Analysis Overview
SHA256
16de1c80ce70584212fde77a2f9149bddeb8a266820e74c34f0d8303c14609f8
Threat Level: Shows suspicious behavior
The file TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 15:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 15:08
Reported
2024-06-18 15:11
Platform
win7-20240221-en
Max time kernel
149s
Max time network
121s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\W3DClient = "\"C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-2LUFQ.tmp\TixeoOutlookPlugin.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-FRQ43.tmp\TixeoOutlookPlugin.tmp | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-2LUFQ.tmp\TixeoOutlookPlugin.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593} | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\AppName = "W3DClient.exe" | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client" | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\w3d\shell\Open\command | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\w3d\shell | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\ProgID\ = "TixeoOutlookAddin.coTixeoOutlookAddin" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\Version | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\w3d | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\TixeoOutlookAddin.coTixeoOutlookAddin\Clsid | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\Version\ = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\w3d\shell\Open | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\TixeoOutlookAddin.coTixeoOutlookAddin\Clsid\ = "{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\TypeLib\ = "{DD7C8A60-77B9-4441-8898-F10682EDE59C}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\TixeoOutlookAddin.coTixeoOutlookAddin | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\TixeoOutlookAddin.coTixeoOutlookAddin\ = "coTixeoOutlookAddin Object" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\w3d\ = "URL:Tixeo Communication protocol" | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\w3d\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\w3d\shell\Open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe %1" | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\ = "coTixeoOutlookAddin Object" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000_CLASSES\Wow6432Node\CLSID\{49A05F6A-AB62-41F8-87CB-63AFA90AFE28}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\TIXEOS~1\\COMMUN~1\\Client\\TIXEOO~2.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-FRQ43.tmp\TixeoOutlookPlugin.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe
"C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe"
C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp
"C:\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp" /SL5="$50150,84175752,57856,C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe"
C:\Users\Admin\AppData\Local\Temp\is-2LUFQ.tmp\TixeoOutlookPlugin.exe
"C:\Users\Admin\AppData\Local\Temp\is-2LUFQ.tmp\TixeoOutlookPlugin.exe" /VERYSILENT /NORESTART /SUPPRESSMSGBOXES /LOG="C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookPlugin.log"
C:\Users\Admin\AppData\Local\Temp\is-FRQ43.tmp\TixeoOutlookPlugin.tmp
"C:\Users\Admin\AppData\Local\Temp\is-FRQ43.tmp\TixeoOutlookPlugin.tmp" /SL5="$301E8,7983214,57856,C:\Users\Admin\AppData\Local\Temp\is-2LUFQ.tmp\TixeoOutlookPlugin.exe" /VERYSILENT /NORESTART /SUPPRESSMSGBOXES /LOG="C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookPlugin.log"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookAddin.dll"
