084f493d5dc9899551937116ae2c41528870b14d320285ce6c119a21bbaca8ab

Analysis

max time kernel
133s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64c4a66acdb02415e481a4865b59a72e.exe
Size

1.8MB
MD5

64c4a66acdb02415e481a4865b59a72e
SHA1

1cef7a5685a4c9fc7393bf3d6d01fedd1e2afb15
SHA256

084f493d5dc9899551937116ae2c41528870b14d320285ce6c119a21bbaca8ab
SHA512

9410a5ee3d533651b449246615e8bcb6b5e501b8390317123dc3fe35599a1cac789d2e3cc6be1ec1b559548b2a532c240df1f1e6307dc396d2cc1946297e01aa
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHr:SCqm2Jpr0nNM7Dus7Nx2L

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 30 IoCs

pid	Process
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found
3336	Process not Found

UPX packed file 34 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3688-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228b1-5.dat	upx
behavioral2/memory/3688-5816-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3688-13403-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000021a2d-13405.dat	upx
behavioral2/files/0x0001000000021a2d-13404.dat	upx
behavioral2/files/0x0001000000021a2d-13407.dat	upx
behavioral2/files/0x0001000000021a2d-13409.dat	upx
behavioral2/files/0x0001000000021a2d-13408.dat	upx
behavioral2/files/0x00010000000219fc-13415.dat	upx
behavioral2/files/0x00010000000219fc-13414.dat	upx
behavioral2/files/0x00010000000219fc-13413.dat	upx
behavioral2/files/0x00010000000219fc-13412.dat	upx
behavioral2/files/0x00010000000219fc-13427.dat	upx
behavioral2/files/0x0001000000021a2d-13433.dat	upx
behavioral2/files/0x0001000000021a2d-13432.dat	upx
behavioral2/files/0x0001000000021a2d-13431.dat	upx
behavioral2/files/0x0001000000021a2d-13430.dat	upx
behavioral2/files/0x0001000000021a2d-13429.dat	upx
behavioral2/files/0x0001000000021a2d-13428.dat	upx
behavioral2/files/0x00010000000219fc-13426.dat	upx
behavioral2/files/0x00010000000219fc-13425.dat	upx
behavioral2/files/0x00010000000219fc-13424.dat	upx
behavioral2/files/0x00010000000219fc-13423.dat	upx
behavioral2/files/0x00010000000219fc-13422.dat	upx
behavioral2/files/0x0001000000021a2d-13421.dat	upx
behavioral2/files/0x0001000000021a2d-13420.dat	upx
behavioral2/files/0x0001000000021a2d-13419.dat	upx
behavioral2/files/0x0001000000021a2d-13418.dat	upx
behavioral2/files/0x0001000000021a2d-13417.dat	upx
behavioral2/files/0x0001000000021a2d-13416.dat	upx
behavioral2/files/0x00010000000219fc-13411.dat	upx
behavioral2/files/0x00010000000219fc-13410.dat	upx
behavioral2/files/0x0001000000021a2d-13406.dat	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\desktop.ini	64c4a66acdb02415e481a4865b59a72e.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-200.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-16_altform-unplated.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-200.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxSmallTile.scale-125.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\NativeShim.Resources.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookWideTile.scale-125.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.winmd	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-16_contrast-white.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-high\AboutBoxLogo.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Dark.scale-150.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalStoreLogo.scale-100_contrast-white.png	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-pl.xrm-ms	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-100.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-256_altform-unplated.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\THMBNAIL.PNG.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-72_contrast-black.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.VideoTk.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PlaylistMediumTile.scale-100.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.exe	64c4a66acdb02415e481a4865b59a72e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BOOKOSB.TTF	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\ExportConfig.json.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\MedTile.scale-200.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-150.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_contrast-white.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-24.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\Microsoft.PackageManagement.resources.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-150.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomSetupDisambig.jpg.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-64_contrast-black.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteMediumTile.scale-100.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96_altform-unplated.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppValueProp.svg	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-100.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\LargeTile.scale-125.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_contrast-black.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBCN6.CHM.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white.png	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PayLockScreenLogo.scale-200.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-phn.xrm-ms.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgrammar8.dll.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\SplashScreen.scale-125.png.exe	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ta-IN\View3d\3DViewerProductDescription-universal.xml	64c4a66acdb02415e481a4865b59a72e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated.png	64c4a66acdb02415e481a4865b59a72e.exe

