f281c1352859419e32c4
SHA256	d84723f1a20239f4a3a68b3a304adb5f8b7017ad11b20011c5cab81fe60af3ef
SSDeep	48:+bNpq/4uFVjajrzBMMXSKg6bW4l0CvWfyHDasLwIDrofPm:+bcLjajnukSeWCxH2sLwxe

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\273.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	5530a64c30830d98d35e9eafeceee7b6
SHA1	9a3ccbda84a1e2f8076acf442becb60e26265c1e
SHA256	8db75ff8302ff2095282cf393303be331210dad618c6780a415f7adfbddee9b5
SSDeep	12:DrKuhj9mbkrE1Zsyh911EN1QNRXWUvpkD:HUbKyh9/EN8Xbvp8

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live\WLive48x48.png.RYK (Created File)
Mime Type	application/octet-stream
File Size	4.83 KB
MD5	0c878f7b49de064c61e106fa9c137194
SHA1	c65063ff0ae4a96250dd107240531e48b8af8434
SHA256	153d9fa7dc952761d9017f2ebf77dfcf139f84ffabbf2bada54c39368f871b17
SSDeep	96:lftq/a/iLj9Cr5pcRm7MyG+qQV6WrgyGcD+dJnWTzwrfviLdxdqpgWw7m5PYp8WI:lftGa/iNCgmM+p/rgyG8VPGCLLdmw7sL

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	4d8c899811ea2400e64d76deaff4ddd3
SHA1	d0318ff2d2a639f5ab8ceeff71de9d969b12e4ba
SHA256	13a3db2c9780179665950d246f31cdae400851fef4ecd93b0aca965029a8549a
SSDeep	384:bp0myvWxnvePLdY+rRC+TbiHD8za9POaB3AUsyp/PFJRPtmRf:V0mkWlvtG93byPO9UsyNFJRoN

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.2.xml.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.63 KB
MD5	fd3d26974a83fa734af50c7d40cc2718
SHA1	28021111e6df20a673a3c960f0c766a21beb9027
SHA256	b160f7a2ac03d9d59320db9bafb71984ee0188b1e959cd0f4ef6a215aee0024f
SSDeep	24:hdyCy1etQ2eBehyuExuN6rehaLqZMc3TvSNVIF9CgiRcS1DHVUyakSipv/glq3:LDGeheBgEoN6DEv5f4RBDHVNaQ5glq3

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	038736e5c6e549a00e1d347541035313
SHA1	cb8c6eeab07195c5d5d2b4dbe528f5c29b7e9cd3
SHA256	7172c5d5d8b370b7927e28661a64d43640d5f31fba4a012b47ae43b397cb7e1f
SSDeep	6:eT9ouBd8EyZncoHHjRSu7R2JPPiQiP6eDQ3OAUNiROlBJDBxRSUeq9ZQLZC+mhn:eTZBdNy5c6rQg6eDQ3GNnJNnSzQ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.55 KB
MD5	458298eb43d8ba28c0ae9699aeca87ee
SHA1	ef7896f15ff4321bfa9ac5d58a53bc1cf4aa9b22
SHA256	a5a5906aefd51bc3bda0f034ffbb6a123c48071329207676d44bedd715b761d2
SSDeep	12:7kPv+WfW8jiYiAUaaOvRLDm7HNdeF+sc/ll03Ygxn/fw9TKUvW:YzWwiYgalRLy7tdeQscdlp0Q9TKyW

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Desktop.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.11 KB
MD5	415c401c53beb61736eda7c6b6d2e589
SHA1	fb2fc93c3ea438cf45f431fd8d84f85aa6b5d1ec
SHA256	b91e2f649b170bdc561f55d30c2e11f8eca6881504c6cf17b878b32606dbaeb1
SSDeep	24:NMoDGfnWYH8xcCpbv413GH7b2KzR7KK9V3+7QKU0SlrTG0CLi:NVGuYH8xFpbv41Gv2gRxV3+7fXSJilu

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.019.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	4.28 KB
MD5	b94f28f6d32fc5eb0c17e728eb1227fa
SHA1	c095133b18c470e8556376f3ca085d4b18bdb427
SHA256	0cad2ffbde50b5a9117bb7236123a94d64af6c4f6ed1e4eae4c3cd47871f9931
SSDeep	96:MkE5By/Jtpjd9mAmfoMqP+Uhp26TejO5bGu7eR24aGiO07c7zQRQ5ldXeta:MqpRoVqWUhp26TejOVaQ4rVcczrNz

c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\18\107001

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.41 KB
MD5	29d12ddfb713468898425b99bf1d3f11
SHA1	ee6de7bf9a498003afca0219efee507b0628690b
SHA256	b4dcbe73f727185a99bb5d6f7b665f4b00b0bf9b0f2e9be201a7100c604317d9
SSDeep	6:LPcRYAxmFg9iJf2v6LeJkprSdtZpYbqyzvW2OS+o684HMPnU+z3BN2J3Kh2EXB5E:Tc+IzvhkBYZ2fzvW2Lx684sFY6hlBi

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Word.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	b013a840466204c19bb128b3cb5bb252
SHA1	a1333d1353c90429087a8a6b64de821389d89d83
SHA256	e3471fdc4b6fd03269e7c3a5bbf42a7d55d6c0c7e82eb6bb28ecbec0b977e100
SSDeep	48:LN4pwh/eOGXcUw7K3QGC5SLw9sgC46YmCtvqrP1sG2P+vexAs3WTwH2NK:Rcw1e+UwuQGCjZNtvCP+GHWFWc1

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user-48.png.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.77 KB
MD5	130b78cb1a1a0c495e642ad0fb3bcbd5
SHA1	930a901db07b0518f044211b8de447a016bef63a
SHA256	469b00ba1fb47543410ae7301ab6aea1c037f2a3d6cdfbe9d5d2b2cfbe926e3f
SSDeep	12:Xc3oy4k5a1dDeJ6jrRjMRbgT+SZmNCPQ5IrCkiLn665HeM/6Cxn:Xch4RDlxVVIN9fki7heUxn

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	65bfcc399f84b89ecd04dad4f64297cd
SHA1	92145c3b6743baed2b56c4bc28d894de2dbbbf7b
SHA256	e6a3abcb7d0e8348d5ae6aadd3decd9c1146d9fef8f2f99fde519e1b4311f4a0
SSDeep	12:46jYa1wQS1UE/fk6UUrF5fjgIej8hti//v7GkLWB:4uwSEU6xrLfjejMIXv7vO

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Immersive Control Panel.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.56 KB
MD5	681badab6457c9d167a97f6239acc443
SHA1	7ec5b7eeb0a68b5066e1d7fe0d5bad67b7c2deab
SHA256	6dc61a6e8af41938aabdd9173ff7e10a82b469accecc23a1510d0b7f3605ce63
SSDeep	48:pKG97+wgofEYJtLQVGHEJ2JvrW7ZO3IfaoPgcqTA03hW7SHaEcC0qAgF:JhlgiEY/QskGW7Z0iaogWjEcC0rgF

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.46 KB
MD5	1b20a6b23cf36640858d1460c9c1871f
SHA1	b98b6996933f6d825054d8caa97ecc007b9f6258
SHA256	6b6adf2ee4432dcb924c364b70defc61b392202cdbeb4c7f08436246c1434fe1
SSDeep	6:WXaYvG+px8nkqwF6bvlnmVJXJ82gZyVDTVfZj3kQdRk6tH9zOYmjAaDBySge3jAL:KafexYk+mD5xD7Zj3ZXH9zOXAsySvC8u