Network
Files
memory/2868-0-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2868-2-0x0000000000401000-0x000000000040C000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-V8OUU.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp
| MD5 | c570d17bf317dfaa28d6107e30a5c33a |
| SHA1 | b965d8ea6a247c93bec868860e5e49d51f3aa41a |
| SHA256 | 531b0231439389ed1ea9dc8ea307b355a9adf04c73b899bd5f7685ee75c7aa92 |
| SHA512 | 88e234ecfe54b5d5241bf9ad440298db5c85994fcb68021f3e8684be6db0b6ee848299e2c92ba0eefe4306eb6318e13034344f1de8153a0b56a9b50577e66b20 |
memory/2944-8-0x0000000000400000-0x00000000004BE000-memory.dmp
\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe
| MD5 | 309fdd8e3e467bd507d0b0047d095046 |
| SHA1 | 3429b3f7dd3e5bf3d8f5ef9e3486f6a3d54240f6 |
| SHA256 | bfc2a6195ecfc6dfb5f8f7626e3ae4f0199a292032fbf083714c7e039f4d404b |
| SHA512 | 59c71d95638364ac7fb80c7da98c165e4df137022ad8743454e979d9b19d91fa1d00b25eae53adf7e33b3f97c567f0c1918403e162d8157006011d1b50581798 |
C:\Users\Admin\AppData\Local\Temp\is-2LUFQ.tmp\TixeoOutlookPlugin.exe
| MD5 | 9851bec28a2fe7c81888c11562c420f1 |
| SHA1 | 64ae84d1fc0a4bad2a255d7fb9f93027deb9adf0 |
| SHA256 | 2e38fc9fe4d22c07e3f759654775aa3d549ad403e1b5289d0e07b151b2fde89f |
| SHA512 | 84aa3d817cc566ed397c37577d94d692e3636bfaadac77e4ba20bcff031ad8f62b3d01a0f94271e0552325e8cf5408791c43aae02a82bf3a7e05db6b17366c56 |
memory/288-159-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-FRQ43.tmp\TixeoOutlookPlugin.tmp
| MD5 | 53267ddd5af9cadba53d9fc842430305 |
| SHA1 | cdc08fe9629cd54c047022921d56c8dae897adea |
| SHA256 | 36317779901eff781f19af2e538b712af6128ae3479ecc6c51d23063a94a4e93 |
| SHA512 | ca182900b7135663ce39235fb22bf4a1a6e284f0f87b6053e7305f0a3e43d447b38c8808f1a61df4d7eb69f858b9d488e540bc2f12a6b06d18743d036cd99fb9 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\unins000.dat
| MD5 | 28bc1157520b0771b22d7667ab73cc97 |
| SHA1 | 2430447191c8ccdb1d892fbfbd337d4961e13447 |
| SHA256 | bc01eddec272f067c37016c25f8615d2404c3aca5a6fe163dad4499d3e53b7ab |
| SHA512 | 1f40c80240f42d8f1d3d9957724966060dee39a4d2963c076a362b419d7e8c0fc7a40a837be157b6720b0195913db0fc6eca295285dff8059be192ff95230112 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookAddin.dll
| MD5 | 06c21c84c98d10f08a45bb2cf7ea1660 |
| SHA1 | cfe491396f8caa2d2375d9564d47919ef4526c5c |
| SHA256 | 0e31c9925fafd5aeb4e4e0e992fcb895b3098afc1e77c25ac875d4365124c7c5 |
| SHA512 | e570557c2971627dbdad469ec6aa29490fb38255b872a564494f13d01a602e6419e91f367dbea47314f4056e765fd9225741dfcc43319af9d76ea9661ad34475 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookAddin.ini
| MD5 | 70da425f8aac14b1484047edb83e60e8 |
| SHA1 | 69d09199af5a5ba4ed4e1d59432fec784d5271e4 |
| SHA256 | 258d4ad31457b1c117b248b6ba0dd1c44ba6ad0a0839623ced45ce15ebbd0a7f |
| SHA512 | a9cf352b79a8f38f03a781bf55a94e2c1344e1de55e9ea21e736ad436d7452f8349a64fec3b46e7ddc1d11f5fa3ecc80329b5b4e1da702680e9c2223e57943d2 |
memory/2868-191-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2944-192-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/288-193-0x0000000000400000-0x0000000000415000-memory.dmp
memory/644-194-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/1920-195-0x0000000072DC0000-0x0000000073993000-memory.dmp
memory/2944-202-0x0000000000400000-0x00000000004BE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 15:08
Reported
2024-06-18 15:11
Platform
win10v2004-20240508-en
Max time kernel
151s