C:\Users\Admin\AppData\Local\Temp\64c4a66acdb02415e481a4865b59a72e.exe
"C:\Users\Admin\AppData\Local\Temp\64c4a66acdb02415e481a4865b59a72e.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
550KB

MD5
e200ae33795dedf32f1538bbd7569108

SHA1
ab03732819a9dcb48789336bf45f3a4bfcf1902e

SHA256
167e60d9e4b31e8b5dc5996e12a3bc2df6aec9e2d1ef8dce54620b04ae93fdb2

SHA512
e50a3125ac8ed78e49df1e69c8eab5411af970ca58f89589dd910f5dc115178de781ffeac2d686fce3eae831a0877c6d0c0b179a97385b3b87477c0d6df323ea

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
461KB

MD5
aee8bdfbdfb60fdd1ce611382c53c7b4

SHA1
c965a8e569a70ab88a6f718b2820bed56b927017

SHA256
b6be6127b3b8d75f746220b309366a8a7a240c7f1be24d8b9412d858723800b8

SHA512
cc30a8d728db2deb9756ad5007e43204b0d004f97622bdbd00b884d0cdcf657cb26450bb270fefc110aa9a8a452f68a830ed093a23c02512516635e94b741c93

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
412KB

MD5
76dad1a4963a355afda224e501376d3a

SHA1
a3d659cce50df1dcbf167303b58c2b8cad35586e

SHA256
7f24320fda17bc313c9cfcf9ebac18759858b9669e55fcc0b21b730c32a9933f

SHA512
60ccd1e4dcda4502d46d5e8e9792cc553a8add11c95ffbeb016f90adc28a2a59ce9aa04faa2335657ffcab1637a6a19c634a3e675f7a158d91e81be0332a79a7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
283KB

MD5
64111d6d5982a978b5f08c722e985eb3

SHA1
6a17ac803c379a29af89086fde13f7cf0d2e5d1a

SHA256
3a8625e9ab4ec0c09679a1706343034cbe507ac54f552a9a749d3d18972dac7c

SHA512
edef06b914b720b056c8009dce360624c81560c2052eb6b9f48ff78532de44697ebd80be993cbfeeccbece136e7a250f55acea7f483a9a59474d87fa8d161442

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
312KB

MD5
4ff914a1d21c52411ba5f8c0b929745e

SHA1
d62496d802615b1401aa6a306d7da46725a010db

SHA256
7dc293606aa55759b02c7dafeec1804c7e4b905633cdbba21b688cce1a519c79

SHA512
1a33e90a8bffbc00538c931682ba1310acb2635d65d18e9ff70988f6f268f84d510449a1ac1516089fd06dbfb2ffc17a37182817a1cc4c0718b04b48b9eba327

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
326KB

MD5
b79ed2df0f82b6936ef99c182c4288ed

SHA1
af617814f956899b3364b37473f03d6b2ae49015

SHA256
dfa03e97050ee0bd2e7ebb117c0e47f7540a65bff82854188ea8a480abcd8e02

SHA512
c6fdb88759dffc93a8b9c692abf7be1f3e2cbd12efaec477b52832309f25ab1145c033d0fd2fbf0e4428c371effd7aee48aedb0ae02f12a1c29c70f1e405a895

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
275KB

MD5
775eacda59797dbb576f44bbc37fcd48

SHA1
fe5a3d72684e37d664094989f33d10cad938a7cb

SHA256
4782d2ea1919fd9e0d2163be40266f3dbc619c4548ea4ed9cfddd9d38652b65a

SHA512
540ba3acf8f6eff05db83f0647844ab584d1629511f55b930b1c35ba9b13d966c0053113a72219ac422bce787711ce8f2473e5442ea9ce38db6718c144f886d1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
164KB

