9c541e0fbaf1b42332747c5833ca8df9ab5d0ddc845a294ed19885b4c54b0236

Analysis

max time kernel
153s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/10/2022, 12:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Telegram (1).exe
Size

63.0MB
MD5

080b7d824208b46d8760c06a26b0977c
SHA1

9284a3e46106359bdf04d96351d9797da54c313a
SHA256

9c541e0fbaf1b42332747c5833ca8df9ab5d0ddc845a294ed19885b4c54b0236
SHA512

9d2d9cc7ec71431ab691bb64cdd5ed04a79fa8dc8a3a45043f66e9712c38df1d802e36827ba401384741eceaa2abeb19c467bd62dc3a8d2072664559c249cc28
SSDEEP

1572864:REAbAI3KXgIvqmikXony3HwJFz7/JWI0EyYvH9Vzp/dNmlQ:RR6XgIvlPLXwJRQIjvH9VVHt

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
824	Telegram (1).tmp
744	Telegram.exe

Loads dropped DLL 4 IoCs

pid	Process
1348	Telegram (1).exe
824	Telegram (1).tmp
824	Telegram (1).tmp
744	Telegram.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\我的程序\locales\is-5JHCH.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-RA1SS.tmp	Telegram (1).tmp
File opened for modification	C:\Program Files (x86)\我的程序\vk_swiftshader.dll	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-2KH7G.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-IID2Q.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-84PTU.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-RK5FE.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-BFVE2.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-7ABFI.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-R8O56.tmp	Telegram (1).tmp
File opened for modification	C:\Program Files (x86)\我的程序\vulkan-1.dll	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-V6RJI.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-HMPOE.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-N0R5A.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-I93QK.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-BDJ5I.tmp	Telegram (1).tmp
File opened for modification	C:\Program Files (x86)\我的程序\swiftshader\libEGL.dll	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\unins000.dat	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-GD65K.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-S2II4.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-DFM6M.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\lib\is-4T41M.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\lib\static\is-HJS06.tmp	Telegram (1).tmp
File opened for modification	C:\Program Files (x86)\我的程序\libGLESv2.dll	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-R6OCK.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-HTT3J.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-MBGAJ.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-SVI1Q.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\is-LGSVU.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\is-8QQ40.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-K7F9G.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-BSM7R.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-FGQ0B.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-VQFHK.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-1D4NV.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-NLPF9.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-3QK22.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-2SBSQ.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-VETC1.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\is-B5GGR.tmp	Telegram (1).tmp
File opened for modification	C:\Program Files (x86)\我的程序\Telegram.exe	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-P995Q.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-84LHP.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-F7RIN.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-FBBE3.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\is-J312I.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\lib\is-B6S5T.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-3C06K.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-48CK6.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-78R6B.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\inject\is-RVMGD.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\resources\app\lib\static\is-05VQ6.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-9P14F.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-NKS3U.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\is-J5LUK.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-O03KJ.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-3CM6K.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-2QKCK.tmp	Telegram (1).tmp
File opened for modification	C:\Program Files (x86)\我的程序\swiftshader\libGLESv2.dll	Telegram (1).tmp
File opened for modification	C:\Program Files (x86)\我的程序\d3dcompiler_47.dll	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-MGTUB.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-0VFVU.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-3O7OR.tmp	Telegram (1).tmp
File created	C:\Program Files (x86)\我的程序\locales\is-LUHKH.tmp	Telegram (1).tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
824	Telegram (1).tmp
824	Telegram (1).tmp
744	Telegram.exe
744	Telegram.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe
Token: SeShutdownPrivilege	744	Telegram.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
824	Telegram (1).tmp

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 824	1348	Telegram (1).exe	26
PID 1348 wrote to memory of 824	1348	Telegram (1).exe	26
PID 1348 wrote to memory of 824	1348	Telegram (1).exe	26
PID 1348 wrote to memory of 824	1348	Telegram (1).exe	26
PID 1348 wrote to memory of 824	1348	Telegram (1).exe	26
PID 1348 wrote to memory of 824	1348	Telegram (1).exe	26
PID 1348 wrote to memory of 824	1348	Telegram (1).exe	26
PID 824 wrote to memory of 744	824	Telegram (1).tmp	27
PID 824 wrote to memory of 744	824	Telegram (1).tmp	27
PID 824 wrote to memory of 744	824	Telegram (1).tmp	27
PID 824 wrote to memory of 744	824	Telegram (1).tmp	27
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28
PID 744 wrote to memory of 308	744	Telegram.exe	28