Max time network
152s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W3DClient = "\"C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\W3DClient = "\"C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe\" /StartHidden" | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-AOOBA.tmp\TixeoOutlookPlugin.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client" | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593} | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593} | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA9F442A-C8E1-11DC-8404-C59755D89593}\AppName = "W3DClient.exe" | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\ = "URL:Tixeo Communication protocol" | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell\Open\command | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell\Open | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\w3d\shell\Open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Tixeo Soft\\Communication\\Client\\W3DClient.exe %1" | C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PromotedIconCache = "{D150BBDA-898C-4A21-B22C-BDED425EA9F3},{7820NR83-23R3-4229-82P1-R41PO67Q5O9P},{7820NR82-23R3-4229-82P1-R41PO67Q5O9P},{7820NR81-23R3-4229-82P1-R41PO67Q5O9P},{7820NR75-23R3-4229-82P1-R41PO67Q5O9P},{7820NR74-23R3-4229-82P1-R41PO67Q5O9P},{7820NR73-23R3-4229-82P1-R41PO67Q5O9P}" | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe
"C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe"
C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp" /SL5="$120070,84175752,57856,C:\Users\Admin\AppData\Local\Temp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.exe"
C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe
"C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe" /VERYSILENT /NORESTART /SUPPRESSMSGBOXES /LOG="C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookPlugin.log"
C:\Users\Admin\AppData\Local\Temp\is-AOOBA.tmp\TixeoOutlookPlugin.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AOOBA.tmp\TixeoOutlookPlugin.tmp" /SL5="$B005A,7983214,57856,C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe" /VERYSILENT /NORESTART /SUPPRESSMSGBOXES /LOG="C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixeoOutlookPlugin.log"
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe
"C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe" w3d%3A%2F%2Ftixeocloud.sec.orange%2Fmeet%2F
Network
Files
memory/4592-0-0x0000000000400000-0x0000000000415000-memory.dmp
memory/4592-2-0x0000000000401000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-VQ4NG.tmp\TixeoClientW3D_dzNkJTNBJTJGJTJGdGl4ZW9jbG91ZC5zZWMub3JhbmdlJTJGbWVldCUyRg_custom.tmp
| MD5 | c570d17bf317dfaa28d6107e30a5c33a |
| SHA1 | b965d8ea6a247c93bec868860e5e49d51f3aa41a |
| SHA256 | 531b0231439389ed1ea9dc8ea307b355a9adf04c73b899bd5f7685ee75c7aa92 |
| SHA512 | 88e234ecfe54b5d5241bf9ad440298db5c85994fcb68021f3e8684be6db0b6ee848299e2c92ba0eefe4306eb6318e13034344f1de8153a0b56a9b50577e66b20 |
memory/4020-6-0x0000000000400000-0x00000000004BE000-memory.dmp
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\W3DClient.exe
| MD5 | 309fdd8e3e467bd507d0b0047d095046 |
| SHA1 | 3429b3f7dd3e5bf3d8f5ef9e3486f6a3d54240f6 |
| SHA256 | bfc2a6195ecfc6dfb5f8f7626e3ae4f0199a292032fbf083714c7e039f4d404b |
| SHA512 | 59c71d95638364ac7fb80c7da98c165e4df137022ad8743454e979d9b19d91fa1d00b25eae53adf7e33b3f97c567f0c1918403e162d8157006011d1b50581798 |
C:\Users\Admin\AppData\Local\Temp\is-EH9J7.tmp\TixeoOutlookPlugin.exe