MD5
3a417b502519c88379919fbfb6c04988

SHA1
836f18b9ab373ccd3a3a54cc0e5fe38b404abf03

SHA256
a81b8b934097bb83b6928083ed29675fcef271604f3e681ed8758fcb2ee00d3c

SHA512
cca4bcd301e487647f6ce1d813acb97fe7c87c1a18526906daa04a5bc59eda07ac0c4050b54396ebd96255795c63bc275a99e50b2635f0fad38258dbfe74ff18

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
141KB

MD5
f0310b345921fc4500a805c42c1c0508

SHA1
57dbe74d01e8bbc907fc143f40544ccefbcb6cc6

SHA256
d084072f6920bc138855292d829a01df538b50fc70cfe0fe07d0d1786253ec13

SHA512
a815d537663c092ccdaabae2df8d1eeba0afa000011dd5ee0564ffd47c602c4a11949b6045e4cc670afc83c709697cf7e321acb3f83facd894e6072ffb238561

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
55KB

MD5
3c2631ac62496edb1ed6b6d52a558868

SHA1
390a56f97e9a63d123652797f16b365b6aea1943

SHA256
0b033d7812f2c6b826a9834ef09e5ea2bec43a340e1ec00238f99e71423f1edc

SHA512
3a3369f723bb1d26cc8ba8408c9e4d0a09b0b4ee9bef19c183328925cf93ae9f0adca67792b08deac962b23c84ad0d12210fc3ebda2b8ff7fd2e0c0932a0ac0f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
120KB

MD5
849ba3b0704e33edbcb9af012f6b2150

SHA1
b7dafd5a0c8ea0172126940d21a351ff3698a019

SHA256
e8e74c50ca234b0efdabcb4f5bac4ef3cd8c34ef3c8cd02452c12c791674b0a0

SHA512
a01948d8d1a99ed0830644206bbca3eee0a3253127593be04d742c5359abb89d94b0fd4301c3a55710ce59bfd716591905a5846a315a1cb5f6997d963ebae92f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
160KB

MD5
72154748ffe15d28b174b542053598c2

SHA1
afdab3c1f443930186669dcd369767a584b5dd11

SHA256
3189a90cb936c00dc67eecfb694d7e738a9e22503c779a0960b75ec46f85f136

SHA512
1d3faa3e41a2baf1a97b1d9dff78a8556bda34637223d58c51399a3cf74d81cfa7953d70d8e67e8530bac29265bc5a6bf6f93dcd9cdf39830de782d6a40f255e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
171KB

MD5
87d4225611964ef4c64aa1e243dd5c79

SHA1
d61ca414fc899537bc604ba3fb505386161623c0

SHA256
bfd138dd20348532bca16997337bb01886576ffe7ae3cf79df9a45f5d7251d40

SHA512
beafc53060bd10977e9297f29f5c877a4ad827bbe132743fbcf7c82f96cfe67ec3024bea0c7f9b6625e83e78043dbd15a5ea00a8dfc18a5d45f89835e0e6c5fe

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
216KB

MD5
b595e8ce8c61dbccefc1ea9b6382e921

SHA1
fda23bb55c4a6bea92a567e97207e9a9a5f69fc5

SHA256
92e5348e2cd3c05a9b2d97412a88617ab6d3aa83d8ceaf2c72ee1a9da481b3ed

SHA512
167851855069a06c2723db31f95b60301b746e37a703c6c53d15913df0a4a9f450cc1702f27daa1e0f5ec498421559051634862abe46f22504a0e3879f950662

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
253KB

MD5
193f14cb55fa07133d3889dd063994f7

SHA1
26494fae6031e3c2c8308cc1afcfea1d5f2a63ec

SHA256
35f039be824dcddeb73ed2daddc634616fdc0bb76698f83f3504d4aab5d08c84

SHA512
d6fceecdf754a47133647397158a7f5a7599370f9004bcc10952c9e3b351d04a7c349e3c031f4df9c5582444068c9b5dced3deb3837f1e78f4a162667c275486

