Overview

overview

10

Static

static

URLScan

urlscan

1

https://tlegrams.com...

windows7-x64

10

https://tlegrams.com...

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2022 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tlegrams.com/action_download

Score
10/10
jokerinfostealertrojan

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Executes dropped EXE 4 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 18 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 24 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 10 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Modifies registry class 48 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://tlegrams.com/action_download
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4628
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3164
    • C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe
      "C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe"
      1⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe
        "C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe" /i "C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64 1.0.0\install\TG-x64.msi" AI_EUIMSI=1 APPDIR="C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TG-x64" SECONDSEQUENCE="1" CLIENTPROCESSID="1740" CHAINERUIPROCESSID="1740Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1666524392 " TARGETDIR="C:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe" AI_INSTALL="1"
        2⤵
        • Enumerates connected drives
        PID:460
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4304
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding E6CA7AB52D63CE6B632F944CAF516E3F C
        2⤵
        • Loads dropped DLL
        PID:3176
      • C:\Windows\system32\srtasks.exe
        C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
        2⤵
          PID:1884
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding BCCBAB1D861287332A951FE81E61A106
          2⤵
          • Loads dropped DLL
          PID:3328
        • C:\Windows\Installer\MSIE9A8.tmp
          "C:\Windows\Installer\MSIE9A8.tmp" /EnforcedRunAsAdmin /RunAsAdmin "C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe"
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:3068
          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe
            "C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe"
            3⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:2644
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Checks SCSI registry key(s)
        PID:2540
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://tlegrams.com/action_download
        1⤵
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1748
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4628
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:3164
        • C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe
          "C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe"
          1⤵
          • Enumerates connected drives
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:1740
          • C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe
            "C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe" /i "C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64 1.0.0\install\TG-x64.msi" AI_EUIMSI=1 APPDIR="C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TG-x64" SECONDSEQUENCE="1" CLIENTPROCESSID="1740" CHAINERUIPROCESSID="1740Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1666524392 " TARGETDIR="C:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\AppData\Local\Temp\Temp1_Telegra-x64-08-11.zip\Telegra-x64-08-11.exe" AI_INSTALL="1"
            2⤵
            • Enumerates connected drives
            PID:460
        • C:\Windows\system32\msiexec.exe
          C:\Windows\system32\msiexec.exe /V
          1⤵
          • Enumerates connected drives
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4304
          • C:\Windows\syswow64\MsiExec.exe
            C:\Windows\syswow64\MsiExec.exe -Embedding E6CA7AB52D63CE6B632F944CAF516E3F C
            2⤵
            • Loads dropped DLL
            PID:3176
          • C:\Windows\system32\srtasks.exe
            C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
            2⤵
              PID:1884
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding BCCBAB1D861287332A951FE81E61A106
              2⤵
              • Loads dropped DLL
              PID:3328
            • C:\Windows\Installer\MSIE9A8.tmp
              "C:\Windows\Installer\MSIE9A8.tmp" /EnforcedRunAsAdmin /RunAsAdmin "C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe"
              2⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Suspicious use of WriteProcessMemory
              PID:3068
              • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe
                "C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe"
                3⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:2644
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Checks SCSI registry key(s)
            PID:2540

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GMQ6XNBF\Telegra-x64-08-11.zip.wyffx4s.partial
            Filesize

            49.7MB

            MD5

            b322ef14f6990e260a288ddbe4f8189b

            SHA1

            4dbaf0f97913954e83cad597a1f9dccef6cf5e9e

            SHA256

            77d32a6b8d0776e42ddf4a1698ffd469d4f1db1b0fe419c9319fb2399d5b0d15

            SHA512

            5d55d44b616874ac7befe83e3b9d97108c13e2212e6af4ce04a9ace0bb5459a1f1b1a9bc1357d66904f82a9542d32ca0d930afb4ef7e63fbac8ab36c73c0c48d

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GMQ6XNBF\Telegra-x64-08-11.zip.wyffx4s.partial
            Filesize

