Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.telegramrs.com/

Overview

General Information

Sample URL:http://www.telegramrs.com/
Analysis ID:1589327
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL
Program does not show much activity (idle)

Classification

  • System is w10x64
  • chrome.exe (PID: 4544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2280,i,10108346614440572594,2523429433199655675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramrs.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://www.telegramrs.com/Avira URL Cloud: detection malicious, Label: phishing

Phishing

barindex
Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.telegramrs.com
Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: http://www.telegramrs.com
Source: chrome.exeMemory has grown: Private usage: 0MB later: 48MB
Source: chromecache_87.2.drString found in binary or memory: https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip
Source: chromecache_87.2.drString found in binary or memory: https://apps.apple.com/us/app/telegram-messenger/id686449807
Source: chromecache_87.2.drString found in binary or memory: https://beian.miit.gov.cn
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/telegram-favicon.ico
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/telegram-logo.png
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d1.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d2.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d3.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d4.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d5.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d6.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d7.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d8.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/d9.gif
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/extension_pc_zh.png
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/ios_zh.png
Source: chromecache_87.2.drString found in binary or memory: https://image.sanxiang-sh.com/tg-04/top.png
Source: chromecache_87.2.drString found in binary or memory: https://www.sanxiang-sh.com/upload/Telegram.apk
Source: classification engineClassification label: mal52.win@21/68@0/16
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\339a8d00-e0c7-49ca-bef9-e25055d14e1d.tmpJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2280,i,10108346614440572594,2523429433199655675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramrs.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2280,i,10108346614440572594,2523429433199655675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://www.telegramrs.com/100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://image.sanxiang-sh.com/tg-04/top.png0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d1.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d9.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d3.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d6.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d5.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/ios_zh.png0%Avira URL Cloudsafe
https://www.sanxiang-sh.com/upload/Telegram.apk0%Avira URL Cloudsafe
https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d7.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/extension_pc_zh.png0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/telegram-logo.png0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d4.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d8.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/tg-04/d2.gif0%Avira URL Cloudsafe
https://image.sanxiang-sh.com/telegram-favicon.ico0%Avira URL Cloudsafe
No contacted domains info
NameMaliciousAntivirus DetectionReputation
https://www.telegramrs.com/false
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    https://image.sanxiang-sh.com/tg-04/d6.gifchromecache_87.2.drfalse
    • Avira URL Cloud: safe
    unknown
    https://image.sanxiang-sh.com/tg-04/ios_zh.pngchromecache_87.2.drfalse
    • Avira URL Cloud: safe
    unknown
    https://image.sanxiang-sh.com/tg-04/top.pngchromecache_87.2.drfalse
    • Avira URL Cloud: safe
    unknown
    https://image.sanxiang-sh.com/tg-04/d3.gifchromecache_87.2.drfalse
    • Avira URL Cloud: safe
    unknown
    https://image.sanxiang-sh.com/tg-04/d9.gifchromecache_87.2.drfalse
    • Avira URL Cloud: safe
    unknown
    https://beian.miit.gov.cnchromecache_87.2.drfalse
      high
      https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zipchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/tg-04/d5.gifchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/tg-04/d1.gifchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://www.sanxiang-sh.com/upload/Telegram.apkchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/tg-04/d7.gifchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/tg-04/extension_pc_zh.pngchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/tg-04/d8.gifchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/telegram-favicon.icochromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/telegram-logo.pngchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/tg-04/d4.gifchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      https://image.sanxiang-sh.com/tg-04/d2.gifchromecache_87.2.drfalse
      • Avira URL Cloud: safe
      unknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      90.84.161.16
      unknownFrance
      5511OPENTRANSITFRfalse
      1.1.1.1
      unknownAustralia
      13335CLOUDFLARENETUSfalse
      104.21.64.1
      unknownUnited States
      13335CLOUDFLARENETUSfalse
      172.217.18.3
      unknownUnited States
      15169GOOGLEUSfalse
      216.58.206.36
      unknownUnited States
      15169GOOGLEUSfalse
      142.250.181.227
      unknownUnited States
      15169GOOGLEUSfalse
      142.251.168.84
      unknownUnited States
      15169GOOGLEUSfalse
      172.67.193.48
      unknownUnited States
      13335CLOUDFLARENETUSfalse
      104.21.112.1
      unknownUnited States
      13335CLOUDFLARENETUSfalse
      149.104.73.29
      unknownUnited States
      174COGENT-174USfalse
      239.255.255.250
      unknownReserved
      unknownunknownfalse
      90.84.161.20
      unknownFrance
      5511OPENTRANSITFRfalse
      142.250.184.206
      unknownUnited States
