General Info

File name

e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a

Full analysis
https://app.any.run/tasks/318f8bfe-b3bf-4c2f-83f9-42d1002f034e
Verdict
Malicious activity
Analysis date
11/8/2019, 16:17:39
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

df4e8ce1fc1c39a8bcf34dad38d4eab4

SHA1

7d856140b64bf05a9073b4f73c6ddcd83f6526e6

SHA256

e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a

SSDEEP

3072:yjoPunWv/WSr5cD6uTLSLLaovUdmx5I2a1NYimInk4pYnbrQ14ond8ab:wEvOVrTLSynmx+2a1NYxIk4Ur8nd8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Starts NET.EXE for service management
  • yabSQyt.exe (PID: 324)
  • e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe (PID: 2152)
Starts itself from another location
  • e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe (PID: 2152)
Executable content was dropped or overwritten
  • e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe (PID: 2152)
Creates files in the program directory
  • e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe (PID: 2152)
Dropped object may contain Bitcoin addresses
  • e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe (PID: 2152)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:08:10 22:45:49+02:00
PEType:
PE32
LinkerVersion:
10
CodeSize:
43008
InitializedDataSize:
8165376
UninitializedDataSize:
null
EntryPoint:
0x22d2
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
10-Aug-2018 20:45:49
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000F8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
10-Aug-2018 20:45:49
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000A65F 0x0000A800 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.61947
.rdata 0x0000C000 0x0000339D 0x00003400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.92063
.data 0x00010000 0x007B1508 0x0001AC00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.2903
.dad 0x007C2000 0x00000038 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.migeh 0x007C3000 0x000003C3 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.pag 0x007C4000 0x000013D8 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x007C6000 0x0000DC28 0x0000DE00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.0712
.reloc 0x007D4000 0x0000631C 0x00006400 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 1.1383
Resources
1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

119

120

130

570

723

Imports
    KERNEL32.dll

    ADVAPI32.dll

Exports

Screenshots

Processes

Total processes
122
Monitored processes
60
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe yabsqyt.exe net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net.exe no specs net1.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net.exe no specs net1.exe no specs net1.exe no specs net.exe no specs net.exe no specs net1.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net.exe no specs net1.exe no specs net1.exe no specs net.exe no specs net.exe no specs net.exe no specs net1.exe no specs net1.exe no specs net1.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2152
CMD
"C:\Users\admin\AppData\Local\Temp\e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe"
Path
C:\Users\admin\AppData\Local\Temp\e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\yabsqyt.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\net.exe
c:\windows\system32\mpr.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll

PID
324
CMD
"C:\Users\admin\AppData\Local\Temp\yabSQyt.exe" 8 LAN
Path
C:\Users\admin\AppData\Local\Temp\yabSQyt.exe
Indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\yabsqyt.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcr100.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll

PID
2176
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\net1.exe

PID
3848
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
4056
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
3044
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
3452
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
3396
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
3576
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
3944
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
7592
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
8048
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
7596
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
6612
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
32904
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
33672
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
3496
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
36756
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
37264
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
38384
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
39372
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
40104
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
39256
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
39836
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
41924
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
42888
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
45864
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
45776
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
48060
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
47328
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
48904
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
48800
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
49532
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
50272
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
49184
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
51740
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
51508
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
53108
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
60904
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
58648
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
59520
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
59972
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
61872
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
61988
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
62644
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
62572
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
62468
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
61608
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
66900
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
68692
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
82080
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
77312
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
85996
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
84112
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
87428
CMD
"C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
yabSQyt.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
86804
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
87036
CMD
"C:\Windows\System32\net.exe" stop "samss" /y
Path
C:\Windows\System32\net.exe
Indicators
No indicators
Parent process
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\net.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\apphelp.dll

PID
86476
CMD
C:\Windows\system32\net1 stop "audioendpointbuilder" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
86712
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

PID
87948
CMD
C:\Windows\system32\net1 stop "samss" /y
Path
C:\Windows\system32\net1.exe
Indicators
No indicators
Parent process
net.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Net Command
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netmsg.dll

Registry activity

Total events
556
Read events
544
Write events
12
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
324
yabSQyt.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
324
yabSQyt.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
79
Suspicious files
1382
Text files
704
Unknown types
382

