Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.telegram-xp.com/

Overview

General Information

Sample URL:http://www.telegram-xp.com/
Analysis ID:1589318
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL
Program does not show much activity (idle)
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2212 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 2964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1996,i,5958753368865452004,8250724557961574425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 5256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegram-xp.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://www.telegram-xp.com/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
AI detected suspicious URL
Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.telegram-xp.com
Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: http://www.telegram-xp.com
Source: chrome.exeMemory has grown: Private usage: 1MB later: 51MB
Source: chromecache_95.2.drString found in binary or memory: https://apps.apple.com/us/app/telegram-messenger/id686449807
Source: chromecache_93.2.dr, chromecache_95.2.dr, chromecache_97.2.drString found in binary or memory: https://beian.miit.gov.cn
Source: chromecache_93.2.dr, chromecache_95.2.dr, chromecache_97.2.drString found in binary or memory: https://image.sanxiang-sh.com/telegram-favicon.ico
Source: chromecache_93.2.dr, chromecache_97.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-01/bg_errorPage_404.png
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d1.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d2.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d3.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d4.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d5.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d6.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d7.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d8.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d9.gif
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/extension_pc_zh.png
Source: chromecache_95.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/ios_zh.png
Source: chromecache_95.2.drString found in binary or memory: https://www.sanxiang-sh.com/upload/Telegram.apk
Source: classification engineClassification label: mal52.win@19/66@0/17
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1996,i,5958753368865452004,8250724557961574425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegram-xp.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1996,i,5958753368865452004,8250724557961574425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Extra Window Memory Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://www.telegram-xp.com/100%Avira URL Cloudphishing

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://image.sanxiang-sh.com/tg-04/ios_zh.png0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d1.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d6.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d3.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d7.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d5.gif0%Avira URL Cloudsafe
https://www.sanxiang-sh.com/upload/Telegram.apk0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d9.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/extension_pc_zh.png0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-01/bg_errorPage_404.png0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d4.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d8.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d2.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/telegram-favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://image.sanxiang-sh.com/tg-04/d6.gifchromecache_95.2.drfalse
  • Avira URL Cloud: safe
unknown
https://image.sanxiang-sh.com/tg-04/ios_zh.pngchromecache_95.2.drfalse
  • Avira URL Cloud: safe
unknown
https://image.sanxiang-sh.com/tg-04/d3.gifchromecache_95.2.drfalse
  • Avira URL Cloud: safe
unknown
https://image.sanxiang-sh.com/tg-04/d9.gifchromecache_95.2.drfalse
  • Avira URL Cloud: safe
unknown
https://beian.miit.gov.cnchromecache_93.2.dr, chromecache_95.2.dr, chromecache_97.2.drfalse
    		high
    https://image.sanxiang-sh.com/tg-04/d5.gifchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/tg-04/d1.gifchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.sanxiang-sh.com/upload/Telegram.apkchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/tg-01/bg_errorPage_404.pngchromecache_93.2.dr, chromecache_97.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/tg-04/d7.gifchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/tg-04/extension_pc_zh.pngchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/tg-04/d8.gifchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/telegram-favicon.icochromecache_93.2.dr, chromecache_95.2.dr, chromecache_97.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/tg-04/d4.gifchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://image.sanxiang-sh.com/tg-04/d2.gifchromecache_95.2.drfalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    199.91.74.208
    		unknownUnited States
    		21859ZNETUSfalse
    90.84.161.16
    		unknownFrance
    		5511OPENTRANSITFRfalse
    1.1.1.1
    		unknownAustralia
    		13335CLOUDFLARENETUSfalse
    142.250.185.228
    		unknownUnited States
    		15169GOOGLEUSfalse
    104.21.32.1
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    173.194.76.84
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.185.238
    		unknownUnited States
    		15169GOOGLEUSfalse
    104.21.80.1
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    216.58.206.35
    		unknownUnited States
    		15169GOOGLEUSfalse
    172.67.193.48
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    98.98.25.19
    		unknownUnited States
    		7018ATT-INTERNET4USfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    142.250.185.195
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.186.100
    		unknownUnited States
    		15169GOOGLEUSfalse
    104.21.20.160
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse

    Private

    IP
    192.168.2.6
    192.168.2.5

    General Information

    Joe Sandbox version:42.0.0 Malachite
    Analysis ID:1589318
    Start date and time:2025-01-12 01:01:41 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 3m 33s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:browseurl.jbs
    Sample URL:http://www.telegram-xp.com/
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:7
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:MAL
    Classification:mal52.win@19/66@0/17
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Not all processes where analyzed, report is missing behavior information
    • Skipping network analysis since amount of network traffic is too extensive
    • VT rate limit hit for: http://www.telegram-xp.com/