C:\Users\Admin\AppData\Local\Temp\Telegram (1).exe
"C:\Users\Admin\AppData\Local\Temp\Telegram (1).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Users\Admin\AppData\Local\Temp\is-7A63D.tmp\Telegram (1).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7A63D.tmp\Telegram (1).tmp" /SL5="$9012A,65287615,716288,C:\Users\Admin\AppData\Local\Temp\Telegram (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:824
- - C:\Program Files (x86)\我的程序\Telegram.exe
    "C:\Program Files (x86)\我的程序\Telegram.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:744
  - - C:\Program Files (x86)\我的程序\Telegram.exe
      "C:\Program Files (x86)\我的程序\Telegram.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\telegram-nativefier-32a324" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=1096,i,13760318026413154007,9869682672010833378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\我的程序\Telegram.exe

Filesize
139.8MB

MD5
c31dbd849ebda4fcc19abd5610849451

SHA1
26bde3d15732b885f43d70d341b011b24dd36879

SHA256
b60a2dcee91168f23b69a7ccabd5ad24db2c99de0397ca704e7535a812d94031

SHA512
3da371f190f7a3ace61879fe6c39639c0ec1da447dd0be3ed0b60401fdf95239c17bda0900fc09e14745d6fc275ab9efa68af5e91147914552a9aa4b582a8706

Download Submit
C:\Program Files (x86)\我的程序\chrome_100_percent.pak

Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Program Files (x86)\我的程序\chrome_200_percent.pak

Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Program Files (x86)\我的程序\ffmpeg.dll

Filesize
2.6MB

MD5
bba4350039ef0fcb619b683d09986c5f

SHA1
1566f35ed4370aabcfbe044b0d96fcde29e89810

SHA256
726c4a62fb6f2669b244ce0d934dad4151f13394a630055964ce9cc58480f891

SHA512
d47fad697fc5ad6f8ad02107c7151fca5941c80497fcac37e565f5c56a7c0ba7f5ef5bd4caa63febf85cadf88bb4b6138a9b9f6ba9b401aa94a2422661140d9b

Download Submit
C:\Program Files (x86)\我的程序\icudtl.dat

Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Program Files (x86)\我的程序\locales\en-US.pak

Filesize
114KB

MD5
88b9e849c0035cb100d031fa5e3fa0b4

SHA1
3576e0fa589e53ae36d2b75937bd3c5c0ab8dbfc

SHA256
25462802f57f52581d34d67df00f7a4d62cb5ee5ee0e5e853f48ad9caf04dd89

SHA512
99e8cf196cd9098adf74f569d06043809454860f8f3de9e942f3ce3c2faeeaa3d6bd0572503cb6c2a6b932aff9aa7e4542501731693ec6a015cc7282af388e8b

Download Submit
C:\Program Files (x86)\我的程序\resources.pak

Filesize
4.9MB

MD5
ff31c1a39edc8202e052a41fb977a300

SHA1
f220ed82575e346c2fb086c0868c07318d57ef92

SHA256
965dcddcb984a231fb2356d6d7ff4e047c2d8fa527442fa64981ab5d254525c9

SHA512
3b3370dd630fd200969331ae7d9b7e005cfbc3aa41ad128274bdc7797de2eca89998787a90a96baecf25ffc64e2c764cb75051efbac57c679abfd17b47873cce

Download Submit
C:\Program Files (x86)\我的程序\resources\app\icon.ico

Filesize
2KB

MD5
1635ed0e8715c40d4bed875b7494a93a

SHA1
ca2c72821b30194b9b6daf9c8c0ce1723fe54614

SHA256
504b4621e486970f8c1721d5297561c9f33296f516c83fbb33a0ff3f4f7c1357

SHA512
f710268687fcd3da9bd9ffee9cbf166d21598cab5ff1172c510fd478f57300af7112f35132ba345a2242b65ff53cde9de6ebf0f1ea8cf7f5fce17c832a5a85d8

Download Submit
C:\Program Files (x86)\我的程序\resources\app\lib\main.js

Filesize
490KB

MD5
435146743e79fc7dc8d806404b1f66db

SHA1
84d42e1ad41c151c6c8ebd437125038a22f2cb01

SHA256
701ea5925a6cd6a7233707064936db06e98cd820e746244b1b5975f4c6598e44

SHA512
3f986910863df15c0a8a75bb0e2884932a5e9cfabbc5c041dcb7e3a5d553854c73c13d80e3b56d74b866faf5080d1dce85f31797456f8f93267968d48316e436

Download Submit
C:\Program Files (x86)\我的程序\resources\app\nativefier.json

Filesize
1KB

MD5
17ec8b09c5a89015e7d3317c0fa88f4e

SHA1
63a6014ee7623f5370ad6e559de6273b5547c63a

SHA256
51d4456c74e94abcbc2d04bbae6d534f6d851c0ebf398eccfee4860f176cbdad

SHA512
82b0867d3ea2389afd7c956f6a7722f0d1684a921a59be9afccd1f77d4596980db967351899e2f79253219b2e2380d2494af56bb2514872c9e82ece52e5bbde9