Dropped files

PID
Process
Filename
Type
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\Temp\yabSQyt.exe
executable
MD5: df4e8ce1fc1c39a8bcf34dad38d4eab4
SHA256: e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\pt_BR\Checkers.PTB
executable
MD5: 375bdd3f40253f6a98634230b4cfc935
SHA256: 4ea14703afc19262639f73da09a5e2abbac30646abd4231bb3e1fc4788fb0348
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS
executable
MD5: 2b9be70ce1ed7570681830b3b66a9347
SHA256: e89fec83fab5b316d01c28919e0e2b15b2218347e8539783866f6e1f2eb4b542
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\pt_BR\DropboxStorage.PTB
executable
MD5: 8867707f27961c87b239f77ead8ecdd2
SHA256: 65e3f090dfdfeedd249df7fa5b56131d3cd317db1dd6d66adf7434fb77c080ed
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1031\POWERPNT.HXS
executable
MD5: 23d3f23375dbde0dee46ab2d4b8b309f
SHA256: 1038149501e8fbfd83ee277eafca9acd70b8262beaa980d91207df4c3dabc4e2
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\pt_BR\DVA.PTB
executable
MD5: c677ef67cffc80474e6aca4bde4a4331
SHA256: eb2f0201b5d6a7928b2604a18701691bf37a5ee045d34579f16758edc4332e2b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV.HXS
executable
MD5: 3e3440ab71fb0477f511792e7513795b
SHA256: 900c280fcf16c403839fab17660efa651d68da259545ab37fa76c9d0c2006dbc
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\pl_PL\WebLink.POL
executable
MD5: 025827822509be01a2ce82bbd6214133
SHA256: 1a5205437c7b833654d6a45db301048c2b4b0826a145c885fa57c53770d95668
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1036\INFOPATHEDITOR.HXS
executable
MD5: 7d1b2cd393790acf58529ea4b30020d9
SHA256: 57b23efb7416f0a2140b523961dbeae79eab369df4454c3f2640e3430a944c28
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\ja_JP\pddom.JPN
executable
MD5: a33c2a9b11e90bda343ecd819d0d037e
SHA256: 58f182f7253e6b656722db96e830cbf959c23823fc3ba9935279d9ae25b82b3f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\pt_BR\Annots.PTB
executable
MD5: e8c988da0febf4e716e7ccee0f071809
SHA256: ac9fca79484540c2e4a3370568b2562a6bc868a7bbaace4ca811fc444304cd0a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1036\INFOPATH.HXS
executable
MD5: 2b052f50d411448299b9900411372125
SHA256: e685408b689c2dce201e957f60456f8d337f3af9f9ae6f1aeedbd4bb743e88ce
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1031\POWERPNT.DEV.HXS
executable
MD5: 70c44ca91beb12ed5dad7aa9e856607b
SHA256: eed4686b69841d9ea04f6141e609c652a97ac548be196724577f810c64f46a17
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\ja_JP\DigSig.JPN
executable
MD5: 6f9e8830d4329f6d04e818de6042ef1a
SHA256: d3360b4901c6b41903ed5908fb8ab6bddff6e92d08c808150bbc674e01b7d5bf
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\pt_BR\DigSig.PTB
executable
MD5: 458369a8ecd887afc4c713d9e64ce291
SHA256: cf3740849c65c301b254363c36b333dd9804b94d80f8fc48aabed2ce8d6e029b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1036\MSPUB.DEV.HXS
executable
MD5: 1058b15ce392462e4a6cf6e0211e084e
SHA256: 1e7ee10d15f2960619fb81469f1b5f50af4eb5d7a73d789cadcdeba7e1361469
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1031\MSACCESS.DEV.HXS
executable
MD5: 8719cffe1cc8ef381de42ab3ebe9710f
SHA256: 09d8d361542dd3e3b0ad6204c5dbcac794ab508e44709e0d64137f54948e35f2
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\Weblink.SUO
executable
MD5: 6f3c40368de439e7aa23bf88ce0b9fce
SHA256: 778786a2dafc7d912ed700f0d23968755d4ce655f4d1018008aeca18552e3ba2
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\nl_NL\AdobeCollabSync.NLD
executable
MD5: 4932f197d296336ea3faf7e257ff7fc1
SHA256: 4ce6a5e1060297813f7759c9f17187027b797d7b02b72f84d08a30241408485f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1036\VBE.DEV.HXS
executable
MD5: a555635a182968b601162ecc7063b485
SHA256: ad5328e3c5f059b2e5fbff61bb3a09998509f4297abd899bdeb3764d175c0d5d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1031\MSACCESS.HXS
executable
MD5: 2edb2acec1dbf01d1be089b05d333c5b
SHA256: cea9c09f634e42ab421d5896e431ddb4d580eedf4b2e7bfc0dff1a4f3f926265
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\fi_FI\StorageConnectors.SUO
executable
MD5: f0255b53c88b801297908df9ff956f15
SHA256: 5c13d0cd278235c2af74ae4f8b9711cbf95aa4317a3badd36d8f654d76909e3b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\ro_RO\EScript.RUM
executable
MD5: f6b0c6df74c5f9398d93b50bdcead451
SHA256: 85631475d7c1819f865a37aeeeb235ff3ad92dd408cb222a157da350e22e379b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1036\WINWORD.DEV.HXS
executable
MD5: b4dad0e723e299123adab6327ad13d7d
SHA256: f8698e2f37d942a69e63195455c5d207b33319a3ae75f4f9bd529acffabebf5f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW
executable
MD5: a052fb625e8223aa69713056f57fe21a
SHA256: adeac26042d428fd9325c5ad374f41c5df5f3a8cda5018a2e4b98615a74f0c59
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\eBook.ESP
executable
MD5: d2895f794ff2dda0fe08fd427b313c79
SHA256: e23ef57441a9313d8eb710a59e077c3d0cafce115892335eeadc2a013039c137
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\sl_SI\Updater.SLV
executable
MD5: 825fd9cd23e729a4ed2548a1d20f4747
SHA256: 1cac48c22e2273be55f6016e910c2a3df84810206b9ca21021ec3b01dd0a623f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1036\WINWORD.HXS
executable
MD5: fb7b2d8f102ac50dec778ccc93a4ab4b
SHA256: 84cb4d2569529bdbd8c6f4bdbe30b0282e44bccea0ab4425ad06c37e6407ffa5
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
executable
MD5: a0efef34626f8a8dfdf851354170fac8
SHA256: 9a5ef69cf7370325e7a5ae01d93cb44ea90103c7d721382f39a536e570a11bf6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\DVA.ESP
executable
MD5: 9ab6a7a7e2572c38c457f39e41d7fe89
SHA256: 6e621204be536c7bc160809919b5fea27ba4cae5c92179a079e75e7d5155ff1d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\sl_SI\ReadOutLoud.SLV
executable
MD5: 3355c101dc02a4e4fbc1cc5ebe115985
SHA256: 1c64159e5356c08ca570cf990948ab7e156af8fc1a621525ab57fca026944720
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1040\POWERPNT.DEV.HXS
executable
MD5: 4323e1034539e9fda4640ff101f34380
SHA256: 18978ce0272e00d918bfdc02a83efad5ec7fade7c4da7dda63ffb677f54eb3b1
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
executable
MD5: d4d46d848e3a3beeb401313f4f831ed3
SHA256: 4bb6aac888ad28280efd55ea061d6a4118bc46a2f0f96f460bf3fa72d795a166
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\Checkers.ESP
executable
MD5: 9d51bbb5199a17987c2016ac3e8baae7
SHA256: 5f3953caf433043f603f434efc59b333a62e2739f5e1f3ff98b8545dfe7b82c3
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\sl_SI\Weblink.SLV
executable
MD5: 6b32fa791a5728cd0d485ec07cf850af
SHA256: a85776e3a659de0f2ac2c5d79e48a5c62d72767f5bdfbf54c414817512283bc9