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	b3bd34768ee58a519330f77cbaa29c59
SHA1	0a7c81969cbdcb4aed5d2862f70d13cf4534c6c4
SHA256	9437531ee0799185eafe04155c3e96dceaab6f31860e918bd05442ba98dd2801
SSDeep	12:psNoqw8vQ9kri1LIO3PWSH/xoRdE8gLJn:iNdw8qx1M4VORdEfLJ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\dfrgui.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.41 KB
MD5	fc39a0b01d2ac1ce027b772d0099fad2
SHA1	ca2dec6f87e10bb7ac67875a4c131d121224dac2
SHA256	feed7808ea5f7129487a69e56041f36ba1c130943a7ebc656ffd8babdc1088fe
SSDeep	24:pjPEDH9R/yF0LfAuS/3conSdCf7rv5t/wSX1Ci4as9BEBeMajggWqthDLAZeQAUH:hPEhRnzA53SQfZt/wSX1m8gMaj1PthAx

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.44 KB
MD5	5c00961b9ec206e12bc354b01dfa5a2a
SHA1	dbe7965998592fc30f7433c1cccfbdeacde736dc
SHA256	79c75968757b514be281a6aba8dafbd0022b98b234166d0d7eeabd6ea92bc703
SSDeep	12:xvpr7uHp26dMkYCcxkkYVpyNniHZLDblQyo2CKrwi:xvsHM6dMkY3kDVps6Z7lQn2lrwi

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	1db822b509e0bbe49c5e57aae6c05399
SHA1	b47825419052d54d8b433ac8ef19caea0e59d407
SHA256	1b1fc793f3cd2de498d5a479a9c37537b07a98357c7327915a71d4986321c8ff
SSDeep	6:BMf57XBA2vu8l3L3cmRYU7JuZhN21iu8GPTehQ1vKWecJ7x3oRQ6H3ao3kExF/dv:BMf57hvJLtYUo9sehmbx3N6HgkdUDi

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	3ef479721175622e55953e0ea80e15cc
SHA1	825de57d188ef85dcd55f1214ac290be73f0e701
SHA256	92bf63531a80333e20912a5b186d4c43151e6dfb27066437efb57170e39f9d14
SSDeep	12:a4TCdIlhczbPcU7avtyazAfNUF/yetz1bnDPsmdrnOnUTN1G:xgbPn+1Rbz5DPsmdrnFZM

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	05305617a2e228f5c8b254e3f62e3c6b
SHA1	6431cc4dbca7f373c339da50eaced82e03c0897c
SHA256	3e187699dc835b695a842e02501fb509647ac7c586880ba4fb6ac448cccb5b88
SSDeep	12:SUJnWgzk4eJ/Up4pRY8JOAbL+BE9qH0ny8SXSn:SMWsIRY8Jjfb980y2

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.36 KB
MD5	e5f4cf3e79db54c833e5d1f44bdd64e9
SHA1	ea9910f9b5a3fbf113aed08268dbffcb836882bd
SHA256	37630ca38fd66850fbfcb3ae54d87ffd598136402fce946ab2e8a234ae13fbc2
SSDeep	6:CRRxnAFyvFHwRK7YSPHvmd4cpAZfkIDlLH99cbXjxBPd+T6AaHpSCTxDOKI:Qxn9kK7HWRpAZcI5dW/j/FrI

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.64 KB
MD5	8d3e365a68a9dfdb44e09d78524f36f0
SHA1	f1b0362cf559ef383441a8d032300d1fc3a8681b
SHA256	6cce7cb4a80823bc98c49c27761a96ac09cb254752b061f61a4274d52b070c74
SSDeep	12:ML1i8Z5jMXFyFmdo2kGvv7ggDs3Bm5B6z/bfnxQZBpykw:25jMXsFV2kYjJQoqznCB0kw

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	08cd920090ae26a8a1ef6e221804ddb6
SHA1	15d26cc4a8bb4cf62bb015904602498d554514c7
SHA256	96d51f0e025902114afe0287911259973386b6bb07cd911a1a1ad8af5fcd9644
SSDeep	384:7kB6XsUnOP7DXXdI0AYsWabhn5SKBQLnLxvHU:7kBR8ODTNIwun5SKBQhc

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.63 KB
MD5	f21706445fa097fb850c8feb6211e4f3
SHA1	1f10de46b9a025bc1f2463d351647eb18d7b2933
SHA256	91a72e360549216d7523754e47ab4a52859b9566d5f4fd4077a6d3af06602ac3
SSDeep	48:REadGV8lSOQjuS2eolr5XrLt6fFGkQHCw6xiK+POyZ98ZJ3DUt7/Dj:qafo7juJLH7Lt6fAcxi5PV98/IJDj

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Snipping Tool.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.38 KB
MD5	3da139dc1bf89589612bca83a5768faa
SHA1	4fca3d6582ba1d3887df8d4a4fdcb59c07b2a74e
SHA256	a1729cfaf9935ae9916522a730b2e8fe9890bf0901d4037939572e5ca9f66d6a
SSDeep	24:oFdYhQvvCJjh8HIeDoAHHQzjy0uXhyzjyCc3w/+erbUT9sZakjVf+fMdUd:oQhQHCnSIEHge8/rBbUTyoG+d

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ClickToRun\DeploymentConfig.1.xml.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.21 KB
MD5	9407fde948e785b159acefbdf9bafd0f
SHA1	7c8827316422b448b27b9d72562314dda44a406b
SHA256	3e8a7d1ca8f1bda7717ba6d388811d2a2d504e2ef8e5b8cf1f218ee6e5f02c13
SSDeep	48:0lsrAp7MhfBF0lpvrax25j7UJu7Fh+8JMVPMIvamCi:Oj7MhfT2JV/+nPM7mCi

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	b9b931dc8944e691a7510afc9bd858bb
SHA1	b8d38a1b2ec8adf73a351354690437a34c8e2732
SHA256	c3f93dfaad54df5902ce4ae44b12fce33441bd52fa6476f8ee5e939362f30ecb
SSDeep	48:aS9JFvKfYFbZYc2TAjkyZ2NxcLtaroeNSu4BoHRt/sMkAKT:HovcskoYpazt4Cn0B

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Paint.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.36 KB
MD5	3f244932296693630baace9f5d47cb23
SHA1	13de4ed150a68e5fca401dad2dc19218ed2afdc5
SHA256	39da025a90a13e13e7de0ffd8c42d530548bd6e13bfe7dc2cb98279f192aba92
SSDeep	24:kEv0qr8nqXvLCc32Z1zvLvP0k65JH69bi3ZiytBOqRSJZEp:37InqXR3i1zvokkH6YPVp

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.72 KB
MD5	0a2f700037d9f8fff3c573b4b8e641fa
SHA1	02d82743f73d21d219cb5f85c1148d9e6fbfce21
SHA256	4c90df74def91154eeb70a2122c4a5aecc946cc999b4dc78546a62eecaf53118
SSDeep	12:e5rDarKKlxDaS38vaSwgcSGTiBQ2W9Tku5l+C9XXF1POKYQJcYpvGPGWQWmwCDLn:eAeKlx2SsygGTi2k2wQzPmQJjEQt3DLn

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	86158940cd7e8c0122122a8b6235cec3
SHA1	270ad42d2484a1d534dd5bc7850ee7c7ba2a9e48
SHA256	354dc8bba9c8a43f94a53046d4918186fcebc0d180a7bad6100df3c528fe2701
SSDeep	384:uez7XBfUmZTqu1cewfdnwACTCsJWIy3FJD9I/ABntYzHdTZlCDN:RHXd7ptcNf9wRCUy3LDK/AFWnCh