            49.7MB

            MD5

            b322ef14f6990e260a288ddbe4f8189b

            SHA1

            4dbaf0f97913954e83cad597a1f9dccef6cf5e9e

            SHA256

            77d32a6b8d0776e42ddf4a1698ffd469d4f1db1b0fe419c9319fb2399d5b0d15

            SHA512

            5d55d44b616874ac7befe83e3b9d97108c13e2212e6af4ce04a9ace0bb5459a1f1b1a9bc1357d66904f82a9542d32ca0d930afb4ef7e63fbac8ab36c73c0c48d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3EEE.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3EEE.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3EEE.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3EEE.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3FAB.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3FAB.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3FAB.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI3FAB.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4086.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4086.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4086.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4086.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4097.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4097.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4097.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI4097.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI40B7.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI40B7.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI40B7.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI40B7.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI423F.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI423F.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI423F.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\MSI423F.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64 1.0.0\install\TG-x64.msi
            Filesize

            1.9MB

            MD5

            30c354caced6574ee493713aab67f8db

            SHA1

            74ba4c78f4d95a66505d10989720d52531b798d0

            SHA256

            26b7db0249356f0a94e778eb3c23e7be33d572103c4744b36c720878a9160204

            SHA512

            69b263443728f1fe14149dd15e2966aa3f99d62aeacf6729bbbc4d2afada31e9046113d069940318a1c10cd4e205bf5b93ee7df375ee26b590a1c0920457cf98

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64 1.0.0\install\TG-x64.msi
            Filesize

            1.9MB

            MD5

            30c354caced6574ee493713aab67f8db

            SHA1

            74ba4c78f4d95a66505d10989720d52531b798d0

            SHA256

            26b7db0249356f0a94e778eb3c23e7be33d572103c4744b36c720878a9160204

            SHA512

            69b263443728f1fe14149dd15e2966aa3f99d62aeacf6729bbbc4d2afada31e9046113d069940318a1c10cd4e205bf5b93ee7df375ee26b590a1c0920457cf98

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64 1.0.0\install\TG-x641.cab
            Filesize

            48.0MB

            MD5

            1286ea02d066487fad89d3272000fc66

            SHA1

            db92797026bd166b312c376205b8d7e915d4325c

            SHA256

            71a8de39e27b858248cf11e180af572e7027b4ea798ef193d77183b476687023

            SHA512

            bb991902a3777fb75a5a35ff8f06452f29bf561c62aebdd4db125bee1b2e9af8f0e0aa686f98369d7e31492e02f86575155ec87ebaebb445926e68c8e63daebd

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64 1.0.0\install\TG-x641.cab
            Filesize

            48.0MB

            MD5

            1286ea02d066487fad89d3272000fc66

            SHA1

            db92797026bd166b312c376205b8d7e915d4325c

            SHA256

            71a8de39e27b858248cf11e180af572e7027b4ea798ef193d77183b476687023

            SHA512

            bb991902a3777fb75a5a35ff8f06452f29bf561c62aebdd4db125bee1b2e9af8f0e0aa686f98369d7e31492e02f86575155ec87ebaebb445926e68c8e63daebd

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe
            Filesize

            8.8MB

            MD5

            c5e87689d1eb300c44d3134802807616

            SHA1

            9dfa50d30835e67e8a3c4bcd63bacf08ece5fbf6

            SHA256

            10f771871a458b62391071df8cdff6e19301db3d0536ac0e551c306b144858b9

            SHA512

            b4213b5a0ba6f42ed2ec35b065c7326378f8fd2649246c95a28d9f15d06c0d6fd61be652edabedfdb8f3d5adb1527f9e4f568cab4f018fd6a2711070fc7bd1ac