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1040\WINWORD.DEV.HXS
executable
MD5: 32f5dc8ce1d4b325136529f3046c0895
SHA256: 856f79a72bde0090141c42166cae1c7d36f32e91098f2ee93bb6afae3f043429
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_HUN\Flash.HUN
executable
MD5: 6e71bdecec4282c37814e22424dcab82
SHA256: 29ad6dc535f25b7e81767c8fe044be0b8796c3f69008b2c62d692687a851facd
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\BRdlang32.ESP
executable
MD5: b00acbbfae70ae2ebd01f13f92e437c1
SHA256: 58ce25b27b6a7075330eb8913945c289e331209a5600242caecf75d856474a45
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\tr_TR\ReadOutLoud.TUR
executable
MD5: d250759167162ae757f1ee254e6b880e
SHA256: 1971d849cce8242b3f4e45392cc36712e86ac2c7ef366cab15796f89b85028ca
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1040\WINWORD.HXS
executable
MD5: 871c8d8fa532d4ca57e5f62b2d25c7e8
SHA256: b1027c3ff295aad4a413929ca3807c6c5391f592c572cc8b17c030d14a45e683
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_HRV\MCIMPP.HRV
executable
MD5: 44ee3dc36c69a130f16a6014e6b0961f
SHA256: a8f03c825fe80f20b444bead79df469853bf319396f2f94a6a91ced3f13a05e2
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\Acroform.ESP
executable
MD5: 4bfa5fd312eb776d0524d46c6662b8ee
SHA256: 3bf7ce5e62b4732c114ccd809a61f2006b48ea00aa8a6d827ef72f8120363f4c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\tr_TR\RdLang32.TUR
executable
MD5: 70912366abcb43da53ac632b6f3fd05d
SHA256: ff5ae17b6cf3ca916c62abc033aba97e6ea1137d3197f9e1ac2380d2ec1ffb66
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\OIS.HXS
executable
MD5: aeb201a8e1f80e3eaa9236922b6f56c2
SHA256: df4a975892cf62367b552b96a9a8e464b2a21e6a6d6fd84c78a4a5a71be5a61f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_HRV\WindowsMedia.HRV
executable
MD5: 89f775af1f9bf4966ad50df45e8c31b3
SHA256: 3233a312f4ec327fb8441f634e5097e426ccbfccf18807416731ea9078a19643
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\es_ES\DropboxStorage.ESP
executable
MD5: e812347cf5e4fe7aa09179225691de27
SHA256: 9f6b594f6f982d1e382740259a74ddeb564572929e621f076c5d7eba88030883
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\tr_TR\PDDom.TUR
executable
MD5: 65a96c7925bd2a9f25c09e431c9fce9f
SHA256: 358b6b228697aa7e3b753744073ceff790539612aad4c06fd4d21eb78fac04cd
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\MSTORE.HXS
executable
MD5: 3e7efbe333b278573f5aff3754228e1e
SHA256: 0174c2ee594dc6532116d516c0484c9a486205db2bfcebb44db6121f3ae4d3fb
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_CZE\Flash.CZE
executable
MD5: edb6671c59257381ae5cd8ba155be380
SHA256: fc0a57725be35a03862dfca140ef764121070b9f8aae851fbadc4ff8fbe98aeb
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\DropboxStorage.DAN
executable
MD5: 0d35141086e293da9069b0c1f9f012ed
SHA256: 984015621af3b86dcfeeebf0e139de325dfb17586ce3fbfb730cc23c3ff3adae
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\tr_TR\Reflow.TUR
executable
MD5: 7e5bda326a90c470fcea67b8f67b3cb3
SHA256: 37d882bd5a3b1c739b6b93e83a337a5d8709061d1cf820250e09920f83b4e0be
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\ONENOTE.HXS
executable
MD5: 81d2e2dcecb46efec5bb9e14e1e330cf
SHA256: c8f700012d438abdf2463417f20d4f9f8bd0e3f2cdf89b134170f5eb5ed7ee3a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_CZE\Mcimpp.CZE
executable
MD5: d8ce27ff8e5bfcef291a70cc3d891766
SHA256: a2ed41bbb400e1e0fbb53199eddd3bec962e60d36461651568338df79b2001ce
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\IA32.DAN
executable
MD5: 6fcf67363c8e18b49c2adbfe13e2efc3
SHA256: 8e55af5c90682af54b7dd38d846ed0e11ab45cc7513773d6bdcad8cbe5f55b8f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\AdobeCollabSync.CHS
executable
MD5: 04588b7bf9d448dbc51c8fd29a0f4e36
SHA256: 5b788c1d329aaad0ed77219dadd2cd19c3962651ab2283d19c68b05c9f261e76
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\OUTLOOK.DEV.HXS
executable
MD5: bec3a9a51d8beffe734065d8cef88a2e
SHA256: 0194f396fb799588e2d4f566978bed90bc4243b555173eb529fe238987875f6f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_SLV\QuickTime.SLV
executable
MD5: 51207e00a3fc34e5bb8890c547c07203
SHA256: efd64ca9cfa70a64e9567132945ddf2113064986acba9453c927e18a78a6b7af
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\eBook.DAN
executable
MD5: a64b3a40d64f1cbb3a666925fb92e8a2
SHA256: e6de36ed147124b7e8ec6e4f75f426891c404d60ae85d03e504389967bf22e8d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_TW\DigSig.CHT
executable
MD5: 82f3cc8cc162cc29f599f683e7b44a21
SHA256: 554cb73a6dd42107ddbf5ac107f5e8947879302a3308f284cdac154ed30d0525
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG.HXS
executable
MD5: 8d85402416cbfe84b145151052dbe419
SHA256: 4926246cbff54b081cdf76f8cd9c6f056bbb3592e41b90c2c9a1316285f34232
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_SLV\WindowsMedia.SLV
executable
MD5: bbed6c402ff012bf20a323a8358d7867
SHA256: e601c0afddbbdead7f47be1c94f12a4092bc5a5b3903d81f4d43675b09883154
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\makeaccessible.DAN
executable
MD5: c3b0f7513c4b38bcb9c6f400bfeabf56
SHA256: 84260c4fe49aaf76287d56afed5c6cf7387c08a9097b1fe140692b1db680507c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\Checkers.CHS
executable
MD5: 61287674d78d89b18134efddb262f519
SHA256: 94c979cfee64dc29ec2dd658296becdcf62b95915cc2c664ce9cf2933632b53c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV.HXS
executable
MD5: 1f6fd18b0dd54147828ecabb4ab8f70e
SHA256: e6f929a88acce8cc512391bd219bf80aa5aee3ffa72898f33c8a17bac3a35bf5
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\BRdlang32.CHS
executable
MD5: 0762722e926400e6d97103de6c8f2211
SHA256: 01abb7b55eb20256a7fdcfd83e0c7c16b4512446f7f15b0a5ba560ccc2a8fcf4
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\DVA.DAN
executable
MD5: a53d5d943481607164e56bac60efd4f6
SHA256: 0f5260474f67904b0b7541a6ad85ac92e9de1a5f44c350b7b00a9713dafaeb01
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\Annots.CHS
executable
MD5: 4b8ad382bb63b900199e55d72b0f83f8
SHA256: 306cbb9a24fe112076ecc1e0200e4231830305920f78bbbc3f38d6e8018e8e2a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR.HXS
executable
MD5: 47ff653da86ed4bba876147bfa0d6800
SHA256: 047774b660bad934742b25d61d923881d8e9d20e75a39643d4e138e97be60835
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\IA32.CHS
executable
MD5: b095780fe37cfdb0b036852c4070d91a
SHA256: 0e150954de468fc900d02d707b5b2add93a5739cd8af489611f2d6961368ddbf
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\da_DK\Checkers.DAN
executable
MD5: d105300ef31d9102d10a44275bbb0d2e
SHA256: 21dda1bb8dd50d18c4f8fb5b0dccdaf2ea102fc1cd2d3b31376fdc328819ed1e