      15169GOOGLEUSfalse
      104.21.20.160
      unknownUnited States
      13335CLOUDFLARENETUSfalse
      IP
      192.168.2.4
      192.168.2.5
      Joe Sandbox version:42.0.0 Malachite
      Analysis ID:1589327
      Start date and time:2025-01-12 01:09:43 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 3m 42s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:browseurl.jbs
      Sample URL:http://www.telegramrs.com/
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:8
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal52.win@21/68@0/16
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Not all processes where analyzed, report is missing behavior information
      • Skipping network analysis since amount of network traffic is too extensive
      • VT rate limit hit for: http://www.telegramrs.com/
      No simulations
      No context
      No context
      No context
      No context
      No context
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):1816
      Entropy (8bit):7.797472128202852
      Encrypted:false
      SSDEEP:48:J0nL/xwzzaB19uurRtMBvCm4tzH3bzvrgMl:Bz419uurRtCHWzD/l
      MD5:A4555CF76EC92249D961F4A1360F6E3E
      SHA1:0F8058613FA777B34C754A768DC1E119244C901E
      SHA-256:359B9460CEB3537830F4A511FB8B727CE1EED7B2AD4F6C34CA63A92D1CE7753E
      SHA-512:A40977480BA14BF7E6D8DA4CEF7A82494F83AA5273A91C3E9D3E3E4363C7324D2E57011C325F34CDED77E9D8E850AD258366F8CBA807097EE462740C6DBCEA2B
      Malicious:false
      Reputation:low
      Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):12774
      Entropy (8bit):7.910550619067836
      Encrypted:false
      SSDEEP:384:cK60SaQO6hnpRkLw++Fpr1f74MiVlitJ7EAk8:u0N65pRkLqFp1DifXAk8
      MD5:CB2B98EDF84069CBE58E59FE157269C5
      SHA1:9579F1CB011691941DFB1C215CBDBCDE877D6F24
      SHA-256:6C4B9A8ABB978540C0B04377D2FAE1B698532751988F74820DBAE94CAB92D578
      SHA-512:CB762E747F7CBA5C17E572BD27F94CE47843308E2B2B59ADDDFCAE3642D58486C12B3D39F0B49CF420F696E299ADD04BBF67DB4B54AC07D28BFF09FFC23CCDFB
      Malicious:false
      Reputation:low
      Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):46479915
      Entropy (8bit):7.934544240422006
      Encrypted:false
      SSDEEP:786432:UKBYCRUUlMYPe5ci6aswQEjZEJ+G9GsiU4suJ9zqZ6KQ5nALspxT6mmK:3Bgc7kKJP8Ui9q0nUsbnB
      MD5:09A86DED4F9426C2DF90E1A301828AB7
      SHA1:05E75933A3E6EE9D1ECFFDC1ABF4FFE44BFFD81D
      SHA-256:9014A307BD57DF771196B20BA0404EDEE2C2FD716DEBF552FCB1B2DFDBEBE936
      SHA-512:E88205607D8115E62A7302E64E43CF511FE57BF09E7FA71AE2CE74355078507AF5676AD9FCBAB4E472BE7F253E9BF7DE8A81A7A2EA57138BBAD62729A397222E
      Malicious:false
      Reputation:low
      Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):2701867
      Entropy (8bit):7.865342339849513
      Encrypted:false
      SSDEEP:49152:LIDIC+Meb0wuKaEQb9T8lpnZmMtuBuSSNKxnD67vW2w3d8zL:LIR+M+BaEQmlpnZDuBuBNKcvW24dkL
      MD5:CFFDD5DCE195DF9E9D899EE4BAE5AEA9
      SHA1:9336236E1F98902C50F8473563C58FCBA6157398
      SHA-256:D4F758AFAD4CEBEFF667E8E32FB6A79522E0AE35F001A755D51B1ED66B8FD47D
      SHA-512:BCCBA48DFCE877942A597F83A638F5FC98384B1D72A25257879321E2BC4EE0214A82EFE64DC8A437F75168FA6BAE6FD998AA79DCB4E2378E4571A1909C1EB805
      Malicious:false
      Reputation:low
      Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):74849307
      Entropy (8bit):7.855814002160432
      Encrypted:false
      SSDEEP:1572864:3Bgc7kKJP8Ui9q0nUsbnBAW9uFHwV6Mq/Cqji:97tJP8Ui9q0dBSz/7i
      MD5:C3907E41128C9C67589D57F0AFDA8A5A
      SHA1:61EA0F3369BEA51D09F676FC4E556D2086590476
      SHA-256:6575C1CF780D08FA328BB7FB7FF98E2304E85811271FD95D647C5E8D7D70FB64
      SHA-512:6FBC5AC60990C5924B69283F3D5F0CDE44BA2971DD610DDE0B7B516B42A717D9152D2D3079CF3297560DE7E5523D42178C4C318B7CAE47F2CDF699045882DE30
      Malicious:false
      Reputation:low
      Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):74849307
      Entropy (8bit):7.855814002160432
      Encrypted:false
      SSDEEP:1572864:3Bgc7kKJP8Ui9q0nUsbnBAW9uFHwV6Mq/Cqji:97tJP8Ui9q0dBSz/7i
      MD5:C3907E41128C9C67589D57F0AFDA8A5A
      SHA1:61EA0F3369BEA51D09F676FC4E556D2086590476
      SHA-256:6575C1CF780D08FA328BB7FB7FF98E2304E85811271FD95D647C5E8D7D70FB64
      SHA-512:6FBC5AC60990C5924B69283F3D5F0CDE44BA2971DD610DDE0B7B516B42A717D9152D2D3079CF3297560DE7E5523D42178C4C318B7CAE47F2CDF699045882DE30
      Malicious:false
      Reputation:low
      Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Zip archive data, at least v0.0 to extract, compression method=deflate
      Category:dropped
      Size (bytes):12765
      Entropy (8bit):7.910223657923609
      Encrypted:false
      SSDEEP:384:cK60SaQO6hnpRkLw++Fpr1f74MiVlitJ7EAkc:u0N65pRkLqFp1DifXAkc
      MD5:057DA76A5F0BAA81D1AE288815905B80
      SHA1:5CF2AA2C27932CFB1D3E79C08D4D48CB6460D6C2
      SHA-256:92346369E144F6C5A558DA1B8356169FC7C1566E26C7136E50B7E6ACF62A2F43
      SHA-512:F9A1293BB9FE0C49D0EA749B0548FFD3EB9BB5DF6876E6C6BF31F36090966B8E33CEFAA8F2FDD6F97C54ED6741300D595916BA522A595AA29CB771345124DD5F
      Malicious:false
      Reputation:low
      Preview:PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-*...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<...*.R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):3373417
      Entropy (8bit):7.978140019775728
      Encrypted:false
      SSDEEP:49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
      MD5:28746CEA3FA3FE45E9A77EAC83CC83EB
      SHA1:5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
      SHA-256:1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
      SHA-512:501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C..*...?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..|....A..e.>t.-..%..,...#w4..O...."..`......dW.|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......*\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):2146221
      Entropy (8bit):7.949979177664583
      Encrypted:false
      SSDEEP:49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
      MD5:B66CCB48AAE5492D0043602A8809739D
      SHA1:526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
      SHA-256:4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
      SHA-512:6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......|......'../....A..h......*............H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......*\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):2415534
      Entropy (8bit):7.953757920742143
      Encrypted:false
      SSDEEP:49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
      MD5:CBD2D6AF702CAB22FB23C7D159ABC428
      SHA1:C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
      SHA-256:58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
      SHA-512:E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d1.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Unicode text, UTF-8 text, with CRLF line terminators
      Category:dropped
      Size (bytes):1639
      Entropy (8bit):5.074367357020033
      Encrypted:false
      SSDEEP:24:sSaDlMfl2HgSE98vJ34apncroPi3i436P8o+q+PB4tD7EEUk1kE1FEN:sSaDafoASE98vB5TP+JOyPudLvN16
      MD5:2A533634725670DB7F7D86E9DE86E242
      SHA1:844367E9EA8FCC24AD3ED4FF23ABFC29D07FE42D
      SHA-256:5D2271ADD83434D0A9820547260E155AFB076463457C2B036FD5FD6B2436A7F7
      SHA-512:8EBE8BC2B5B80A13FC970C337B7B5C2019EC56654B63EC047634E7AEC85184AE3F0E16D124E7AA4A45834B05AC0402BF790C65569F22FFC106E7D4B9737DFE84
      Malicious:false
      Reputation:low
      Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad|iPhone|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 51 x 63, 8-bit/color RGBA, non-interlaced
      Category:downloaded
      Size (bytes):1233
      Entropy (8bit):7.769704549672646
      Encrypted:false
      SSDEEP:24:iFZrInkuhL6tDNIlF7ctLs1ZYH7Ep/j53EfVlh5du:iD8r1F2AYg/j53ylvs
      MD5:8A6C32150A458C45102CC078078B1C87
      SHA1:9064F80DEF2B442C37F55E3F0B65C1CF60FA0E79
      SHA-256:0948A22B613B3CEA6367872B8E317A0A4250236C70DDE94D0C2DBF31639F5E94
      SHA-512:52493F400C36B59168C9C015E36443C841CF79E6ED2B8410EF470569AC79B2CC5864D799DC9B7D7759D70ADACAE6D2FEE9999C663E4AA0AE03EFD355BFF2B635
      Malicious:false
      Reputation:low
      URL:https://www.telegramrs.com/static/image/android-active.png
      Preview:.PNG........IHDR...3...?.....Mc.Q....pHYs..!8..!8.E.1`....sRGB.........gAMA......a....fIDATx..]n.F..g..@.[:A.^..[.:-.....j.@.S..i.*...'.|.''0.X....X..D'6......ah1^....~...........R......}8.....W.6..t.)..n.T.?5....C....c.....F#....g.M.z..(....v ..2p......(.tY..9n.tu...4.S...;.......n.....=....@{..Q.1P..b.1....$.@....|.L...*....d$..a.y.b_.V-..z..1..~ ...0.......=.W9.......[.Q........q..>x....HI*aH.m*Z.:...D.VA..........3B.......Msy.T.*]...C......h.R.Yo|p`J..3..).b.......R.....#.......%.5"..%....?...jflZ..'.k[B.|....\...Y).D.....xf....'6..P(w-......{C};..!).=.N.kG.{..`lgH..C6.3.F........j'Tz)z`.<.N.{e^..B.z...h..+..Q.w..-3....0..A......Ke.SX.j... ...>.....^.P..%X.......N..".N.m.aF..;...}.<.k.S.....Q....3...9...y!;B.C..ZZ..%.g.1... 9..j.|92.......)y@..&.2...V.j.T....V%.M..3Eg.F!L^)..+.0y..&....B..R..W.0..5...G....).I..7........s..D.A..Slm..@.n&..G.sw..Q.J....Qm...Ru.N..2...]._.2...mV.t.+-)...r:t.O..q)..H. ....b&_Z.....{#.^..R..WL.Y.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):1999661
      Entropy (8bit):7.95888108485966
      Encrypted:false
      SSDEEP:49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
      MD5:443B2A218BA5A3010B778986488AF448
      SHA1:957E3B8E8951351B28F5106E8006F96255AD200B
      SHA-256:DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
      SHA-512:277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.*.....w..]....555.5......!}...T..*.fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q..*..y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/.*.TE0YYY.n".h#..(..W..^....s...O...................................................H......*\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#.*.....)c
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced
      Category:downloaded
      Size (bytes):6304
      Entropy (8bit):7.950640892736205
      Encrypted:false
      SSDEEP:96:zjFCVn08FA2hQhIizN354105+RPRNjE07RT+ZS9g0ZJVNPiJY987VHmT77PLq:9CVnb+JXOYAPRa0tT+wpNaJuzPLq
      MD5:79F8ED56C055FE96EE12F5E4D2139930
      SHA1:98B641E0AAAB796013AFB8EAA1B86B780E6251C2
      SHA-256:9616F028E86B1A1D40BDA93FBB8D7D355DACC20DBFC9314F00EC6D74637204B1
      SHA-512:CFA21F669D6B90B8A3969D504B463259AB6ED127DC123E6DD98172E0565FA37CF0332F81C978FE2A0E921321503A2F5E111C5065691A41D7EFE3767C020B8556
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/top.png
      Preview:.PNG........IHDR...Y...Y.....U.......sRGB........ZIDATx^.].XT..{...f..+.Fe....=. ...Jfu........9Bv0N.:e.%je..87)..T.@BxUL'...'..100..mM..Y.f...s.....z..o.......#@....Y....6K..,....-..p....GA.(..P...........s...P...........y(@...S..9..|..+W.qww.....C(...4..KQ.......r....vbb....V. ....e~g.....>X 3.@0..y.A..j...[.l....C...f.....E=b!.*.JU.V..:::.VWW..Z.....U..\..?..=. ..2..^y....zj....3vvvs-......]]].444d...K.r... ..6..f.iM......._.........`...."..Z.a.....i.^[[[.._......`0.....q.E..\.T*.........-F...........V.XQC...'.H..1bK.Q......'ON...{....Y..M.4MW......V.@.M....{(.r.(JDQ.0>.......x.q$I.-Y...}....JKKk.r6..%...k+.q..'&&..Z...GG..P._....Pi....[...b)../3%j.P...A2.,...a*....$I......w.....s.}U[[.D...JLMa.s[..., .BPXX.....1I.bc..4}_.T....:...u....(.....6c....<....+....$ig...R......>>...hF9.z.&...5{....q.../...s.X,~..@.V.o..6c..0.A.\.T.o.....C.o.9....$.X...(.C.A.t...e.f.:C.D.......p2.........._....C..T.........O`.:.(....>p.U.c.....lsvv^g.-kkk.....)**...
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:RIFF (little-endian) data, Web/P image
      Category:downloaded
      Size (bytes):418
      Entropy (8bit):7.434132413050049
      Encrypted:false
      SSDEEP:6:RZ8gBOL8i4KajpoDZVxggMvO4AETL3kiKhNd4sCgC+aRS6LfLrjAgtlrF672PSpF:JO4itd5prETrrKbd4jmkf/FKqOh
      MD5:74A78C820E0549111044D2E4AE96FEB6
      SHA1:8CD4D09C5B9B663E6C27577BC71C1EE172F85B02
      SHA-256:219172AA474B2AF9FC53CA45C029317EF4B15C47899CF36F8F9FDC6280AC06B1
      SHA-512:B3268ADC9E4E41BAD4AFC5F8FF104A6DF6268DE7333F6CAF7A6D2F67329F8FB6CD058D77FB9640B701DDF63F1D40C8553E82438AC4B8AF928F66E32E28555F5D
      Malicious:false
      Reputation:low
      URL:https://www.telegramrs.com/static/image/ios.png
      Preview:RIFF....WEBPVP8L..../,..._..m$I.s....nh.L.8.....mRG./.C.F.f.~.....`.|.......y..b.b.....d...u7.'$ C"t0...po...m.i..g.....z..G.'.....O.Z.._.....I.Y...x5...........Y..e.`...(.V%...*.yN...j[.e.q........[:.....K.r.5..^.......1j]..n..n.x.2......y2vJ........O........d.T.3....G.}.f<.2.....6.9|......ItF.D..E..n,zL.4zp@...x...s.1..4..64.Dh$..d...).X.R....\Q..Z.R.ekc...4G.y...z.j-.|.y...b.2s|.l*}mK.t.k..D..
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):9739
      Entropy (8bit):7.914505260000532
      Encrypted:false
      SSDEEP:192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
      MD5:E94E30D49B2C58C8CE7BF1A96BE1458A
      SHA1:79334D2865DDD486A79F97725363F56655C80BDE
      SHA-256:93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
      SHA-512:9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 775 x 825, 8-bit/color RGB, non-interlaced
      Category:downloaded
      Size (bytes):268481
      Entropy (8bit):7.98467490175069
      Encrypted:false
      SSDEEP:6144:WOaPEe8NIm92iKb84rnQt/GUCOw5wgvXrZDvh9T1aDSWL6YuEf1ye:WOa18mCWb80Qt/BUVbzTQPL6ZEEe
      MD5:A2FFCD73EDDD76A01F35ADFF0BE467D8
      SHA1:B29C51BC3DDD3C8210190BFCEE247313CF197C87
      SHA-256:9B261666109DDE22C348C6EFE0707AB57192C1E93D9A6BD126F44E855FA7B7EE
      SHA-512:7351CD7764218BA21352E58F4B55FA46893F2F5F460C9ECCF99DD11FAFD54F3048487920E49638F5F5D74D4EE602921894F75C34A0B8CD6D138B7FD13426E8EE
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/ios_zh.png
      Preview:.PNG........IHDR.......9......J......pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...7IDATx....@1.C....f}.@.n...)88E53.....].I..!.......!d.'...3..b.m...J..r.3m....`...$f`......l.bd...a.......h.U4....g.1.4........<\.....).`..'..@,.A0..|.._K...V.m4....M....ZB.z..M.Q0...........F..I.V...`....2.F.0....5...a..."...*R.-......D..a..^E.%3#.}U.{....$O.....}.n..iG.+..[.'C.....LU..M.t.....`..V...0l#.B....CC.E..Y.X"..../x...?.......ks.f...k....B..{...=.z..1^C.....C....cf7/H.V_((...`........Imgq.......RRN..+bm....s...G........J.Zq>......G..R..D$RB!p.B.'...S.....n..oF=..@./..+..../..t..X....`..6..&..w...HE.GB.xuY,..]h$a......8..0.c...ZWUS..k.1.q...\.Z..an......jH...y.@..J..h.EW..77....84.-..k.d.H.9(...)U....*..z.........i...!..w..+"...NT...b."...$X..y.k.......).;W. .D.,....N~..........(......Bt..7....=.{w)....F.......u..w!wH..T..9./EQU.....B.I...y.... ..bH.(!.$..............S.D..h..`Q0...4....R.,.$...A.;....E.1..j.$.3ak...v
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):3373417
      Entropy (8bit):7.978140019775728
      Encrypted:false
      SSDEEP:49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
      MD5:28746CEA3FA3FE45E9A77EAC83CC83EB
      SHA1:5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
      SHA-256:1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
      SHA-512:501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d4.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C..*...?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..|....A..e.>t.-..%..,...#w4..O...."..`......dW.|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......*\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (17573), with no line terminators
      Category:downloaded
      Size (bytes):17573
      Entropy (8bit):4.986564347948523
      Encrypted:false
      SSDEEP:192:wT2JfUBa6/VEXXGU+N7vknCPxKKyQfifrhmi9J9SZHorZ/wdcF/oHSoPo8oZouzE:N2LdfVHGoFwHauzMb7UqJ8SUTA
      MD5:77595F2B863513C18A9188E14C5636C4
      SHA1:AC360519B3424B3560573513D231033E03203A55
      SHA-256:0F3873DADD2C83705BBFD2FDB7F3E4DF55BD1C8D453B4232ADDF0C3C52DDC5DB
      SHA-512:B5986660FC7E6F4B320920404D0FDA5935E7ADE23B02020A1E625FFA2DF1F8A6F1150E3FCA95DDE30A60F8263B0CCE454F3E6C1411B5D45952CA185B60FAD66A
      Malicious:false
      Reputation:low
      URL:https://www.telegramrs.com/static/css/style.min.css
      Preview::root{--headerHeight: 76px;--padding: 15px;--themeColor: #144977;--maxWidth: 1200px}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{background:#fff;overflow-x:hidden;color:#081340;font-size:14px}.android,.ios,.pc{display:inline-block}.android,.ios{display:none}#to-top{position:fixed;bottom:120px;right:30px;cursor:pointer;z-index:1000;display:none;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;background-color:#fff;border-radius:50%}#to-top img{width:50px;height:50px}header{background-color:#fff;width:100%;height:var(--headerHeight);position:fixed;z-index:99;top:0;left:0;-webkit-box-shadow:0 1px 3px rgba(0,0,0,.1);box-shadow:0 1px 3px rgba(0,0,0,.1)}header .wrapper{width:100%;height:100%;display:-webkit-box;display:-ms-flexbox;display:
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (65536), with no line terminators
      Category:downloaded
      Size (bytes):86923
      Entropy (8bit):5.288942392211126
      Encrypted:false
      SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
      MD5:B72AFE07A6F6F477120F3B0803D0A983
      SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
      SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
      SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
      Malicious:false
      Reputation:low
      URL:https://www.telegramrs.com/static/js/jquery.js
      Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (65536), with no line terminators
      Category:dropped
      Size (bytes):86923
      Entropy (8bit):5.288942392211126
      Encrypted:false
      SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
      MD5:B72AFE07A6F6F477120F3B0803D0A983
      SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
      SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
      SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
      Malicious:false
      Reputation:low
      Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):2603040
      Entropy (8bit):7.962323436035343
      Encrypted:false
      SSDEEP:49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
      MD5:80515DB845D4FC2B936127D4324FF322
      SHA1:3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
      SHA-256:5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
      SHA-512:32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u*.....B.._O.A3*.m+.p5..b......XyM.///g;..|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.|.+^.8...#?.....>=.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:RIFF (little-endian) data, Web/P image
      Category:dropped
      Size (bytes):1696890
      Entropy (8bit):7.996167221864141
      Encrypted:true
      SSDEEP:49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
      MD5:6AE9949DD516F905186883C3DC5F082B
      SHA1:0574973A09CD1C4586F2237169351237A930718D
      SHA-256:424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
      SHA-512:CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
      Malicious:false
      Reputation:low
      Preview:RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*|.p.Y.Y..a....E.|...p.|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 775 x 511, 8-bit/color RGB, non-interlaced
      Category:downloaded
      Size (bytes):269915
      Entropy (8bit):7.997318625620062
      Encrypted:true
      SSDEEP:6144:eUHIRpvqzhFuCCfsBeFHvVP61UZtBdy9P+Bo0suvken8aPgb9dlA:eCsyz3vCAeIOtBc9EoJu8engq
      MD5:A3E4DF3C003560CC296AF06B198390B4
      SHA1:B1D9C70957302A8D0884694052439432407BF8D5
      SHA-256:5BFE27A076F070C98104425FA065C987195CE8ADEC010D52EF104A59B7F5653E
      SHA-512:2913378C0B7FA73C89A5F4CF0EFD90A191E5EE4E7BCD9BC2DE82939357882AB733A9F5C60BA8FCE57015312ABC0400E906D97BBA47A56C838A36A257D93D1E1E
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/extension_pc_zh.png
      Preview:.PNG........IHDR..............d6E.. .IDATx..Y.$.y.........&{..&)R.H...1... a.E........G?............."<.F.8.E..H.l.Mv7...}.[n...../.dd..uoV....y.......wNDT..q%....@@ .........D.{......@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!....o.......F#.z....G@ ...............?v...XPV...j.s..&48....Q$.q,8.&y8.......@@.}.....k.oj.kp..l...gAY..eY.RI.x.p....\...}.# ..........cG...NiKk{U...M..u......,..32...........m...c.....@@ ..8v....6..2.....fh..l.$."...#.."n..p..;.\.z...^{.7.....=..,....@@ .......@;......<..SO=..+......m.F`b.h...B. C.....]...o~.._.....vaH..}.$."@.d.................[...&Z.Vk6.kkk...g~.~....V...A....eE@iHmnn~.[...........YV.X2.\"p67...."@.d................z...w...@P..........?.~..YPV.F..2...............Ss....A..n.& .........O.P..2LS......U ..>...../..K/..D.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):2603040
      Entropy (8bit):7.962323436035343
      Encrypted:false
      SSDEEP:49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
      MD5:80515DB845D4FC2B936127D4324FF322
      SHA1:3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
      SHA-256:5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
      SHA-512:32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d8.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u*.....B.._O.A3*.m+.p5..b......XyM.///g;..|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.|.+^.8...#?.....>=.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 775 x 825, 8-bit/color RGB, non-interlaced
      Category:dropped
      Size (bytes):268481
      Entropy (8bit):7.98467490175069
      Encrypted:false
      SSDEEP:6144:WOaPEe8NIm92iKb84rnQt/GUCOw5wgvXrZDvh9T1aDSWL6YuEf1ye:WOa18mCWb80Qt/BUVbzTQPL6ZEEe
      MD5:A2FFCD73EDDD76A01F35ADFF0BE467D8
      SHA1:B29C51BC3DDD3C8210190BFCEE247313CF197C87
      SHA-256:9B261666109DDE22C348C6EFE0707AB57192C1E93D9A6BD126F44E855FA7B7EE
      SHA-512:7351CD7764218BA21352E58F4B55FA46893F2F5F460C9ECCF99DD11FAFD54F3048487920E49638F5F5D74D4EE602921894F75C34A0B8CD6D138B7FD13426E8EE
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR.......9......J......pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...7IDATx....@1.C....f}.@.n...)88E53.....].I..!.......!d.'...3..b.m...J..r.3m....`...$f`......l.bd...a.......h.U4....g.1.4........<\.....).`..'..@,.A0..|.._K...V.m4....M....ZB.z..M.Q0...........F..I.V...`....2.F.0....5...a..."...*R.-......D..a..^E.%3#.}U.{....$O.....}.n..iG.+..[.'C.....LU..M.t.....`..V...0l#.B....CC.E..Y.X"..../x...?.......ks.f...k....B..{...=.z..1^C.....C....cf7/H.V_((...`........Imgq.......RRN..+bm....s...G........J.Zq>......G..R..D$RB!p.B.'...S.....n..oF=..@./..+..../..t..X....`..6..&..w...HE.GB.xuY,..]h$a......8..0.c...ZWUS..k.1.q...\.Z..an......jH...y.@..J..h.EW..77....84.-..k.d.H.9(...)U....*..z.........i...!..w..+"...NT...b."...$X..y.k.......).;W. .D.,....N~..........(......Bt..7....=.{w)....F.......u..w!wH..T..9./EQU.....B.I...y.... ..bH.(!.$..............S.D..h..`Q0...4....R.,.$...A.;....E.1..j.$.3ak...v
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
      Category:dropped
      Size (bytes):4286
      Entropy (8bit):5.157520760822341
      Encrypted:false
      SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
      MD5:975B4112A366CCA6B9BF2C84E268268C
      SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
      SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
      SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
      Malicious:false
      Reputation:low
      Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 775 x 511, 8-bit/color RGB, non-interlaced
      Category:dropped
      Size (bytes):269915
      Entropy (8bit):7.997318625620062
      Encrypted:true
      SSDEEP:6144:eUHIRpvqzhFuCCfsBeFHvVP61UZtBdy9P+Bo0suvken8aPgb9dlA:eCsyz3vCAeIOtBc9EoJu8engq
      MD5:A3E4DF3C003560CC296AF06B198390B4
      SHA1:B1D9C70957302A8D0884694052439432407BF8D5
      SHA-256:5BFE27A076F070C98104425FA065C987195CE8ADEC010D52EF104A59B7F5653E
      SHA-512:2913378C0B7FA73C89A5F4CF0EFD90A191E5EE4E7BCD9BC2DE82939357882AB733A9F5C60BA8FCE57015312ABC0400E906D97BBA47A56C838A36A257D93D1E1E
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR..............d6E.. .IDATx..Y.$.y.........&{..&)R.H...1... a.E........G?............."<.F.8.E..H.l.Mv7...}.[n...../.dd..uoV....y.......wNDT..q%....@@ .........D.{......@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!....o.......F#.z....G@ ...............?v...XPV...j.s..&48....Q$.q,8.&y8.......@@.}.....k.oj.kp..l...gAY..eY.RI.x.p....\...}.# ..........cG...NiKk{U...M..u......,..32...........m...c.....@@ ..8v....6..2.....fh..l.$."...#.."n..p..;.\.z...^{.7.....=..,....@@ .......@;......<..SO=..+......m.F`b.h...B. C.....]...o~.._.....vaH..}.$."@.d.................[...&Z.Vk6.kkk...g~.~....V...A....eE@iHmnn~.[...........YV.X2.\"p67...."@.d................z...w...@P..........?.~..YPV.F..2...............Ss....A..n.& .........O.P..2LS......U ..>...../..K/..D.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):2146221
      Entropy (8bit):7.949979177664583
      Encrypted:false
      SSDEEP:49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
      MD5:B66CCB48AAE5492D0043602A8809739D
      SHA1:526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
      SHA-256:4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
      SHA-512:6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d3.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......|......'../....A..h......*............H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......*\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):6304
      Entropy (8bit):7.950640892736205
      Encrypted:false
      SSDEEP:96:zjFCVn08FA2hQhIizN354105+RPRNjE07RT+ZS9g0ZJVNPiJY987VHmT77PLq:9CVnb+JXOYAPRa0tT+wpNaJuzPLq
      MD5:79F8ED56C055FE96EE12F5E4D2139930
      SHA1:98B641E0AAAB796013AFB8EAA1B86B780E6251C2
      SHA-256:9616F028E86B1A1D40BDA93FBB8D7D355DACC20DBFC9314F00EC6D74637204B1
      SHA-512:CFA21F669D6B90B8A3969D504B463259AB6ED127DC123E6DD98172E0565FA37CF0332F81C978FE2A0E921321503A2F5E111C5065691A41D7EFE3767C020B8556
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR...Y...Y.....U.......sRGB........ZIDATx^.].XT..{...f..+.Fe....=. ...Jfu........9Bv0N.:e.%je..87)..T.@BxUL'...'..100..mM..Y.f...s.....z..o.......#@....Y....6K..,....-..p....GA.(..P...........s...P...........y(@...S..9..|..+W.qww.....C(...4..KQ.......r....vbb....V. ....e~g.....>X 3.@0..y.A..j...[.l....C...f.....E=b!.*.JU.V..:::.VWW..Z.....U..\..?..=. ..2..^y....zj....3vvvs-......]]].444d...K.r... ..6..f.iM......._.........`...."..Z.a.....i.^[[[.._......`0.....q.E..\.T*.........-F...........V.XQC...'.H..1bK.Q......'ON...{....Y..M.4MW......V.@.M....{(.r.(JDQ.0>.......x.q$I.-Y...}....JKKk.r6..%...k+.q..'&&..Z...GG..P._....Pi....[...b)../3%j.P...A2.,...a*....$I......w.....s.}U[[.D...JLMa.s[..., .BPXX.....1I.bc..4}_.T....:...u....(.....6c....<....+....$ig...R......>>...hF9.z.&...5{....q.../...s.X,~..@.V.o..6c..0.A.\.T.o.....C.o.9....$.X...(.C.A.t...e.f.:C.D.......p2.........._....C..T.........O`.:.(....>p.U.c.....lsvv^g.-kkk.....)**...
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):2968347
      Entropy (8bit):7.942137046837241
      Encrypted:false
      SSDEEP:49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
      MD5:5D09F9927641C16D5B62DA8F2F877F50
      SHA1:B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
      SHA-256:E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
      SHA-512:E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g*..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......*\....#J|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):2968347
      Entropy (8bit):7.942137046837241
      Encrypted:false
      SSDEEP:49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
      MD5:5D09F9927641C16D5B62DA8F2F877F50
      SHA1:B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
      SHA-256:E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
      SHA-512:E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d9.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g*..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......*\....#J|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 51 x 63, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):1233
      Entropy (8bit):7.769704549672646
      Encrypted:false
      SSDEEP:24:iFZrInkuhL6tDNIlF7ctLs1ZYH7Ep/j53EfVlh5du:iD8r1F2AYg/j53ylvs
      MD5:8A6C32150A458C45102CC078078B1C87
      SHA1:9064F80DEF2B442C37F55E3F0B65C1CF60FA0E79
      SHA-256:0948A22B613B3CEA6367872B8E317A0A4250236C70DDE94D0C2DBF31639F5E94
      SHA-512:52493F400C36B59168C9C015E36443C841CF79E6ED2B8410EF470569AC79B2CC5864D799DC9B7D7759D70ADACAE6D2FEE9999C663E4AA0AE03EFD355BFF2B635
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR...3...?.....Mc.Q....pHYs..!8..!8.E.1`....sRGB.........gAMA......a....fIDATx..]n.F..g..@.[:A.^..[.:-.....j.@.S..i.*...'.|.''0.X....X..D'6......ah1^....~...........R......}8.....W.6..t.)..n.T.?5....C....c.....F#....g.M.z..(....v ..2p......(.tY..9n.tu...4.S...;.......n.....=....@{..Q.1P..b.1....$.@....|.L...*....d$..a.y.b_.V-..z..1..~ ...0.......=.W9.......[.Q........q..>x....HI*aH.m*Z.:...D.VA..........3B.......Msy.T.*]...C......h.R.Yo|p`J..3..).b.......R.....#.......%.5"..%....?...jflZ..'.k[B.|....\...Y).D.....xf....'6..P(w-......{C};..!).=.N.kG.{..`lgH..C6.3.F........j'Tz)z`.<.N.{e^..B.z...h..+..Q.w..-3....0..A......Ke.SX.j... ...>.....^.P..%X.......N..".N.m.aF..;...}.<.k.S.....Q....3...9...y!;B.C..ZZ..%.g.1... 9..j.|92.......)y@..&.2...V.j.T....V%.M..3Eg.F!L^)..+.0y..&....B..R..W.0..5...G....).I..7........s..D.A..Slm..@.n&..G.sw..Q.J....Qm...Ru.N..2...]._.2...mV.t.+-)...r:t.O..q)..H. ....b&_Z.....{#.^..R..WL.Y.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:RIFF (little-endian) data, Web/P image
      Category:dropped
      Size (bytes):418
      Entropy (8bit):7.434132413050049
      Encrypted:false
      SSDEEP:6:RZ8gBOL8i4KajpoDZVxggMvO4AETL3kiKhNd4sCgC+aRS6LfLrjAgtlrF672PSpF:JO4itd5prETrrKbd4jmkf/FKqOh
      MD5:74A78C820E0549111044D2E4AE96FEB6
      SHA1:8CD4D09C5B9B663E6C27577BC71C1EE172F85B02
      SHA-256:219172AA474B2AF9FC53CA45C029317EF4B15C47899CF36F8F9FDC6280AC06B1
      SHA-512:B3268ADC9E4E41BAD4AFC5F8FF104A6DF6268DE7333F6CAF7A6D2F67329F8FB6CD058D77FB9640B701DDF63F1D40C8553E82438AC4B8AF928F66E32E28555F5D
      Malicious:false
      Reputation:low
      Preview:RIFF....WEBPVP8L..../,..._..m$I.s....nh.L.8.....mRG./.C.F.f.~.....`.|.......y..b.b.....d...u7.'$ C"t0...po...m.i..g.....z..G.'.....O.Z.._.....I.Y...x5...........Y..e.`...(.V%...*.yN...j[.e.q........[:.....K.r.5..^.......1j]..n..n.x.2......y2vJ........O........d.T.3....G.}.f<.2.....6.9|......ItF.D..E..n,zL.4zp@...x...s.1..4..64.Dh$..d...).X.R....\Q..Z.R.ekc...4G.y...z.j-.|.y...b.2s|.l*}mK.t.k..D..
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
      Category:downloaded
      Size (bytes):7581
      Entropy (8bit):6.0023862291200984
      Encrypted:false
      SSDEEP:96:25jZusRyNb9Zf6nFbHgWX93YHy8fIEb3MaiaEUM:sjbU9wRUXAv
      MD5:3F918464EDE1EE37438DAF3E4B6872B8
      SHA1:75C86F46DD044382791A7341E71FD7F8BDD99F17
      SHA-256:5B698FE47A7C6E911682DB761391F34E091BC4879002F8AC1162E69E11B293D9
      SHA-512:941AA8E84D686C9F1A551CD0964A28432B191E8A3CC49AFE06CDD2CA3D3F55B9231F9BC48D54C7679FD20EC98018B915A8805616F7F736A5B47CFA18333C07C0
      Malicious:false
      Reputation:low
      URL:https://www.telegramrs.com/
      Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>Telegram.._Telegram.._TG....</title>...<meta name="Keywords" content="Telegram..(.....,TG,..)....Windows.Mac....iOS........................................................Telegram...................">...<meta name="Description" content="Telegram..(.....,TG,..)....Windows.Mac....iOS........................................................Telegram...................">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, mi
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:RIFF (little-endian) data, Web/P image
      Category:downloaded
      Size (bytes):1696890
      Entropy (8bit):7.996167221864141
      Encrypted:true
      SSDEEP:49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
      MD5:6AE9949DD516F905186883C3DC5F082B
      SHA1:0574973A09CD1C4586F2237169351237A930718D
      SHA-256:424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
      SHA-512:CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d5.gif
      Preview:RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*|.p.Y.Y..a....E.|...p.|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
      Category:dropped
      Size (bytes):3159
      Entropy (8bit):7.835397861887022
      Encrypted:false
      SSDEEP:48:SkyPhGBqjMSGIhBiNuTqjRCe2TnySKm65vsU4YDES9KScfL+WXRu2C5AzKcqoOlB:+EBBfjRCe4fKZZDE1ScT+4upEKcaaOr
      MD5:A5389E17320111E2B5B824A9FC62BD8A
      SHA1:15AB12EDF2FD1079C413C452F50112128FBF39D9
      SHA-256:423C7D0FC1B4E89DAE93A8CB372868BB554CCACF0535378F150D312B6D917438
      SHA-512:18435CCD1A43DFD9BB794A49A8761206C1E7294B2BB6DFFAD462B465A4085A778754095033D0CA12D0AAD50D790DD65BDB86AD32BEE9285516CB0DE56A482FD4
      Malicious:false
      Reputation:low
      Preview:.PNG........IHDR..............>a.....sRGB.........IDATx^...-G...A..).........J...-.).....h)....Bq.B.`!E.k~t6]....;r.9......3.;Gg.5.Z..T=.6y5.T.......%P......P..*.~....*.@..o;@.@...|.m.h..\..O......K.......r.T>...4.l...*...%..........2.D6q....kH......g.O.B6...qI.J..{.H.......kK....I.p.U...7..`TKV.p>I7u.$.:....WKzy.1.vm...I....g..R{..gJ.h.q..g.....V..J.._*..87l=Y...$...O..8I/2.S.V...HI.%..N?....z1.....$.A.mPN...@..,..C...J.^.v..-.[....IO.2....C..%..x....../%....../..7.J...$......I........~...K..A.'.T..w.t.$N.......*....$.)..%........o.v$|...4.^"....}.'.@.ObH..t..7db.s9.~.IW..CI....$.... i.P.3..!g....?k.Gu..M8.b.y%]W.~...t.-.....u$}$..L.#H.:.}%.c".....8I?....1..6<.$..<..........$=y.Pr4.U..G..cx..|......V...3.........H.........%..>I.z...T.?F........!.J....oK:e0...<[.F..........aMNz.... .9.ghs.I...g..e`e..W....o.^,..MT.>.....9e..8;..1J...%i.Y..m.nI7...N.K...WH".b.....\..,..7..$.C.Q....S..s.T..-..G.=..aX.3J.;.%._..ao..i,..kv..%...b1......1B_...h.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):2415534
      Entropy (8bit):7.953757920742143
      Encrypted:false
      SSDEEP:49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
      MD5:CBD2D6AF702CAB22FB23C7D159ABC428
      SHA1:C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
      SHA-256:58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
      SHA-512:E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):3222729
      Entropy (8bit):7.959136227282352
      Encrypted:false
      SSDEEP:49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
      MD5:1A1A1E97120C2DD2B6B3C8C0F77CA236
      SHA1:3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
      SHA-256:D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
      SHA-512:325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d7.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g*..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF..*..A.O*.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9|tS.Q.MN>^........?..e...-.......................................H......*\....#J.H.b...*j.... C..I...(.b....0c.I...+......@...S..H.*]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):1999661
      Entropy (8bit):7.95888108485966
      Encrypted:false
      SSDEEP:49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
      MD5:443B2A218BA5A3010B778986488AF448
      SHA1:957E3B8E8951351B28F5106E8006F96255AD200B
      SHA-256:DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
      SHA-512:277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d6.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.*.....w..]....555.5......!}...T..*.fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q..*..y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/.*.TE0YYY.n".h#..(..W..^....s...O...................................................H......*\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#.*.....)c
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:Unicode text, UTF-8 text, with CRLF line terminators
      Category:downloaded
      Size (bytes):1639
      Entropy (8bit):5.074367357020033
      Encrypted:false
      SSDEEP:24:sSaDlMfl2HgSE98vJ34apncroPi3i436P8o+q+PB4tD7EEUk1kE1FEN:sSaDafoASE98vB5TP+JOyPudLvN16
      MD5:2A533634725670DB7F7D86E9DE86E242
      SHA1:844367E9EA8FCC24AD3ED4FF23ABFC29D07FE42D
      SHA-256:5D2271ADD83434D0A9820547260E155AFB076463457C2B036FD5FD6B2436A7F7
      SHA-512:8EBE8BC2B5B80A13FC970C337B7B5C2019EC56654B63EC047634E7AEC85184AE3F0E16D124E7AA4A45834B05AC0402BF790C65569F22FFC106E7D4B9737DFE84
      Malicious:false
      Reputation:low
      URL:https://www.telegramrs.com/static/js/public.js
      Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad|iPhone|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):1867995
      Entropy (8bit):7.97135881669897
      Encrypted:false
      SSDEEP:49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
      MD5:3DDFFC96032B4B586B63950436E1B19F
      SHA1:4E648AB679826B824D2D111E1B96E6D6FEC88BFB
      SHA-256:8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
      SHA-512:0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s*.i........vf+..5...*......4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3..*...^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......*\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
      Category:downloaded
      Size (bytes):3159
      Entropy (8bit):7.835397861887022
      Encrypted:false
      SSDEEP:48:SkyPhGBqjMSGIhBiNuTqjRCe2TnySKm65vsU4YDES9KScfL+WXRu2C5AzKcqoOlB:+EBBfjRCe4fKZZDE1ScT+4upEKcaaOr
      MD5:A5389E17320111E2B5B824A9FC62BD8A
      SHA1:15AB12EDF2FD1079C413C452F50112128FBF39D9
      SHA-256:423C7D0FC1B4E89DAE93A8CB372868BB554CCACF0535378F150D312B6D917438
      SHA-512:18435CCD1A43DFD9BB794A49A8761206C1E7294B2BB6DFFAD462B465A4085A778754095033D0CA12D0AAD50D790DD65BDB86AD32BEE9285516CB0DE56A482FD4
      Malicious:false
      Reputation:low
      URL:https://www.telegramrs.com/static/image/pc.png
      Preview:.PNG........IHDR..............>a.....sRGB.........IDATx^...-G...A..).........J...-.).....h)....Bq.B.`!E.k~t6]....;r.9......3.;Gg.5.Z..T=.6y5.T.......%P......P..*.~....*.@..o;@.@...|.m.h..\..O......K.......r.T>...4.l...*...%..........2.D6q....kH......g.O.B6...qI.J..{.H.......kK....I.p.U...7..`TKV.p>I7u.$.:....WKzy.1.vm...I....g..R{..gJ.h.q..g.....V..J.._*..87l=Y...$...O..8I/2.S.V...HI.%..N?....z1.....$.A.mPN...@..,..C...J.^.v..-.[....IO.2....C..%..x....../%....../..7.J...$......I........~...K..A.'.T..w.t.$N.......*....$.)..%........o.v$|...4.^"....}.'.@.ObH..t..7db.s9.~.IW..CI....$.... i.P.3..!g....?k.Gu..M8.b.y%]W.~...t.-.....u$}$..L.#H.:.}%.c".....8I?....1..6<.$..<..........$=y.Pr4.U..G..cx..|......V...3.........H.........%..>I.z...T.?F........!.J....oK:e0...<[.F..........aMNz.... .9.ghs.I...g..e`e..W....o.^,..MT.>.....9e..8;..1J...%i.Y..m.nI7...N.K...WH".b.....\..,..7..$.C.Q....S..s.T..-..G.=..aX.3J.;.%._..ao..i,..kv..%...b1......1B_...h.
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:dropped
      Size (bytes):3222729
      Entropy (8bit):7.959136227282352
      Encrypted:false
      SSDEEP:49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
      MD5:1A1A1E97120C2DD2B6B3C8C0F77CA236
      SHA1:3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
      SHA-256:D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
      SHA-512:325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
      Malicious:false
      Reputation:low
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g*..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF..*..A.O*.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9|tS.Q.MN>^........?..e...-.......................................H......*\....#J.H.b...*j.... C..I...(.b....0c.I...+......@...S..H.*]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
      Category:downloaded
      Size (bytes):9739
      Entropy (8bit):7.914505260000532
      Encrypted:false
      SSDEEP:192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
      MD5:E94E30D49B2C58C8CE7BF1A96BE1458A
      SHA1:79334D2865DDD486A79F97725363F56655C80BDE
      SHA-256:93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
      SHA-512:9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/telegram-logo.png
      Preview:.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
      Category:downloaded
      Size (bytes):4286
      Entropy (8bit):5.157520760822341
      Encrypted:false
      SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
      MD5:975B4112A366CCA6B9BF2C84E268268C
      SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
      SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
      SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/telegram-favicon.ico
      Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:GIF image data, version 89a, 512 x 512
      Category:downloaded
      Size (bytes):1867995
      Entropy (8bit):7.97135881669897
      Encrypted:false
      SSDEEP:49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
      MD5:3DDFFC96032B4B586B63950436E1B19F
      SHA1:4E648AB679826B824D2D111E1B96E6D6FEC88BFB
      SHA-256:8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
      SHA-512:0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
      Malicious:false
      Reputation:low
      URL:https://image.sanxiang-sh.com/tg-04/d2.gif
      Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s*.i........vf+..5...*......4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3..*...^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......*\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.
      No static file info
      Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

      Click to jump to process

      Click to jump to process

      Click to jump to process

      Target ID:0
      Start time:19:10:35
      Start date:11/01/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:2
      Start time:19:10:38
      Start date:11/01/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2280,i,10108346614440572594,2523429433199655675,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:false

      Target ID:3
      Start time:19:10:44
      Start date:11/01/2025
      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramrs.com/"
      Imagebase:0x7ff76e190000
      File size:3'242'272 bytes
      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:low
      Has exited:true

      No disassembly