Download Submit
C:\Program Files (x86)\我的程序\resources\app\package.json

Filesize
595B

MD5
279035e5717582a66b298446eaf84f77

SHA1
212945ce0526af473a8e15fd46d1ac2bce7df8f7

SHA256
ceadc5e2b4e4015600ddf345253cd5a6c55d8e529c88edc460b189b8d094e9c1

SHA512
7ad86d8095110ceb33867983af3dbd0437f0c55492a5af09f3ab381541c783df79606c0d639c89c6878097a32bab2065507748deabfe768518237bf1fa78d6d0

Download Submit
C:\Program Files (x86)\我的程序\v8_context_snapshot.bin

Filesize
709KB

MD5
dd0d4997dfab65b96aad66d035f6029c

SHA1
65faa1dbb7ccd902f1f1af544f6941234ff679d3

SHA256
f033fb86fa92df1be464de590aa312cc016bc5d6bea26672c896bf4d3f1261cd

SHA512
86b06bd0f91f50bd13b3af179f3f498f10a225d25ba5ca32258f75567e601c3f48f7a3fb436c3b0d2ba53cc9eaaa8f74c95b44458628b0ea716563694a3c7002

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7A63D.tmp\Telegram (1).tmp

Filesize
2.4MB

MD5
459dd6384d27c34b6b60fbf3d0ee9e6b

SHA1
48937f685f7af8396b836c8c74f74042b4216281

SHA256
6c23f2f1389ca691b9e30633a0e9b5f8bba3f81e5532cb9f0a49ad22a9fd14c9

SHA512
b77397c54cc9fe5e10e82fe967610523cbe29f553ee7305a850a17f9fa3de65bc3aa300b28a80b6cf794b8769fb62196837feb8fbb6b5891db8d1d97c74ade21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7A63D.tmp\Telegram (1).tmp

Filesize
2.4MB

MD5
459dd6384d27c34b6b60fbf3d0ee9e6b

SHA1
48937f685f7af8396b836c8c74f74042b4216281

SHA256
6c23f2f1389ca691b9e30633a0e9b5f8bba3f81e5532cb9f0a49ad22a9fd14c9

SHA512
b77397c54cc9fe5e10e82fe967610523cbe29f553ee7305a850a17f9fa3de65bc3aa300b28a80b6cf794b8769fb62196837feb8fbb6b5891db8d1d97c74ade21

Download Submit
\Program Files (x86)\我的程序\Telegram.exe

Filesize
139.8MB

MD5
c31dbd849ebda4fcc19abd5610849451

SHA1
26bde3d15732b885f43d70d341b011b24dd36879

SHA256
b60a2dcee91168f23b69a7ccabd5ad24db2c99de0397ca704e7535a812d94031

SHA512
3da371f190f7a3ace61879fe6c39639c0ec1da447dd0be3ed0b60401fdf95239c17bda0900fc09e14745d6fc275ab9efa68af5e91147914552a9aa4b582a8706

Download Submit
\Program Files (x86)\我的程序\Telegram.exe

Filesize
139.8MB

MD5
c31dbd849ebda4fcc19abd5610849451

SHA1
26bde3d15732b885f43d70d341b011b24dd36879

SHA256
b60a2dcee91168f23b69a7ccabd5ad24db2c99de0397ca704e7535a812d94031

SHA512
3da371f190f7a3ace61879fe6c39639c0ec1da447dd0be3ed0b60401fdf95239c17bda0900fc09e14745d6fc275ab9efa68af5e91147914552a9aa4b582a8706

Download Submit
\Program Files (x86)\我的程序\ffmpeg.dll

Filesize
2.6MB

MD5
bba4350039ef0fcb619b683d09986c5f

SHA1
1566f35ed4370aabcfbe044b0d96fcde29e89810

SHA256
726c4a62fb6f2669b244ce0d934dad4151f13394a630055964ce9cc58480f891

SHA512
d47fad697fc5ad6f8ad02107c7151fca5941c80497fcac37e565f5c56a7c0ba7f5ef5bd4caa63febf85cadf88bb4b6138a9b9f6ba9b401aa94a2422661140d9b

Download Submit
\Users\Admin\AppData\Local\Temp\is-7A63D.tmp\Telegram (1).tmp

Filesize
2.4MB

MD5
459dd6384d27c34b6b60fbf3d0ee9e6b

SHA1
48937f685f7af8396b836c8c74f74042b4216281

SHA256
6c23f2f1389ca691b9e30633a0e9b5f8bba3f81e5532cb9f0a49ad22a9fd14c9

SHA512
b77397c54cc9fe5e10e82fe967610523cbe29f553ee7305a850a17f9fa3de65bc3aa300b28a80b6cf794b8769fb62196837feb8fbb6b5891db8d1d97c74ade21

Download Submit
memory/744-75-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download
memory/824-62-0x0000000074331000-0x0000000074333000-memory.dmp

Filesize
8KB

Download
memory/1348-54-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download
memory/1348-76-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1348-61-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/1348-55-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download