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe
            Filesize

            8.8MB

            MD5

            c5e87689d1eb300c44d3134802807616

            SHA1

            9dfa50d30835e67e8a3c4bcd63bacf08ece5fbf6

            SHA256

            10f771871a458b62391071df8cdff6e19301db3d0536ac0e551c306b144858b9

            SHA512

            b4213b5a0ba6f42ed2ec35b065c7326378f8fd2649246c95a28d9f15d06c0d6fd61be652edabedfdb8f3d5adb1527f9e4f568cab4f018fd6a2711070fc7bd1ac

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe
            Filesize

            8.8MB

            MD5

            c5e87689d1eb300c44d3134802807616

            SHA1

            9dfa50d30835e67e8a3c4bcd63bacf08ece5fbf6

            SHA256

            10f771871a458b62391071df8cdff6e19301db3d0536ac0e551c306b144858b9

            SHA512

            b4213b5a0ba6f42ed2ec35b065c7326378f8fd2649246c95a28d9f15d06c0d6fd61be652edabedfdb8f3d5adb1527f9e4f568cab4f018fd6a2711070fc7bd1ac

            Download Submit

          • C:\Users\Admin\AppData\Roaming\TG-x64\TG-x64\tdata\emoji\Tor.exe
            Filesize

            8.8MB

            MD5

            c5e87689d1eb300c44d3134802807616

            SHA1

            9dfa50d30835e67e8a3c4bcd63bacf08ece5fbf6

            SHA256

            10f771871a458b62391071df8cdff6e19301db3d0536ac0e551c306b144858b9

            SHA512

            b4213b5a0ba6f42ed2ec35b065c7326378f8fd2649246c95a28d9f15d06c0d6fd61be652edabedfdb8f3d5adb1527f9e4f568cab4f018fd6a2711070fc7bd1ac

            Download Submit

          • C:\Windows\Installer\MSID764.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID764.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID764.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID764.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID840.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID840.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID840.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID840.tmp
            Filesize

            540KB

            MD5

            dfc682d9f93d6dcd39524f1afcd0e00d

            SHA1

            adb81b1077d14dbe76d9ececfc3e027303075705

            SHA256

            f0f00100e20741444f8a6f5db8cc826515134622c3a82e4f53ba6237e97a8328

            SHA512

            52f84956b480bd06914a3615b75ad198a3ce821b0dd88dd30443bf4ea3d406349c95a115c31cb879775bd716563473909d22a8ec34253eca1aa7009845430bc9

            Download Submit

          • C:\Windows\Installer\MSID95A.tmp
            Filesize

            632KB

            MD5

            db4e30e47be69408ccdebffc517764c1

            SHA1

            9ab0db45e9c84670fe8a3181bf38511e8776815f

            SHA256

            3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

            SHA512

            a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

            Download Submit

          • C:\Windows\Installer\MSID95A.tmp
            Filesize

            632KB

            MD5

            db4e30e47be69408ccdebffc517764c1

            SHA1

            9ab0db45e9c84670fe8a3181bf38511e8776815f

            SHA256

            3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

            SHA512

            a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

            Download Submit

          • C:\Windows\Installer\MSID95A.tmp
            Filesize

            632KB

            MD5

            db4e30e47be69408ccdebffc517764c1

            SHA1

            9ab0db45e9c84670fe8a3181bf38511e8776815f

            SHA256

            3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

            SHA512

            a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

            Download Submit

          • C:\Windows\Installer\MSID95A.tmp
            Filesize

            632KB

            MD5

            db4e30e47be69408ccdebffc517764c1

            SHA1

            9ab0db45e9c84670fe8a3181bf38511e8776815f

            SHA256

            3558203b78ee8ea16f1151cc7034ad9fd4850fce0f948aed4231b870ae51904a

            SHA512

            a32ed4fec7e381605e8d0fc463bf65140d5dc7a499aced785b4ef644a5bae1a4dc693ba33be8be46b07ccd049fceef95136a8fd852219ff18293c19da5fed129

