b229d93f81693e0f6899ee884c95451ab4355352e72d050efa7c9ad37eaabe27

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6fb05299692ced8fbc7f9343b2e56b6b.exe
Size

1.8MB
MD5

6fb05299692ced8fbc7f9343b2e56b6b
SHA1

ec8b4c1cebdf9ce1f1ebcb5e76d77dd646a01f85
SHA256

b229d93f81693e0f6899ee884c95451ab4355352e72d050efa7c9ad37eaabe27
SHA512

57c24808a3bf3e28fe9a52c8805ea9df69d46e1420c4ee1422ece0c78437a091d4f7588b28501df094f9df22f5d3e7f8f640471f5d6111e0e0a3b30dbbad6e53
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHV:SCqm2Jpr0nNM7Dus7Nx21

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 12 IoCs

pid	Process
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found
3408	Process not Found

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3188-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/3188-5927-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000021d5a-11149.dat	upx
behavioral2/files/0x0001000000021d5a-11150.dat	upx
behavioral2/files/0x0001000000021d5a-11148.dat	upx
behavioral2/files/0x0001000000021d25-11147.dat	upx
behavioral2/files/0x0001000000021d25-11146.dat	upx
behavioral2/files/0x0001000000021d25-11153.dat	upx
behavioral2/files/0x0001000000021d25-11152.dat	upx
behavioral2/files/0x0001000000021d25-11151.dat	upx
behavioral2/files/0x0001000000021d25-11156.dat	upx
behavioral2/files/0x0001000000021d25-11154.dat	upx
behavioral2/memory/3188-13397-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\desktop.ini	6fb05299692ced8fbc7f9343b2e56b6b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\SmallTile.scale-100.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-100.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_contrast-white.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\mso40uiimm.dll.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-pl.xrm-ms	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.scale-125.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationProvider.resources.dll.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\osmux.x-none.msi.16.x-none.tree.dat	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.ELM	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\75.jpg.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-256.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.dll.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.winmd.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-white.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-lightunplated.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-unplated.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-125.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-125.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-16_altform-unplated_contrast-black.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200_contrast-white.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\THMBNAIL.PNG.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.scale-125.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-400.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ppd.xrm-ms.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Windows Media Player\fr-FR\mpvis.dll.mui.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-lightunplated.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-40.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\PSGet.Resource.psd1	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-200_contrast-black.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\MyOffice.BackgroundTasks.winmd	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-150.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\12.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Mozilla Firefox\IA2Marshal.dll	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\AppxManifest.xml.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Input.Manipulations.resources.dll.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-16.png	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-100.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-150.png.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\oregres.dll.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.exe	6fb05299692ced8fbc7f9343b2e56b6b.exe

C:\Users\Admin\AppData\Local\Temp\6fb05299692ced8fbc7f9343b2e56b6b.exe
"C:\Users\Admin\AppData\Local\Temp\6fb05299692ced8fbc7f9343b2e56b6b.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
92KB

MD5
94d0a59e3e1f8034cf928876b525b2e7

SHA1
30600a6adaa67b9869a92bdcd1fa14b38632e150

SHA256
ed4e1966cd563d7725bc4d87fc6c03e4f2c170a015dc364b4ab9dbe923de852c

SHA512
42d76e865408a314eac1a5158ec5b09058b07b0672ae4850e495ab029b40115e52037bd0248ddf546139aee00a78b442dbee2b5e56bf5653c42d45a5d64271bf

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
1.1MB

MD5
e6ccc7a6c14f52c2af1db941095d1dc6

SHA1
538b3ea5b76e5816b003ade02adc699afdc6feaf

SHA256
122c9599e0ba4700607103cbd3acf98a000978c188acdef538d4062077fa1227

SHA512
8bcdf8ea026eb026313ef41ecb9716e353b25cb0894bc837d2ad051638a24be914db1175a2bc1d37ed403e14a680b2c34ea43eea6259b1d66530c2918c9f39ac

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
381KB

MD5
2e6c5fa5421dc2472b426f9e20bb1a8d

SHA1
858ea62ed936482d0139a2a9f72f6471efb52c02

SHA256
cc29fe4d92038da803cb7fb2b12fd66ed619f330a923a3ff4914cd1c37061ed9

SHA512
1801fe226fe479c26e616e68d0f0b460565e81fc47485baf376f54c32c9e761b39dee0958b198be68a6b4388afd12e29070196f54475c8821831f0b6c6ac407f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
1.4MB