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:02:34 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2677
    Entropy (8bit):3.9659773311149555
    Encrypted:false
    SSDEEP:48:89d8TAoZHGidAKZdA19ehwiZUklqehHy+3:8MHWcy
    MD5:2FBFFDDE82BA04E78DDF99700DD884C8
    SHA1:08B1C7908B613C05F032A8D8D32F59C57B12CE30
    SHA-256:572C290546261F147B563D91267BEC6E16CF8D29FBD4B69573509925F2B98E6C
    SHA-512:9A2B758A101E9CBC77EC7A71499B0D04D908F1D88CD2EF54C5CEB3454670FECE16EE9015930C14EA75763E60568B9690601E7F924F0BF90ABE7BBD25F440E956
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ...$+.,.....<.H.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,ZO.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,ZO.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,ZO.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,ZO............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,ZR............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:02:34 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2679
    Entropy (8bit):3.979321785569831
    Encrypted:false
    SSDEEP:48:8hd8TAoZHGidAKZdA1weh/iZUkAQkqehMy+2:8QH09Q1y
    MD5:96F297C68E4C5E536687F0022776FDCD
    SHA1:727030B9D5E44FB30027E8043EF786252790E1C4
    SHA-256:0400E4E1BEA114F3A6E114B6A41B2F9BE68194F44934601455911AC5767E0D46
    SHA-512:50E95DCA58CDE98421B3E805257BFE3DAF0C8FA1E91D6891E4907070669B3F572A7D2A1DFD6FBC009C69DCF75067D7AD5AD52BD9FC156C17E9F2F4179E779E17
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ...$+.,.....P~H.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,ZO.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,ZO.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,ZO.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,ZO............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,ZR............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2693
    Entropy (8bit):3.9960621186866567
    Encrypted:false
    SSDEEP:48:8xhd8TAosHGidAKZdA14tseh7sFiZUkmgqeh7sSy+BX:8xQHjngy
    MD5:BC70F0B8EC0BDA6249A7CBE2586961A8
    SHA1:BDCD7A686B7B823C33C8B869A44ACFD7AADDD1EE
    SHA-256:EC4E2B00D4E48771CCE9CCCBBD1F26DEA1E6BCE170555D685D001DFD99388386
    SHA-512:9533EC7923433CEC646B96623F4B78BD8610AB88F9978C6A8BA58869881A4328920D5F6B0955C528850491F5F82859FE3643C44F9631C9F571214F9A9FFA4387
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,ZO.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,ZO.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,ZO.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,ZO............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:02:34 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2681
    Entropy (8bit):3.979247272935831
    Encrypted:false
    SSDEEP:48:8Pd8TAoZHGidAKZdA1vehDiZUkwqehoy+R:8OHfay
    MD5:2715C41DEB68E7B5F6A85D388B2F360B
    SHA1:4D3301A312C8DBECEE2F8D7C359A47011A8AAB53
    SHA-256:1D3ACC28AC9AAE483DA5CBCD29386432A5CCDE7FE7DDED6160A49E1409530D42
    SHA-512:0DEC88F88C06D6D388CCDE433CC335F173842D034A7B14CC0F9254D3B759516EC89A11E1098359F21AC474B2263D16A011BDF8A37B6B09D1163D013D33BE7F61
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ...$+.,.....)wH.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,ZO.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,ZO.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,ZO.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,ZO............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,ZR............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:02:34 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2681
    Entropy (8bit):3.9688960737242787
    Encrypted:false
    SSDEEP:48:84d8TAoZHGidAKZdA1hehBiZUk1W1qeh2y+C:87Hf9Wy
    MD5:A3CA233488074907745DC6DE562ABF61
    SHA1:0DB2D2960687B1372FF123D97B4BB93BD95E337A
    SHA-256:7B7512D4790611BFADCFB4845E8F4C51F34CBFDB13BB2BCD1C9DB30D1022D19A
    SHA-512:930B4D305711D662D1712185202C96F10C71CF634008DC1B7CB9509C514560184E77567C9784F5735E07E1883C785C6A0959FDE7C7E8EB7A1887D3545EFF99CD
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ...$+.,.....w.H.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,ZO.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,ZO.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,ZO.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,ZO............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,ZR............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:02:34 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
    Category:dropped
    Size (bytes):2683
    Entropy (8bit):3.976484967090473
    Encrypted:false
    SSDEEP:48:8ed8TAoZHGidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbgy+yT+:8RHXT/TbxWOvTbgy7T
    MD5:2E70DB003BDC592EEF7A348C88A681D3
    SHA1:61A3CA67A441DEA5E7AD2480C243D98F3F25B9C4
    SHA-256:319F84F019EEEE598DBCC4DDFCC20EEC9A584D70E420B618CCAD365C0F97B62D
    SHA-512:AF7116D39619138C93D376C8BE5B54F107BB57CDFD405B9E9BE640E100D58D722953DC0EE85A1298EA44AA7C05BD5E5DDEC14701805CB4732B29FD8924B1A434
    Malicious:false
    Reputation:low
    Preview:L..................F.@.. ...$+.,....X.mH.d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,ZO.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,ZO.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,ZO.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,ZO............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,ZR............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

    C:\Users\user\Downloads\Telegram (1).apk.crdownload

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
    Category:dropped
    Size (bytes):21019180
    Entropy (8bit):7.942369230122151
    Encrypted:false
    SSDEEP:393216:rhDuKB7QCh5UCayUUl9m1KPnnpoqvml8U1KnU1DIXi6aswQEUKZTg:UKBYCRUUlMYPe5ci6aswQEjZE
    MD5:56D9B0DE78385B91300797CD8175E449
    SHA1:883DFA6F84A6D61F20968869449F4E7AF3451344
    SHA-256:62ED6590FADA79EFBF10DE10121E3044B1F3235F19EC5729AAE8152662A8E21A
    SHA-512:1F1685CCAB25234428F158E3FD829081A23C5B2A819FD1D2FC82AB794A43F85CEA56B1D04FFF657EBAC9CDF61F0741A2FEA0CE172012BD40339F1D0B47E20FBF
    Malicious:false
    Reputation:low
    Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