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\DigSig.CHS
executable
MD5: cd17a5001bc5a38e1e2512bcbce2f681
SHA256: 96b85ffa013b1e7dec26dc4caaf35d2df82eb27a41c118504ab554f42567bfd5
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH.HXS
executable
MD5: 46559597fe45692a5d590ec930459fb0
SHA256: 318dd200dee30174266025e2f95a3bc6949c979f7c263446101ac8e45dd7af87
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_HRV\QuickTime.HRV
executable
MD5: 8c7e6146241227dd8cd4f58b020b34be
SHA256: 034d6217dfb8961f3fbab910e45733e906cfb7a2af971de29bcdf7361e3afa2a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\cs_CZ\updater.CZE
executable
MD5: b94ad33fa861999382c1a0d9b36e9aa1
SHA256: c56d68c36c8d772c310797142779a47b993541cd7118e6e66efa6561343294c6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_CZE\WindowsMedia.CZE
executable
MD5: 2ce85259004479e2a152449daa90dbd4
SHA256: c6668d282eefb475b1af5dd23963938ffbd5dfdecb35d3f471de3a548b06eda5
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\Locale\zh_CN\DropboxStorage.CHS
executable
MD5: fd0a6709c931f1e296bffe3a90c76a18
SHA256: 6d75d0ee2816396a7471c3bdd7c30ed4bf5260adf6a19f25900db418cb1d9890
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.DEU
executable
MD5: 54506221077802962597bbe5113a79cd
SHA256: 4986d84c9e9d75d6c85abb3875a6e0c40b937ff7c26dcc2f3ae850a32a34c74a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP_SLV\MCIMPP.SLV
executable
MD5: a10ba5e61d879cc2900c591b461c5e78
SHA256: 4ff878895c7b2f1a370e28eeded7374338e87eda6b690d92920405de47601f3e
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1033\MSPUB.HXS
executable
MD5: d2841ac10c8a4605de456ee801c89f4d
SHA256: 5278f63b1aff95525589b076b55e69d751dc5e9b58090b6adc56558abc2a8a09
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\OUTLOOK_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Oasis\HEADER.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Oasis\TAB_ON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.HXS.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\OIS.HXS
binary
MD5: 06010b1bdb8177af2bb5b5981b31598f
SHA256: 77ea89a8b935b52eb660b08b7aea3eec7597f884981748559720645c0924694c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\GrayCheck\TAB_ON.GIF
binary
MD5: 87982c71d3c50b11af219a24b5dea676
SHA256: 66148a012b4ebd4f494fbe914ccc7e75399fce17659725fe3cb15375f796ccf9
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF
binary
MD5: fbd8c94077092a75f24bef046dc0d134
SHA256: d1ce1da5855bcf3055d32731c79a2969d05f4cbcb603ec688174972247f9a3aa
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\STS2\background.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\ONENOTE_K_COL.HXK
binary
MD5: 1e15f751ddf911c10320da338ac1c3dc
SHA256: b1ed92545fe0186a7295a10e9af49a5e98aacb46960f6d27c4f31ad8daa371dd
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF
image
MD5: 973779cfa96b0be367e8718db325c4ba
SHA256: 09d2a546c57dc9fec8fd5efd059ab8e7e21d51f582fd678f05900efef154db0a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Oasis\TAB_ON.GIF
image
MD5: 52236cec3798df288705441118df4bcc
SHA256: 71e4d48ed4515f17faa6505256314a8d6022e103714193785e7fcd08a36a051d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Oasis\HEADER.GIF
image
MD5: 65e1f0e787d4cd4b92ea4fc6ea5cd826
SHA256: 04eab76971b1c3d9c849179893b9ba36f5ee09de529a38b9c9313dceed81f710
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\ONENOTE_F_COL.HXK
binary
MD5: a7ab74879921013b9856f7325eacd833
SHA256: 1d606e16ddb91ee086e807ff7c40afb218319d99ed64766dcbe0a95e59ba5c84
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Americana.css
binary
MD5: 8fc2804e1988715a36cd788851aaf169
SHA256: 189a1d490decbc1309a0e1ddf31c6270a3cda967bdae6450edbbc8242123299b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\OIS_COL.HXC
binary
MD5: 2a59c2ada1a54e08812a1c5919980b21
SHA256: 45790de41f62f6a952748cd31164eea5d58c77f1b9950c7aa9be37d287b3632a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSTORE.HXS
binary
MD5: a4c5d3c060ec9e9a6ee0ed749d5c8e6a
SHA256: 354ea6ffba48aa9f9e38ac9165c3d6afa569e8a015b3e1a23f626eafbdb01cd7
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\BG_ADOBE.GIF
binary
MD5: 07afdd2cb3008b4ff75bd11a12eed5cc
SHA256: 8cfb5e6848f59c053639d08da7529e5155881372055b144b6431819196600757
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Desert\HEADER.GIF
binary
MD5: f54963cc40418a90a2fd0244b312b5a2
SHA256: d7d9b10de3fd73cb4cbed9ae6efc9797c825f7fd8ce98fc705fa38bfca710bb6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\ONENOTE.HXS
binary
MD5: d139202e5839e96512bbe4d461ed8962
SHA256: c6559a9f1b3970293bdea85f7f9be18d4185c17645a32c40f619695fdd229dcd
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Accessibility\WCAG1_0.XML.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WEBCOMP\MSN\MSNEULA.TXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\OIS_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\STS2\TAB_OFF.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\ONENOTE_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\ONENOTE_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\OIS_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\OIS_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSTORE_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Bibliography\BIBFORM.XML.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSTORE_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSTORE_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSTORE_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Swirl\background.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SpringGreen\TAB_ON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.OPG
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS_COL.HXC.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_K_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_F_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_COL.HXT.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.DEV_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_K_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Issue Tracking.gta.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\STS2\background.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.DEV_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\DataServices\+새 데이터 원본 연결.odc.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_COL.HXT.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_COL.HXC.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_COL.HXT.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_COL.HXC.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\STS2\TAB_OFF.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_F_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Invite or Link.one.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_K_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_COL.HXC.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_COL.HXT.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_F_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Accessibility\WCAG_STR.XML.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_COL.HXC.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_K_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_F_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR.HXS.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH.HXS.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSOUC_COL.HXC
