27c3cb1d78e331a0665b896264616e689c740d8d0df18ca0ed7c9f0ea21817b9

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 22:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Tonfotos-1.9.6 Setup.exe
Size

140.5MB
MD5

9cf08d260cd9636d03ab834008efa18b
SHA1

f5ae9864f8723d58621a29a35e45abc5e719695b
SHA256

27c3cb1d78e331a0665b896264616e689c740d8d0df18ca0ed7c9f0ea21817b9
SHA512

95da1f52c001ff7f63e780014e529623e6eebc95a534e2fcc4b80bd6c1e84c801ce4a7ea593bef389f4ec79b07917126f0c1ceee4edd5791b4b3270c61d6df7e
SSDEEP

3145728:bUwVAd3ffDIQPxtCQpQUc6RvdUMcLNVqM98QZd5+l6qvg:/VAd8MILSMxF+0B

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	tonfotos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	tonfotos.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	tonfotos.exe

Executes dropped EXE 13 IoCs

pid	Process
2908	Update.exe
1916	Squirrel.exe
1704	tonfotos.exe
652	tonfotos.exe
1600	Update.exe
1440	tonfotos.exe
2712	tonfotos.exe
2764	tonfotos.exe
340	tonfotos.exe
2384	tonfotos.exe
2256	tonfotos.exe
2824	tonfotos.exe
568	tonfotos.exe

Loads dropped DLL 31 IoCs

pid	Process
2924	Tonfotos-1.9.6 Setup.exe
2908	Update.exe
2908	Update.exe
2908	Update.exe
1704	tonfotos.exe
652	tonfotos.exe
1704	tonfotos.exe
1440	tonfotos.exe
1440	tonfotos.exe
1440	tonfotos.exe
1440	tonfotos.exe
1600	Update.exe
1600	Update.exe
2764	tonfotos.exe
340	tonfotos.exe
2764	tonfotos.exe
2384	tonfotos.exe
2256	tonfotos.exe
2384	tonfotos.exe
2384	tonfotos.exe
2384	tonfotos.exe
2824	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe
568	tonfotos.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1704	tonfotos.exe
Token: SeShutdownPrivilege	1704	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe
Token: SeShutdownPrivilege	2764	tonfotos.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2908	Update.exe
2908	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2908	2924	Tonfotos-1.9.6 Setup.exe	28
PID 2924 wrote to memory of 2908	2924	Tonfotos-1.9.6 Setup.exe	28
PID 2924 wrote to memory of 2908	2924	Tonfotos-1.9.6 Setup.exe	28
PID 2924 wrote to memory of 2908	2924	Tonfotos-1.9.6 Setup.exe	28
PID 2908 wrote to memory of 1916	2908	Update.exe	29
PID 2908 wrote to memory of 1916	2908	Update.exe	29
PID 2908 wrote to memory of 1916	2908	Update.exe	29
PID 2908 wrote to memory of 1704	2908	Update.exe	30
PID 2908 wrote to memory of 1704	2908	Update.exe	30
PID 2908 wrote to memory of 1704	2908	Update.exe	30
PID 1704 wrote to memory of 652	1704	tonfotos.exe	31
PID 1704 wrote to memory of 652	1704	tonfotos.exe	31
PID 1704 wrote to memory of 652	1704	tonfotos.exe	31
PID 1704 wrote to memory of 1600	1704	tonfotos.exe	32
PID 1704 wrote to memory of 1600	1704	tonfotos.exe	32
PID 1704 wrote to memory of 1600	1704	tonfotos.exe	32
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 1704 wrote to memory of 1440	1704	tonfotos.exe	33
PID 2712 wrote to memory of 2764	2712	tonfotos.exe	38
PID 2712 wrote to memory of 2764	2712	tonfotos.exe	38
PID 2712 wrote to memory of 2764	2712	tonfotos.exe	38
PID 2712 wrote to memory of 2764	2712	tonfotos.exe	38
PID 2764 wrote to memory of 340	2764	tonfotos.exe	39
PID 2764 wrote to memory of 340	2764	tonfotos.exe	39
PID 2764 wrote to memory of 340	2764	tonfotos.exe	39
PID 2764 wrote to memory of 2384	2764	tonfotos.exe	40

C:\Users\Admin\AppData\Local\Temp\Tonfotos-1.9.6 Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Tonfotos-1.9.6 Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\Squirrel.exe
    "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:1916
- - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
    "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe" --squirrel-install 1.9.6
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1704
  - - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
      C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\tonfotos /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\tonfotos\Crashpad --annotation=_productName=tonfotos --annotation=_version=1.9.6 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.8 --initial-client-data=0x300,0x304,0x308,0x2f8,0x30c,0x148d92898,0x148d928a8,0x148d928b8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:652
  - - C:\Users\Admin\AppData\Local\tonfotos\Update.exe
      C:\Users\Admin\AppData\Local\tonfotos\Update.exe --createShortcut=tonfotos.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1600
  - - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
      "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\tonfotos" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1008 --field-trial-handle=1116,i,12488810437129716315,4152668968986393053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1440