    C:\Users\user\Downloads\Telegram.apk.crdownload

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
    Category:dropped
    Size (bytes):64993260
    Entropy (8bit):7.934385776663654
    Encrypted:false
    SSDEEP:1572864:3Bgc7kKJP8Ui9q0nUsbnBAW9uFHwV6Mq/C:97tJP8Ui9q0dBSz/
    MD5:FDC91FFF10BD724FDAED9615B27FE612
    SHA1:464766B3465D414E6906327CE185C5A320563C27
    SHA-256:A7D44AA3D9B52B3AD51CD7058839EBB63ED1FA0F3D76BDAA3674ECAA330CE919
    SHA-512:672FAA6236560D102EC2BE4FEEBB81860F38490F661E9F3E902F3475D27E41351ECE2C00F959C750DAD54DB4134EFA9B2F2802DF54C823B5B463FB4DEA548477
    Malicious:false
    Reputation:low
    Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

    Chrome Cache Entry: 100

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):3222729
    Entropy (8bit):7.959136227282352
    Encrypted:false
    SSDEEP:49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
    MD5:1A1A1E97120C2DD2B6B3C8C0F77CA236
    SHA1:3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
    SHA-256:D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
    SHA-512:325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g*..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF..*..A.O*.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9|tS.Q.MN>^........?..e...-.......................................H......*\....#J.H.b...*j.... C..I...(.b....0c.I...+......@...S..H.*]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^

    Chrome Cache Entry: 101

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
    Category:downloaded
    Size (bytes):2581
    Entropy (8bit):5.959087266926006
    Encrypted:false
    SSDEEP:48:toypqbl2blFu6Ppzb799CYn5uJ1GzzuHcz5B7RTjcRf:2Lbl2blFusRP9ZTzzPIF
    MD5:A8848741C60C07DCB871F1E74DC8D7D3
    SHA1:1A8CA519CA229580BC9C4F6F76D6F35F334B634B
    SHA-256:30B550072FA9F210EAC5474CA1B18F610E1914B4EFE6CB3586F052BF6C9D53D5
    SHA-512:2769D1512DE3008C5D02DF63A50B2EC7C51342405270D74E30123C121A4A8D41B615EA1AC449EF837B2FDC7CA032FD31A500AB43F69C007AC09ED95F1AB78DC9
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/static/image/ios.png
    Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />...<

    Chrome Cache Entry: 102

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with very long lines (16065), with no line terminators
    Category:downloaded
    Size (bytes):16065
    Entropy (8bit):4.976234909513973
    Encrypted:false
    SSDEEP:192:kenBcXxWHEDVEXXGU+N7vknCPxKKXNCLXtyj2ibrZmt7t9Eyqhqkmirm/It/opje:kmahWifVHIT///Gv8ebiwGocd88SUTA
    MD5:AF8FA504D9A85B4009EC73405F48F641
    SHA1:5B76E5F3802C9C332972642E9ED5BABDBFEEDCA1
    SHA-256:579C81635620AB20ABC01C9CC38575B3C3E5BBABC657D1496F65E0C55752A8AE
    SHA-512:251804562C03C8C12E11B575BC3ABAF559D2B31EFD41C263C9366989D9CCA333A539C56DF42A9A79FEE597C5E21F9236D2685AC3A2DA2233862EFA0DE9E29EB0
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/static/css/style.min.css
    Preview::root{--headerHeight: 50px;--padding: 15px;--themeColor: #0088cc;--maxWidth: 1200px}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none;color:#333}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{font:12px Microsoft YaHei-Regular,Microsoft YaHei;color:#333;background:#fff;overflow-x:hidden;font-weight:400}#to-top{position:fixed;bottom:10%;right:20px;cursor:pointer;width:45px;height:45px;background:rgba(0,0,0,.3) url(../image/top.png) no-repeat center center;background-size:25px auto;cursor:pointer;border-radius:10px;z-index:999}#to-top:hover{background:var(--themeColor) url(../image/top.png) no-repeat center center/cover;background-size:25px auto}header{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;padding:0 15px;width:100%;height:var(--headerHeight);background:rgba(255,255,255,.84);-webkit-backdrop-filter:blur(25px);backdrop-filter:blur(25px);border-b

    Chrome Cache Entry: 103

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):3373417
    Entropy (8bit):7.978140019775728
    Encrypted:false
    SSDEEP:49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
    MD5:28746CEA3FA3FE45E9A77EAC83CC83EB
    SHA1:5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
    SHA-256:1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
    SHA-512:501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C..*...?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..|....A..e.>t.-..%..,...#w4..O...."..`......dW.|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......*\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k

    Chrome Cache Entry: 104

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):2146221
    Entropy (8bit):7.949979177664583
    Encrypted:false
    SSDEEP:49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
    MD5:B66CCB48AAE5492D0043602A8809739D
    SHA1:526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
    SHA-256:4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
    SHA-512:6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......|......'../....A..h......*............H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......*\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k

    Chrome Cache Entry: 105

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):2603040
    Entropy (8bit):7.962323436035343
    Encrypted:false
    SSDEEP:49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
    MD5:80515DB845D4FC2B936127D4324FF322
    SHA1:3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
    SHA-256:5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
    SHA-512:32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d8.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u*.....B.._O.A3*.m+.p5..b......XyM.///g;..|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.|.+^.8...#?.....>=.

    Chrome Cache Entry: 106

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with very long lines (65536), with no line terminators
    Category:downloaded
    Size (bytes):86923
    Entropy (8bit):5.288942392211126
    Encrypted:false
    SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
    MD5:B72AFE07A6F6F477120F3B0803D0A983
    SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
    SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
    SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/static/js/jquery.js
    Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

    Chrome Cache Entry: 107

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
    Category:downloaded
    Size (bytes):4286
    Entropy (8bit):5.157520760822341
    Encrypted:false
    SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
    MD5:975B4112A366CCA6B9BF2C84E268268C
    SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
    SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
    SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-favicon.ico
    Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..