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	e4387a18f7a4e6bc3e6be3bd94b1c1e5
SHA1	869de5a88a5b1462074b7342d2662a6451d2ccb0
SHA256	eb744f483b3f0bb688e3920b1743c1f68c9d1efe0af2dacc66c9f60c3feb3325
SSDeep	12:gvUyax7edcyfpTDz3Dr8BFfxT+wQ+g8uc4:gMyax1yRr4f+Ouc4

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	47a176790ae8314a49ac659f0a4d73c8
SHA1	ace62e3d6ff3be7c615a71b9f7df0be36bceb60e
SHA256	f328506738183e312da5242cdd1fcae9590f579c5f3fc79e9d396bc8a7e22692
SSDeep	384:tLxrKh8UvpTBbD+MVI6QGLpuGugujTC1z2SGNW:Qhtp4GoGuHS/d

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	f2daebf1b1a8402c9fadb8650bcae201
SHA1	ec05a739f4f9bc9fe1ae328bbc929afadebe777c
SHA256	8ee8b5401974afb7756a42d766850cb15a3e51487712c333fdb027019be97c68
SSDeep	6:UGBuv+RsvKw6LFPAqXhLSOVXI3Tw4wPPTbxzSvaXbO3O6Qw1eAO0yHSAjIyBTd4S:JhAr6R3hLfXI3TwBzrQ0w1e90VEOgV

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Default Programs.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.50 KB
MD5	cd3966e781e4e76442632218f555b8e8
SHA1	1d56693e799a4dfdc04429d3968db3e04b602524
SHA256	14bf7d93d54578ece784b399bbcb171876b7af5d6fab24d76d6c7f6fe6979203
SSDeep	24:8aV52CUTY3dOjvbNDs0mzNZ/+U7f5iNS55TKrugyKv99GAbqZSBrRf15B3/m:ZWqdm8zNF7xyuPJg99GNSBdX0

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\196.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	ed17bb464e1545aade3cf96084b65514
SHA1	4a24970913ae6dd25afa04b2129eb4432a38a888
SHA256	aedb4b79832c18859cde08b1d282212401d5047a9fa2823cc484340057b8894e
SSDeep	6:8kQyuaox1EOuyO0KgO5N5bVwmhG7CN4HNkVTS5eXGnUB7BH+8+eaCz4eT9tFR38:83a+iyI/r6tMSAXGnY7Bjlapepts

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.41 KB
MD5	a9b56eacabcb51710ecae7312085b558
SHA1	56b83d7666f6976325e18d9068a19789fa520ac3
SHA256	70d446f374f75589b2423b06dadc22ebbe68c91271a13723c25e910fbe276e64
SSDeep	24:v5g0GZxW0vuPy+3I4hPXapCbWziNDTVpxm8dUe3L54jV42u62xU7n2Wx:v6Zx9ZKI2QsciNHVPfdZAVLUQnh

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Adobe\ARM\Reader_17.012.20098\AcroRdrDCUpd1800920044_incr.msp.RYK (Created File)
Mime Type	application/octet-stream
File Size	10.00 MB
MD5	67b48049beda10ad696e396fef39d950
SHA1	466a715a1de5dacb24e443458f0ab5d385a7ea5c
SHA256	54b82ab40de4ee022d1a67eb445edd900bca0db3861886170d9006947496e008
SSDeep	196608:gRB/okUOs3EAel2YxWCqoM4ffR/uRVr8E7ejFul:gRB7daTCqSIGS

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\OneNote 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.61 KB
MD5	606d9eae079666f684b6a831d0cd4587
SHA1	4b7ce3719cc26643d92970422e4e17a66e2e6db3
SHA256	62dddfbb666dfd9546657bf8117bd9a8463898725e38e457ceb7f2ca62c92555
SSDeep	48:RUVPnCJskIsh+MIj1KK1oIdsapcTw1j//XLY1KO9lInY47eVJp47Yh1KbNGWW:RUVqSk9hyNoWcTu29lIYseVI7SKbMWW

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\266.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	27375307c83c8ec8b5ffa438309f5e5f
SHA1	5a8407ff336a66dfbccca4955f43f4d4e48719ea
SHA256	785de662f63456fc1871a1f565342896fb0dc7e1bb73cbf97258689c1aadae60
SSDeep	12:8z3teXxrf3BPUCbkg8Gi4NRpmB03+yGtV2/oViU:8C3UCbfi67mKgthkU

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx.001.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	4.28 KB
MD5	f6b31d51048fed7ba59160a38d5e07e6
SHA1	7b12ae7962727df8dc36db1939cf4500637f4342
SHA256	bd8b9742622f1d455a8175361be62d5e651e894e989589da1c39a6dbf1bb411d
SSDeep	96:wJ+rbeG7NnrU2esTbEE08bpfBsfC4zdNcYC6LglZvTL:wJ+PemnrU2/dIRZNPLAZ3

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\13719.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	16629377b5a94cdd9b3d98f037602052
SHA1	a9295a2d8bbf3457b89b4a3212453c76e9a85bbe
SHA256	c0c667575364bf1358461875701582b6ade8262273b7c26f1e949527df415bae
SSDeep	12:ZRt9j079DuS2C8T11cp5TqUZXVj0GFHpvB1sIXmtY6AK:vtm7AC8hy/TPoGHpvDIll

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\user.png.RYK (Created File)
Mime Type	application/octet-stream
File Size	5.55 KB
MD5	dc9d598ac7d385a1fbe0745d28b10d61
SHA1	c26524eb0d47124b922d4be871be1bf009940559
SHA256	2b9af43c29a46b9f18639d6eea67f19421f9ea7ba52b5fd66d1ae8b5afa2e8f3
SSDeep	96:ZPnmsSCRAjO+QvtkX/93WX6i6tVaAA+9diVXjdpoDcIi0+PzAJTMAQZH1:ZPmsSCL+0tkX/TVDAssdi4IiZkqn1

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Skype for Business 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	dadcab4f2d62aa7dee9c6233bc3f2d7d
SHA1	56b52f6528f03d00c9edb5818d349bd83fefff45
SHA256	9e80b0b02bf184f8bd6bddd7ec897b0f90e37c8c5e74f42be53fe59164d934e2
SSDeep	48:0wt2NEgBpV7J1DHhP6Ps+lai3ofCXmDlylni5T9sa6J+hY9Kv+g4atH+T:0k2NpptJ1DBPAN3o1RB6J+hiKvRDH+T

c:\programdata\microsoft\windows\start menu\programs\accessories\desktop.ini

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.72 KB
MD5	9d73e3e0fcb57986c4506c1608e9cddd
SHA1	910e535fef6df19c696f84edbe77f790b604e1ab
SHA256	a1c87a28e984d70f876a6317b5cfcd94710a8ead65f305718ff0e68334bfc0c4
SSDeep	48:2IDmza/PABPpoP+IMpvG1g/JaxZGGHmyx9J4KAZzeGjI808nGn:2wX/Pf5evG1+afXH3xY7zeSRnGn

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	15e51f38bb0b0f6f0ca4875de80557bf
SHA1	bd722b2bacf6e097889247e3d6fb478706aa4821
SHA256	b8df085680a67c24fe3064d71e51006c3bd496ebc60f74bfc20b9822bae75dd4
SSDeep	384:dXevRGlbjc5Ft1qm1kIw/3EX4BQ5oO0n4XTfeENPuajfK3t9w8gr2U5uE/wj:iRGlbI5Ftcm12/AcQ5RNPuqK3t9lvQud

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpol.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.71 KB
MD5	ba64bdfddad8bf4721be2dc57fb77de0
SHA1	1632cb63d65b095f74c1670484a7c026200f174e
SHA256	4bf14efd5818d594c0f88a4ee9da20a8a54b471a6a9fcb3f45632a6ba1330d53
SSDeep	12:gTJTVMeaPQzbgv9Q6020kIsj6rqmn/YVst9QXF5SdMQSzfIIvfWndrO2:gVTVWPoa30P66rqxVPXF2SvfAJf

