Resubmissions

27/01/2025, 14:59

250127-sctqtavkek 7

27/01/2025, 14:49

250127-r7d36stlct 7

27/01/2025, 14:44

250127-r4aatatjgz 7

Analysis

  • max time kernel
    105s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2025, 14:49

General

  • Target

    Launcher_2.1.7z

  • Size

    29.1MB

  • MD5

    8b24346a2a00a1e1a3d8c1e4e3196020

  • SHA1

    fb12856a86a4b9741d0f98a4a825481006782940

  • SHA256

    2005cfa70fa71d071b02f428679c3c7fa65f76f2133239f0de26a2843cc5d877

  • SHA512

    c58b927c3b4c75d9c94d52115848e4e317a3bec4b02df8173e6006488314e6f2a1e93d2a469f486ee5b536e9705b3a04f3cd0ce0e607c76b00722c4858160221

  • SSDEEP

    786432:2O90uRCnCyZ5YFewr/Yrx6tnQ1qnrHafvEKSP:2iReCa5SewrsYtnprr

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 19 IoCs
  • Loads dropped DLL 16 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Launcher_2.1.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4940
  • C:\Windows\System32\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\setup.msi"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2784
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1208
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 9634D9D490DDA48B0132FBAB3FE9FA87
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4240
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\UnRar.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\UnRar.exe" x -p156427613t -o+ "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\iwhgjds.rar" "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\"
      2⤵
      • Executes dropped EXE
      PID:2136
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\obs-ffmpeg-mux.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\obs-ffmpeg-mux.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3976
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1148
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      2⤵
      • Executes dropped EXE
      PID:656
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:828
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" a -i#7zMap26899:8236:7zEvent30664 -t7z -sae -- "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\Kowi SApp.7z"
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:3976
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:3044
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:780
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:2912
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:1520
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:2248
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:2612
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:4828
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:4308
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:1076
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:496
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:3928
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:3920
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:3472
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:2000
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:3860
    • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe
      "C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe"
      1⤵
      • Executes dropped EXE
      PID:4880

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Config.Msi\e57fa32.rbs

            Filesize

            19KB

            MD5

            8d65ae6d72185505452387b3d8a172f6

            SHA1

            e25d8cbe0a468c49d01b75226fe4891f3162bbe1

            SHA256

            960a409e24c89e515ea29807027dde2053e2332d9aef9f2e4d9de3c1ecef00ce

            SHA512

            8c782bff92ae28d1540d2952ee04dca9888adeae7bd1adf59477c331ff5ea282bbe8ca46ce36f1d8473f3aeaf64f8642dfd28ebb1914a03977df842e3d8b4d4a

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\UnRar.exe

            Filesize

            494KB

            MD5

            98ccd44353f7bc5bad1bc6ba9ae0cd68

            SHA1

            76a4e5bf8d298800c886d29f85ee629e7726052d

            SHA256

            e51021f6cb20efbd2169f2a2da10ce1abca58b4f5f30fbf4bae931e4ecaac99b

            SHA512

            d6e8146a1055a59cba5e2aaf47f6cb184acdbe28e42ec3daebf1961a91cec5904554d9d433ebf943dd3639c239ef11560fa49f00e1cff02e11cd8d3506c4125f

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-console-l1-1-0.dll

            Filesize

            11KB

            MD5

            919e653868a3d9f0c9865941573025df

            SHA1

            eff2d4ff97e2b8d7ed0e456cb53b74199118a2e2

            SHA256

            2afbfa1d77969d0f4cee4547870355498d5c1da81d241e09556d0bd1d6230f8c

            SHA512

            6aec9d7767eb82ebc893ebd97d499debff8da130817b6bb4bcb5eb5de1b074898f87db4f6c48b50052d4f8a027b3a707cad9d7ed5837a6dd9b53642b8a168932