            Download Submit

          • C:\Windows\Installer\MSIE9A8.tmp
            Filesize

            410KB

            MD5

            20010f9d322a1260ee0953852264a7cd

            SHA1

            6ac58fdf5e414bd6396443a420da99b87ee0e0a2

            SHA256

            d6973be60891c55e0e97d218347dcb2009e2fe687b7df5cfd43536d2af6ea165

            SHA512

            2f62cb4269d929f8bc97c103156de3588b38e9f4c2776d7441db270b8427c2b47bc8e57d786c06da37455b105b077b789e161b21a145a33e420522864d1f913a

            Download Submit

          • C:\Windows\Installer\MSIE9A8.tmp
            Filesize

            410KB

            MD5

            20010f9d322a1260ee0953852264a7cd

            SHA1

            6ac58fdf5e414bd6396443a420da99b87ee0e0a2

            SHA256

            d6973be60891c55e0e97d218347dcb2009e2fe687b7df5cfd43536d2af6ea165

            SHA512

            2f62cb4269d929f8bc97c103156de3588b38e9f4c2776d7441db270b8427c2b47bc8e57d786c06da37455b105b077b789e161b21a145a33e420522864d1f913a

            Download Submit

          • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
            Filesize

            23.0MB

            MD5

            1e67fa2e75d8d34d604159fe4c8fe904

            SHA1

            54a84227c6b34e526383741b6a14ef3f30f812a2

            SHA256

            3f9d0a7df9a473bc13737cade870e983b1b18738b93cf30e99f47a09fb830656

            SHA512

            4cabe53c970ae93f7a106005dec5a28ada12fac8b68fab82775ddd9fa7161f876ed476169a5f921d2e88d4b86d53463e0bb95c982f896dcf9aa6feff72df064b

            Download Submit

          • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
            Filesize

            23.0MB

            MD5

            1e67fa2e75d8d34d604159fe4c8fe904

            SHA1

            54a84227c6b34e526383741b6a14ef3f30f812a2

            SHA256

            3f9d0a7df9a473bc13737cade870e983b1b18738b93cf30e99f47a09fb830656

            SHA512

            4cabe53c970ae93f7a106005dec5a28ada12fac8b68fab82775ddd9fa7161f876ed476169a5f921d2e88d4b86d53463e0bb95c982f896dcf9aa6feff72df064b

            Download Submit

          • \??\Volume{2fb4ccdc-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3457cbb6-4a9a-40a6-8825-7bda02dfebf2}_OnDiskSnapshotProp
            Filesize

            5KB

            MD5

            de624f41891f22db2d9d4c9442e06623

            SHA1

            76f2c40736a32d986a0762999ffffe19f3bf9421

            SHA256

            18cc0cc3d9a2d7a947d9fe8263ca416813438a29b8c7b1feadb4c0f4479aba75

            SHA512

            1a40d66516b6e7a7cd3653302ba0a056721722b4f890058c600092ca3cdfc0ed4daa1a34dde988e00de1cc9b8e2584d10d7db09e1b265822f1856b276bb058af

            Download Submit

          • \??\Volume{2fb4ccdc-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{3457cbb6-4a9a-40a6-8825-7bda02dfebf2}_OnDiskSnapshotProp
            Filesize

            5KB

            MD5

            de624f41891f22db2d9d4c9442e06623

            SHA1

            76f2c40736a32d986a0762999ffffe19f3bf9421

            SHA256

            18cc0cc3d9a2d7a947d9fe8263ca416813438a29b8c7b1feadb4c0f4479aba75

            SHA512

            1a40d66516b6e7a7cd3653302ba0a056721722b4f890058c600092ca3cdfc0ed4daa1a34dde988e00de1cc9b8e2584d10d7db09e1b265822f1856b276bb058af

            Download Submit

          • memory/2644-163-0x0000000180000000-0x0000000180024000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2644-162-0x0000000180000000-0x0000000180024000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2644-162-0x0000000180000000-0x0000000180024000-memory.dmp

            Filesize

            144KB

            Download

          • memory/2644-163-0x0000000180000000-0x0000000180024000-memory.dmp

            Filesize

            144KB

            Download