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\278.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	3b7279680dd7a38b4bfcca2d70e7a812
SHA1	d82b3d5f831add1a7d203be79e46c3936df2bf7e
SHA256	c837b1e0372246de6629150b345661b6d06fe8a65f73bc962c55e7e541dc98fd
SSDeep	12:uBCvzAVfoeyHLtyfwVNQPqTLFuZ5HiRgGMv:FvzAanZx0PyiYZY

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.020.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	8.28 KB
MD5	bc043d2fccc190d2d5c40efb060ee89d
SHA1	e81b38709f1b60e2e6f7a994afb90b2ccb94abac
SHA256	da16e527e3633b6d6002454d115d6fa4d987d156a873b97c1b6d2f890825a3f9
SSDeep	192:dwAiKg5tZoTN4fnExA2Ll12/o1vs2SZhiv:dE5DoG8532/WvsbZhM

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\Steps Recorder.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.35 KB
MD5	e2d8cf8a721eda3bbdc113e83015b6ae
SHA1	e8150d86de41d794e49366d8aa8eb897e37cbaa4
SHA256	0282e9d247eaf1021f9324e1cfb84c4ebe24ae238395556bb87b5faff136ae42
SSDeep	24:ZHKGIfEg8pAwq7RuZdfOt7ZT62nWHdgcM1FYqJgJ54lJ40vKRrQ:lKGIf/6q7RuZdfOt7ZWHdM16qJoUJ40F

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\194.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	d1829709b2a4ca0746b5d8a5605360b0
SHA1	e54ef11845a1c45d8eea455070e275d37b241a90
SHA256	f53b785d1f9fbabd842eda7614949db17b478235ce4bb3f077b774b7e99a4f8e
SSDeep	6:9a5/GEjpDYMGz1YBsV6UaZCD1LK0VE93DEeeybyA+grIvB81gc/rMZb66CyBiB7N:45uwDYpJPaMRO0VE9z1V0gFKD2FxwW

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	1.27 KB
MD5	2537892918d7199c5da36c1080ba8156
SHA1	595c192d66e4bd333fee720c1301bd4dff1baed0
SHA256	b25cd65acde02d8cfbb3c57d69fe7da963d5807138b6fbf808580d31daf4d8bc
SSDeep	24:F8DrxCyEX3f1DKj16VP4umufSMhgicfcqdlJiK+ojqcI8pQzx:mDrxpEXahqRhbMcqdlMKbj28pcx

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.64 KB
MD5	941435c209d1b2ce23836922fbf47ef5
SHA1	b9f9dd8f20bc6febeff1f0c89216ee61aadc24ef
SHA256	884cf1584b538e350a5ad025ec584bc77cecc569a65b31a37bf0178391e60504
SSDeep	48:RWDHoQEXbJIeWaqAjV/RSh0RceJbbDrX67dWyuAzhWyPfVj2vmW++9YRtzq17a4L:aHojXkojV/RFJP6zuAEy3Vj2vmW14zqT

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\303.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.44 KB
MD5	901ce2745769f7d463250004ada87611
SHA1	61567b2d05b770be674fbba0a1e51d9190b09387
SHA256	21888eafef2ee35dc4f7a4006c7d2ea42d5dd84e7a210b0e9017455a4eb2b24c
SSDeep	6:mw/WlGntjCDnZz1VSaZJ/irSlL9pR4SDYujyWSZjqbz26n+fGdQab+eB7Yk+Vjpf:mECdz1oKkELlDFjyVZ5GtJV8BFPiiB

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\13712.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.41 KB
MD5	a408a70a5d84c5d1775cf8ece49659cd
SHA1	761936a12d8240187cb06a5c7a596e978ad897d4
SHA256	15ecaf804ae42095f5479def1db9f9c93d48729b8fea7b8a57faf3898827f842
SSDeep	6:iGJ9d+Dy7SAHRhJBeMUKLCyC3cSLB5sur6bDvrOEit85Gh0Ds+dXL6tD7EPIIeAA:L9dcyXJ7L+cS1yTbnXimchqWvDAohr

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.RYK (Created File)
Mime Type	application/octet-stream
File Size	14.89 KB
MD5	4166a57d648b1ae6d93819ec7fcee4b3
SHA1	20ac87c46d47750973eed98138cdc10a0e20b9d8
SHA256	29d9f584cd15b229543fd2b520fdcee4aa5a4f019f69404f5a102e1bbb50f381
SSDeep	384:BSDeLMjt3p3lpZsIwjm+msafWMCe9H/TgeQG:BSyIZLpuIya+MTRTUG

c:\programdata\microsoft\windows defender\scans\history\mput\mputhistory\18\195

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.41 KB
MD5	d29212e8035f242ccf3916c775726a0a
SHA1	0fcf37b0925518d6296ae4f366ddefc405e9c37a
SHA256	33a21897d7b080fd363c74644483ef989ab1760fbe0d02984ccd6b553ab3b76f
SSDeep	12:YAgQr3WDS5RUW40kmvKNfyrJp5k7RbeH7D9suw:dgQLWDsRE0HvJpuRg7Jsuw

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Visio 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	b7be268e438942f1279a58ad96ca07a9
SHA1	438b5da31a715de40197606bb1f50609e98eb439
SHA256	9a1126a79526c97299abd89ad22a17c5bf3d6fca541f8da1bb075b0d8ee7c412
SSDeep	48:jGrvctbfhF4rOsyeKmLUU/KfJlY8Jd5vsY2a9hV/UAAgnoEaP:jgv8bZFzeKmLUU/Kfk8Jd5vskT8AAhEY

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.64 KB
MD5	6e7ba2db7c4808a0a3b1ad8c91efa697
SHA1	3f9d82a54cb8e4b7fdbd2de5d97073f68b28abd9
SHA256	aae9463e92bded0f9cbb98f8793215459f8a9dd9b2484563348157d36fc664c9
SSDeep	12:EoCLD553ZI/QZH1cLRxT+FzgXaadXLGWTrcmUZhK1MkwBeFvMZTP2/o3YPn+gqdd:EoCDjpIIZePwcD5Ic1M3wQ1DPn6W

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	074708ca4ffeac99b6d215fc149c2e8f
SHA1	dfa6daaa8286e24f8b99cf8842b7862e4ad00c67
SHA256	1230a5659c9f3dc00daef3d86806526dbeef1c5a31cacfdd914fcc13eda29019
SSDeep	384:LLqsUZ6Y3/hZvu62rIxCN+DlthSeCq31g0ikJr4ron:asLcPv928xkqltopOg10V

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	6d0a9983a7cdf21f9dd78e820c5b3399
SHA1	888d466efed748d160b61647ad126781d3130ab4
SHA256	99fee1f76ee55272a24605715428a6e3b78ac5a969e695c484d104387f0128be
SSDeep	384:QRPAZVycdrj+d/Vps5QfqRaeFyump//2S+ouLgnwKobwzkhFb+:QR4ZVvrj+KWC89rN1obOO+

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\PowerPoint 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.67 KB
MD5	fb16b0d4acc55850b0b577f266e77bdb
SHA1	a26e769058b0eff1274f3455832ddeb3d21dc605
SHA256	200a55dabd137bbbc64d3b4b070b547fad2ae0dcbf53548ffd60391cbbb8935a
SSDeep	48:t7LyzxrxMxodnI5uAhryU53VugN4PKfRsLY4DFXzW3tdN4OnsPhXS7cUbPMQ1zGt:tXmxrTnI5uAhryU5sgNq4aE4DFwXiOn8