C:\Users\Admin\AppData\Local\tonfotos\tonfotos.exe
"C:\Users\Admin\AppData\Local\tonfotos\tonfotos.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
  "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
    C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\tonfotos /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\tonfotos\Crashpad --annotation=_productName=tonfotos --annotation=_version=1.9.6 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=22.3.8 --initial-client-data=0x2fc,0x300,0x304,0x2f4,0x308,0x148d92898,0x148d928a8,0x148d928b8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:340
- - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
    "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\tonfotos" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1036 --field-trial-handle=1168,i,7791170504022075319,15345481963774432748,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2384
- - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
    "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\tonfotos" --mojo-platform-channel-handle=1476 --field-trial-handle=1168,i,7791170504022075319,15345481963774432748,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2256
- - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
    "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\tonfotos" --app-user-model-id=com.squirrel.tonfotos.tonfotos --app-path="C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1660 --field-trial-handle=1168,i,7791170504022075319,15345481963774432748,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2824
- - C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe
    "C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\tonfotos" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1168,i,7791170504022075319,15345481963774432748,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
6d99e28ad8c196fec9634b7b53b5028f

SHA1
7268a30ad7f5bdfa60e144dff09264a0a92d5905

SHA256
7e7c96616a1a883d664a463dfd28d053014e24f99aa1fab07f6cb5c3a9aec785

SHA512
0a9c71c9e8eba77a9b56d50e8278669181112c8643381c75f14349490ea2529ead445667f9b74190032e58bc952ff382e34cef4b583487638aa70c78be78d5b4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
122KB

MD5
bd3e4b955074b73738b0bcf39052c1b6

SHA1
63ef5f29ee0816099eab8d14ffa46d221200d3de

SHA256
cb986217c14b560e9d3648369ccb06fae74e5b615e8baa2ef6a65c85681ab587

SHA512
62f4e1edf41d2ca46b40b8bf764875cab11a4b82891313c729a37c1fb70dfa82c768bf42ed611bc622fbf3eb5bae76a3e3e724bd9ab2d6543313368e8eedba74

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
167KB

MD5
f5c16897c3f66f6b6bf6304b3397fcda

SHA1
48406c6d3f5d6e439c283db974c48d72f3fdcad2

SHA256
c973f0b29b1a4d46258c338d885d0ee034e942b7a28e19060664ee7151898a47

SHA512
95ddb7f6f3ad5611b698464cbfbeac562f950fca996b1e1944283cbc6b5935a1453e99e3f39f710126c5b62edcc0a52d6f8e399febba5fa78c9ae35560451698

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\tonfotos-1.9.6-full.nupkg

Filesize
139.5MB

MD5
fde85a30e0919b5c0cc184c44808ac86

SHA1
91262cf395179f1f39228bc3c9f7735e1aa62b1b

SHA256
3d779bb138edfb44693877f1cef5bb8f981b14a0025de661a7c963c434181ee8

SHA512
9f3acb119c31548625c8f8659d99665dc6329cb42193acb7143760599056e34c76478e3cd0bcce17e6bf3108350aba2fcd939e977c3d0d95c3d510f5e3454da2

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\chrome_100_percent.pak

Filesize
126KB

MD5
d31f3439e2a3f7bee4ddd26f46a2b83f

SHA1
c5a26f86eb119ae364c5bf707bebed7e871fc214

SHA256
9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e

SHA512
aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\chrome_200_percent.pak

Filesize
175KB

MD5
5604b67e3f03ab2741f910a250c91137

SHA1
a4bb15ac7914c22575f1051a29c448f215fe027f

SHA256
1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c

SHA512
5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\icudtl.dat

Filesize
10.0MB

MD5
76bef9b8bb32e1e54fe1054c97b84a10

SHA1
05dfea2a3afeda799ab01bb7fbce628cacd596f4

SHA256
97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3

SHA512
7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\locales\en-US.pak

Filesize
313KB

MD5
3f6f4b2c2f24e3893882cdaa1ccfe1a3

SHA1
b021cca30e774e0b91ee21b5beb030fea646098f

SHA256
bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f

SHA512
bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\resources.pak

Filesize
5.1MB

MD5
fb620332959ee6e46ac1c2a2f0e1b2d1

SHA1
eb18c735d187647c3c529932b8b80d9c9af09286

SHA256
66153f7b388503a9bab9df1fa157d3af88548bee264525694bca9a61ce3495e7

SHA512
1e5bfcac24a76ca8fae7b7fa5407f4eafeecfcda54726d66586f1171a7ba30cf76544d75aa44f1eb64b202e686ccd2c00c8cc0b24b249fc5c6c28c156cd03775

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\resources\app\.webpack\main\index.js

Filesize
2.9MB

MD5
f9cc33b03b24e00ae71f8142705f2d06

SHA1
1424f272c34102dba4811df0e6eb5410edf53c85

SHA256
c10f4de61eca630e34e9e01eb2beb30e1538aafe4561510264d9d29bfa8983c9

SHA512
ccc3d7c38e595a96acc787530e4da8033d442bb4c32cd13a75c00ba68156876805c90a79f6be5ca13d65b3a3456e6be3e4c97456e390e3b2de5ba233cbaeeec6

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\resources\app\.webpack\main\native_modules\tonfotos.node

Filesize
2.7MB

MD5
6dcaa62e76d70942fd829dcb8e0eca21

SHA1
8bc847689db2fc1eb7f0cf309e292973e6efba8f

SHA256
7164fd954fb369e02e565545fcbe2cd0c8f7802bd2cf95a1b5e0380725ea7a51

SHA512
dab58c7fc270009333c6092810525107fbd6362a2763b586b5c8d62efb54c849a0c98e86a43d8374ad4e975802567baabe6a08463ff46139ae81094896fd60e2

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\resources\app\.webpack\renderer\css\date.css

Filesize
6KB

MD5
e35d0c8bb53dd08bbb7e93b0a2487f75

SHA1
abf5609d4da197c372c6d5c914c2ffc1ad8935ff

SHA256
209562f8cc50d1183bd259048ef50de5eb617252ef882a3c4d249f831764d8c1

SHA512
cb0de690fa0452c0f009e5060e0f95bb0e1ecaeb76315c79142d2d18ca6a571a2e8fed480e6ed31dd82403a4c181d3824b6ee8ad603a5cbe10d6f2e8b049f4c2

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\resources\app\.webpack\renderer\message_box\index.html

Filesize
881B

MD5
c42f81791eb42e9289ad3e839350a021

SHA1
c2f3503febc4a458e08dda2ed08fc89036988e24

SHA256
a6bcb4b95a815ceaaa273ac114e523b362fb7c19f4f838a2e6ef7c26a1a230c5

SHA512
82d978effd0e7e6761997a6e15721bf0eb65fe37822e63074899eeae8fd00c44d79968b8bae16b00e6a7828220984487419e00c861b9f8d39c0cdca8b74ced9a

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\resources\app\package.json

Filesize
1KB

MD5
b35c5b2f4b09ad907d0a57f76c315894

SHA1
ffec67b2cba6863705c43c874cb224d549da740f

SHA256
f982e123913df5e506cd940938685a4742993d4e292942c2195635178d3003f5

SHA512
da7fb2194f576d4678c586edcbc99291160805a518e1b574dc7d790693e1df76a224aba73f851388e59fe59897b38a72d9d35c4537ee36361ff1ecbd7595b74f

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\squirrel.exe

Filesize
2.0MB

MD5
7639d88717dd0fba257a75a683205376

SHA1
2c913e3ef1564702c2652b259b989c6584168847

SHA256
377d7413aa383b96fed6a4f581fc228a36b000c49d38a30b479428805dcd5848

SHA512
64a8d147b03e0b99c1164eb44dd581c1f6e9ea3c669a49af1c09b2bc11191780a2d78d959fddb1002abaa09984f95398752d02bcfaa3a04f7cd78e3f92659d4c

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\app-1.9.6\v8_context_snapshot.bin

Filesize
471KB

MD5
031ea03da08fe1247280cfe781658791

SHA1
e91db50ad16b5a5fbbaf4118672d60b347ea6161

SHA256
c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c

SHA512
b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

Download Submit
C:\Users\Admin\AppData\Local\tonfotos\tonfotos.exe

Filesize
424KB

MD5
4d9c69dcd59a6508669732951058659c

SHA1
6ef99c671551f575f7a000fef5cf48df20025f5f

SHA256
8b8d900c91e40b5ec3e0fec33836038e9cbd29f16ff80dac0528b5f0918274fa

SHA512
9d0a6218942d5f9116c540605e8fc80500508b10fe8d06979d796f20d786a862f7db6b7c744c285c71a27de8a1737ee834955f5ed45d7e8cf2e3ddd3a7779190

Download Submit
C:\Users\Admin\AppData\Roaming\tonfotos\Crashpad\settings.dat

Filesize
40B

MD5
4cd2100eadfa894043711769fb83bcd1

SHA1
49c414cdc357b0af5759530b4b660abdba580cbe

SHA256
30dc1fe8845174d8a4242a014fe15e8aa6a2ad33bae39da1bb85d431d1746575

SHA512
0e48bf35bd4122418477c5d847381513babcd82cbd82397199f235421e6351a8ec3ff4239326fc5f188d6a7e86de1ed1c1cfd37ec0d756d18470dca3a1fe45b0

