Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-06-2024 15:08
Static task
static1
Behavioral task
behavioral1
Sample
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe
Resource
win10v2004-20240508-en
General
-
Target
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe
-
Size
80.9MB
-
MD5
1c0dc0579e549e8405d3648a0daef12d
-
SHA1
dd6246be90ee999c298e5346a9131ae89ec81565
-
SHA256
16de1c80ce70584212fde77a2f9149bddeb8a266820e74c34f0d8303c14609f8
-
SHA512
5646027558a51d7b4abbb413727b1f1cd47a3b1bb92f913842b413abb96efdecce0209a96de9ff90d08d58fa09b8cd67175f55490160f5a3d0ce2f3f7b522df3
-
SSDEEP
1572864:rATnjQ2ad/Hx7yhztovEmEMl9GOR32beFKbA4DD9eLcQob41:On+1R7QzCEvMlF/KRUsbi
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpW3DClient.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W3DClient = "\"C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe\"" TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W3DClient = "\"C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe\" /StartHidden" W3DClient.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Executes dropped EXE 4 IoCs
Processes:
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpTixeoOutlookPlugin.exeTixeoOutlookPlugin.tmpW3DClient.exepid process 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp 2864 TixeoOutlookPlugin.exe 1556 TixeoOutlookPlugin.tmp 3180 W3DClient.exe -
Loads dropped DLL 9 IoCs
Processes:
W3DClient.exepid process 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Processes:
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client" TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\Policy = "3" TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593} TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593} TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\AppName = "W3DClient.exe" TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp -
Modifies registry class 8 IoCs
Processes:
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpW3DClient.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\ = "URL:Tixeo Communication protocol" TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\URL Protocol TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell\Open\command TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell\Open TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell\Open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe %1" TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PromotedIconCache = "{D150BBDA-898C-4A21-B22C-BDED425EA9F3},{7820NR83-23R3-4229-82P1-R41PO67Q5O9P},{7820NR82-23R3-4229-82P1-R41PO67Q5O9P},{7820NR81-23R3-4229-82P1-R41PO67Q5O9P},{7820NR75-23R3-4229-82P1-R41PO67Q5O9P},{7820NR74-23R3-4229-82P1-R41PO67Q5O9P},{7820NR73-23R3-4229-82P1-R41PO67Q5O9P}" W3DClient.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpW3DClient.exepid process 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp 3180 W3DClient.exe 3180 W3DClient.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpW3DClient.exepid process 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe -
Suspicious use of SendNotifyMessage 4 IoCs
Processes:
W3DClient.exepid process 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe 3180 W3DClient.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
W3DClient.exepid process 3180 W3DClient.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exeTixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpTixeoOutlookPlugin.exedescription pid process target process PID 4592 wrote to memory of 4020 4592 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp PID 4592 wrote to memory of 4020 4592 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp PID 4592 wrote to memory of 4020 4592 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp PID 4020 wrote to memory of 2864 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp TixeoOutlookPlugin.exe PID 4020 wrote to memory of 2864 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp TixeoOutlookPlugin.exe PID 4020 wrote to memory of 2864 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp TixeoOutlookPlugin.exe PID 2864 wrote to memory of 1556 2864 TixeoOutlookPlugin.exe TixeoOutlookPlugin.tmp PID 2864 wrote to memory of 1556 2864 TixeoOutlookPlugin.exe TixeoOutlookPlugin.tmp PID 2864 wrote to memory of 1556 2864 TixeoOutlookPlugin.exe TixeoOutlookPlugin.tmp PID 4020 wrote to memory of 3180 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp W3DClient.exe PID 4020 wrote to memory of 3180 4020 TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp W3DClient.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe"C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp"C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp" /SL5="$120070,84175752,57856,C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe"2⤵