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-console-l1-2-0.dll

            Filesize

            11KB

            MD5

            7676560d0e9bc1ee9502d2f920d2892f

            SHA1

            4a7a7a99900e41ff8a359ca85949acd828ddb068

            SHA256

            00942431c2d3193061c7f4dc340e8446bfdbf792a7489f60349299dff689c2f9

            SHA512

            f1e8db9ad44cd1aa991b9ed0e000c58978eb60b3b7d9908b6eb78e8146e9e12590b0014fc4a97bc490ffe378c0bf59a6e02109bfd8a01c3b6d0d653a5b612d15

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-datetime-l1-1-0.dll

            Filesize

            11KB

            MD5

            ac51e3459e8fce2a646a6ad4a2e220b9

            SHA1

            60cf810b7ad8f460d0b8783ce5e5bbcd61c82f1a

            SHA256

            77577f35d3a61217ea70f21398e178f8749455689db52a2b35a85f9b54c79638

            SHA512

            6239240d4f4fa64fc771370fb25a16269f91a59a81a99a6a021b8f57ca93d6bb3b3fcecc8dede0ef7914652a2c85d84d774f13a4143536a3f986487a776a2eae

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-debug-l1-1-0.dll

            Filesize

            11KB

            MD5

            b0e0678ddc403effc7cdc69ae6d641fb

            SHA1

            c1a4ce4ded47740d3518cd1ff9e9ce277d959335

            SHA256

            45e48320abe6e3c6079f3f6b84636920a367989a88f9ba6847f88c210d972cf1

            SHA512

            2badf761a0614d09a60d0abb6289ebcbfa3bf69425640eb8494571afd569c8695ae20130aac0e1025e8739d76a9bff2efc9b4358b49efe162b2773be9c3e2ad4

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-errorhandling-l1-1-0.dll

            Filesize

            11KB

            MD5

            94788729c9e7b9c888f4e323a27ab548

            SHA1

            b0ba0c4cf1d8b2b94532aa1880310f28e87756ec

            SHA256

            accdd7455fb6d02fe298b987ad412e00d0b8e6f5fb10b52826367e7358ae1187

            SHA512

            ab65495b1d0dd261f2669e04dc18a8da8f837b9ac622fc69fde271ff5e6aa958b1544edd8988f017d3dd83454756812c927a7702b1ed71247e506530a11f21c6

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-file-l1-1-0.dll

            Filesize

            14KB

            MD5

            580d9ea2308fc2d2d2054a79ea63227c

            SHA1

            04b3f21cbba6d59a61cd839ae3192ea111856f65

            SHA256

            7cb0396229c3da434482a5ef929d3a2c392791712242c9693f06baa78948ef66

            SHA512

            97c1d3f4f9add03f21c6b3517e1d88d1bf9a8733d7bdca1aecba9e238d58ff35780c4d865461cc7cd29e9480b3b3b60864abb664dcdc6f691383d0b281c33369

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-file-l1-2-0.dll

            Filesize

            11KB

            MD5

            35bc1f1c6fbccec7eb8819178ef67664

            SHA1

            bbcad0148ff008e984a75937aaddf1ef6fda5e0c

            SHA256

            7a3c5167731238cf262f749aa46ab3bfb2ae1b22191b76e28e1d7499d28c24b7

            SHA512

            9ab9b5b12215e57af5b3c588ed5003d978071dc591ed18c78c4563381a132edb7b2c508a8b75b4f1ed8823118d23c88eda453cd4b42b9020463416f8f6832a3d

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-file-l2-1-0.dll

            Filesize

            11KB

            MD5

            3bf4406de02aa148f460e5d709f4f67d

            SHA1

            89b28107c39bb216da00507ffd8adb7838d883f6

            SHA256

            349a79fa1572e3538dfbb942610d8c47d03e8a41b98897bc02ec7e897d05237e

            SHA512

            5ff6e8ad602d9e31ac88e06a6fbb54303c57d011c388f46d957aee8cd3b7d7cced8b6bfa821ff347ade62f7359acb1fba9ee181527f349c03d295bdb74efbace

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-handle-l1-1-0.dll

            Filesize

            11KB

            MD5

            bbafa10627af6dfae5ed6e4aeae57b2a

            SHA1

            3094832b393416f212db9107add80a6e93a37947

            SHA256

            c78a1217f8dcb157d1a66b80348da48ebdbbedcea1d487fc393191c05aad476d

            SHA512

            d5fcba2314ffe7ff6e8b350d65a2cdd99ca95ea36b71b861733bc1ed6b6bb4d85d4b1c4c4de2769fbf90d4100b343c250347d9ed1425f4a6c3fe6a20aed01f17

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-heap-l1-1-0.dll

            Filesize

            11KB

            MD5

            3a4b6b36470bad66621542f6d0d153ab

            SHA1

            5005454ba8e13bac64189c7a8416ecc1e3834dc6

            SHA256

            2e981ee04f35c0e0b7c58282b70dcc9fc0318f20f900607dae7a0d40b36e80af

            SHA512

            84b00167abe67f6b58341045012723ef4839c1dfc0d8f7242370c4ad9fabbe4feefe73f9c6f7953eae30422e0e743dc62503a0e8f7449e11c5820f2dfca89294

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-interlocked-l1-1-0.dll

            Filesize

            11KB

            MD5

            a038716d7bbd490378b26642c0c18e94

            SHA1

            29cd67219b65339b637a1716a78221915ceb4370

            SHA256

            b02324c49dd039fa889b4647331aa9ac65e5adc0cc06b26f9f086e2654ff9f08

            SHA512

            43cb12d715dda4dcdb131d99127417a71a16e4491bc2d5723f63a1c6dfabe578553bc9dc8cf8effae4a6be3e65422ec82079396e9a4d766bf91681bdbd7837b1

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-libraryloader-l1-1-0.dll

            Filesize

            12KB

            MD5

            d75144fcb3897425a855a270331e38c9

            SHA1

            132c9ade61d574aa318e835eb78c4cccddefdea2

            SHA256

            08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f

            SHA512

            295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-localization-l1-2-0.dll

            Filesize

            13KB

            MD5

            8acb83d102dabd9a5017a94239a2b0c6

            SHA1

            9b43a40a7b498e02f96107e1524fe2f4112d36ae

            SHA256

            059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413

            SHA512

            b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-memory-l1-1-0.dll

            Filesize

            11KB

            MD5

            808f1cb8f155e871a33d85510a360e9e

            SHA1

            c6251abff887789f1f4fc6b9d85705788379d149

            SHA256

            dadbd2204b015e81f94c537ac7a36cd39f82d7c366c193062210c7288baa19e3

            SHA512

            441f36ca196e1c773fadf17a0f64c2bbdc6af22b8756a4a576e6b8469b4267e942571a0ae81f4b2230b8de55702f2e1260e8d0afd5447f2ea52f467f4caa9bc6

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-namedpipe-l1-1-0.dll

            Filesize

            11KB

            MD5

            cff476bb11cc50c41d8d3bf5183d07ec

            SHA1

            71e0036364fd49e3e535093e665f15e05a3bde8f

            SHA256

            b57e70798af248f91c8c46a3f3b2952effae92ca8ef9640c952467bc6726f363

            SHA512

            7a87e4ee08169e9390d0dfe607e9a220dc7963f9b4c2cdc2f8c33d706e90dc405fbee00ddc4943794fb502d9882b21faae3486bc66b97348121ae665ae58b01c

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-processenvironment-l1-1-0.dll

            Filesize

            12KB

            MD5

            f43286b695326fc0c20704f0eebfdea6

            SHA1

            3e0189d2a1968d7f54e721b1c8949487ef11b871

            SHA256

            aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43

            SHA512

            6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-processthreads-l1-1-0.dll

            Filesize

            13KB

            MD5

            e173f3ab46096482c4361378f6dcb261

            SHA1

            7922932d87d3e32ce708f071c02fb86d33562530

            SHA256

            c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14

            SHA512

            3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-processthreads-l1-1-1.dll

            Filesize

            11KB

            MD5

            9c9b50b204fcb84265810ef1f3c5d70a

            SHA1

            0913ab720bd692abcdb18a2609df6a7f85d96db3

            SHA256

            25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40

            SHA512

            ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-profile-l1-1-0.dll

            Filesize

            10KB

            MD5

            0233f97324aaaa048f705d999244bc71

            SHA1

            5427d57d0354a103d4bb8b655c31e3189192fc6a

            SHA256

            42f4e84073cf876bbab9dd42fd87124a4ba10bb0b59d2c3031cb2b2da7140594

            SHA512

            8339f3c0d824204b541aecbd5ad0d72b35eaf6717c3f547e0fd945656bcb2d52e9bd645e14893b3f599ed8f2de6d3bcbebf3b23ed43203599af7afa5a4000311

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-rtlsupport-l1-1-0.dll

            Filesize

            11KB

            MD5

            e1ba66696901cf9b456559861f92786e

            SHA1

            d28266c7ede971dc875360eb1f5ea8571693603e

            SHA256

            02d987eba4a65509a2df8ed5dd0b1a0578966e624fcf5806614ece88a817499f

            SHA512

            08638a0dd0fb6125f4ab56e35d707655f48ae1aa609004329a0e25c13d2e71cb3edb319726f10b8f6d70a99f1e0848b229a37a9ab5427bfee69cd890edfb89d2

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-string-l1-1-0.dll

            Filesize

            11KB

            MD5

            7a15b909b6b11a3be6458604b2ff6f5e

            SHA1

            0feb824d22b6beeb97bce58225688cb84ac809c7

            SHA256

            9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234

            SHA512

            d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-synch-l1-1-0.dll

            Filesize

            13KB

            MD5

            6c3fcd71a6a1a39eab3e5c2fd72172cd

            SHA1

            15b55097e54028d1466e46febca1dbb8dbefea4f

            SHA256

            a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26

            SHA512

            ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-synch-l1-2-0.dll

            Filesize

            11KB

            MD5

            d175430eff058838cee2e334951f6c9c

            SHA1

            7f17fbdcef12042d215828c1d6675e483a4c62b1

            SHA256

            1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a

            SHA512

            6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-sysinfo-l1-1-0.dll

            Filesize

            12KB

            MD5

            9d43b5e3c7c529425edf1183511c29e4

            SHA1

            07ce4b878c25b2d9d1c48c462f1623ae3821fcef

            SHA256

            19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328

            SHA512

            c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-timezone-l1-1-0.dll

            Filesize

            11KB

            MD5

            43e1ae2e432eb99aa4427bb68f8826bb

            SHA1

            eee1747b3ade5a9b985467512215caf7e0d4cb9b

            SHA256

            3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c

            SHA512

            40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-core-util-l1-1-0.dll

            Filesize

            11KB

            MD5

            735636096b86b761da49ef26a1c7f779

            SHA1

            e51ffbddbf63dde1b216dccc753ad810e91abc58

            SHA256

            5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3

            SHA512

            3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\api-ms-win-crt-conio-l1-1-0.dll

            Filesize

            12KB

            MD5

            031dc390780ac08f498e82a5604ef1eb

            SHA1

            cf23d59674286d3dc7a3b10cd8689490f583f15f

            SHA256

            b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede

            SHA512

            1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\avcodec-60.dll

            Filesize

            35.6MB

            MD5

            32f56f3e644c4ac8c258022c93e62765

            SHA1

            06dff5904ebbf69551dfa9f92e6cc2ffa9679ba1

            SHA256

            85af2fb4836145098423e08218ac381110a6519cb559ff6fc7648ba310704315

            SHA512

            cae2b9e40ff71ddaf76a346c20028867439b5726a16ae1ad5e38e804253dfcf6ed0741095a619d0999728d953f2c375329e86b8de4a0fce55a8cdc13946d5ad8