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	4efc3f631fa0dd5b733e55c72b61682e
SHA1	f5c9e94c477f3b73f797b57c3ecd5ff91c5dc6a1
SHA256	7fd7d67b9956145ad4ab5c8a194271bc1e9fd30ad4d9a80f3fc1f8fc7916259e
SSDeep	384:iBV5lO00Z1nxNs4vS7MQk/ROAv0R6HBQVJE+m3SttYgyj:QVrOflxNMfkZOAv0R6aTm3S0P

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\Windows.Uif.static.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.83 KB
MD5	d95dbdc7b04017dac69277df7bcb6934
SHA1	0063c40724000b62c0b42b8996f65cc53706366f
SHA256	ae40988eec27609522db4088af525cdae1a210ac33911c73a82e1af9b83c4d5d
SSDeep	48:vCQZveDNsmHbULbKZEJSkVCSxPRxLdz/jYPJbgaAw8g8nQVmmuaEQlVmS+dwF7m:vpRWmmQLiEJrVCSNrdzbYxb1A0cMm7aS

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Project 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.69 KB
MD5	fba191943805071e529d043c5c9598ac
SHA1	cec304f4e94b4c1821d2aa5408b191ed8bdb55d3
SHA256	1dae1e5f9ac0da32b2999d7e273056c3cb2877485904b27c224dc480b8320b94
SSDeep	48:qVA+yvxqI1bbFJOMQdLuJEUqXLgHY8lA3i7ZUVBQpPdTLTrfYGDX7a9O:VxqI1bJYM2y4gHYsZUV2pVf/Y+UO

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Configure Java.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.30 KB
MD5	ce96b3a4304ca2f0f3e7ca2fb06f7d7f
SHA1	6f25ebd533de94dc550850ed2a7d1c8b73123a36
SHA256	1c97619b06a54681c47c6ce1940f592d1cd97fda12cf6700a650b23b4af8bb8c
SSDeep	48:X8KaI1dboEpeZXOk7Ef6CTS0HlGj6e6u3nNXOARVCzYSz1zSP2h6FnD:I2q8eZXOk46CGAGjn64nsQUUSpzAhN

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Publisher 2016.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.63 KB
MD5	2f467b4825348af8c098b49ae54fac18
SHA1	5209fae69711fb4d28ba013feea0bc19ddbf36b5
SHA256	c7cba9d2b589203763fd354736c9b95abc6b9d5ea5d30d05ef7d0d710bf17bc5
SSDeep	48:XVuGOhfjw+/I+qDVnxqVV5cjM9IrlfRg1o7dVsiWzcjSV8O265SfmZ17I4C3bUfp:XVWfjw+J+BkV5clrlaM3JOOO265SfmZr

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	3f3e437904352274ee04e77806b073d1
SHA1	478e9718fdfe416e122f4cac6ca800ed4f74ac23
SHA256	18987e544c4f22c4364236bc961245864cba310b4cbdb49781d1f7f4ab84e8af
SSDeep	384:5ww4ZjkNq/bNrYYxGGgwgfE5UzurfsT2WV:5wwUjxtxOAUpHV

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.RYK (Created File)
Mime Type	application/octet-stream
File Size	16.28 KB
MD5	b651be5e48f96a5b537116e7d102655f
SHA1	4b6225a32cd2449317094501f6fba0c0c3484591
SHA256	0b620bf3989e4b9579d1fa33e443b945abbcde73c55c6107ec27676c9a5af0c5
SSDeep	384:jgZwUJsJ2jf2QhRzWC+x41RmvQujiGXMGG5aeTgX2Ne+kNlUj/hjn:jtUJ3jhRzWC+x41E1jjXzuaig8e+YUjd

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\90\B6D0EAFA5E8634A6.dat.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.72 KB
MD5	0c9911ab0d61cf15d56481bcbd1a3307
SHA1	6535a9fa8ae53be7ef71745f44a2833e4387cf68
SHA256	f3a1eba5221cf634ae216246c1a23e898064cea32eed25397062273c4f308dbb
SSDeep	12:xVhgDQgjiDDyc0tNksm0rdxIduDYKCoV1w4xzkO2uJGcud9my2LqyN8ykPIubWHF:XhgHiDDyesHvrYKpw4xyrTmy2LqyN8yJ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\Acrobat Reader DC.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.36 KB
MD5	b5c56285c8098b635a5fe0ae1e624a8a
SHA1	f6d6b5c46482b27254f345af10e3125a9fd94e11
SHA256	d8e97b14831ab30f0d0a8462d65fc0f1c9584ffc22242b6e4606d4ace2ac1a08
SSDeep	48:snVspFnMOCkXLn+BPjBSdx/mk74FaOZLW2ATCBc9IvylR4mmhKR1iUrTYffo:aVUFMqyjkt12AOB6Iv+ghAo0Yfg

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Excel.lnk.RYK (Created File)
Mime Type	application/octet-stream
File Size	2.64 KB
MD5	f6bdd77e459b382cbaee3c6d66326748
SHA1	c91915111ad17e78d239373178ae83153294de3f
SHA256	48fdb0fce2d2d0d2c8ee8354daecf442d2f89ab54a7512e048b0302e3ac8efe8
SSDeep	48:kcxJX+BDREyjOOCec0DTLCfeJGlD8abwHMH8f8Vdulgk1mRV5zc+wPduiAAVc:kgXw9djOOCevDTIeJGlDN2MHwsKUzYdQ

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.36 KB
MD5	d05f09df17049de669fd783e03219443
SHA1	60a991dce4ee9fff81e0fe7900b4f2e2436b9dcf
SHA256	c66deab773875f5deba7146a58d00912f458a3f59003f8fab978d5a4d2395d24
SSDeep	6:56/+8HAFQq+L0Voifmz2t+cWz9IoPLnYeb2Vjseud1czDQ1eihlsFkgEBD/Lovgj:e+OAFQq+Lefc2xWz9REeb2VL+WMDh+Fe

C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK

Modified File

Stream

Not Queried

»

Also Known As	C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.RYK (Created File)
Mime Type	application/octet-stream
File Size	0.44 KB
MD5	a0bbb0c1fc1c8cd7f5055792759560d9
SHA1	8fee8af6a2e34f05ae569f51bd57ac266b3a8236
SHA256	2df00c445644c90dbb5eb39058e9bd1310648181d632fc237a6cb4ec0c18aa25
SSDeep	12:sqYEPvZzMeHTlzN6L7f1SwV02coc/fYZfb:sqVZzLHTqdF+Qb

C:\users\Public\sys

Created File

Unknown

Not Queried

»

Mime Type	application/x-empty
File Size	0.00 KB
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::

c:\programdata\microsoft\crypto\rsa\machinekeys\08e575673cce10c72090304839888e02_427a1946-e0ff-4097-8c9e-ca2c1e22780b

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.05 KB
MD5	93a5aadeec082ffc1bca5aa27af70f52
SHA1	47a92aee3ea4d1c1954ed4da9f86dd79d9277d31
SHA256	a1a21799e98f97f271657ce656076f33dcb020d9370f1f2671d783cafd230294
SSDeep	3:/lE7L6N:+L6N

C:\users\Public\MKSMD.exe

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	203.00 KB
MD5	fed812eac63187fd833d77acf11857e2
SHA1	ac1e57c6a7f87ac020fa6c7946a2762fe9a472ff
SHA256	5c09c6a785461f9004c08455664187a1d6f668aff3bb46ec19a113605cff8933
SSDeep	1536:yknrSbkoDRU6XSE+puj9kV5PKViOeEG3+U9EgIbsW9d7B9dlq4PQUfy28fZO:Wkoy6CE+46IViyG3+Um19Vw4oUfCZO
ImpHash	7392bf63e0480c44b4cad34b59be5fdc