    Chrome Cache Entry: 108

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):2968347
    Entropy (8bit):7.942137046837241
    Encrypted:false
    SSDEEP:49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
    MD5:5D09F9927641C16D5B62DA8F2F877F50
    SHA1:B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
    SHA-256:E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
    SHA-512:E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d9.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g*..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......*\....#J|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R

    Chrome Cache Entry: 109

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Unicode text, UTF-8 text, with CRLF line terminators
    Category:dropped
    Size (bytes):1609
    Entropy (8bit):5.111131420436804
    Encrypted:false
    SSDEEP:24:sSaDlMfl2HgSE98vJ34apncroPi3i436P8oe6uPBoND7EEUk1kE1FEQ:sSaDafoASE98vB5TP+JOCP+dLvN1P
    MD5:281DC6124945E9FD994B807C888ABC5D
    SHA1:774E99120962B49D578080FE8B878ED964D07917
    SHA-256:9EE9211A0B465319F34050F280156F311C55A12016A91764AFDB17C8605F173C
    SHA-512:BC56821DD9D7DD91593A50A05AFB6A905E90104602EA1400F018205B3F1046A1530F5A10C168A7CD1C73A89BA16B8950106172DABD4D00EBAA3D962E1A5FD469
    Malicious:false
    Reputation:low
    Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad|iPhone|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..

    Chrome Cache Entry: 110

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):3222729
    Entropy (8bit):7.959136227282352
    Encrypted:false
    SSDEEP:49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
    MD5:1A1A1E97120C2DD2B6B3C8C0F77CA236
    SHA1:3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
    SHA-256:D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
    SHA-512:325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d7.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g*..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF..*..A.O*.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9|tS.Q.MN>^........?..e...-.......................................H......*\....#J.H.b...*j.... C..I...(.b....0c.I...+......@...S..H.*]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^

    Chrome Cache Entry: 111

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):1999661
    Entropy (8bit):7.95888108485966
    Encrypted:false
    SSDEEP:49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
    MD5:443B2A218BA5A3010B778986488AF448
    SHA1:957E3B8E8951351B28F5106E8006F96255AD200B
    SHA-256:DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
    SHA-512:277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.*.....w..]....555.5......!}...T..*.fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q..*..y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/.*.TE0YYY.n".h#..(..W..^....s...O...................................................H......*\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#.*.....)c

    Chrome Cache Entry: 112

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Unicode text, UTF-8 text, with CRLF line terminators
    Category:downloaded
    Size (bytes):1609
    Entropy (8bit):5.111131420436804
    Encrypted:false
    SSDEEP:24:sSaDlMfl2HgSE98vJ34apncroPi3i436P8oe6uPBoND7EEUk1kE1FEQ:sSaDafoASE98vB5TP+JOCP+dLvN1P
    MD5:281DC6124945E9FD994B807C888ABC5D
    SHA1:774E99120962B49D578080FE8B878ED964D07917
    SHA-256:9EE9211A0B465319F34050F280156F311C55A12016A91764AFDB17C8605F173C
    SHA-512:BC56821DD9D7DD91593A50A05AFB6A905E90104602EA1400F018205B3F1046A1530F5A10C168A7CD1C73A89BA16B8950106172DABD4D00EBAA3D962E1A5FD469
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/static/js/public.js
    Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad|iPhone|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..

    Chrome Cache Entry: 113

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
    Category:downloaded
    Size (bytes):19053100
    Entropy (8bit):7.986118474741525
    Encrypted:false
    SSDEEP:393216:rhDuKB7QCh5UCayUUl9m1KPnnpoqvml8U1KnU1DIXi6aswQEH:UKBYCRUUlMYPe5ci6aswQEH
    MD5:EA7A23C448B6F4A622CA83AD0F76BFE3
    SHA1:B6F4806C4D4196D001A695ABC6054C431DCDE888
    SHA-256:3AB594828C3BB242413B672C51830DDD570E949DFCF8949D315A5E7E45D193D0
    SHA-512:545F616F0832CAAD75A5F601A6C3A5EC556AEF4A09884D4F7E91D455B7C797A87536C2111EC1AE35F02D7DCC6D1768D60198F083F36A078DFCD3AC88E2ADED10
    Malicious:false
    Reputation:low
    URL:https://www.sanxiang-sh.com/upload/Telegram.apk
    Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