binary
MD5: 424ae5d79e6882bcbb6a50b510bb27ad
SHA256: 79c8c0b85f68caf37a270292dc22f9ef4e2503226bd9dabb58efb9e43e76d19d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Bibliography\BIBFORM.XML
binary
MD5: a43a186360e330099d177be7290f6a11
SHA256: 735d44efcc1ddeeaf92664d5271b322c91b39353ec444fae0808f1f00682518d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Accessibility\WCAG1_0.XML
binary
MD5: d0b7292d2ba1cb8977dc7113e0e83b4b
SHA256: 3147904f7236cc49cd9424393a3dc94f1d24bb1ee6cffa989907308605d99812
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF
image
MD5: d8f4146d52efd10b3ff36c3d859e587b
SHA256: 689648b03bd106f624fe0cf78efd192cca73fbc775386005c0ba19a079219731
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions\Generic.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\STS2\background.gif
image
MD5: 8dec757344e8e01250b42ac2e851953e
SHA256: 77dbae65602b0da6c8cdd2a3955cc1fe10a9de9225667bdf533a30af83f9662c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\STS2\TAB_OFF.GIF
image
MD5: 44e81c4c177ac2300acbfb8fe38736aa
SHA256: 115805b59e78ecedf21e94981a702976369c70967cfb54f338c578da9190ba44
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.DEV_F_COL.HXK
xml
MD5: b8fbbc73ddde31636552ab184b4e398f
SHA256: 3c3702253a4695b5bcb18a2565b1d49f9f32f5f9f2442fd1395197970fa34edb
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.DEV.HXS
binary
MD5: 6f61a3d51685091036d1860b2bd97fba
SHA256: 7b71f080667d40a68d9e82bd21222a84e8fab076a9e739f0ec96bb245e8bed03
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.DEV_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions\gradient.png
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSPUB.DEV_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSOUC_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSOUC_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSOUC_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions\Response.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSOUC.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions\Person.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSO.ACL
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions\Main.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSBCODE.XML
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\DataServices\+새 데이터 원본 연결.odc
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Issue Tracking.gta
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Invite or Link.one
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\HTML.xml.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions\Generic.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\VelvetRose.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\TexturedBlue.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Accessibility\WCAG_STR.XML
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Issue Tracking.gta
binary
MD5: 527049a6f26e285fce7b93532af38482
SHA256: 72c23e5fe936eea6b8328547611f31cd8f4c1f13fdfe2bafebed7b3c0a5e5cdb
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_COL.HXT
xml
MD5: 8bcb11653c816f63eda5ad2ed1c1559c
SHA256: 23141a80acd6800cc52bbfd38e8e5a9434ae0703dd1aa979518e0fb80e93619d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS_COL.HXC
xml
MD5: 83d22640ce9575db49a6510071802860
SHA256: affde98788128ebe25abdc2027b1fb450d889f42892f9cf190d8de16b4fbdd7d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_F_COL.HXK
xml
MD5: b8fbbc73ddde31636552ab184b4e398f
SHA256: 3c3702253a4695b5bcb18a2565b1d49f9f32f5f9f2442fd1395197970fa34edb
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF
image
MD5: cf2a0d492e792be7de119bae7c409c9f
SHA256: b5488b1a192a7b003f892d689989332b9ed4b1b8adaf88527ac3cda156210ab2
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF
binary
MD5: 76386201f88e95b5a6d1a12fe2565d42
SHA256: ec85fcf715ef1c3044092b21060f155c489dbd441547e8e3b8024d73267e978f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\MSACCESS.DEV_COL.HXC
xml
MD5: ed51944d4896b1f5e46e4e01f94ba5e6
SHA256: 7be68e4e871b35532ed66ab15ce081b8151b1e63cde51b4ec22455fa875c1914
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Invite or Link.one
one
MD5: ea1101cd06181e9bedca640a7cf4517a
SHA256: 2ceefe8abaf43487a4c3b88e7325c477014c27ba336f317d7fb9741c802902d6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_K_COL.HXK
xml
MD5: db9742e49c49c505b293a84518e95fa5
SHA256: 1c17b95e5098adb0c0e06aac8a8c7c50c6a5ef1b696465d548c8a922f1d3a653
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_COL.HXC
xml
MD5: 6a2a052322da39d503669e8adebcd04b
SHA256: bacec7849bf86f2a129e7d1339e4a0d3c30d589a020f16ddaec0e13a9ba61be6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATH_F_COL.HXK
xml
MD5: b8fbbc73ddde31636552ab184b4e398f
SHA256: 3c3702253a4695b5bcb18a2565b1d49f9f32f5f9f2442fd1395197970fa34edb
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_F_COL.HXK
xml
MD5: b8fbbc73ddde31636552ab184b4e398f
SHA256: 3c3702253a4695b5bcb18a2565b1d49f9f32f5f9f2442fd1395197970fa34edb
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\PUBFTSCM\SCHEME38.CSS
html
MD5: 7d04c02ee8fc3c8469f48790a5c256cf
SHA256: d1f62d7d6f7cb99e884d851700f3c6b25d6a54e424095aeb96884e8b118d77ae
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\PUBFTSCM\SCHEME20.CSS
html
MD5: 6d507bb72278b5550d6c2096035a6785
SHA256: 2399edb11c8c290f272d77f93bc79de911c5828c933b89590fdac39df3fd2e35
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_F_COL.HXK
xml
MD5: b839827749d6c511286418f99a53bc77
SHA256: e234c356fcec489d1be1ed12339ae031e075ceef59578a6d7f664e4d70e709e5
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_COL.HXT
xml
MD5: 78f647bd278ab8d34e2ba3b9d17d8f60
SHA256: 0ce498fff58fffbadc07b8deece5375f759f045c7e77130485657d073d06fd4b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_K_COL.HXK
xml
MD5: 1a77ecad9996e96ad084d709e15d1350
SHA256: 88b05410552870d8f25f65fae867dbeacf702672086bfe2fd5a088e2c7a24249
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_K_COL.HXK
xml
MD5: db9742e49c49c505b293a84518e95fa5