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\avformat-60.dll

            Filesize

            4.9MB

            MD5

            01589e66d46abcd9acb739da4b542ce4

            SHA1

            6bf1bd142df68fa39ef26e2cae82450fed03ecb6

            SHA256

            9bb4a5f453da85acd26c35969c049592a71a7ef3060bfa4eb698361f2edb37a3

            SHA512

            0527af5c1e7a5017e223b3cc0343ed5d42ec236d53eca30d6decceb2945af0c1fbf8c7ce367e87bc10fcd54a77f5801a0d4112f783c3b7e829b2f40897af8379

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\avutil-58.dll

            Filesize

            1.0MB

            MD5

            3aaf57892f2d66f4a4f0575c6194f0f8

            SHA1

            d65c9143603940ede756d7363ab6750f6b45ab4e

            SHA256

            9e0d0a05b798da5d6c38d858ce1ad855c6d68ba2f9822fa3da16e148e97f9926

            SHA512

            a5f595d9c48b8d5191149d59896694c6dd0e9e1af782366162d7e3c90c75b2914f6e7aff384f4b59ca7c5a1ecccdbf5758e90a6a2b14a8625858a599dcca429b

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\createdump.exe

            Filesize

            56KB

            MD5

            71f796b486c7faf25b9b16233a7ce0cd

            SHA1

            21ffc41e62cd5f2efcc94baf71bd2659b76d28d3

            SHA256

            b2acb555e6d5c6933a53e74581fd68d523a60bcd6bd53e4a12d9401579284ffd

            SHA512

            a82ea6fc7e7096c10763f2d821081f1b1affa391684b8b47b5071640c8a4772f555b953445664c89a7dfdb528c5d91a9addb5d73f4f5e7509c6d58697ed68432

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\iwhgjds.rar

            Filesize

            2.9MB

            MD5

            e9b2c4a0d8637ef7609e47b5677640aa

            SHA1

            5880506e1b269389720c4c4df0b6b0bc5a36a657

            SHA256

            94e750907eb0fccf548119557b2477c23474b243fcdd668b017a6805d95b3b19

            SHA512

            134d0b9f04cf8cec193d376cf35de02be32515a81675f1b3a637b506f1cc87201a48223c262777323f820256b9bb24d9b759121d2842ccb6b6f3de2a2f532e62

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\obs-ffmpeg-mux.exe

            Filesize

            34KB

            MD5

            d3cac4d7b35bacae314f48c374452d71

            SHA1

            95d2980786bc36fec50733b9843fde9eab081918

            SHA256

            4233600651fb45b9e50d2ec8b98b9a76f268893b789a425b4159675b74f802aa

            SHA512

            21c8d73cc001ef566c1f3c7924324e553a6dca68764ecb11c115846ca54e74bd1dfed12a65af28d9b00ddaba04f987088aa30e91b96e050e4fc1a256fff20880

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\obs.dll

            Filesize

            3.0MB

            MD5

            37d185f03affa6ae144e7cffe41c4f3a

            SHA1

            101e47b95fce489f0f5154d70811537c96f1674b

            SHA256

            50d89a47ddecdd32a4a5d4d3fe9d1f8c79ff119a763a6993d6ac07eb53cf5f0b

            SHA512

            780f175ccdc93d4b24629f0df5ff17be580ddcb42c75552358ff70c2b18178437a53ef8143d424e90178fc6744432d25168c622034765374441e51bbf5e77e83

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\swresample-4.dll

            Filesize

            155KB

            MD5

            7fb892e2ac9ff6981b6411ff1f932556

            SHA1

            861b6a1e59d4cd0816f4fec6fd4e31fde8536c81

            SHA256

            a45a29aecb118fc1a27eca103ead50edd5343f85365d1e27211fe3903643c623

            SHA512

            986672fbb14f3d61fff0924801aab3e9d6854bb3141b95ee708bf5b80f8552d5e0d57182226baba0ae8995a6a6f613864ab0e5f26c4dce4eb88ab82b060bdac5