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
229KB

MD5
5cf700ec40531e8b6939cfafed29b0d4

SHA1
214dcf40ec74e30ddd1340a7e448f9f9a0113126

SHA256
7237c574db86d092f6f75fcf79f8d2fe41309798429db59e9bd7f0f64f4384df

SHA512
8530d3448f7506b8467d57945902c183f24d16e5a94fb9ea68cada509e9cf54155a48ab926d5178a826918eb34ef2a9cb7548cd68541a9b3d66b2d0335cad796

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
80KB

MD5
c6dbf4bbab0dc2c5c5e6a9c126556894

SHA1
5ee81e59c913b2debe1bd677e85cd4358388ce35

SHA256
7663432cad54b6ff5714250114fa9df327b2391175e2bcdab5c227160077cd32

SHA512
81470458164795c18dd454e074ec63162df10d18656e3b5c222a07ea66f423caef7d64f835ab1e38a1ce1b9b27b7fe88efb3c5b11ec160c5c4fdc7f49aa14738

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
244KB

MD5
eb8c25b93bb83b8d0a35fcffa0c17246

SHA1
3ce4eeb4d9f515a953d69fd2f6f031019063d8cf

SHA256
69832a1f01bb628260942cc0f45267b058242cf466f8dcb628e851660213536a

SHA512
4c54e37a49aed41ea15f3cf50a5562698d810bdb9241b1875a1b25a86623d7d5a5a7a849047ef4a0ea8b32b9a4585753661c1f294695e80e8d9fe0046070646f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
143KB

MD5
39aab5fb6d262861f72ce8fd1f223546

SHA1
e281b7dc95a07ada75c211dacad6811970042e99

SHA256
ab2411d62baff6341b01cd1ba20c4d3035fcacacbff25f98ca1b7299fb487a6a

SHA512
823dee82b5764e750e6feb7176b63b6ed40d9347ff918f3950a34b69301d2b2aaef2b403a7956336f116708329f76ab21c2ef79c7c4c97b4f6bebbe04e9060ab

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
241KB

MD5
e1f071533c3e74ff165d9d3802fb04e4

SHA1
7f5a783b0ae530df496539bd66ec13e79e0c47cd

SHA256
72556eba98ba391e30255746398fa5ba5a66c8800c81fd7d9a7033fd3fb2755d

SHA512
a1282c9c12a8d942a5068e37528882a5a530316e493556c6dc8c4323277f886382508e4490ae28cf898bf55f758d09fe69d7e90238bdd0b95875ea1746a746dc

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
257KB

MD5
ec86d2eed3919b866cf09cd2dd5753cc

SHA1
2c0047b9f1f399e6af9d476dd4d090cd739333f9

SHA256
db25b74c7da22448f4c5fc188d4618831e4d35bf057ad868e8a63437a308ec0c

SHA512
5c14d217af569d4151d1a661b27c7318401bcd923c70b916290590c825baab1b19abc6939ef0525d69da7fa9abc1f4381c4824bdf6233b8e0cc5dcf56c319a37

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
199KB

MD5
140d8ea59dbe32d11f2b4b54637013a2

SHA1
3211f7192ca01720a40c04383f8f93e78deebb2e

SHA256
f5dbb97fb11bf6abd8e3ff4bac6ff324ee82901579bbbb968f9bbf5ff7280da4

SHA512
6b4afec3c9afbf77f47e524e15a1d96d84378c658af765da9cd9bf38d0d4248f08ab7663450d1f2ed69dabd6c254566c5580a1935e21ed672632d1fd4ea78880

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
213KB

MD5
cc4de0a02d426210e48645d09b323f1c

SHA1
e77ff9683b8a87ae7f6ce772f91d2eb321b5f7d3

SHA256
e89508c669058fd52c90acc436366c8a438c7d3d3922ceb9956e773da6873ca6

SHA512
c4dc95ad55b99f5a50545fc029dece5e93be448e99f07f031c4bbb82911665ab581a92b62bc0e4ec983e0a3f9f5326ce51a6f0be81b20d48732fcc763155258d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
199KB