SHA256: 1c17b95e5098adb0c0e06aac8a8c7c50c6a5ef1b696465d548c8a922f1d3a653
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\INFOPATHEDITOR_COL.HXC
xml
MD5: 6fe5ba1746a1b955ee9c5dd62cf81e7b
SHA256: 6d5b74a362e2c01dd3e8033b23f74cd9e4761554e4508127f9f1b1867effed7b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_COL.HXC
xml
MD5: 6f9d813a994aa78443b547596ce5a1b8
SHA256: dc527ef672aaff5df199c0b05c453ad9cce1921f7d1d81e59ba4a4a1e8d5bf28
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions\Generic.gif
image
MD5: f6cde05064d0ee527f1a6dc8d02d9bb5
SHA256: cbe02d6f81b3dd43cff0c75614facbff9e8d9318897d3db42d5f0d605b1bb5c1
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE_COL.HXT
xml
MD5: efa193293ad6f625880824ac66e52466
SHA256: 72cba57a2776cec4878480244fcbc3b5f70797bfca9618685f9964f419071ef6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Accessibility\WCAG_STR.XML
xml
MD5: 2e9d948eedb2720a4334bbe4ffc57f60
SHA256: fcc675b873f83fce090e706f10c143acdd4a2a8c8b1910a2ac4a0dce09dc87ce
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\VelvetRose.css
text
MD5: 0b752f30bf0f687c38b2e71e970b8120
SHA256: f9ca359ea5ebc8d4c71f7024b164a398e44bdfa26d2ea7582c67023f62089b3d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\TexturedBlue.css
text
MD5: 5aba39a9301f8a124d1faf9db96296cd
SHA256: ac240a5f3b857d54060c8054195692d419f0f4d76cb33d67ba542dc008fbed0e
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightOrange\background.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF
image
MD5: 94f8f9cbbc7c55b6035f08f846d39cee
SHA256: f1b55bf40b6fa794c1e614aa75985258a88e2165bef91eff545438b85baa5c3f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\HTML.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Swirl.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Americana\TAB_ON.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Sts2.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Country.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Teal.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SpringGreen.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Sts.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions_Person.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightOrange.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\RTF_BOLD.GIF.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightOrange\background.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions_Response.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\GreenTea.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_italic.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_underline.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightYellow.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Biscay.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\OliveGreen.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\GrayCheck.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Oasis.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Maroon.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\LightSpirit.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Discussion.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Beige.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_choosefont.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Casual.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Adobe.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions_Generic.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_OliveGreen.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Groove.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Lime.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_LightSpirit.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Desert.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions_Doc.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Americana\TAB_ON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Solutions.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Premium.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Country.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Earthy.css.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_GreenTea.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Earthy.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Country.gif
image
MD5: 474c7b80d4c1794392831d2b8f8ac0f5
SHA256: 8a523bd7b08650fecfab5e9b361a1d463fbf9f23fed787ec2066ca7363f0b565
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Casual.gif.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SoftBlue.css
binary
MD5: a5fff06c078cb8434f6851aef8ca3201
SHA256: 189a1026b3202eba473920c58207ffe5ab979d751864a68013d3de04e4e0b75a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SlateBlue.css
binary
MD5: e191b0c38aaeab34fc7771eb3e493bfc
SHA256: 52fd72614cea3e8b017fdef06d3907c3bb63132534327e3198dec08146f8d56e
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF
image
MD5: a875cf9caadc406392ad4bbde44fd55c
SHA256: fff5db9fafe7d0264df2c4135ca0a6252f4f4bddfc7b62471c2cca0a3fbf5954
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF
image
MD5: d54031925fd3797b1ddd363bae020140
SHA256: a4cccc40c83addc9d4af9c4d10d46b197b07b7d8517f06637167f4036769686a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Americana\TAB_ON.GIF
image
MD5: a875cf9caadc406392ad4bbde44fd55c
SHA256: fff5db9fafe7d0264df2c4135ca0a6252f4f4bddfc7b62471c2cca0a3fbf5954
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Slate.css
binary
MD5: c9aff1c9094b138dce8743a82504e901
SHA256: 4630ef0ed5dd8dd9a20a750754a8b58f152d9b0ca481acef7740af4c30e1831a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_spellcheck.gif
binary
MD5: e4303c89f78a66687e306f5908613785
SHA256: a6fba5e8e0290d54aa199a55044105f16a58025ff64a715b4e69263f778a2b79
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_italic.gif
binary
MD5: 473f0c1d935e6dc1fd57d4e643cc3edf
SHA256: 374b6a94a43d735f6025066dcb9cd4e2c6dd237b828a7d4441ff27ff2b842375
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_underline.gif
binary
MD5: 6ad18fd4950cd4a91751584a44ac25cd
SHA256: 759345894c21d1eb9aab40ca3954322ae98648dccc2e1aaafeb8d65df4e2b4e6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\GreenTea.css
binary
MD5: db6c73541d7e3441440f48b84da6af69
SHA256: 11035d65afdd37a32cddc1f77682457ca688f3d5f727ea584882c81a7cfb058a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\RTF_BOLD.GIF
binary
MD5: 8c41c9040d2b081a2f3992f34de1167a
SHA256: c86c62709a0624679f85098dc74aa28deea5a420e07d334b427432d1ced4ed60
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Premium.css
binary
MD5: 93124d723a914f4e937b73a757eae174
SHA256: 3f61c976798f5d1a122bbe0ffb7baa5f10dd119191dc71d03bf4ad2b21576e05