| MD5 | 9851bec28a2fe7c81888c11562c420f1 |
| SHA1 | 64ae84d1fc0a4bad2a255d7fb9f93027deb9adf0 |
| SHA256 | 2e38fc9fe4d22c07e3f759654775aa3d549ad403e1b5289d0e07b151b2fde89f |
| SHA512 | 84aa3d817cc566ed397c37577d94d692e3636bfaadac77e4ba20bcff031ad8f62b3d01a0f94271e0552325e8cf5408791c43aae02a82bf3a7e05db6b17366c56 |
memory/2864-156-0x0000000000400000-0x0000000000415000-memory.dmp
memory/2864-153-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-AOOBA.tmp\TixeoOutlookPlugin.tmp
| MD5 | 53267ddd5af9cadba53d9fc842430305 |
| SHA1 | cdc08fe9629cd54c047022921d56c8dae897adea |
| SHA256 | 36317779901eff781f19af2e538b712af6128ae3479ecc6c51d23063a94a4e93 |
| SHA512 | ca182900b7135663ce39235fb22bf4a1a6e284f0f87b6053e7305f0a3e43d447b38c8808f1a61df4d7eb69f858b9d488e540bc2f12a6b06d18743d036cd99fb9 |
memory/1556-163-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/1556-165-0x0000000000400000-0x00000000004BE000-memory.dmp
memory/2864-168-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\tixeo_quic.x64.dll
| MD5 | a4a1e90fe200c9d615d26784e3b71c41 |
| SHA1 | d942e9c7186f350ebb460a0d75b5bb96ffbc31b9 |
| SHA256 | 3b4d909c511e5e06df0d802332d6088470d39e8c46325655453660e4a70cc0c9 |
| SHA512 | 12a3e5e2ffd5b9a259caa2c8462b639f6223eb9db853bb3f7bd0e0217f9ff938b81560f054ea2e3245a4da89a7f9275d84aa0b24f5396e5cabc59105edbf4422 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\VCRUNTIME140.dll
| MD5 | 297ed3dc0a70d18831c404207f0bbeec |
| SHA1 | 7bb96f36fbb4a45a4b0ac3d6006f2a7c3ed7586a |
| SHA256 | 3129efefe22c6b1ca3975b5f336a66c6595ca01d2aac024d16456cb3a855af28 |
| SHA512 | 196dd8262eaf81ea637a278b94f9a173798a7ee5e96b6adcb95733080134be99f1d9ee81911af585a708e18418ffbf6c89e8d6b77313f6776b19241f1b3a5d7f |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\VCRUNTIME140_1.dll
| MD5 | cd01126ceef33fc1ccaf080eb2456b0a |
| SHA1 | 9315febfd7253d348628c8a5ad61cddf1b758d8b |
| SHA256 | fc05184048aa5a21541a7156ad2b3b0d636f7276a5085d64cca34d6df2fc6fce |
| SHA512 | ddeeb996fc0febd9b247789b14bf652580398f2abe2eace9db5b638763e88c05715e57e6d90110ef2dbcdb0d3d824647acd487a222be965edaf5b011c219796d |
memory/4020-181-0x0000000000400000-0x00000000004BE000-memory.dmp
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\WebView2Loader_x64.dll
| MD5 | 17a22b6d75259d43a66bb876f17b29ee |
| SHA1 | fa0ab5df1a100d2395d5bc18cbb0e2a10b6823af |
| SHA256 | b8eed761e68d1d28c5c7621b4ac31bdc4ab2edb2395b84bf7b03c9e7b35c0908 |
| SHA512 | 5b9d1220fe6cf4497e046136c0491c64bf978caac8ae42a29dd1b0b3e47138039eac813601ccd569f9847c2b6c8f3e24dd6a2b68a9fb488277c3c9f4e082864d |
memory/4592-184-0x0000000000400000-0x0000000000415000-memory.dmp
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\sk4d.dll
| MD5 | 9cc8f7e6b2760a85341dfe7b68e7685a |
| SHA1 | 23417d72e84cca2e73a1c2ae6f55f514d0481db7 |
| SHA256 | 0ff39c2b830ee8aa185b3e65ea54adb40781219455f2c375d68b80407ed8e7d2 |
| SHA512 | 502ac71f1e4e6f5148db634f94a4c2dada5b99a0558b12b2c1af06ad68113dfe8b1eb8021529b35158f0e7777229a8f8863abf81b9de09b14124649588b07193 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixVoiceEngine64.dll
| MD5 | 059fa1187ff9eed92b5e69c127da5460 |
| SHA1 | 189456807b6d6c8a9fcea974235ba217890c5a66 |
| SHA256 | 14d5d785e4bb572f944529b4a7041897670a929669d86d2175cf371c88339072 |
| SHA512 | fcc94c2c31bd9e81ef8ec392677751a8a31581749e01f4891c18cb96e68566586d60ffcfec8a2f2a8d9e377ebf4a415cdb6bc652950a5b4b717e993c8d8b87bd |
C:\Users\Admin\AppData\Local\tixeoclient\config.ini
| MD5 | 0ac1d5f17cf8576e1bd1c59431d37526 |