PE Information

»

Image Base	0x140000000
Entry Point	0x140008b44
Size Of Code	0x16a00
Size Of Initialized Data	0x379800
File Type	executable
Subsystem	windows_gui
Machine Type	amd64
Compile Timestamp	2019-02-17 17:16:26+00:00

Sections (7)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x140001000	0x16850	0x16a00	0x400	cnt_code, mem_execute, mem_read	6.29
.rdata	0x140018000	0xa508	0xa600	0x16e00	cnt_initialized_data, mem_read	5.11
.data	0x140023000	0x36d3c0	0xfa00	0x21400	cnt_initialized_data, mem_read, mem_write	1.62
.pdata	0x140391000	0x1128	0x1200	0x30e00	cnt_initialized_data, mem_read	5.02
.gfids	0x140393000	0xa8	0x200	0x32000	cnt_initialized_data, mem_read	1.44
.rsrc	0x140394000	0x1e0	0x200	0x32200	cnt_initialized_data, mem_read	4.72
.reloc	0x140395000	0x61c	0x800	0x32400	cnt_initialized_data, mem_discardable, mem_read	4.76

Imports (3)

»

KERNEL32.dll (86)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleA	0x0	0x140018058	0x21af8	0x208f8	0x21b
OpenProcess	0x0	0x140018060	0x21b00	0x20900	0x382
CreateToolhelp32Snapshot	0x0	0x140018068	0x21b08	0x20908	0xbd
Sleep	0x0	0x140018070	0x21b10	0x20910	0x4c0
GetLastError	0x0	0x140018078	0x21b18	0x20918	0x208
Process32NextW	0x0	0x140018080	0x21b20	0x20920	0x39a
GetCurrentThread	0x0	0x140018088	0x21b28	0x20928	0x1ca
LoadLibraryA	0x0	0x140018090	0x21b30	0x20930	0x33e
GlobalAlloc	0x0	0x140018098	0x21b38	0x20938	0x2bb
DeleteFileW	0x0	0x1400180a0	0x21b40	0x20940	0xd7
Process32FirstW	0x0	0x1400180a8	0x21b48	0x20948	0x398
GetVersionExW	0x0	0x1400180b0	0x21b50	0x20950	0x2ac
CloseHandle	0x0	0x1400180b8	0x21b58	0x20958	0x52
CreateThread	0x0	0x1400180c0	0x21b60	0x20960	0xb4
HeapAlloc	0x0	0x1400180c8	0x21b68	0x20968	0x2d3
GetWindowsDirectoryW	0x0	0x1400180d0	0x21b70	0x20970	0x2b7
GetProcAddress	0x0	0x1400180d8	0x21b78	0x20978	0x24c
VirtualAllocEx	0x0	0x1400180e0	0x21b80	0x20980	0x4f9
LocalFree	0x0	0x1400180e8	0x21b88	0x20988	0x34a
GetProcessHeap	0x0	0x1400180f0	0x21b90	0x20990	0x251
FreeLibrary	0x0	0x1400180f8	0x21b98	0x20998	0x168
CreateRemoteThread	0x0	0x140018100	0x21ba0	0x209a0	0xa9
VirtualFreeEx	0x0	0x140018108	0x21ba8	0x209a8	0x4fc
CreateFileW	0x0	0x140018110	0x21bb0	0x209b0	0x8f
GetModuleFileNameW	0x0	0x140018118	0x21bb8	0x209b8	0x21a
VirtualAlloc	0x0	0x140018120	0x21bc0	0x209c0	0x4f8
GetCurrentProcess	0x0	0x140018128	0x21bc8	0x209c8	0x1c6
GetCommandLineW	0x0	0x140018130	0x21bd0	0x209d0	0x18d
VirtualFree	0x0	0x140018138	0x21bd8	0x209d8	0x4fb
SetLastError	0x0	0x140018140	0x21be0	0x209e0	0x480
HeapFree	0x0	0x140018148	0x21be8	0x209e8	0x2d7
GlobalFree	0x0	0x140018150	0x21bf0	0x209f0	0x2c2
WriteConsoleW	0x0	0x140018158	0x21bf8	0x209f8	0x533
SetFilePointerEx	0x0	0x140018160	0x21c00	0x20a00	0x475
HeapReAlloc	0x0	0x140018168	0x21c08	0x20a08	0x2da
RtlCaptureContext	0x0	0x140018170	0x21c10	0x20a10	0x418
RtlLookupFunctionEntry	0x0	0x140018178	0x21c18	0x20a18	0x41f
RtlVirtualUnwind	0x0	0x140018180	0x21c20	0x20a20	0x426
UnhandledExceptionFilter	0x0	0x140018188	0x21c28	0x20a28	0x4e2
SetUnhandledExceptionFilter	0x0	0x140018190	0x21c30	0x20a30	0x4b3
TerminateProcess	0x0	0x140018198	0x21c38	0x20a38	0x4ce
IsProcessorFeaturePresent	0x0	0x1400181a0	0x21c40	0x20a40	0x306
QueryPerformanceCounter	0x0	0x1400181a8	0x21c48	0x20a48	0x3a9
GetCurrentProcessId	0x0	0x1400181b0	0x21c50	0x20a50	0x1c7
GetCurrentThreadId	0x0	0x1400181b8	0x21c58	0x20a58	0x1cb
GetSystemTimeAsFileTime	0x0	0x1400181c0	0x21c60	0x20a60	0x280
InitializeSListHead	0x0	0x1400181c8	0x21c68	0x20a68	0x2ef
IsDebuggerPresent	0x0	0x1400181d0	0x21c70	0x20a70	0x302
GetStartupInfoW	0x0	0x1400181d8	0x21c78	0x20a78	0x26a
GetModuleHandleW	0x0	0x1400181e0	0x21c80	0x20a80	0x21e
RtlUnwindEx	0x0	0x1400181e8	0x21c88	0x20a88	0x425
RaiseException	0x0	0x1400181f0	0x21c90	0x20a90	0x3b4
InitializeCriticalSectionAndSpinCount	0x0	0x1400181f8	0x21c98	0x20a98	0x2eb
TlsAlloc	0x0	0x140018200	0x21ca0	0x20aa0	0x4d3
TlsGetValue	0x0	0x140018208	0x21ca8	0x20aa8	0x4d5
TlsSetValue	0x0	0x140018210	0x21cb0	0x20ab0	0x4d6
TlsFree	0x0	0x140018218	0x21cb8	0x20ab8	0x4d4
LoadLibraryExW	0x0	0x140018220	0x21cc0	0x20ac0	0x340
EnterCriticalSection	0x0	0x140018228	0x21cc8	0x20ac8	0xf2
LeaveCriticalSection	0x0	0x140018230	0x21cd0	0x20ad0	0x33b
DeleteCriticalSection	0x0	0x140018238	0x21cd8	0x20ad8	0xd2
ExitProcess	0x0	0x140018240	0x21ce0	0x20ae0	0x11f
GetModuleHandleExW	0x0	0x140018248	0x21ce8	0x20ae8	0x21d
GetStdHandle	0x0	0x140018250	0x21cf0	0x20af0	0x26b
WriteFile	0x0	0x140018258	0x21cf8	0x20af8	0x534
MultiByteToWideChar	0x0	0x140018260	0x21d00	0x20b00	0x369
WideCharToMultiByte	0x0	0x140018268	0x21d08	0x20b08	0x520
GetACP	0x0	0x140018270	0x21d10	0x20b10	0x16e
LCMapStringW	0x0	0x140018278	0x21d18	0x20b18	0x32f
GetStringTypeW	0x0	0x140018280	0x21d20	0x20b20	0x270
GetFileType	0x0	0x140018288	0x21d28	0x20b28	0x1fa
FindClose	0x0	0x140018290	0x21d30	0x20b30	0x134
FindFirstFileExW	0x0	0x140018298	0x21d38	0x20b38	0x13a
FindNextFileW	0x0	0x1400182a0	0x21d40	0x20b40	0x14b
IsValidCodePage	0x0	0x1400182a8	0x21d48	0x20b48	0x30c
GetOEMCP	0x0	0x1400182b0	0x21d50	0x20b50	0x23e
GetCPInfo	0x0	0x1400182b8	0x21d58	0x20b58	0x178
GetCommandLineA	0x0	0x1400182c0	0x21d60	0x20b60	0x18c
GetEnvironmentStringsW	0x0	0x1400182c8	0x21d68	0x20b68	0x1e1
FreeEnvironmentStringsW	0x0	0x1400182d0	0x21d70	0x20b70	0x167
SetStdHandle	0x0	0x1400182d8	0x21d78	0x20b78	0x494
FlushFileBuffers	0x0	0x1400182e0	0x21d80	0x20b80	0x15d
GetConsoleCP	0x0	0x1400182e8	0x21d88	0x20b88	0x1a0
GetConsoleMode	0x0	0x1400182f0	0x21d90	0x20b90	0x1b2
HeapSize	0x0	0x1400182f8	0x21d98	0x20b98	0x2dc
WriteProcessMemory	0x0	0x140018300	0x21da0	0x20ba0	0x53d