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\OliveGreen.css
vc
MD5: 7c690b7a489029557861b1a30928dd8f
SHA256: e6d7731c9e18c9437948fe2a0b2064c30cf315d02d5434b2c986512f58da51d1
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_choosefont.gif
binary
MD5: 5a0ff1413d29a8a3cb218dfc2a826fa3
SHA256: 1e654e2580ba1d18d6977ca2639f0a8281539418aa71d0cdfde22a757b04b908
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\LightSpirit.css
binary
MD5: e9986db66f04214ec7fabc0b5ec29a7b
SHA256: b35aef38341fd6bb160df418baab973bdfc2d4734870bb8c6cbaf8dd6c52faee
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Desert.css
binary
MD5: 3f92f21d21cadfc9e3c39a9c3857c448
SHA256: 10658e0caf74e2cb5c49a780c13896ee1ab6cd0d93c64f10cc716adac37c7992
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Maroon.css
binary
MD5: 032133ee9ed161ad65f0c561ed0a25f5
SHA256: 1cb8ae99e9aa083b231dfb22f2546d42ba8385a31f28fd3cadb8b0464fb3aaad
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\GrayCheck.css
binary
MD5: a43a5bb4b648bd2fde906d78beb279f9
SHA256: 02920de949fd9f1091c4e6d17e2adba2626f7bc9068bd51b2b54d47ebb15186c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Earthy.css
fli
MD5: d7ac6a95f7ab30f0e2676b53f86b8350
SHA256: b4a54036868fb0a231f9573bbcfa14446f72a4bb15f5c46f2c46354a5d9337e7
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Discussion.css
binary
MD5: c897655e62921c8883464d2138fef984
SHA256: 3e1b315fdbd1fefd9040526793cfb23f04905e9d60985c2fe2eb922001a53458
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Oasis.css
binary
MD5: 5a9c089992b6749dbe1afffd703a2f43
SHA256: fa4ab0e6ca1e48f680676faa4f3ee62bd16bdfec0ae44c2c8c72680bbeee1a6d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Lime.css
binary
MD5: dffba61b3b211aabe5df775106d114d1
SHA256: 0b73f9a86648a3e236427662be69fdc2bb1c1ce9695483d935f5eb140defe4f7
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Casual.css
binary
MD5: 45200949ce40124c87c39e25651bde54
SHA256: 220116cddaee8d5ad1d2e3c38b4e39a383fe5f2f5d18717c7065609a92d9cdfa
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SoftBlue.css
text
MD5: 0f961fc51547531f234c915cc1a99663
SHA256: 88c09f173aa0ef5201ad6be8870ee3a8e5779fcb73e299831a4bb4127d01942b
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\SlateBlue.css
text
MD5: 1c3e1d702a8156bc35092a9ec5328937
SHA256: d8d43d452f05b8d4b623d2658745bc13235f4f7dbad6dccf65e1198b330081ed
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Slate.css
text
MD5: bf3167ce1859ee4d3eb137f64ed70290
SHA256: 1446be48e624babbd10932cd177dd173507435ad799fe44081fadb2dd96d1557
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\Adobe.css
binary
MD5: ed79ce0653874d1236d322134b3c8c93
SHA256: a261870e0dde515e6c80d0ba42f1ff69e8e1a30e4850d8515ccfc114db657022
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_VelvetRose.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\BrightYellow.css
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_TexturedBlue.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_SlateBlue.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_spellcheck.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_italic.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\FormsStyles\rtf_underline.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_OliveGreen.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Premium.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_LightSpirit.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Earthy.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_GreenTea.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Groove.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GROOVE.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GrooveForms5\bg_Casual.gif
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GRAPH_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GRAPH_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GRAPH_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\FPBROWSE.HTM
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GRAPH_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GR8GALRY.GRA
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Fancy.dotx.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXPTOOWS.XLA
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\DataServices\FOLDER.ICO.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\FPSFECFG.HTM
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\CollectSignatures_Sign.xsn.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\CT_ROOTS.XML.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Discussion.gta.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Groove Starter Template.xsn.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\GRAPH.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\DataServices\+새 SQL Server 연결.odc.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\CollectSignatures_Init.xsn.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.DEV_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.DEV_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EADOCUMENTAPPROVAL_INIT.XSN
binary
MD5: 01e3a3ab888c7c63c9d788ab08b25466
SHA256: 712e0a9793e280aa02ffcace7ec344c327fadcf803d50e4286bdb14485ffaca4
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.DEV_F_COL.HXK
binary
MD5: 4c30fc4b5cd03af8b3e40e78fbf163a0
SHA256: 4c9fee73ee6874b7b72cce55e11208003dd1b350932a04dde4371fbcf214cb12
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.DEV.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Discussion14.gta
binary
MD5: 7e1205dc223ca152603176ee0fe0daad
SHA256: 12f25b56f2e22b0951bc992b9811cc39e9f236c9079631e732fdf3fc5ea3775a
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL_COL.HXT
xml
MD5: 4bec045cf396073e3655daee3059a0e5
SHA256: d9ff1189a1ecd3a9f0c93c8dbc1d936aa64ac346ba7fd620f421f5a5014f06f6
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.DEV_COL.HXC
binary
MD5: b6ebd5b2ae4fa2d43d33f01ab8ae0d5f
SHA256: f98c3f6d2b751fbdc64c3f0be229360be5133bfaafa194981658aeed32d2ba52
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Fancy.dotx
binary
MD5: 4de1f57b77be25c0a3800bc910df87b3
SHA256: 97ca3f474b766679ca6b0368e405943ea0e2500efa547ecda2d5f778b1f684ec
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.DEV_K_COL.HXK
xml
MD5: db9742e49c49c505b293a84518e95fa5
SHA256: 1c17b95e5098adb0c0e06aac8a8c7c50c6a5ef1b696465d548c8a922f1d3a653
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\ACCESS12.ACC
binary
MD5: 480800d3d834441e6060e8ac1ac853e7
SHA256: 2377260426543c083e94ff775f3c9e8b98cc750f1b312582f56f81f509b2a4f5
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\DataServices\FOLDER.ICO
binary