| SHA1 | 5a14550518db0d44ac8e74159df250571a2ce64f |
| SHA256 | 37274b024e77fc60a18239b3a2c57086f7292ad8b83acff8f46b5f18e0ff4bfa |
| SHA512 | 738c20a8db12c76d34ec909878a969e028569008cbcdcc8531e130e693c111d5110f5ca7e6c4d9b0bb9ac8c85718f904a168d95d1deb8b480c4fe5e3008df14b |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\libssl-3-x64.dll
| MD5 | 4b18d47218662e4cd80318d2b7ed8d74 |
| SHA1 | 25e7825b5d66069ef40f7164d1e53c5e16e96efb |
| SHA256 | 48fb7e228ecaa8cee0589360fa2e9d7fd0109e99096df333cf212fcc681853c1 |
| SHA512 | 6c309a03c987d8dfc356760ef320071848fde54926f35f440ddc434b43f03da8c1e8002d3821e4ae9ecf0d0f7636d67d95287fccbf38a5e98ccd64e54a4085a7 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\TixVideoCapture64.dll
| MD5 | 5cd4a9fda43b696e906d45a49932de6c |
| SHA1 | ead765c10c6ada15366fca80bd812096b6c70f3f |
| SHA256 | 1408ae76d5851596db247f5ba48270eba8719fc8945c76523dd99c2007402143 |
| SHA512 | f2ef3e7844b072a553ef828098f7422d9e73acc9425be84d04bae1550df22fa6ce80fc24061b739222899fa85d9d056600ce4be7c6031c5597b7fc45121cb861 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\libcrypto-3-x64.dll
| MD5 | 60226f4d749f39412f4c6a31a80f9312 |
| SHA1 | fa337d0cb02f1797c7bb8d069a1b06629cdfc7f9 |
| SHA256 | 80bdb06d9670d5ab1bef3db438c77ced55ff6f659cb6599b82ca7c18b0960dd7 |
| SHA512 | 0d73dbfbdb7d4c932471cc32d30f41d309eb2e6b8737a3a2059ec62eab4138a79f3ecc85fcdd672e0fbfd805cf17e30fa90c27ce254018b4e4ef054f9e392da6 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\FMXStyle\Tixeo.style
| MD5 | f566675c424ef5c970db95bdc1122544 |
| SHA1 | 023d850f042237aa5e0e52f54ceb6394854d51ba |
| SHA256 | add992778228969e6a5e6cb0d37e900ef4b687a3dd711d1ad329272a9c4f9acb |
| SHA512 | 98846c90bc2ce5af9d50e4571bcd41233cca225beda63aa7fdbbc6c642ff50cf71584a0d645baaa5e8849377de551950f40ca797b4b43aa360d2f2841ac93644 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\logo_connection.png
| MD5 | a301240dd556b69dbe96a3548f1549d9 |
| SHA1 | 8c14c8cff1318718d15f4499a4266b0576c0f739 |
| SHA256 | 0be2fc885c46a87989f3983bdfa4818ca1c9572585f024ef683dd5f4fd9d9f20 |
| SHA512 | 22e8140145c1ec7e5260649ffbc6beff66585787881cc00c32cd27032c18d6b186a77d31798413b13d54f1ae32be1062c6755d93fce56ca1ff81af1c46dcefb8 |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\logo.png
| MD5 | 2969fe9eb4c6849f5b82f6e1341064b2 |
| SHA1 | 941020826c9812987a037e963eec8f903358f508 |
| SHA256 | 815bb4dbd19256de95f2ea72409bccecda3b66608a5df4f7c341b950a002c8cd |
| SHA512 | 9ff36b49cd594ae4020e31a2784942d26accdd073c968be72a862a4b70961a466d0cd37d2a6cd200c0bbb7d42730bca967adbdba74289d4425cb769561b9a31d |
C:\Users\Admin\AppData\Local\Tixeo Soft\Communication\Client\Res\W3DClient.ico
| MD5 | b1ac0ba9a872c5c8d3cd98da8cf2610c |
| SHA1 | ebca489f77d10f19646f09b272ff4b8f5c0250b0 |
| SHA256 | e1baaedd65026ba814c3d1130ac1822f5b0401ec1087eb9806d6eaeb9d065227 |
| SHA512 | f1a0c465f28fe0dc1da40008578afb133dee8307e69da6e77f3ec2cb0c53a7d1a2ef94fd44bac5f045e4ee7d4dbaa6d1657fb53b56e168b1452e079faaf8ce15 |
memory/3180-204-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-205-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-206-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-207-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-208-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-210-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-212-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-216-0x00000000002A0000-0x00000000028C2000-memory.dmp
memory/3180-217-0x00000000002A0000-0x00000000028C2000-memory.dmp