ADVAPI32.dll (10)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SystemFunction036	0x0	0x140018000	0x21aa0	0x208a0	0x2f1
LookupPrivilegeValueW	0x0	0x140018008	0x21aa8	0x208a8	0x197
AdjustTokenPrivileges	0x0	0x140018010	0x21ab0	0x208b0	0x1f
OpenSCManagerW	0x0	0x140018018	0x21ab8	0x208b8	0x1f9
ImpersonateSelf	0x0	0x140018020	0x21ac0	0x208c0	0x175
OpenProcessToken	0x0	0x140018028	0x21ac8	0x208c8	0x1f7
EnumServicesStatusW	0x0	0x140018030	0x21ad0	0x208d0	0x102
OpenThreadToken	0x0	0x140018038	0x21ad8	0x208d8	0x1fc
LookupAccountSidW	0x0	0x140018040	0x21ae0	0x208e0	0x191
GetTokenInformation	0x0	0x140018048	0x21ae8	0x208e8	0x15a

SHELL32.dll (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteW	0x0	0x140018310	0x21db0	0x20bb0	0x122
CommandLineToArgvW	0x0	0x140018318	0x21db8	0x20bb8	0x6

C:\RyukReadMe.txt

Created File

Text

Not Queried

»

Also Known As	C:\Boot\RyukReadMe.txt (Created File) C:\Boot\bg-BG\RyukReadMe.txt (Created File) C:\Boot\cs-CZ\RyukReadMe.txt (Created File) C:\Boot\da-DK\RyukReadMe.txt (Created File) C:\Boot\de-DE\RyukReadMe.txt (Created File) C:\Boot\el-GR\RyukReadMe.txt (Created File) C:\Boot\en-GB\RyukReadMe.txt (Created File) C:\Boot\en-US\RyukReadMe.txt (Created File) C:\Boot\es-ES\RyukReadMe.txt (Created File) C:\Boot\es-MX\RyukReadMe.txt (Created File) C:\Boot\et-EE\RyukReadMe.txt (Created File) C:\Boot\fi-FI\RyukReadMe.txt (Created File) C:\Boot\Fonts\RyukReadMe.txt (Created File) C:\Boot\fr-CA\RyukReadMe.txt (Created File) C:\Boot\fr-FR\RyukReadMe.txt (Created File) C:\Boot\hr-HR\RyukReadMe.txt (Created File) C:\Boot\hu-HU\RyukReadMe.txt (Created File) C:\Boot\it-IT\RyukReadMe.txt (Created File) C:\Boot\ja-JP\RyukReadMe.txt (Created File) C:\Boot\ko-KR\RyukReadMe.txt (Created File) C:\Boot\lt-LT\RyukReadMe.txt (Created File) C:\Boot\lv-LV\RyukReadMe.txt (Created File) C:\Boot\nb-NO\RyukReadMe.txt (Created File) C:\Boot\nl-NL\RyukReadMe.txt (Created File) C:\Boot\pl-PL\RyukReadMe.txt (Created File) C:\Boot\pt-BR\RyukReadMe.txt (Created File) C:\Boot\pt-PT\RyukReadMe.txt (Created File) C:\Boot\qps-ploc\RyukReadMe.txt (Created File) C:\Boot\Resources\RyukReadMe.txt (Created File) C:\Boot\Resources\en-US\RyukReadMe.txt (Created File) C:\Boot\ro-RO\RyukReadMe.txt (Created File) C:\Boot\ru-RU\RyukReadMe.txt (Created File) C:\Boot\sk-SK\RyukReadMe.txt (Created File) C:\Boot\sl-SI\RyukReadMe.txt (Created File) C:\Boot\sr-Latn-CS\RyukReadMe.txt (Created File) C:\Boot\sr-Latn-RS\RyukReadMe.txt (Created File) C:\Boot\sv-SE\RyukReadMe.txt (Created File) C:\Boot\tr-TR\RyukReadMe.txt (Created File) C:\Boot\uk-UA\RyukReadMe.txt (Created File) C:\Boot\zh-CN\RyukReadMe.txt (Created File) C:\Boot\zh-HK\RyukReadMe.txt (Created File) C:\Boot\zh-TW\RyukReadMe.txt (Created File) C:\Config.Msi\RyukReadMe.txt (Created File) c:\users\ryukreadme.txt (Created File) c:\programdata\ryukreadme.txt (Created File) c:\programdata\adobe\ryukreadme.txt (Created File) c:\programdata\adobe\arm\ryukreadme.txt (Created File) c:\programdata\adobe\arm\reader_15.007.20033\ryukreadme.txt (Created File) c:\programdata\adobe\arm\reader_15.023.20070\ryukreadme.txt (Created File) c:\programdata\adobe\arm\reader_17.009.20058\ryukreadme.txt (Created File) c:\programdata\adobe\arm\reader_17.012.20098\ryukreadme.txt (Created File) c:\programdata\adobe\arm\s\ryukreadme.txt (Created File) c:\programdata\adobe\arm\{291aa914-a987-4ce9-bd63-ac0a92d435e5}\ryukreadme.txt (Created File) c:\programdata\comms\ryukreadme.txt (Created File) c:\users\public\desktop\ryukreadme.txt (Created File) c:\users\public\documents\ryukreadme.txt (Created File) c:\users\public\music\ryukreadme.txt (Created File) c:\users\public\pictures\ryukreadme.txt (Created File) c:\users\public\videos\ryukreadme.txt (Created File) c:\programdata\microsoft\ryukreadme.txt (Created File) c:\programdata\microsoft\clicktorun\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\dss\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\keys\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\rsa\ryukreadme.txt (Created File) c:\programdata\microsoft\datamart\ryukreadme.txt (Created File) c:\programdata\microsoft\devicesync\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\ryukreadme.txt (Created File) c:\programdata\microsoft\drm\ryukreadme.txt (Created File) c:\programdata\microsoft\drm\server\ryukreadme.txt (Created File) c:\programdata\microsoft\identitycrl\ryukreadme.txt (Created File) c:\programdata\microsoft\mapdata\ryukreadme.txt (Created File) c:\programdata\microsoft\mf\ryukreadme.txt (Created File) c:\programdata\microsoft\network\ryukreadme.txt (Created File) c:\programdata\microsoft\office\ryukreadme.txt (Created File) c:\programdata\microsoft\search\ryukreadme.txt (Created File) c:\programdata\microsoft\search\data\ryukreadme.txt (Created File) c:\programdata\microsoft\vault\ryukreadme.txt (Created File) c:\programdata\microsoft\wdf\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\drm\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\sqm\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\wer\ryukreadme.txt (Created File) c:\programdata\microsoft\windows nt\ryukreadme.txt (Created File) c:\programdata\microsoft\winmsipc\ryukreadme.txt (Created File) c:\programdata\microsoft\wwansvc\ryukreadme.txt (Created File) c:\programdata\microsoft onedrive\ryukreadme.txt (Created File) c:\programdata\oracle\ryukreadme.txt (Created File) c:\programdata\oracle\java\ryukreadme.txt (Created File) c:\programdata\oracle\java\javapath_target_5923062\ryukreadme.txt (Created File) c:\programdata\package cache\ryukreadme.txt (Created File) c:\programdata\softwaredistribution\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\templates\ryukreadme.txt (Created File) c:\programdata\usoprivate\ryukreadme.txt (Created File) c:\programdata\usoshared\ryukreadme.txt (Created File) c:\programdata\usoshared\logs\ryukreadme.txt (Created File) c:\programdata\microsoft\clicktorun\machinedata\ryukreadme.txt (Created File) c:\programdata\microsoft\clicktorun\productreleases\ryukreadme.txt (Created File) c:\programdata\microsoft\clicktorun\userdata\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\dss\machinekeys\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\pcpksp\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\pcpksp\windowsaik\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\rsa\machinekeys\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\rsa\s-1-5-18\ryukreadme.txt (Created File) c:\programdata\microsoft\crypto\systemkeys\ryukreadme.txt (Created File) c:\programdata\microsoft\datamart\paidwifi\ryukreadme.txt (Created File) c:\programdata\microsoft\device stage\ryukreadme.txt (Created File) c:\programdata\microsoft\device stage\device\ryukreadme.txt (Created File) c:\programdata\microsoft\device stage\task\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\asimovuploader\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\downloadedsettings\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\etllogs\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\etllogs\autologger\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\localtracestore\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\sideload\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\siufloc\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\softlanding\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\softlandingstage\ryukreadme.txt (Created File) c:\programdata\microsoft\event viewer\ryukreadme.txt (Created File) c:\programdata\microsoft\event viewer\views\ryukreadme.txt (Created File) c:\programdata\microsoft\identitycrl\int\ryukreadme.txt (Created