MD5: 18a6512025a6c092f4ec7ff94c985163
SHA256: 45e37193c64cdf8b9f9f586039236fa5bf1016c860e137f2e67140fe1bb373b8
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EADOCUMENTAPPROVAL_REVIEW.XSN
binary
MD5: 2c6faf5a48c63dd3f7cbfe32426970d0
SHA256: 04f630e58af52faed123990e874ba4c6cd022fdd726d6a9471e427fbd9c89976
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\EXCEL.DEV_COL.HXT
xml
MD5: b835439587fb5ce672d80cead06f2811
SHA256: d472496fef7c3e92af97a26087a75d3e94b8da6c5c9b47eabc43bc198d0abf7f
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\CollectSignatures_Sign.xsn
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Discussion.gta
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Login.xml.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\CT_ROOTS.XML
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\DataServices\+새 SQL Server 연결.odc
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\CollectSignatures_Init.xsn
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1042\Groove Starter Template.xsn
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Standard.xml.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Form.xml.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Simple.dotx.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\DataForm.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Data.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Thatch.dotx.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\WebParts.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Validation.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Navigation.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Standard.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Login.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Distinctive.dotx.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV_F_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Form.xml
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Classic.dotx.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\DefaultBlackAndWhite.dotx.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Default.dotx.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Thatch.dotx
binary
MD5: 2b9ffecd997d5b2306b9910c15aa8565
SHA256: 7b1821fb18a83a8a5ecbabc1684e2fc5a4ffd0aefc270d901e2ad8b7228a126c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Form.xml
xml
MD5: fa6e3e6cf1d006bd215191f5b20c2bec
SHA256: 282a10e4f6c1fd3c549b5e318371e53cf838195695763375c98da3ea348922ae
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Login.xml
xml
MD5: 77030c9f7139fa400817867f41237f65
SHA256: e3218e221df754ebd7c35627afd7ee255424db464fcafcea380c73fa3cbba98d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Toolbox\Standard.xml
xml
MD5: 58ab3b296eb09c4ebcf74e775492f7b7
SHA256: d8509c16999b2e76fbddaddd264059f3e2355551d2196cd031885adc36394a8c
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Simple.dotx
binary
MD5: ec77b65df8c7fa95f8a30cb471e64873
SHA256: 04fbb7ce016ed8a33cc023f08bed7f3433641128fed6e11f6e9efc51a8b79b64
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Traditional.dotx
binary
MD5: 0e25c63fd13f5ce8cb7ed8a4c2d72788
SHA256: 4cca93e912159d3907de12a75cb34bff2f6dfcfee6af5c9c59896d0d4a116978
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD_K_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV_COL.HXT.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD_COL.HXC.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD_F_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV_K_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG_COL.HXT.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Newsprint.dotx
binary
MD5: 418529e5a54eed7a9b074b36def4b949
SHA256: d419036d0539e6111d606d43c9b6be14e6643898dc5adac3c8ef292fb7896c7e
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Perspective.dotx
binary
MD5: 154fd15f9c213c7fb9941627318203c1
SHA256: 1a071d792ebd8dd821371ec06ff73d17796780508b6698059c3bba89e637dee1
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG.HXS.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG_K_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG_F_COL.HXK.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG_COL.HXC.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\ReviewRouting_Init.xsn.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD.DEV.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Manuscript.dotx
binary
MD5: 53ef1a39ef20f5d58bef9cb0687b75f0
SHA256: 773033ea4e23e92528eff812554462ed56aa363bb7ce6a88262176b1b1f8b23d
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Modern.dotx
binary
MD5: fcb6c4fb1aa41d4257d3e6de76687ffb
SHA256: 4fcdee08bf60e6a826948c15509ea1d6b82439748da78fc153a1f26310094a19
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Formal.dotx
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
\Device\HarddiskVolume2\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD_COL.HXT.RYK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Elegant.dotx
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\VBE.DEV.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD.DEV_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Xlate_Complete.xsn
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\Xlate_Init.xsn
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD.DEV_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD.DEV_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Distinctive.dotx
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\VBE.DEV_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\VBE.DEV_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\WINWORD.DEV_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\ReviewRouting_Review.xsn
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Classic.dotx
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\DefaultBlackAndWhite.dotx
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\VBE.DEV_A_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\VBE.DEV_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\QuickStyles\Default.dotx
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\VBE.DEV_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD_F_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG_COL.HXC
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG.HXS
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG_COL.HXT
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SETLANG_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152
e75622957decf1594c2cbe726ff0aaba4a509dab7b77721d3db16977f224ae4a.exe
C:\Users\admin\AppData\Local\VirtualStore\Program Files\Microsoft Office\Office14\1041\SPD.DEV_K_COL.HXK
––
MD5:  ––
SHA256:  ––
2152