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\vcruntime140.dll

            Filesize

            95KB

            MD5

            f34eb034aa4a9735218686590cba2e8b

            SHA1

            2bc20acdcb201676b77a66fa7ec6b53fa2644713

            SHA256

            9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

            SHA512

            d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

          • C:\Users\Admin\AppData\Roaming\Tisoq Corp Solus\Kowi SApp\w32-pthreads.dll

            Filesize

            52KB

            MD5

            e1eebd44f9f4b52229d6e54155876056

            SHA1

            052cea514fc3da5a23de6541f97cd4d5e9009e58

            SHA256

            d96f2242444a334319b4286403d4bfadaf3f9fccf390f3dd40be32fb48ca512a

            SHA512

            235bb9516409a55fe7ddb49b4f3179bdca406d62fd0ec1345acddf032b0f3f111c43ff957d4d09ad683d39449c0ffc4c050b387507fadf5384940bd973dab159

          • C:\Windows\Installer\MSIFB48.tmp

            Filesize

            997KB

            MD5

            ee09d6a1bb908b42c05fd0beeb67dfd2

            SHA1

            1eb7c1304b7bca649c2a5902b18a1ea57ceaa532

            SHA256

            7bbf611f5e2a16439dc8cd11936f6364f6d5cc0044545c92775da5646afc7752

            SHA512

            2dd2e4e66d2f2277f031c5f3c829a31c3b29196ab27262c6a8f1896a2113a1be1687c9e8cd9667b89157f099dfb969ef14ae3ea602d4c772e960bc41d39c3d05

          • C:\Windows\Installer\MSIFDCD.tmp

            Filesize

            1.1MB

            MD5

            e83d774f643972b8eccdb3a34da135c5

            SHA1

            a58eccfb12d723c3460563c5191d604def235d15

            SHA256

            d0a6f6373cfb902fcd95bc12360a9e949f5597b72c01e0bd328f9b1e2080b5b7

            SHA512

            cb5ff0e66827e6a1fa27abdd322987906cfdb3cdb49248efee04d51fee65e93b5d964ff78095866e197448358a9de9ec7f45d4158c0913cbf0dbd849883a6e90

          • memory/1148-136-0x0000000000D20000-0x0000000000D59000-memory.dmp

            Filesize

            228KB

          • memory/1148-135-0x0000000000D20000-0x0000000000D59000-memory.dmp

            Filesize

            228KB

          • memory/1148-142-0x0000000000D20000-0x0000000000D59000-memory.dmp

            Filesize

            228KB

          • memory/3976-138-0x00007FFE0A6A0000-0x00007FFE0AAFD000-memory.dmp

            Filesize

            4.4MB

          • memory/3976-127-0x00007FFE2ABB0000-0x00007FFE2ABB2000-memory.dmp

            Filesize

            8KB

          • memory/3976-128-0x00007FFE2ABC0000-0x00007FFE2ABC2000-memory.dmp

            Filesize

            8KB

          • memory/3976-133-0x0000018676DE0000-0x0000018676DE1000-memory.dmp

            Filesize

            4KB

          • memory/3976-129-0x00007FFE0AD10000-0x00007FFE0B2D9000-memory.dmp

            Filesize

            5.8MB

          • memory/3976-137-0x00007FFE0AB00000-0x00007FFE0AD0E000-memory.dmp

            Filesize

            2.1MB

          • memory/3976-140-0x00007FFE0C0C0000-0x00007FFE0C0E8000-memory.dmp

            Filesize

            160KB

          • memory/3976-139-0x00007FFE07C40000-0x00007FFE0A695000-memory.dmp

            Filesize

            42.3MB