File) c:\programdata\microsoft\identitycrl\production\ryukreadme.txt (Created File) c:\programdata\microsoft\identitycrl\production\temp\ryukreadme.txt (Created File) c:\programdata\microsoft\netframework\ryukreadme.txt (Created File) c:\programdata\microsoft\netframework\breadcrumbstore\ryukreadme.txt (Created File) c:\programdata\microsoft\network\connections\ryukreadme.txt (Created File) c:\programdata\microsoft\network\downloader\ryukreadme.txt (Created File) c:\programdata\microsoft\provisioning\ryukreadme.txt (Created File) c:\programdata\microsoft\search\data\applications\ryukreadme.txt (Created File) c:\programdata\microsoft\search\data\temp\ryukreadme.txt (Created File) c:\programdata\microsoft\user account pictures\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\caches\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\archive\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\archive\apps\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\import\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\install\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\install\apps\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\devicemetadatacache\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\devicemetadatastore\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\drm\cache\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\gameexplorer\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\lfsvc\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\lfsvc\geofence\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\parental controls\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\ringtones\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\sleepstudy\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\sqm\manifest\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\sqm\sessions\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\sqm\upload\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu places\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\wer\reportarchive\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\wer\reportqueue\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\wer\temp\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\clean store\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\features\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\localcopy\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\quarantine\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\support\ryukreadme.txt (Created File) c:\programdata\microsoft\windows live\ryukreadme.txt (Created File) c:\programdata\microsoft\windows nt\msfax\ryukreadme.txt (Created File) c:\programdata\microsoft\windows nt\msfax\activitylog\ryukreadme.txt (Created File) c:\programdata\microsoft\windows nt\msfax\inbox\ryukreadme.txt (Created File) c:\programdata\microsoft\windows nt\msfax\queue\ryukreadme.txt (Created File) c:\programdata\microsoft\windows nt\msfax\sentitems\ryukreadme.txt (Created File) c:\programdata\microsoft\windows nt\msscan\ryukreadme.txt (Created File) c:\programdata\microsoft\winmsipc\server\ryukreadme.txt (Created File) c:\programdata\microsoft onedrive\setup\ryukreadme.txt (Created File) c:\programdata\oracle\java\.oracle_jre_usage\ryukreadme.txt (Created File) c:\programdata\oracle\java\installcache_x64\ryukreadme.txt (Created File) c:\programdata\regid.1991-06.com.microsoft\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\accessibility\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\accessories\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\java\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\maintenance\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\startup\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\system tools\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\start menu\programs\tablet pc\ryukreadme.txt (Created File) c:\programdata\usoprivate\updatestore\ryukreadme.txt (Created File) c:\programdata\microsoft\clicktorun\machinedata\catalog\ryukreadme.txt (Created File) c:\programdata\microsoft\clicktorun\machinedata\catalog\packages\ryukreadme.txt (Created File) c:\programdata\microsoft\clicktorun\machinedata\integration\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\downloadedscenarios\ryukreadme.txt (Created File) c:\programdata\microsoft\diagnosis\etllogs\shutdownlogger\ryukreadme.txt (Created File) c:\programdata\microsoft\event viewer\views\applicationviewsrootnode\ryukreadme.txt (Created File) c:\programdata\microsoft\search\data\applications\windows\ryukreadme.txt (Created File) c:\programdata\microsoft\search\data\applications\windows\config\ryukreadme.txt (Created File) c:\programdata\microsoft\search\data\applications\windows\gatherlogs\ryukreadme.txt (Created File) c:\programdata\microsoft\search\data\applications\windows\projects\ryukreadme.txt (Created File) c:\programdata\microsoft\vault\ac658cb4-9126-49bd-b877-31eedab3f204\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\genuineticket\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\clipsvc\install\migration\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\devicemetadatacache\dmrccache\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\devicemetadatastore\en-us\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\devicesoftwareupdates\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\parental controls\settings\ryukreadme.txt (Created File) c:\programdata\microsoft\windows\power efficiency diagnostics\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\definition updates\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\definition updates\backup\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\definition updates\default\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\definition updates\nisbackup\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\definition updates\updates\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\network inspection system\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\cleanfiletelemetry\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\cleanstore\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\cleanstore\entries\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\cleanstore\resources\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\history\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\history\cachemanager\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\history\mput\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\history\remcheck\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\history\results\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\history\service\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\history\store\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\1\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\2\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\2\61\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\2\90\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\2\94\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\3\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\metastore\4\ryukreadme.txt (Created File) c:\programdata\microsoft\windows defender\scans\rtsigs\ryukreadme.txt (Created File)
Mime Type	text/plain
File Size	1.27 KB
MD5	4ee5735f110b12d65abf3fb84f42eb97
SHA1	ec3c3b5942616fc39c43155490a01b2e13536319
SHA256	a84edf098acb83ed0b28466ed43cd32cad85de31dbf313134c1fbce188d6ae81
SSDeep	24:iVeUE1sLlHgPsoWIeTt2Ww4OFGdqvWDbbOyxGSConbildyspzRC9XYcGoDjn:xUE1sLBTwx1OvblglobsdxusoDj

Notifications (2/4)

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After