MD5
8f4570296e8c3c3e8921bb57cb22e15a

SHA1
0511da51f62fbaafa599c5ff347af9b6e2eba1dd

SHA256
f0a5431dd7a0cb17d694c4da6155a42e115ccd07a563be04f1d94c697fb33a43

SHA512
a817d4fafd4464c5d7a85e48093c292a8db94899f9be791e1d9baf3546c61705050372ff10a559a34d0edcb88eeaeea95f3c76e949ec1823c50ea09061d94c17

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
1.8MB

MD5
4cbbe0a02fbb15e5d9ea7aceb56b7cad

SHA1
2c18f52d03fa76882fe8f4dbb3c7858615b630df

SHA256
85191672b51af7fff8157d2657d9a885b39cc3da245472afc5c12cc666cdacf3

SHA512
9c5c12fba3798d75e78ec8c35dd995fc0f4f13ff2e717ba9912766579d520044b358d044267bf264411482f42a6ef07a59b6be6344546a3698b4212b61f86103

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
1.4MB

MD5
eb49acd7b1d37cfd8f81b63912e1c3f0

SHA1
d09a99ff2566601f4fc86573a2923d8399108449

SHA256
998cd8d4a239d60150a13facd91f277d95a2d1ce25d6617ae6eadbb052d74d74

SHA512
b70508261a84990f3ddec82afcc9bbb58f3a2401ff5f667a06d8fdc20f0d0645dde9e27c6fe538e40b3f14741e4de81f4022eebce3af3d868a5176c4929f8277

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
1.4MB

MD5
96cb457c0d6a1692666951151008c033

SHA1
452cdf6b84d8ec61c838a7559492cc7e88837082

SHA256
d295a1306b2f6214a4f9a379f546e34ec424ca6780783958b5a749e3365f81a9

SHA512
02a9dc74739aed447bb77d76f5dd571c05d1457f9070f646aae5cb83759720674ef1b0a545157ed86c186c7c1a98873ac41503cd5f8a40dbd0ddaa63de3bed19

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
893KB

MD5
783e1270d52c78318a90f78de5375b3c

SHA1
81097ec182d483d53f56f14b75722d9603edc227

SHA256
69644f592b7306f73418b438625af53ba11d3c3f12227e21802e60e2591bfd1c

SHA512
a67a8897ac5a5ac5b097d65cabcdfa6a7aefb45af1d64dcfa190ad3cc6e7a7f0e217bcc6f7f429c7edb1fa1e7e9dec47b4f878afccde7d383b64bac3758323db

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
894KB

MD5
45f1137fcbc2ee338290407120d46a11

SHA1
966e822d1f7e53f29d6b608c2b1d1d67c2e735c0

SHA256
2c8cd82524936b5ac544a53d3604d5706313027de4a599a69e9b66fb8b1d155f

SHA512
7fed0b6104361a201c2fb8b6c832d519b0309795933972baf80e603f487e4c2b85abd364b159de50d869540df6b0e9227afbbed6cd69872e7cf30052d41ebb39

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
384KB

MD5
2f7fcfd9590f1c2eac2dfac5ab60feea

SHA1
9ea2c49f8c43e4226cc28d54fe8d288e2dd09245

SHA256
3648bc100863acbafe570772da8fc754321493aacb5436d9bddb2095af088762

SHA512
0bc32ce41388dc44a4659ba9e508e1686855971b940d8651b487971d45a81e667ed7adaac6b44705740fd63889f02b8aa4950bc226d46819c053dd7c20803e1b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
896KB

MD5
c56930fac5a9d9e1adc421eb8451c95d

SHA1
b2122c2953ead87c44a15a1246eda05aa0a6fecb

SHA256
8d880e6dfe2bdd0c6ed430b5aeb8a9cffeef2d619c8c48235eac0418554fbe99

SHA512
9234afa01c76f508af05b2626f0e7ce901438b8a4347589f9583138edd5db3f6266af4e24f8f52669de1cfc162852d71cbf0ce4b8efdfc388686a4a892a3cdeb

Download Submit
memory/3188-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3188-5927-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3188-13397-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download