MD5
237700348dd92bccce8eb22ddd751881

SHA1
44e32e6b58de2087c98259df4a50e47acab16eda

SHA256
5801862aa69bb40cfbbe8780c74c5b0c85d6d9be7c58f259020678b31f498a15

SHA512
577c8ae04e6fc09bceb767873ff9e8017e3e365daa57bcf97604a3175560d938a297653ff76ab3ec5bdf9b19c3ebe6d0a183675d03bace9f9de84d2f481060c0

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
148KB

MD5
e24fcb148e70a0174ec3995f2ac815a5

SHA1
1abb4f6c751651abee0832ab59157c5efd0a2aca

SHA256
5b59965eef78cbca0e860afac0cb57fa594db12840e68761ab99e85e3ec65577

SHA512
71cd69e8eb070960726a4b9e9ce1a2b17e5bd132118ddec27c8e9dfbb7fbee73dbaae9bccbd965167e70e6cb6cc248c6fce79c1dfa2ac2567740e58491b07681

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
131KB

MD5
010018945632ed19b7d84d7bcb461ba6

SHA1
e966dcf17ded9770aa8edc349dc000574dbda4cb

SHA256
fa2397fc3ba9c1e88eb2d5eb420cce1689e852a18df98afc04a81b8e6f620bad

SHA512
6027b4ad7c55171424fa3767659544c8aceaa5c8e0577de8498deafb0a0e46ff2ee5d14ee3209055a24acb238f0edd4bf7e7372b0cea1940943aa43d29d406f5

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
168KB

MD5
7958b44a793d8a4e21ba8de62215db6b

SHA1
ee297392914be936ec85690883ef6438f82dda77

SHA256
30a983111da11fc7d1a07ea2fef803db7915fdbbf6b7ec42b57cf5ef088fbf29

SHA512
c6d8cee6634749e152ce5167ac395970cd79307b8f14538ded9b17bfe13a36aa941653abf6b636142d0d67b49058266cdedc231e1c50e3b2132cbc1070337f81

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
135KB

MD5
b81bb640af89972c685000d2f8129ff7

SHA1
b9318a0da1024022463d9354afd5e2a04c7d22d7

SHA256
c67172f0cf0a0de45ed6b30382f82c9d740b2171280da6094299f7c125d366af

SHA512
5126f39fa041a2dd70abfb88dfff967fb7a2e742285ab9527932822c5a41a0705327e6873f7a07ad87b3e311b383c20ad1a0780ba9f59edb5bad021688a48463

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
124KB

MD5
d6912c23acb4738eb328a2a51fbb0c91

SHA1
919e5584cd02d43248362ecd845ced729c2676da

SHA256
fafb22b84eb94df385b77fcc0665d73403fce5756e65057a54706cad6e762c66

SHA512
9d9c74391cd7505aa0a3e5d0e5b09f0bb6f8d4ad01a38e5b77d2b472201cedc026ee3c281251c557b5f3a60a0c1100d91e9d35f4e407e687ec44384de2d82a28

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
149KB

MD5
759a8a6ca1b81545c75ec5545936fc69

SHA1
145f5c70f021122f37d749aba7b9085a00e81bd2

SHA256
001ddacd0fe680a6080be27921b49d01fb4153437d718dd9f848f4ba12d79be1

SHA512
27422d05ff19c0cc18c8121d71f9a65379a0bd37fdb1f377e92482d673bafc1a3e7726b3525d9d8d4236dcc44683a9a7c2f5951ae879df1632c196515fdac61a

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
184KB

MD5
01647caf121ad3230a6fc427fe827d51

SHA1
7b1dbf8daf973265d0f072bb78dcc4e01bcb5506

SHA256
1bcb9b47c667ec6e94baee019c7c9e235316c3bd6f01ee7e2397cb1575b33dbb

SHA512
116f03bd1e108f56965ced00eb0bb7bc59465ce2171445ed23d699f2bfa37792c28cb5d214ea4ecb1cbb771346522872feff75656dd9ace1d4aade3092a88bbb

Download Submit
memory/3688-13403-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3688-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3688-5816-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download