- Adds Run key to start application
- Executes dropped EXE
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe"C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe" /VERYSILENT /NORESTART /SUPPRESSMSGBOXES /LOG="C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookPlugin.log"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-AOOBA.tmp\TixeoOutlookPlugin.tmp"C:\Users\Admin\AppData\Local\Temp\is-AOOBA.tmp\TixeoOutlookPlugin.tmp" /SL5="$B005A,7983214,57856,C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe" /VERYSILENT /NORESTART /SUPPRESSMSGBOXES /LOG="C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookPlugin.log"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe"C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe" w3d%3A%2F%2Ftixeocloud.sec.orange%2Fmeet%2F3⤵
- Adds Run key to start application
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-AOOBA.tmp\TixeoOutlookPlugin.tmpFilesize
706KB
MD553267ddd5af9cadba53d9fc842430305
SHA1cdc08fe9629cd54c047022921d56c8dae897adea
SHA25636317779901eff781f19af2e538b712af6128ae3479ecc6c51d23063a94a4e93
SHA512ca182900b7135663ce39235fb22bf4a1a6e284f0f87b6053e7305f0a3e43d447b38c8808f1a61df4d7eb69f858b9d488e540bc2f12a6b06d18743d036cd99fb9
-
C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exeFilesize
7.9MB
MD59851bec28a2fe7c81888c11562c420f1
SHA164ae84d1fc0a4bad2a255d7fb9f93027deb9adf0
SHA2562e38fc9fe4d22c07e3f759654775aa3d549ad403e1b5289d0e07b151b2fde89f
SHA51284aa3d817cc566ed397c37577d94d692e3636bfaadac77e4ba20bcff031ad8f62b3d01a0f94271e0552325e8cf5408791c43aae02a82bf3a7e05db6b17366c56
-
C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmpFilesize
706KB
MD5c570d17bf317dfaa28d6107e30a5c33a
SHA1b965d8ea6a247c93bec868860e5e49d51f3aa41a
SHA256531b0231439389ed1ea9dc8ea307b355a9adf04c73b899bd5f7685ee75c7aa92
SHA51288e234ecfe54b5d5241bf9ad440298db5c85994fcb68021f3e8684be6db0b6ee848299e2c92ba0eefe4306eb6318e13034344f1de8153a0b56a9b50577e66b20
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\FMXStyle\Tixeo.styleFilesize
693KB
MD5f566675c424ef5c970db95bdc1122544
SHA1023d850f042237aa5e0e52f54ceb6394854d51ba
SHA256add992778228969e6a5e6cb0d37e900ef4b687a3dd711d1ad329272a9c4f9acb
SHA51298846c90bc2ce5af9d50e4571bcd41233cca225beda63aa7fdbbc6c642ff50cf71584a0d645baaa5e8849377de551950f40ca797b4b43aa360d2f2841ac93644
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\W3DClient.icoFilesize
14KB
MD5b1ac0ba9a872c5c8d3cd98da8cf2610c
SHA1ebca489f77d10f19646f09b272ff4b8f5c0250b0
SHA256e1baaedd65026ba814c3d1130ac1822f5b0401ec1087eb9806d6eaeb9d065227
SHA512f1a0c465f28fe0dc1da40008578afb133dee8307e69da6e77f3ec2cb0c53a7d1a2ef94fd44bac5f045e4ee7d4dbaa6d1657fb53b56e168b1452e079faaf8ce15
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\logo.pngFilesize
16KB
MD52969fe9eb4c6849f5b82f6e1341064b2
SHA1941020826c9812987a037e963eec8f903358f508
SHA256815bb4dbd19256de95f2ea72409bccecda3b66608a5df4f7c341b950a002c8cd
SHA5129ff36b49cd594ae4020e31a2784942d26accdd073c968be72a862a4b70961a466d0cd37d2a6cd200c0bbb7d42730bca967adbdba74289d4425cb769561b9a31d
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\logo_connection.pngFilesize
88KB
MD5a301240dd556b69dbe96a3548f1549d9
SHA18c14c8cff1318718d15f4499a4266b0576c0f739
SHA2560be2fc885c46a87989f3983bdfa4818ca1c9572585f024ef683dd5f4fd9d9f20
SHA51222e8140145c1ec7e5260649ffbc6beff66585787881cc00c32cd27032c18d6b186a77d31798413b13d54f1ae32be1062c6755d93fce56ca1ff81af1c46dcefb8
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixVideoCapture64.dllFilesize
856KB
MD55cd4a9fda43b696e906d45a49932de6c
SHA1ead765c10c6ada15366fca80bd812096b6c70f3f
SHA2561408ae76d5851596db247f5ba48270eba8719fc8945c76523dd99c2007402143
SHA512f2ef3e7844b072a553ef828098f7422d9e73acc9425be84d04bae1550df22fa6ce80fc24061b739222899fa85d9d056600ce4be7c6031c5597b7fc45121cb861
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixVoiceEngine64.dllFilesize
2.1MB
MD5059fa1187ff9eed92b5e69c127da5460
SHA1189456807b6d6c8a9fcea974235ba217890c5a66
SHA25614d5d785e4bb572f944529b4a7041897670a929669d86d2175cf371c88339072
SHA512fcc94c2c31bd9e81ef8ec392677751a8a31581749e01f4891c18cb96e68566586d60ffcfec8a2f2a8d9e377ebf4a415cdb6bc652950a5b4b717e993c8d8b87bd
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\VCRUNTIME140.dllFilesize