Download Submit
C:\Users\Admin\AppData\Roaming\tonfotos\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\tonfotos\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\tonfotos\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\tonfotos\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\tonfotos\Local State

Filesize
389B

MD5
4a37e649fc4445bfec32093c05c21f08

SHA1
54a8a6a35bb888e06ea40e66cf18eafe7c624db5

SHA256
aac3614a0e6640d6288d9c0cd425b15184fa7d7b8de11345fd5b93b24914e5b4

SHA512
0f4d69b1efdcb547c50f13e0870d2dc0d81f922daee8f87148c72cc190a84223869164e98b3cfe94b32208a08cda7ed58ce820d60a3b04bd4c7ea33d7dd55630

Download Submit
C:\Users\Admin\AppData\Roaming\tonfotos\Local Storage\leveldb\CURRENT~RFf77d53a.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
fe65a1be69d8ef8046b1a6a4f3d59398

SHA1
ada5e09d499a7545a159c241a021e2b406360336

SHA256
64c33f4f917b93e1a57ed64bdc1f58ce010cdb31e7a818dc9bffbbfd2c9f6027

SHA512
4313a45a3bc9a553a66498b1b4bc898845797a5e9ced275d7c7eb61e27ee10a060087d08758241109d3f01dd8db31bc627d8337aadd9903aab165721e5ff9bf3

Download Submit
\Users\Admin\AppData\Local\tonfotos\app-1.9.6\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
\Users\Admin\AppData\Local\tonfotos\app-1.9.6\ffmpeg.dll

Filesize
2.6MB

MD5
476fd6cfec639e26fcd10ffe896a2032

SHA1
56a76ca560f42b80ec3371b0e4b4b841800b5041

SHA256
3655e0fd4d3ed286c7a0bf52a2346485bd1e53b5cc3a80d35aed3fe6cb84c4c3

SHA512
adeea65169c4ec334038a3bbdfd04d258bb517b58d6deba6ece49065716b3a3fd005abab92cd6af61fa645d42bd5f813968190daa738617c669d764a614e4b6a

Download Submit
\Users\Admin\AppData\Local\tonfotos\app-1.9.6\libEGL.dll

Filesize
480KB

MD5
13dba10b1a3aeb963b119b744f1061d0

SHA1
35ff9c944944e6599abb9418fe9c39bd36ece8fc

SHA256
c900a11d6f70cb01b755aca042a08f264f6bf58f49c0baf577a02e61e31d03e4

SHA512
afb555d8f5095a015c758c09100f3a712dc7cb7165036dd1155f3a4fc7ebf59bd75a0fe779e57b2d0e5681e50f441109c12154944769ce5049f95efc37f21f3a

Download Submit
\Users\Admin\AppData\Local\tonfotos\app-1.9.6\libGLESv2.dll

Filesize
7.2MB

MD5
2d2b8db03f4192b76b9a61b15b0d40c0

SHA1
6287ea123dbc4bf431c1a6e54ebb45f144f48a84

SHA256
2874cce4bcbea1806a4edf2ec3e9ea9eaa62e5ada792680edb13f115d1cae41a

SHA512
d7392ed7b3d6dd4d189b4d20b8cbaf079afe1bae6d6b2d381b78682c724285380dcc6e3504776d5e541d08e1d3e3e08e52ac202461c614bbc2344bb708062629

Download Submit
\Users\Admin\AppData\Local\tonfotos\app-1.9.6\tonfotos.exe

Filesize
150.4MB

MD5
c8a4bb92e75fe87a57698840d1652307

SHA1
b7af3b5a6a43cc56f00b566f0212b5dbd1b11dd7

SHA256
4cc26f086fa89c4d46a6f8d31bc0399fc80947a9812b3d7c98efee40c7ff0ec9

SHA512
a79cc67e6218c14841b65ace0e7b6143bea777159c4d3431ba26ac5755f7eea2cbc86b48d8b350b92ff2d06b28907260d49f8c22bf369d54cdb0bb6d80a28b55

Download Submit
memory/1440-339-0x0000000077A50000-0x0000000077A51000-memory.dmp

Filesize
4KB

Download
memory/1440-307-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1600-300-0x0000000001080000-0x0000000001256000-memory.dmp

Filesize
1.8MB

Download
memory/1916-275-0x00000000001C0000-0x00000000003C0000-memory.dmp

Filesize
2.0MB

Download
memory/2908-9-0x0000000001190000-0x0000000001366000-memory.dmp

Filesize
1.8MB

Download
memory/2908-260-0x0000000000410000-0x000000000041A000-memory.dmp

Filesize
40KB

Download