    Chrome Cache Entry: 114

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 82 x 82, 8-bit/color RGBA, non-interlaced
    Category:downloaded
    Size (bytes):4046
    Entropy (8bit):7.920916892238825
    Encrypted:false
    SSDEEP:96:RbRrGGHaQ56d4ddwpysPP5m20/JexcgBY9B3zFexTR3oAetdR:5ZGGHaa6addwpyw8JJz9FzQx9hetdR
    MD5:E67B727975AD821985059F20F52E0A0D
    SHA1:F64D5CA1F4AD157047E25D7C97E1AD3A67328F39
    SHA-256:6D8CF0D773DFC943BDA88D8F56B58BCEDF9E901BAC2F8F537677A1670A42F0E8
    SHA-512:87B653D978E2876A7E5EEB3DFAA9F368043BD70F3C184A18B9CA3F20D695E333A1DDA628ACEA981070BFCF41CD503BB2B82EAA1148DA2CD5B80826AB78D68051
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/static/image/top.png
    Preview:.PNG........IHDR...R...R......,......sRGB.........IDATx^..p....wW..%K...;....!.G.mb......P..I..0..&i.:...LB..I8..BK.8C.r.......>.]..9...x.c|.........i..Y.V.;..h$..........}.8......J-.+....I...$.>F.~.^.h....! G..H.D...7P.7.(..~..>w....;`..p.^......EQ)8.'....q..........>....0..n.7Y..+.o..?~|..a.$..t.....@.q...../..1...q..a.f...m2.....U#P..4. ]..P./^.KOO_KQT.......Z.......5..(7.Z..~....$Z'.\....g.}v.D"y......\Q..b.SWW./33..P).."jp.....W.XA.8p.U.T.'......K3..t...w........<..~.'&H6p.O{{.....#8.?."..0..w....}.3...L1@r.Bbppp.B..aX.H.D..a...d.T*?.0...hc.. Q.....%'N..GQ...<@.X....&Mz]......5....H...7o....D"Y....Z..n.r...+..<h.... .ylTv@.Z".<'jo.\..f...7..............K677.N....; ............Dt8n.vs_A.........5..e.*.Z...R..... .... az.B4../.T.#.Z.....r.Z}.W.B@.y...k.'M.t..0.@FV..t.a.!...*..x.\....q...p..0.k.eh...1.....F."9_....(..l.K$.t!......].`A.'..Z....,..o...?.Hh.v...$._9@...SJ.0....../W.V...C;I..q.G...].T..;6..Z".D......uxxx1..M....HT. .....u...H.F..JJJ..

    Chrome Cache Entry: 115

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 82 x 82, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):4046
    Entropy (8bit):7.920916892238825
    Encrypted:false
    SSDEEP:96:RbRrGGHaQ56d4ddwpysPP5m20/JexcgBY9B3zFexTR3oAetdR:5ZGGHaa6addwpyw8JJz9FzQx9hetdR
    MD5:E67B727975AD821985059F20F52E0A0D
    SHA1:F64D5CA1F4AD157047E25D7C97E1AD3A67328F39
    SHA-256:6D8CF0D773DFC943BDA88D8F56B58BCEDF9E901BAC2F8F537677A1670A42F0E8
    SHA-512:87B653D978E2876A7E5EEB3DFAA9F368043BD70F3C184A18B9CA3F20D695E333A1DDA628ACEA981070BFCF41CD503BB2B82EAA1148DA2CD5B80826AB78D68051
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR...R...R......,......sRGB.........IDATx^..p....wW..%K...;....!.G.mb......P..I..0..&i.:...LB..I8..BK.8C.r.......>.]..9...x.c|.........i..Y.V.;..h$..........}.8......J-.+....I...$.>F.~.^.h....! G..H.D...7P.7.(..~..>w....;`..p.^......EQ)8.'....q..........>....0..n.7Y..+.o..?~|..a.$..t.....@.q...../..1...q..a.f...m2.....U#P..4. ]..P./^.KOO_KQT.......Z.......5..(7.Z..~....$Z'.\....g.}v.D"y......\Q..b.SWW./33..P).."jp.....W.XA.8p.U.T.'......K3..t...w........<..~.'&H6p.O{{.....#8.?."..0..w....}.3...L1@r.Bbppp.B..aX.H.D..a...d.T*?.0...hc.. Q.....%'N..GQ...<@.X....&Mz]......5....H...7o....D"Y....Z..n.r...+..<h.... .ylTv@.Z".<'jo.\..f...7..............K677.N....; ............Dt8n.vs_A.........5..e.*.Z...R..... .... az.B4../.T.#.Z.....r.Z}.W.B@.y...k.'M.t..0.@FV..t.a.!...*..x.\....q...p..0.k.eh...1.....F."9_....(..l.K$.t!......].`A.'..Z....,..o...?.Hh.v...$._9@...SJ.0....../W.V...C;I..q.G...].T..;6..Z".D......uxxx1..M....HT. .....u...H.F..JJJ..

    Chrome Cache Entry: 116

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with very long lines (65536), with no line terminators
    Category:dropped
    Size (bytes):86923
    Entropy (8bit):5.288942392211126
    Encrypted:false
    SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
    MD5:B72AFE07A6F6F477120F3B0803D0A983
    SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
    SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
    SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
    Malicious:false
    Reputation:low
    Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

    Chrome Cache Entry: 117

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 775 x 825, 8-bit/color RGB, non-interlaced
    Category:downloaded
    Size (bytes):268481
    Entropy (8bit):7.98467490175069
    Encrypted:false
    SSDEEP:6144:WOaPEe8NIm92iKb84rnQt/GUCOw5wgvXrZDvh9T1aDSWL6YuEf1ye:WOa18mCWb80Qt/BUVbzTQPL6ZEEe
    MD5:A2FFCD73EDDD76A01F35ADFF0BE467D8
    SHA1:B29C51BC3DDD3C8210190BFCEE247313CF197C87
    SHA-256:9B261666109DDE22C348C6EFE0707AB57192C1E93D9A6BD126F44E855FA7B7EE
    SHA-512:7351CD7764218BA21352E58F4B55FA46893F2F5F460C9ECCF99DD11FAFD54F3048487920E49638F5F5D74D4EE602921894F75C34A0B8CD6D138B7FD13426E8EE
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/ios_zh.png
    Preview:.PNG........IHDR.......9......J......pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...7IDATx....@1.C....f}.@.n...)88E53.....].I..!.......!d.'...3..b.m...J..r.3m....`...$f`......l.bd...a.......h.U4....g.1.4........<\.....).`..'..@,.A0..|.._K...V.m4....M....ZB.z..M.Q0...........F..I.V...`....2.F.0....5...a..."...*R.-......D..a..^E.%3#.}U.{....$O.....}.n..iG.+..[.'C.....LU..M.t.....`..V...0l#.B....CC.E..Y.X"..../x...?.......ks.f...k....B..{...=.z..1^C.....C....cf7/H.V_((...`........Imgq.......RRN..+bm....s...G........J.Zq>......G..R..D$RB!p.B.'...S.....n..oF=..@./..+..../..t..X....`..6..&..w...HE.GB.xuY,..]h$a......8..0.c...ZWUS..k.1.q...\.Z..an......jH...y.@..J..h.EW..77....84.-..k.d.H.9(...)U....*..z.........i...!..w..+"...NT...b."...$X..y.k.......).;W. .D.,....N~..........(......Bt..7....=.{w)....F.......u..w!wH..T..9./EQU.....B.I...y.... ..bH.(!.$..............S.D..h..`Q0...4....R.,.$...A.;....E.1..j.$.3ak...v

    Chrome Cache Entry: 118

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
    Category:downloaded
    Size (bytes):2581
    Entropy (8bit):5.959087266926006
    Encrypted:false
    SSDEEP:48:toypqbl2blFu6Ppzb799CYn5uJ1GzzuHcz5B7RTjcRf:2Lbl2blFusRP9ZTzzPIF
    MD5:A8848741C60C07DCB871F1E74DC8D7D3
    SHA1:1A8CA519CA229580BC9C4F6F76D6F35F334B634B
    SHA-256:30B550072FA9F210EAC5474CA1B18F610E1914B4EFE6CB3586F052BF6C9D53D5
    SHA-512:2769D1512DE3008C5D02DF63A50B2EC7C51342405270D74E30123C121A4A8D41B615EA1AC449EF837B2FDC7CA032FD31A500AB43F69C007AC09ED95F1AB78DC9
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/static/image/pc.png
    Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />...<

    Chrome Cache Entry: 119

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):2415534
    Entropy (8bit):7.953757920742143
    Encrypted:false
    SSDEEP:49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
    MD5:CBD2D6AF702CAB22FB23C7D159ABC428
    SHA1:C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
    SHA-256:58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
    SHA-512:E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d1.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k

    Chrome Cache Entry: 120

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:RIFF (little-endian) data, Web/P image
    Category:downloaded
    Size (bytes):1696890
    Entropy (8bit):7.996167221864141
    Encrypted:true
    SSDEEP:49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
    MD5:6AE9949DD516F905186883C3DC5F082B
    SHA1:0574973A09CD1C4586F2237169351237A930718D
    SHA-256:424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
    SHA-512:CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d5.gif
    Preview:RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*|.p.Y.Y..a....E.|...p.|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB

    Chrome Cache Entry: 84

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):2603040
    Entropy (8bit):7.962323436035343
    Encrypted:false
    SSDEEP:49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
    MD5:80515DB845D4FC2B936127D4324FF322
    SHA1:3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
    SHA-256:5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
    SHA-512:32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u*.....B.._O.A3*.m+.p5..b......XyM.///g;..|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.|.+^.8...#?.....>=.

    Chrome Cache Entry: 85

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:RIFF (little-endian) data, Web/P image
    Category:dropped
    Size (bytes):1696890
    Entropy (8bit):7.996167221864141
    Encrypted:true
    SSDEEP:49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
    MD5:6AE9949DD516F905186883C3DC5F082B
    SHA1:0574973A09CD1C4586F2237169351237A930718D
    SHA-256:424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
    SHA-512:CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
    Malicious:false
    Reputation:low
    Preview:RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*|.p.Y.Y..a....E.|...p.|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB

    Chrome Cache Entry: 86

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):3373417
    Entropy (8bit):7.978140019775728
    Encrypted:false
    SSDEEP:49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
    MD5:28746CEA3FA3FE45E9A77EAC83CC83EB
    SHA1:5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
    SHA-256:1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
    SHA-512:501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d4.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C..*...?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..|....A..e.>t.-..%..,...#w4..O...."..`......dW.|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......*\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k

    Chrome Cache Entry: 87

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 775 x 825, 8-bit/color RGB, non-interlaced
    Category:dropped
    Size (bytes):268481
    Entropy (8bit):7.98467490175069
    Encrypted:false
    SSDEEP:6144:WOaPEe8NIm92iKb84rnQt/GUCOw5wgvXrZDvh9T1aDSWL6YuEf1ye:WOa18mCWb80Qt/BUVbzTQPL6ZEEe
    MD5:A2FFCD73EDDD76A01F35ADFF0BE467D8
    SHA1:B29C51BC3DDD3C8210190BFCEE247313CF197C87
    SHA-256:9B261666109DDE22C348C6EFE0707AB57192C1E93D9A6BD126F44E855FA7B7EE
    SHA-512:7351CD7764218BA21352E58F4B55FA46893F2F5F460C9ECCF99DD11FAFD54F3048487920E49638F5F5D74D4EE602921894F75C34A0B8CD6D138B7FD13426E8EE
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR.......9......J......pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...7IDATx....@1.C....f}.@.n...)88E53.....].I..!.......!d.'...3..b.m...J..r.3m....`...$f`......l.bd...a.......h.U4....g.1.4........<\.....).`..'..@,.A0..|.._K...V.m4....M....ZB.z..M.Q0...........F..I.V...`....2.F.0....5...a..."...*R.-......D..a..^E.%3#.}U.{....$O.....}.n..iG.+..[.'C.....LU..M.t.....`..V...0l#.B....CC.E..Y.X"..../x...?.......ks.f...k....B..{...=.z..1^C.....C....cf7/H.V_((...`........Imgq.......RRN..+bm....s...G........J.Zq>......G..R..D$RB!p.B.'...S.....n..oF=..@./..+..../..t..X....`..6..&..w...HE.GB.xuY,..]h$a......8..0.c...ZWUS..k.1.q...\.Z..an......jH...y.@..J..h.EW..77....84.-..k.d.H.9(...)U....*..z.........i...!..w..+"...NT...b."...$X..y.k.......).;W. .D.,....N~..........(......Bt..7....=.{w)....F.......u..w!wH..T..9./EQU.....B.I...y.... ..bH.(!.$..............S.D..h..`Q0...4....R.,.$...A.;....E.1..j.$.3ak...v

    Chrome Cache Entry: 88

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
    Category:dropped
    Size (bytes):4286
    Entropy (8bit):5.157520760822341
    Encrypted:false
    SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
    MD5:975B4112A366CCA6B9BF2C84E268268C
    SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
    SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
    SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
    Malicious:false
    Reputation:low
    Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..

    Chrome Cache Entry: 89

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 775 x 511, 8-bit/color RGB, non-interlaced
    Category:dropped
    Size (bytes):269915
    Entropy (8bit):7.997318625620062
    Encrypted:true
    SSDEEP:6144:eUHIRpvqzhFuCCfsBeFHvVP61UZtBdy9P+Bo0suvken8aPgb9dlA:eCsyz3vCAeIOtBc9EoJu8engq
    MD5:A3E4DF3C003560CC296AF06B198390B4
    SHA1:B1D9C70957302A8D0884694052439432407BF8D5
    SHA-256:5BFE27A076F070C98104425FA065C987195CE8ADEC010D52EF104A59B7F5653E
    SHA-512:2913378C0B7FA73C89A5F4CF0EFD90A191E5EE4E7BCD9BC2DE82939357882AB733A9F5C60BA8FCE57015312ABC0400E906D97BBA47A56C838A36A257D93D1E1E
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR..............d6E.. .IDATx..Y.$.y.........&{..&)R.H...1... a.E........G?............."<.F.8.E..H.l.Mv7...}.[n...../.dd..uoV....y.......wNDT..q%....@@ .........D.{......@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!....o.......F#.z....G@ ...............?v...XPV...j.s..&48....Q$.q,8.&y8.......@@.}.....k.oj.kp..l...gAY..eY.RI.x.p....\...}.# ..........cG...NiKk{U...M..u......,..32...........m...c.....@@ ..8v....6..2.....fh..l.$."...#.."n..p..;.\.z...^{.7.....=..,....@@ .......@;......<..SO=..+......m.F`b.h...B. C.....]...o~.._.....vaH..}.$."@.d.................[...&Z.Vk6.kkk...g~.~....V...A....eE@iHmnn~.[...........YV.X2.\"p67...."@.d................z...w...@P..........?.~..YPV.F..2...............Ss....A..n.& .........O.P..2LS......U ..>...../..K/..D.

    Chrome Cache Entry: 90

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):2146221
    Entropy (8bit):7.949979177664583
    Encrypted:false
    SSDEEP:49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
    MD5:B66CCB48AAE5492D0043602A8809739D
    SHA1:526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
    SHA-256:4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
    SHA-512:6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d3.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......|......'../....A..h......*............H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......*\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k

    Chrome Cache Entry: 91

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):2968347
    Entropy (8bit):7.942137046837241
    Encrypted:false
    SSDEEP:49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
    MD5:5D09F9927641C16D5B62DA8F2F877F50
    SHA1:B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
    SHA-256:E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
    SHA-512:E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g*..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......*\....#J|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R

    Chrome Cache Entry: 92

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):1867995
    Entropy (8bit):7.97135881669897
    Encrypted:false
    SSDEEP:49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
    MD5:3DDFFC96032B4B586B63950436E1B19F
    SHA1:4E648AB679826B824D2D111E1B96E6D6FEC88BFB
    SHA-256:8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
    SHA-512:0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d2.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s*.i........vf+..5...*......4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3..*...^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......*\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.

    Chrome Cache Entry: 93

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
    Category:dropped
    Size (bytes):2581
    Entropy (8bit):5.959087266926006
    Encrypted:false
    SSDEEP:48:toypqbl2blFu6Ppzb799CYn5uJ1GzzuHcz5B7RTjcRf:2Lbl2blFusRP9ZTzzPIF
    MD5:A8848741C60C07DCB871F1E74DC8D7D3
    SHA1:1A8CA519CA229580BC9C4F6F76D6F35F334B634B
    SHA-256:30B550072FA9F210EAC5474CA1B18F610E1914B4EFE6CB3586F052BF6C9D53D5
    SHA-512:2769D1512DE3008C5D02DF63A50B2EC7C51342405270D74E30123C121A4A8D41B615EA1AC449EF837B2FDC7CA032FD31A500AB43F69C007AC09ED95F1AB78DC9
    Malicious:false
    Reputation:low
    Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />...<

    Chrome Cache Entry: 94

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 775 x 511, 8-bit/color RGB, non-interlaced
    Category:downloaded
    Size (bytes):269915
    Entropy (8bit):7.997318625620062
    Encrypted:true
    SSDEEP:6144:eUHIRpvqzhFuCCfsBeFHvVP61UZtBdy9P+Bo0suvken8aPgb9dlA:eCsyz3vCAeIOtBc9EoJu8engq
    MD5:A3E4DF3C003560CC296AF06B198390B4
    SHA1:B1D9C70957302A8D0884694052439432407BF8D5
    SHA-256:5BFE27A076F070C98104425FA065C987195CE8ADEC010D52EF104A59B7F5653E
    SHA-512:2913378C0B7FA73C89A5F4CF0EFD90A191E5EE4E7BCD9BC2DE82939357882AB733A9F5C60BA8FCE57015312ABC0400E906D97BBA47A56C838A36A257D93D1E1E
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/extension_pc_zh.png
    Preview:.PNG........IHDR..............d6E.. .IDATx..Y.$.y.........&{..&)R.H...1... a.E........G?............."<.F.8.E..H.l.Mv7...}.[n...../.dd..uoV....y.......wNDT..q%....@@ .........D.{......@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!....o.......F#.z....G@ ...............?v...XPV...j.s..&48....Q$.q,8.&y8.......@@.}.....k.oj.kp..l...gAY..eY.RI.x.p....\...}.# ..........cG...NiKk{U...M..u......,..32...........m...c.....@@ ..8v....6..2.....fh..l.$."...#.."n..p..;.\.z...^{.7.....=..,....@@ .......@;......<..SO=..+......m.F`b.h...B. C.....]...o~.._.....vaH..}.$."@.d.................[...&Z.Vk6.kkk...g~.~....V...A....eE@iHmnn~.[...........YV.X2.\"p67...."@.d................z...w...@P..........?.~..YPV.F..2...............Ss....A..n.& .........O.P..2LS......U ..>...../..K/..D.

    Chrome Cache Entry: 95

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
    Category:downloaded
    Size (bytes):6583
    Entropy (8bit):5.90418993616481
    Encrypted:false
    SSDEEP:96:2Lbl2blFusRP9ZYFbHgWX93YHy8fIEb3Maiaqd:HP9GRUXAZd
    MD5:EAFF37EC863A70D89B048ED0DFD510AC
    SHA1:0B681B949A6B05B6B87A4D7F2DEC57BA97250962
    SHA-256:F3A936246B04C8BC38EDFB39B2E397F76D913F6430696ACF420F39BBC362CA8C
    SHA-512:342115E7EA17A84F896365D268780F28316D35A196AE0A67D8467C174A981E53B1A5A61F702A3C3B8A6D3ADF32069E90FE52A12681874E09FCD7699EF76DA2F0
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/
    Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />...<

    Chrome Cache Entry: 96

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):2415534
    Entropy (8bit):7.953757920742143
    Encrypted:false
    SSDEEP:49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
    MD5:CBD2D6AF702CAB22FB23C7D159ABC428
    SHA1:C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
    SHA-256:58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
    SHA-512:E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k

    Chrome Cache Entry: 97

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
    Category:downloaded
    Size (bytes):2581
    Entropy (8bit):5.959087266926006
    Encrypted:false
    SSDEEP:48:toypqbl2blFu6Ppzb799CYn5uJ1GzzuHcz5B7RTjcRf:2Lbl2blFusRP9ZTzzPIF
    MD5:A8848741C60C07DCB871F1E74DC8D7D3
    SHA1:1A8CA519CA229580BC9C4F6F76D6F35F334B634B
    SHA-256:30B550072FA9F210EAC5474CA1B18F610E1914B4EFE6CB3586F052BF6C9D53D5
    SHA-512:2769D1512DE3008C5D02DF63A50B2EC7C51342405270D74E30123C121A4A8D41B615EA1AC449EF837B2FDC7CA032FD31A500AB43F69C007AC09ED95F1AB78DC9
    Malicious:false
    Reputation:low
    URL:https://www.telegram-xp.com/static/image/android-active.png
    Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />...<

    Chrome Cache Entry: 98

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):1999661
    Entropy (8bit):7.95888108485966
    Encrypted:false
    SSDEEP:49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
    MD5:443B2A218BA5A3010B778986488AF448
    SHA1:957E3B8E8951351B28F5106E8006F96255AD200B
    SHA-256:DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
    SHA-512:277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-04/d6.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.*.....w..]....555.5......!}...T..*.fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q..*..y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/.*.TE0YYY.n".h#..(..W..^....s...O...................................................H......*\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#.*.....)c

    Chrome Cache Entry: 99

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):1867995
    Entropy (8bit):7.97135881669897
    Encrypted:false
    SSDEEP:49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
    MD5:3DDFFC96032B4B586B63950436E1B19F
    SHA1:4E648AB679826B824D2D111E1B96E6D6FEC88BFB
    SHA-256:8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
    SHA-512:0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s*.i........vf+..5...*......4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3..*...^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......*\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.

    Static File Info

    No static file info

    Network Behavior

    Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:19:02:28
    Start date:11/01/2025
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Imagebase:0x7ff715980000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:2
    Start time:19:02:32
    Start date:11/01/2025
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1996,i,5958753368865452004,8250724557961574425,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Imagebase:0x7ff715980000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:3
    Start time:19:02:37
    Start date:11/01/2025
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegram-xp.com/"
    Imagebase:0x7ff715980000
    File size:3'242'272 bytes
    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    No disassembly