96KB
MD5297ed3dc0a70d18831c404207f0bbeec
SHA17bb96f36fbb4a45a4b0ac3d6006f2a7c3ed7586a
SHA2563129efefe22c6b1ca3975b5f336a66c6595ca01d2aac024d16456cb3a855af28
SHA512196dd8262eaf81ea637a278b94f9a173798a7ee5e96b6adcb95733080134be99f1d9ee81911af585a708e18418ffbf6c89e8d6b77313f6776b19241f1b3a5d7f
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\VCRUNTIME140_1.dllFilesize
37KB
MD5cd01126ceef33fc1ccaf080eb2456b0a
SHA19315febfd7253d348628c8a5ad61cddf1b758d8b
SHA256fc05184048aa5a21541a7156ad2b3b0d636f7276a5085d64cca34d6df2fc6fce
SHA512ddeeb996fc0febd9b247789b14bf652580398f2abe2eace9db5b638763e88c05715e57e6d90110ef2dbcdb0d3d824647acd487a222be965edaf5b011c219796d
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exeFilesize
37.4MB
MD5309fdd8e3e467bd507d0b0047d095046
SHA13429b3f7dd3e5bf3d8f5ef9e3486f6a3d54240f6
SHA256bfc2a6195ecfc6dfb5f8f7626e3ae4f0199a292032fbf083714c7e039f4d404b
SHA51259c71d95638364ac7fb80c7da98c165e4df137022ad8743454e979d9b19d91fa1d00b25eae53adf7e33b3f97c567f0c1918403e162d8157006011d1b50581798
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\WebView2Loader_x64.dllFilesize
138KB
MD517a22b6d75259d43a66bb876f17b29ee
SHA1fa0ab5df1a100d2395d5bc18cbb0e2a10b6823af
SHA256b8eed761e68d1d28c5c7621b4ac31bdc4ab2edb2395b84bf7b03c9e7b35c0908
SHA5125b9d1220fe6cf4497e046136c0491c64bf978caac8ae42a29dd1b0b3e47138039eac813601ccd569f9847c2b6c8f3e24dd6a2b68a9fb488277c3c9f4e082864d
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\libcrypto-3-x64.dllFilesize
4.7MB
MD560226f4d749f39412f4c6a31a80f9312
SHA1fa337d0cb02f1797c7bb8d069a1b06629cdfc7f9
SHA25680bdb06d9670d5ab1bef3db438c77ced55ff6f659cb6599b82ca7c18b0960dd7
SHA5120d73dbfbdb7d4c932471cc32d30f41d309eb2e6b8737a3a2059ec62eab4138a79f3ecc85fcdd672e0fbfd805cf17e30fa90c27ce254018b4e4ef054f9e392da6
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\libssl-3-x64.dllFilesize
726KB
MD54b18d47218662e4cd80318d2b7ed8d74
SHA125e7825b5d66069ef40f7164d1e53c5e16e96efb
SHA25648fb7e228ecaa8cee0589360fa2e9d7fd0109e99096df333cf212fcc681853c1
SHA5126c309a03c987d8dfc356760ef320071848fde54926f35f440ddc434b43f03da8c1e8002d3821e4ae9ecf0d0f7636d67d95287fccbf38a5e98ccd64e54a4085a7
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\sk4d.dllFilesize
19.0MB
MD59cc8f7e6b2760a85341dfe7b68e7685a
SHA123417d72e84cca2e73a1c2ae6f55f514d0481db7
SHA2560ff39c2b830ee8aa185b3e65ea54adb40781219455f2c375d68b80407ed8e7d2
SHA512502ac71f1e4e6f5148db634f94a4c2dada5b99a0558b12b2c1af06ad68113dfe8b1eb8021529b35158f0e7777229a8f8863abf81b9de09b14124649588b07193
-
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\tixeo_quic.x64.dllFilesize
2.3MB
MD5a4a1e90fe200c9d615d26784e3b71c41
SHA1d942e9c7186f350ebb460a0d75b5bb96ffbc31b9
SHA2563b4d909c511e5e06df0d802332d6088470d39e8c46325655453660e4a70cc0c9
SHA51212a3e5e2ffd5b9a259caa2c8462b639f6223eb9db853bb3f7bd0e0217f9ff938b81560f054ea2e3245a4da89a7f9275d84aa0b24f5396e5cabc59105edbf4422
-
C:\Users\Admin\AppData\Local\tixeoclient\config.iniFilesize
1KB
MD50ac1d5f17cf8576e1bd1c59431d37526
SHA15a14550518db0d44ac8e74159df250571a2ce64f
SHA25637274b024e77fc60a18239b3a2c57086f7292ad8b83acff8f46b5f18e0ff4bfa
SHA512738c20a8db12c76d34ec909878a969e028569008cbcdcc8531e130e693c111d5110f5ca7e6c4d9b0bb9ac8c85718f904a168d95d1deb8b480c4fe5e3008df14b
-
memory/1556-163-0x0000000000400000-0x00000000004BE000-memory.dmpFilesize
760KB
-
memory/1556-165-0x0000000000400000-0x00000000004BE000-memory.dmpFilesize
760KB
-
memory/2864-156-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/2864-153-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/2864-168-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/3180-207-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-210-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-217-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-216-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-212-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-204-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-205-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-206-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/3180-208-0x00000000002A0000-0x00000000028C2000-memory.dmpFilesize
38.1MB
-
memory/4020-181-0x0000000000400000-0x00000000004BE000-memory.dmpFilesize
760KB
-
memory/4020-6-0x0000000000400000-0x00000000004BE000-memory.dmpFilesize
760KB
-
memory/4592-0-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/4592-2-0x0000000000401000-0x000000000040C000-memory.dmpFilesize
44KB
-
memory/4592-184-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB