Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://whatsapp-cy.com/

Overview

General Information

Sample URL:https://whatsapp-cy.com/
Analysis ID:1589336
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
AI detected suspicious URL
Downloads suspicious files via Chrome
PE file contains section with special chars
Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Entry point lies outside standard sections
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6712 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2368,i,956301653422315564,14894610209950881906,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • unarchiver.exe (PID: 5648 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
      • 7za.exe (PID: 5504 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig" "C:\Users\user\Downloads\shater.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 1836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5292 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • shater.exe (PID: 6496 cmdline: C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe MD5: D08BDF8F0948938687A6E0C1044E1962)
  • chrome.exe (PID: 6448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://whatsapp-cy.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://whatsapp-cy.com/Avira URL Cloud: detection malicious, Label: malware

Phishing

barindex
AI detected suspicious URL
Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://whatsapp-cy.com
Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: https://whatsapp-cy.com
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: 7za.exe, 0000000A.00000003.2961378269.00000000008E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X

System Summary

barindex
Downloads suspicious files via Chrome
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\shater.zip (copy)Jump to dropped file
PE file contains section with special chars
Source: shater.exe.10.drStatic PE information: section name: .g=V
Source: shater.exe.10.drStatic PE information: section name: .g\O
Source: classification engineClassification label: mal60.win@29/53@0/17
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\ba944ff5-c479-48f2-bc75-41ebb0ed49a8.tmpJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1836:120:WilError_03
Source: C:\Windows\SysWOW64\unarchiver.exeMutant created: NULL
Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2368,i,956301653422315564,14894610209950881906,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://whatsapp-cy.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig" "C:\Users\user\Downloads\shater.zip"
Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2368,i,956301653422315564,14894610209950881906,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig" "C:\Users\user\Downloads\shater.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: initial sampleStatic PE information: section where entry point is pointing to: .g\O
Source: shater.exe.10.drStatic PE information: section name: .g=V
Source: shater.exe.10.drStatic PE information: section name: .TNH
Source: shater.exe.10.drStatic PE information: section name: .g\O
Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exeJump to dropped file
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: F90000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 2C90000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: F90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 9_2_00CDB1D6 GetSystemInfo,9_2_00CDB1D6
Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig" "C:\Users\user\Downloads\shater.zip"Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		11
Process Injection		1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1589336 URL: https://whatsapp-cy.com/ Startdate: 12/01/2025 Architecture: WINDOWS Score: 60 46 Antivirus / Scanner detection for submitted sample 2->46 48 PE file contains section with special chars 2->48 50 Downloads suspicious files via Chrome 2->50 52 AI detected suspicious URL 2->52 8 chrome.exe 14 2->8         started        12 chrome.exe 2->12         started        process3 dnsIp4 40 192.168.2.4 unknown unknown 8->40 42 192.168.2.6 unknown unknown 8->42 44 239.255.255.250 unknown Reserved 8->44 32 C:\Users\user\Downloads\shater.zip (copy), Zip 8->32 dropped 14 unarchiver.exe 4 8->14         started        16 chrome.exe 8->16         started        file5 process6 dnsIp7 19 7za.exe 2 14->19         started        22 cmd.exe 1 14->22         started        34 199.91.74.184 ZNETUS United States 16->34 36 199.91.74.209 ZNETUS United States 16->36 38 12 other IPs or domains 16->38 process8 file9 30 C:\Users\user\AppData\Local\...\shater.exe, PE32 19->30 dropped 24 conhost.exe 19->24         started        26 conhost.exe 22->26         started        28 shater.exe 22->28         started        process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://whatsapp-cy.com/100%Avira URL Cloudmalware

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe8%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.87994.com/false
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    199.91.74.209
    		unknownUnited States
    		21859ZNETUSfalse
    1.1.1.1
    		unknownAustralia
    		13335CLOUDFLARENETUSfalse
    74.125.133.84
    		unknownUnited States
    		15169GOOGLEUSfalse
    148.153.240.68
    		unknownUnited States
    		63199CDSC-AS1USfalse
    142.250.186.174
    		unknownUnited States
    		15169GOOGLEUSfalse
    142.250.185.100
    		unknownUnited States
    		15169GOOGLEUSfalse
    172.67.193.48
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    142.250.185.163
    		unknownUnited States
    		15169GOOGLEUSfalse
    188.114.96.3
    		unknownEuropean Union
    		13335CLOUDFLARENETUSfalse
    199.91.74.184
    		unknownUnited States
    		21859ZNETUSfalse
    142.250.184.227
    		unknownUnited States
    		15169GOOGLEUSfalse
    35.190.80.1
    		unknownUnited States
    		15169GOOGLEUSfalse
    43.132.105.108
    		unknownJapan4249LILLY-ASUSfalse
    104.21.20.160
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse

    Private

    IP
    192.168.2.4
    192.168.2.6

    General Information

    Joe Sandbox version:42.0.0 Malachite
    Analysis ID:1589336
    Start date and time:2025-01-12 01:17:50 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 6s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:browseurl.jbs
    Sample URL:https://whatsapp-cy.com/
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:15
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:MAL
    Classification:mal60.win@29/53@0/17
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 44
    • Number of non-executed functions: 0

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtQueryValueKey calls found.
    • Skipping network analysis since amount of network traffic is too extensive
    • VT rate limit hit for: https://whatsapp-cy.com/

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe

    Download File
    Process:C:\Windows\SysWOW64\7za.exe
    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
    Category:dropped
    Size (bytes):62891960
    Entropy (8bit):7.997907680828508
    Encrypted:true
    SSDEEP:786432:77srvs1bSCxuEKvJCDAJ8W/Db6RvFosNCGtXoVaC3DIRJO734MD7EoBRwyV87/U0:3srB0XW/Dm9FFj0KJ04M0Tv7UmNUKBQc
    MD5:D08BDF8F0948938687A6E0C1044E1962
    SHA1:3D36EADA36219A56229A310174A94656C01EF002
    SHA-256:D26E5D31133EA655D4DD0066EF5A850015B20D754ABC5FFC34A1D721D2D3101C
    SHA-512:7EB70D1C8D8281CD020288D3C5728DAFC30385F834984B85803D900C9279AF19DB88ED8E4B07D98C8C7B04D0D739E9A0F00E67595010D8A8A1ABCC13E4C2E5F7
    Malicious:false
    Antivirus:
    • Antivirus: ReversingLabs, Detection: 8%
    Reputation:low
    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{g.................t...h.......[............@...........................@......R....@..................................n..h.....>..............n...9....@..................................... .>.@............................................text....r.......................... ..`.rdata..PV..........................@..@.data...$...........................@....g=V....a0p......................... ..`.TNH................................@....g\O.....~... ...................... ..`.rsrc.........>.....................@..@.reloc........@......f..............@..B................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\unarchiver.log

    Download File
    Process:C:\Windows\SysWOW64\unarchiver.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):1448
    Entropy (8bit):5.059680977559187
    Encrypted:false
    SSDEEP:24:LZA7JYwaUgiJogiJjWIpmgiJogiJUwOgiJfKgiJogiJFT9JYgiJbKgiJ0JYgiJoO:LZAq1UgGogGbogGogGpOgGygGogGpAgr
    MD5:370E3239C03D530FA5852F50FB1E78BF
    SHA1:0081F72FA1BACB333F86819F185BCAF78757AAD6
    SHA-256:43EE8239646524ACF3EB2E722A3C10E1E1A873F7E1691D94906D2B0CCC239284
    SHA-512:D28A36686120D05D71F626712F6AEDB44FCE9719C000FED7BD835A2A514A2B56AFC55CD995840F82B6FD4E4E6C058F5DB060345E1162E866776F6F24D7F71185
    Malicious:false
    Reputation:low
    Preview:01/11/2025 7:20 PM: Unpack: C:\Users\user\Downloads\shater.zip..01/11/2025 7:20 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig..01/11/2025 7:20 PM: Received from standard out: ..01/11/2025 7:20 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..01/11/2025 7:20 PM: Received from standard out: ..01/11/2025 7:20 PM: Received from standard out: Scanning the drive for archives:..01/11/2025 7:20 PM: Received from standard out: 1 file, 62506228 bytes (60 MiB)..01/11/2025 7:20 PM: Received from standard out: ..01/11/2025 7:20 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\shater.zip..01/11/2025 7:20 PM: Received from standard out: --..01/11/2025 7:20 PM: Received from standard out: Path = C:\Users\user\Downloads\shater.zip..01/11/2025 7:20 PM: Received from standard out: Type = zip..01/11/2025 7:20 PM: Received from standard out: Physical Size = 62506228..01/11/2025 7:20 PM: Received fro

    C:\Users\user\Downloads\shater (1).zip.crdownload

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
    Category:dropped
    Size (bytes):27866146
    Entropy (8bit):7.942752882000601
    Encrypted:false
    SSDEEP:786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSq:fyzJWdkjrKNtdB
    MD5:2A85E5973D5F5036314C5AA25060BC2F
    SHA1:2021AE4BD58B68DD1BBFE780C0B667C7C936AF6B
    SHA-256:E6BFEB242580DF9C222A3461DB53DBCEF0E95FDAABA160C2899C1D4D77E2E1E7
    SHA-512:F5C66401AF03816CD10D3445439A74F82AA9EFAD19CD0124D0E5C42BF4DCB48FA0CA2232A18F11C2CB90C9552FD8D263CBE0F23FC53FB4D347C578D1CDFB2A72
    Malicious:false
    Reputation:low
    Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

    C:\Users\user\Downloads\shater.zip (copy)

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
    Category:dropped
    Size (bytes):62506228
    Entropy (8bit):7.999978556244661
    Encrypted:true
    SSDEEP:786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
    MD5:115C3122F43560D183BF64DF477C0475
    SHA1:EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
    SHA-256:B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
    SHA-512:C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
    Malicious:true
    Reputation:low
    Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

    C:\Users\user\Downloads\shater.zip.crdownload

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
    Category:dropped
    Size (bytes):62506228
    Entropy (8bit):7.999978556244661
    Encrypted:true
    SSDEEP:786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
    MD5:115C3122F43560D183BF64DF477C0475
    SHA1:EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
    SHA-256:B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
    SHA-512:C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
    Malicious:false
    Reputation:low
    Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

    Chrome Cache Entry: 59

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:downloaded
    Size (bytes):2002471
    Entropy (8bit):7.980025595488585
    Encrypted:false
    SSDEEP:49152:Q9I1skJEpF7xMJjZb/lII8XKTb9dZpmKcFItbP:V1s8Epm/n8aVpkyFP
    MD5:6A88BBD5858B7D9234FB7D0C6C5059A6
    SHA1:C3412D69DFA2CE6B208D52E6842EA7807CFF42D3
    SHA-256:F8152A8D500807F824571C3256320BBF578CDCE88D45D0FD048A6422F71C272B
    SHA-512:F7AE19293C681636C1D32F7D4391633B1E0BE4AADADE5E874A9D7D48AA1880A02F39F8794E02AA35C61987D25B2D18A0AE28099D202502E6413474E4D445C7F2
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/d5.gif
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,......................5.......;KK..'SEV....].....W......w........)......!RDU:JJ......r..M^^...>PP{.....HYY\ll\N^i{{_ppw..9KK..vtdv...CSSa`K..#WIXewwUggm.....Qbc.y...!....................M.l^n.T..............O..=..4.....`........V..q..Z.....J.............|m~.D...&....9.Vii=MM....:..........u..........`sr....?.............bTeFVV....W.....5...$.a.........|....o...............$..fXilxx..?5.....j........."..............y...........|.................!....QG-......#A..4_v0&.{s^MNC.B.Vaa.3..Q.....\.........B.._O..k0..uqo...Gy..@ ...x=...md\.w.p...F$..k.f.........^o....gg........aX..o]..-....x......G.~,eC9&&&.....p..A.....R@..[_....t..;...u..;..._......AA@.Z...93...H0......@.......[(...n.....[..{8B8...^..JNYx...3...`U@..y..>...P@P.R..*....r.b}.]..Y.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L.....-.

    Chrome Cache Entry: 60

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 150 x 150, 8-bit colormap, non-interlaced
    Category:dropped
    Size (bytes):3393
    Entropy (8bit):7.861381453330033
    Encrypted:false
    SSDEEP:96:k6V1NQz8ZW1B/+bs6/qHgzraL//qt9ahig7Fe4b:v1NQz//+bsYqHgzmLHqt8ig5e4b
    MD5:941D950538F7CA436158C908C7DEC967
    SHA1:69E4EB157989D26A2F71778BCD9EE78BE57C3290
    SHA-256:44E36F9777D5A9DAF22BAC2890247E92466C2842947B5F4AFAF65AD91BF3F94F
    SHA-512:BAA766C378592012B190AF6658A24578A8C8551EFDD0C82BB1DAC1FB9C70C19A8ACEA56E4270B9E401C35494519A286B4E57F85C2F400715C1134B1A204ED2C2
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR....................PLTE...'..&..'..%.."..%..'..'..*..&..)..#..$..(..$..'..#..#.."..(..$..%..%.."..).."..%..(..#..#..)..$..(..%..#..(..#..*..'.."..#..)..(.."..'..$..)..#..&..&..)..%..$..*..'..).."..(..$..(..#..(..#..&.."..*.."..)..#..)..$..(.."..$..)..&..#..)..)..)..)..'..*..#..(..#..&..&..'..&..$..'..&..'..#..".."..$..*..'..&..#..(..%..)..#..#..$..(..#..).."..$..*..)..&..&..#..(..).."..(.."..'..)..%.."..*..*..)..%..).....#..(..#..$..(..(..%..)..&..'..%..#..'..&..(..$..).."..'..%..'..*..'..*..........................P..1...........C..L..G..*..)..(..........................}..g..9..*..5..>..,.................k..]..U..1.............x..n..5..-..-..5..............c..<..@..9.......................p..U..G..e..8..............|..t.._..Z..]..L..r.........tRNS.......,....1.K.....2#......|oIBA............E)&...........\L<<7...................hda.............wrmh[SO..........wkT...c`....&.....IDATx...M..@...d.d..S... ...l=....H. .h$...^<........-..07.........y.}...?<.

    Chrome Cache Entry: 61

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
    Category:dropped
    Size (bytes):4286
    Entropy (8bit):5.157520760822341
    Encrypted:false
    SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
    MD5:975B4112A366CCA6B9BF2C84E268268C
    SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
    SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
    SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
    Malicious:false
    Reputation:low
    Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..

    Chrome Cache Entry: 62

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with very long lines (16550), with no line terminators
    Category:downloaded
    Size (bytes):16550
    Entropy (8bit):4.973941732320836
    Encrypted:false
    SSDEEP:192:8T2OmPb9ptSYhw6JV6T0EfYG8JxKKswifr3mHhP/9mM3wytafGHo6id/O/2opo4G:pb4Wz+8GsdzKzp8XvUGYzZ28SUuo
    MD5:7CADBC4690AC182A41D5AB6FB8D1EA95
    SHA1:09666F87C378C0AE48DAF5AA66653FD8653BB6C3
    SHA-256:71800D66747ABEEFB7BDB564C5D6ADFB6D1319E68FE355E6CA8F909BA87C16A0
    SHA-512:9659C9DCB10C5239DA0C154DD39C3F335804DAA946E590AD4D7C9B5C8B97E76BEC84B4FC5281EAA681AB9BBF3AD5F79BC9ECD9403133A8CE4C21B8213C2C085E
    Malicious:false
    Reputation:low
    URL:https://www.87994.com/static/css/style.min.css
    Preview::root{--headerHeight: 64px;--padding: 15px;--themeColor: #179cde}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{background-color:#fff}.android,.ios,.pc{display:inline-block}.android,.ios{display:none}#to-top{position:fixed;bottom:120px;right:30px;cursor:pointer;color:#3d73ed;z-index:1000;display:none;width:50px;height:50px;border-radius:50%;border:2px solid #3d73ed;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;background-color:#fff}#to-top img{width:30px;height:30px}header{display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-ms-flex-pack:justify;justify-content:space-between;background-color:#fff;position:rel

    Chrome Cache Entry: 63

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:dropped
    Size (bytes):577842
    Entropy (8bit):7.876652184571624
    Encrypted:false
    SSDEEP:12288:cPcYkYPGRnv0j5xjXOi0J4rWDGfWYqs9U7tBUtXelnBLGb9kkpDdo3T5H0vRUXS2:c0Ykbhv0jjei0gW6fl+TUB2nBqbOY23J
    MD5:5D2DD9D2BBC8F41A24F88EBB3AAEB58D
    SHA1:0749B5E7C377B52EAC28E847A1761E8035D09CB8
    SHA-256:CA29F7EA93894758B703BB579C513ADC90B0FD377C95D040AD4F69D8B1316187
    SHA-512:AC13ADBE4BF89E49229F11353810F63FC91FA8DEBD2D6B0F4AA05BC263B805E860F775386E18CA1F0CD3D31F5D349D07B39357039808941B827385D50CD680BF
    Malicious:false
    Reputation:low
    Preview:GIF89a.......ysf........0....0'....VPD..l..q.g"..!.....P74'...s.n....KE5......Z.....r..L.....m.&<...h.......-....*.............6..T.....}........skY.D.....m...{.........jcTB9-bZJ...&%".....m... *M...r...w...#;2...O..:......q...k..V..$..U.J..{.lS....Q.....eV).G...+..;.Z!.Lr....x;.....pxf)TF........=..M.vC..<...,..P1)!jcI.#..}h.....w......u..*..447.T'......{sZ.....$.k0s!.....!%....R......6.%...T..$.......1.j..e.wgB..(............d.c..;.....:.....s\k..v..R.>C(.Z...{{xPWk.J..z>l...W.....4..........&6..=....e......#45....s=N_Q......i....%2(.....!.........O7.zX.......).{c..)>?G.....!.sc.....)...........2)1.{k..!..!.. .....)..)..)..........{k............{c...........!........,...........,................!..).....%.....*...|sr.~h..'......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 64

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Unicode text, UTF-8 text, with CRLF line terminators
    Category:downloaded
    Size (bytes):1734
    Entropy (8bit):5.05685263555574
    Encrypted:false
    SSDEEP:48:sSaDafoASE99PPEpMEXaHvB5TP+JOOP+du:XaGUpKJpP+JO+
    MD5:45FA04438A564600785830CBFF0B507F
    SHA1:7AFB7668DE4BA0ED485720EA7212F8D624B0E098
    SHA-256:8CA11CC9520EB4FA744708ED8BABA68CEC8903C6FF8940AA0DC0FEACD04B309C
    SHA-512:6414CAD666044A7B51DD40377CA8B05275B7A535EECB232246F7C00B5E119AABEEDC68E392C287853C9E2DF2352EC6DE88E89732BD42E0147738A0C5320250AD
    Malicious:false
    Reputation:low
    URL:https://www.87994.com/static/js/public.js
    Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }.... // if (scrollTop > 400 ) {.. // $('header .button-box').addClass('on').. // } else {.. // $('header .button-box').removeClass('on').. // }.. .. if ($('.index-container .section3').length > 0) {.. if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) {.. $('.index-container .section3').addClass('animated').. }.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";..

    Chrome Cache Entry: 65

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
    Category:downloaded
    Size (bytes):9739
    Entropy (8bit):7.914505260000532
    Encrypted:false
    SSDEEP:192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
    MD5:E94E30D49B2C58C8CE7BF1A96BE1458A
    SHA1:79334D2865DDD486A79F97725363F56655C80BDE
    SHA-256:93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
    SHA-512:9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-logo.png
    Preview:.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

    Chrome Cache Entry: 66

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):6676
    Entropy (8bit):7.96009372384108
    Encrypted:false
    SSDEEP:192:vA7jGLLVjGTN9q6LAkBkComENXQ/gTHOJ:xLqN9q6skBLomE9QaHOJ
    MD5:0B51D2A6328D9284BC3E3D156D047D30
    SHA1:623542C7991F61D1B5B1275A89A36A2AC471940A
    SHA-256:FFD84BA091349D7B20EED4E9114569DF107D646157746FE0C01ADED2B2E156BF
    SHA-512:6A2C61BF6C1D84BC200BDDD2C806C093D33DDEF9950FAE67A40D0A1A138407EF66AF59E0B3011FB6A91978DA93F0E041938A2DC2B89AD673A3518452919FAE29
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR.............<.q.....pHYs..........+......IDATx..{t\.u.?.7gF..^.eY..$.e....0$.......0...i..KX...U....r(%...!.l5.., 4....E(..m....,K.,.1...9..q,.-Y.y.......3.3....o...?a........:..!..R.R..*Z.......JT(@....<u...."(=.]@'B;..`..4...}...>5D..nv<...t .6 .lQjVw.#.@..(.X........Iz.>.f.&..h.8.....Z......O..Y..=.8.R`.(.....pG.t....S.^.}..'....X2.F.i#.5O....K.\...WD...4.v..Bk... ..j.:...'.%...Vu].1b.Q..>/.U.....o.D.>..x.Q...z........2JX.=.D..C.-w.bA7.\...t!....8..'-...}.We..1.V....e-.../..H...*..;.3.K*...........k...bEo...].e.T7U....n...o.P.M.Q..Ya.>.f.9..Dn.....t.........>....|.Zo..<'.....c.T.v.V..".*q.... ......xj..j.N.%..e..........*.b.[...<'...G.U..+(..Ao.....OW.....S......t..va...).nE....N{.e..z. [.n,.L.1i.V...+D.~..x7B.i..WD.o..K.H..).V....P,".r...^....< *.;"....S.{.~.1.0..(7....I...*....p..)#u#..e....o..fZ.3]8...~k^i......\).V....[|%...>....2.......6.'=..TaU..@,+.c...{.(....rN.....`.p \..8io../. E.......%..U.0.b.....<U...k....

    Chrome Cache Entry: 67

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:downloaded
    Size (bytes):643829
    Entropy (8bit):7.836560759064186
    Encrypted:false
    SSDEEP:12288:Kjyy8RAwLFpkPCaJaSOp62vU43BhJJEhTmO9VCh40zAG+K:hRASFpkPPJaSOpi43BPJoKqV/Kd+K
    MD5:4693BF1953572AC66E817FF1779E823D
    SHA1:B64371990FE461A9295A0EB17D7D2B4B6BFA62D7
    SHA-256:2D7A368AC2A3E89E1E3AD0DB2300D8323CAA97F6230170BD2266F97B5B17C02B
    SHA-512:85E0FB37E0FE64B07B41F48398A9DA478898B0B30D070E122B098DE7D0FAD71EEA3C1DC7469FDB276EDF26A49837A8282D071B9611E411F5E0D3AF1C57AD97D5
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/d1.gif
    Preview:GIF89a........-...o.......Z..................&o..l...........f!Z....n......E....O........-..fV............S...l..........B..E..7........]]_......l...............{........L...)..s.........Q....z...h.....5....J....e...xO....Z!w..g..}.......I......O...s$c........f......^.@..L...x...z..s..6........q.f..h[.w:.R.....:....;..z..f.j........h...R.............S.....3B..Y....#..#t..z......k...ju}.k,...BFI.....8............k8.{.\........>.J..2.S,/02.f.g....9.V.................@...>..'......_.rC..BL...; .....:..$.......V.....!k2D.....!.e............!.........@6....@.....!.....!.......!....B;...................................)...........).....!..,........!..)..!..+..-........)._'..... ..-..........,........ .sA..!........!..,........... ...!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 68

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
    Category:downloaded
    Size (bytes):4286
    Entropy (8bit):5.157520760822341
    Encrypted:false
    SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
    MD5:975B4112A366CCA6B9BF2C84E268268C
    SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
    SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
    SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-favicon.ico
    Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..

    Chrome Cache Entry: 69

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:dropped
    Size (bytes):914523
    Entropy (8bit):7.86312825741696
    Encrypted:false
    SSDEEP:12288:ZKplMnsf/ls7jINGagPdUszhTwDFiNIpPNGtZPim+4K4KXVOdmY2S6yYmB9Ybstf:ZJYuV2sdsxy6s12KYmBJtZUo/Rsmb
    MD5:2A4E501C4E4E40F00B63A8EBACCF7C96
    SHA1:74F86C1E39DC4E0C3E3DC40981324DF39DFB225A
    SHA-256:6294E69B29B2F4C87E8734E7C31806D18F8B41CFE7A1C98AD3E63A926BC75A3F
    SHA-512:3D8685344455B1F7FB93B131A82F5C4620EA1D161AD18D131118CF35139191988D730598308BFC929EF2F9E6BCF02CD0E6B6D6FF048F34FCAE65055B2474054C
    Malicious:false
    Reputation:low
    Preview:GIF89a........e]....[-......f....o.v.higr.........+.(..f......i..g#..h.hW.F.....C..)..o.U............3..o.."h.m..NP..................P..._.)..........(.k....L.n.............42....l......M.......l.N....Nn...R.v7..1..}m..Wn!.......s.Hw....E....K5..$.0..U#.).k.+.nT)'.1./...d...E......,.DO..../.j...M.~.$.....g-.....d;.dE....H.2,.... t$....i..I.v.........%.T.'...+k....pXDD.r.>..G(....&-,..I.....Y..-...R.....|U......."...l....?....."....w......3..........U...!................w.....f.............U..A............U.................D.......U.....f............3.D...\......D....."V..............f........U........w.B......w...3........"..;..".....B.............5.D.>........f..U......9.....4.......................................`.......!......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 70

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 512 x 512
    Category:dropped
    Size (bytes):2002471
    Entropy (8bit):7.980025595488585
    Encrypted:false
    SSDEEP:49152:Q9I1skJEpF7xMJjZb/lII8XKTb9dZpmKcFItbP:V1s8Epm/n8aVpkyFP
    MD5:6A88BBD5858B7D9234FB7D0C6C5059A6
    SHA1:C3412D69DFA2CE6B208D52E6842EA7807CFF42D3
    SHA-256:F8152A8D500807F824571C3256320BBF578CDCE88D45D0FD048A6422F71C272B
    SHA-512:F7AE19293C681636C1D32F7D4391633B1E0BE4AADADE5E874A9D7D48AA1880A02F39F8794E02AA35C61987D25B2D18A0AE28099D202502E6413474E4D445C7F2
    Malicious:false
    Reputation:low
    Preview:GIF89a.............!..NETSCAPE2.0.....!.......,......................5.......;KK..'SEV....].....W......w........)......!RDU:JJ......r..M^^...>PP{.....HYY\ll\N^i{{_ppw..9KK..vtdv...CSSa`K..#WIXewwUggm.....Qbc.y...!....................M.l^n.T..............O..=..4.....`........V..q..Z.....J.............|m~.D...&....9.Vii=MM....:..........u..........`sr....?.............bTeFVV....W.....5...$.a.........|....o...............$..fXilxx..?5.....j........."..............y...........|.................!....QG-......#A..4_v0&.{s^MNC.B.Vaa.3..Q.....\.........B.._O..k0..uqo...Gy..@ ...x=...md\.w.p...F$..k.f.........^o....gg........aX..o]..-....x......G.~,eC9&&&.....p..A.....R@..[_....t..;...u..;..._......AA@.Z...93...H0......@.......[(...n.....[..{8B8...^..JNYx...3...`U@..y..>...P@P.R..*....r.b}.]..Y.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L.....-.

    Chrome Cache Entry: 71

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:dropped
    Size (bytes):612115
    Entropy (8bit):7.85720210824962
    Encrypted:false
    SSDEEP:12288:UuPWpHSq8TmqXO1NrtQxEG40E43eoIBH6j6QQa/NfScvl+5UXmg5dT/:PPWZj8Tm2O1NG4z43e5hQRPvl6+mOt
    MD5:98F3CEF77493B7C487972E61D5C1AC1C
    SHA1:81496C73BA70EE8C573AA3A878701512C53F1738
    SHA-256:2FA514F6DD203840C98FFEFFBFE75F91BB0E432D321F9D1E43B96FEE841FEEA4
    SHA-512:A6276C6D924FB5976D0F91CC1C73ED87A6ECB147081A625E9B785A3C1F87903C5EAC50651222FA598401D2CF7E54B864AE3C3EEC9272508248BE9B0633E3A8EE
    Malicious:false
    Reputation:low
    Preview:GIF89a........6....dde.z..h"...g......../.8p.6...Z.....$.......'.....d..U...my...k.\........I...O......o.......@.........Qo.E.....bR........{..{c.......lT......j....og....&...//0X..1{..T...................x@......$.............YB..P.G.)....U..<.....l...F....J...k.B..s..Z!.1.......E.2..?....+..1..f.Y......5.!..R..d..NM.}..}:.........!.....R.....$5BDGH........&..........L/..9.8).A.."/....S,......t...!.....!.g.3.U.........o(....J..R..m!h1?...y%.N...J.....g<....{............x.{..(..Yet....Csss.c.D...Z..Z..U.>...Y..6R..oM.Z..K.<;44..........S.........9......h..!..!.............!.:A...){...!...6c............!!s... )s...).................).{.9..J....!..!..*..))...{...!..*..)........!.k....){..{)...a....)..!{....;....,........)........5....!......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 73

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 1083 x 499, 8-bit colormap, non-interlaced
    Category:downloaded
    Size (bytes):66150
    Entropy (8bit):7.978775494536139
    Encrypted:false
    SSDEEP:1536:PhDoHbk8I/2QFdssM8dMC6CA2AhXUIzu9AoJvYDQMb4p4aBtBlxyZJse8:Pe7k8pQnxM8CvqAhkIzuSk3AA7lx2se8
    MD5:1BC64AF22B7C6F477D1635B174C3E599
    SHA1:2F4DF7BB8F8AF81F97FC3A34673FDBA21008CD09
    SHA-256:9341108FEB5C7FE032FC0BDE2DC768A406707E978E94CC15B6E61E9A7EE716CF
    SHA-512:28AF04614AD1830455654E665F2084CD49C6B6D96D409DA15896A9CD0DB1F5EBE131C515DD89A1C4BF8897CE1F67BA13A00F5FFC0666B297F04FC9F848F368F5
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/cropped-header-image-5.png
    Preview:.PNG........IHDR...;............n....PLTE...........................................((,-.2. *...56:.........................1"";($$.....D--.}....(.......%7".!.$/.........t....JLR..c.....P|..}I25...ccer..j.....XW\p.....z....f...R68.........8?D.......~iimD)"..pqv......8&.Q2)...........Z=A.y......[....*2fBC....~.zu...&wy{...r..`..........U....DBF.......x.......}...}..ym....D..[b.^=1M.....kKM.kz............q.qi...w.....5....l........O\.ps..v....ih...=]uzPM._iO..........m...cT..pc.....SM...j...t..._Vyl'.......dn.G................O|.........s].@.............K{.wC9...M.....x............Gb..dc.f0,J\.Z.|O...]..!...d..F...1L.y..W..._....tU]..v.....7.2....z..E../..V..y.i.m<:m..z.........K'}.....,.......rk..m..e<...X.Q1uv,x...6..g.L..#..7.H.]...............tRNS..V)i.D..\t......IDATx.........................................................................`..eEq ..h:ml.F!E.A.\..UC.B...A.....O.N...b.Z...o....D..........................

    Chrome Cache Entry: 74

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
    Category:downloaded
    Size (bytes):1857
    Entropy (8bit):7.855222877921013
    Encrypted:false
    SSDEEP:48:J4c1oVOCC38+S2V8Tm8YTDf5Jmeqyhgmu:JFyVo/CNaf5apmu
    MD5:805A8459450FF428463CA4BA365412CB
    SHA1:1C46F97F32C1BFE579988D7AE5DADD5A6464B011
    SHA-256:F2484603A4C0D535E032DA9232E456B3C6AD1F4998B1AA57D275CD58DC28B0F9
    SHA-512:1C0F710B4311387D7E795733D1F3772404BE33551BD41422E17CFDC6BF7291F34C4AC5E80B893E1D06ADA9B26FC84E724A9A4CB293737355F031ECA16AFFF2F7
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-09/to-top.png
    Preview:.PNG........IHDR...@...@......iq.....sRGB.........IDATx^.[}..e.~...Cz.fV#A4R...Hh....'..b..).....G.bo.....h@>n..F...J.Z.5....g........A....g...Y..vgvwfgw.kw...}<.3..7.;..q~.8....8....f....... =.-..n.a..z...C@_..td.;.\.IT.Ge.Ns.....'..6..H.(7.q.....D....(./N..n..u.r..R..5.......{......./.qW.....%..H....;."o.Xi[.'....5..By-!.6. ..M0..N.8V.'1.$6..za.j.o.X /.d6..._.....H.......G.'f.......P.J....A...X..G...F....p.}_......:)BG.8..>....^.#.._...+.../.x..A~4.C...?s.M..;%BG...S$?.&.g`V.x.}..Z...#CC...s."....].2HL..../..........Y....cb.......`./.P#...=.$^#......$N.O......v....g..7.....O....#..{....O.f....h.p.A... W.S.cib......$...#.....xZ...^(....kb.<i[....Z.....D.{%..'..........N.kz._....m o......6.....^C.G!p.2.......*3.\........X.[...B.(.....8..h.*H].y.................#.$....gdY.......7.../....1.p.H.H..(=...9}..~...n....r3|...1.k..-$.T.g..;.vq...^..9..z2...-.fN...w.<.'_.WO.5....~..wj.-.8.V.|..o....{..#..^Y4...'.M.."....noR.+.+_p.......q

    Chrome Cache Entry: 75

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):1857
    Entropy (8bit):7.855222877921013
    Encrypted:false
    SSDEEP:48:J4c1oVOCC38+S2V8Tm8YTDf5Jmeqyhgmu:JFyVo/CNaf5apmu
    MD5:805A8459450FF428463CA4BA365412CB
    SHA1:1C46F97F32C1BFE579988D7AE5DADD5A6464B011
    SHA-256:F2484603A4C0D535E032DA9232E456B3C6AD1F4998B1AA57D275CD58DC28B0F9
    SHA-512:1C0F710B4311387D7E795733D1F3772404BE33551BD41422E17CFDC6BF7291F34C4AC5E80B893E1D06ADA9B26FC84E724A9A4CB293737355F031ECA16AFFF2F7
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR...@...@......iq.....sRGB.........IDATx^.[}..e.~...Cz.fV#A4R...Hh....'..b..).....G.bo.....h@>n..F...J.Z.5....g........A....g...Y..vgvwfgw.kw...}<.3..7.;..q~.8....8....f....... =.-..n.a..z...C@_..td.;.\.IT.Ge.Ns.....'..6..H.(7.q.....D....(./N..n..u.r..R..5.......{......./.qW.....%..H....;."o.Xi[.'....5..By-!.6. ..M0..N.8V.'1.$6..za.j.o.X /.d6..._.....H.......G.'f.......P.J....A...X..G...F....p.}_......:)BG.8..>....^.#.._...+.../.x..A~4.C...?s.M..;%BG...S$?.&.g`V.x.}..Z...#CC...s."....].2HL..../..........Y....cb.......`./.P#...=.$^#......$N.O......v....g..7.....O....#..{....O.f....h.p.A... W.S.cib......$...#.....xZ...^(....kb.<i[....Z.....D.{%..'..........N.kz._....m o......6.....^C.G!p.2.......*3.\........X.[...B.(.....8..h.*H].y.................#.$....gdY.......7.../....1.p.H.H..(=...9}..~...n....r3|...1.k..-$.T.g..;.vq...^..9..z2...-.fN...w.<.'_.WO.5....~..wj.-.8.V.|..o....{..#..^Y4...'.M.."....noR.+.+_p.......q

    Chrome Cache Entry: 76

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Unicode text, UTF-8 text, with CRLF line terminators
    Category:dropped
    Size (bytes):1734
    Entropy (8bit):5.05685263555574
    Encrypted:false
    SSDEEP:48:sSaDafoASE99PPEpMEXaHvB5TP+JOOP+du:XaGUpKJpP+JO+
    MD5:45FA04438A564600785830CBFF0B507F
    SHA1:7AFB7668DE4BA0ED485720EA7212F8D624B0E098
    SHA-256:8CA11CC9520EB4FA744708ED8BABA68CEC8903C6FF8940AA0DC0FEACD04B309C
    SHA-512:6414CAD666044A7B51DD40377CA8B05275B7A535EECB232246F7C00B5E119AABEEDC68E392C287853C9E2DF2352EC6DE88E89732BD42E0147738A0C5320250AD
    Malicious:false
    Reputation:low
    Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }.... // if (scrollTop > 400 ) {.. // $('header .button-box').addClass('on').. // } else {.. // $('header .button-box').removeClass('on').. // }.. .. if ($('.index-container .section3').length > 0) {.. if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) {.. $('.index-container .section3').addClass('animated').. }.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";..

    Chrome Cache Entry: 77

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with very long lines (65536), with no line terminators
    Category:downloaded
    Size (bytes):86923
    Entropy (8bit):5.288942392211126
    Encrypted:false
    SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
    MD5:B72AFE07A6F6F477120F3B0803D0A983
    SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
    SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
    SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
    Malicious:false
    Reputation:low
    URL:https://www.87994.com/static/js/jquery.js
    Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

    Chrome Cache Entry: 78

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
    Category:downloaded
    Size (bytes):6676
    Entropy (8bit):7.96009372384108
    Encrypted:false
    SSDEEP:192:vA7jGLLVjGTN9q6LAkBkComENXQ/gTHOJ:xLqN9q6skBLomE9QaHOJ
    MD5:0B51D2A6328D9284BC3E3D156D047D30
    SHA1:623542C7991F61D1B5B1275A89A36A2AC471940A
    SHA-256:FFD84BA091349D7B20EED4E9114569DF107D646157746FE0C01ADED2B2E156BF
    SHA-512:6A2C61BF6C1D84BC200BDDD2C806C093D33DDEF9950FAE67A40D0A1A138407EF66AF59E0B3011FB6A91978DA93F0E041938A2DC2B89AD673A3518452919FAE29
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/tg-09/Telegram%20150.png
    Preview:.PNG........IHDR.............<.q.....pHYs..........+......IDATx..{t\.u.?.7gF..^.eY..$.e....0$.......0...i..KX...U....r(%...!.l5.., 4....E(..m....,K.,.1...9..q,.-Y.y.......3.3....o...?a........:..!..R.R..*Z.......JT(@....<u...."(=.]@'B;..`..4...}...>5D..nv<...t .6 .lQjVw.#.@..(.X........Iz.>.f.&..h.8.....Z......O..Y..=.8.R`.(.....pG.t....S.^.}..'....X2.F.i#.5O....K.\...WD...4.v..Bk... ..j.:...'.%...Vu].1b.Q..>/.U.....o.D.>..x.Q...z........2JX.=.D..C.-w.bA7.\...t!....8..'-...}.We..1.V....e-.../..H...*..;.3.K*...........k...bEo...].e.T7U....n...o.P.M.Q..Ya.>.f.9..Dn.....t.........>....|.Zo..<'.....c.T.v.V..".*q.... ......xj..j.N.%..e..........*.b.[...<'...G.U..+(..Ao.....OW.....S......t..va...).nE....N{.e..z. [.n,.L.1i.V...+D.~..x7B.i..WD.o..K.H..).V....P,".r...^....< *.;"....S.{.~.1.0..(7....I...*....p..)#u#..e....o..fZ.3]8...~k^i......\).V....[|%...>....2.......6.'=..TaU..@,+.c...{.(....rN.....`.p \..8io../. E.......%..U.0.b.....<U...k....

    Chrome Cache Entry: 79

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 150 x 150, 8-bit colormap, non-interlaced
    Category:downloaded
    Size (bytes):3393
    Entropy (8bit):7.861381453330033
    Encrypted:false
    SSDEEP:96:k6V1NQz8ZW1B/+bs6/qHgzraL//qt9ahig7Fe4b:v1NQz//+bsYqHgzmLHqt8ig5e4b
    MD5:941D950538F7CA436158C908C7DEC967
    SHA1:69E4EB157989D26A2F71778BCD9EE78BE57C3290
    SHA-256:44E36F9777D5A9DAF22BAC2890247E92466C2842947B5F4AFAF65AD91BF3F94F
    SHA-512:BAA766C378592012B190AF6658A24578A8C8551EFDD0C82BB1DAC1FB9C70C19A8ACEA56E4270B9E401C35494519A286B4E57F85C2F400715C1134B1A204ED2C2
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/logo.png
    Preview:.PNG........IHDR....................PLTE...'..&..'..%.."..%..'..'..*..&..)..#..$..(..$..'..#..#.."..(..$..%..%.."..).."..%..(..#..#..)..$..(..%..#..(..#..*..'.."..#..)..(.."..'..$..)..#..&..&..)..%..$..*..'..).."..(..$..(..#..(..#..&.."..*.."..)..#..)..$..(.."..$..)..&..#..)..)..)..)..'..*..#..(..#..&..&..'..&..$..'..&..'..#..".."..$..*..'..&..#..(..%..)..#..#..$..(..#..).."..$..*..)..&..&..#..(..).."..(.."..'..)..%.."..*..*..)..%..).....#..(..#..$..(..(..%..)..&..'..%..#..'..&..(..$..).."..'..%..'..*..'..*..........................P..1...........C..L..G..*..)..(..........................}..g..9..*..5..>..,.................k..]..U..1.............x..n..5..-..-..5..............c..<..@..9.......................p..U..G..e..8..............|..t.._..Z..]..L..r.........tRNS.......,....1.K.....2#......|oIBA............E)&...........\L<<7...................hda.............wrmh[SO..........wkT...c`....&.....IDATx...M..@...d.d..S... ...l=....H. .h$...^<........-..07.........y.}...?<.

    Chrome Cache Entry: 80

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:downloaded
    Size (bytes):559572
    Entropy (8bit):7.856982891697924
    Encrypted:false
    SSDEEP:12288:Dj7h0TfiulL8IzDT80ELeDPh9faTt3sGI3qVE62yqsy:HBu9FTZELsZ9STtBIEKyG
    MD5:4636BAB274A32C5930212CEF2B643BB1
    SHA1:137662AFF11D3994DC1D948AD83DC0D587E4B79D
    SHA-256:8C9EF70F4390470409FE6EBB24BD09E53AE01DC08EC6B02A0EFA4D12AF64F8C5
    SHA-512:F10A2791D191AE785B9C777F0B09B38A195CC56CDD1447D599DB1D7329677BFC589F25B94923E451D05E7C976F1089FE6961FF147F32C77A2664BCA9B83FE478
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/d3.gif
    Preview:GIF89a...............S..[....e$...................h.6....eW......v..q..k.........s....R...u.N....j.....m....wD.q..D.....S.Z!..S....).YY[.......J..................){...g...)..V..G....1.......9.......V......,..!.B......k.......5...0....a.C...r............................2*..M$...5......)t....*.....v..Gv......R......_..,,,..........."..9..#...............{.#...,....0..<........#.d>.E...!...:m.....wy{.....9....R.......Y....).L..w.d.9..r...Q.............aI.T..N...3.....G>....DFH.j..:.....!........A...9......%....88;........U.....E.U.3.a.... !#..=....Z.. ..!j....3.......Fs... ......y.)*...J...1..!..!...........!..:.....1....R..R......1..!..).R........Z..R.....9....J...9.Z...1..,..!..)..9.....)..*....R.>.......)............!..!...!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 81

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
    Category:downloaded
    Size (bytes):5537
    Entropy (8bit):5.919812570501117
    Encrypted:false
    SSDEEP:48:toyp8jSmu6PpzbINbrN99CYueWDlpMmO2jtF0l7GqCA+F50XNLfa5UihjsScf:2tjhusRWvN9Zu7ymHhF0o2+EXpaNj2
    MD5:C93BFE106E395632929F2D6623E17CAC
    SHA1:9FE7C9A0E02B7CC3A877E441C30E4AF92C6FF1E5
    SHA-256:7836094DC114D2B55AB8B74C3E7AF4EC0FE2DA9DB838F9F32E2044A1E15C2C5C
    SHA-512:B275ECFC77DA021EB1830D4247BF483409E11A20C28C7928F1631AFD7917197F40D341ED27BBD82941AF2AA0ECEB2FF87495B455295E2A31F111B42AF2D9C27B
    Malicious:false
    Reputation:low
    URL:https://www.87994.com/
    Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>Telegram.. -Telegram..,..APP...,TG.....</title>...<meta name="Keywords" content="Telegram..(.....,TG,..)....Windows.Mac....iOS........................................................Telegram...................">...<meta name="Description" content="Telegram..(.....,TG,..)....Windows.Mac....iOS........................................................Telegram...................">......<meta name="viewport" content="width=device-width, initial-scale=

    Chrome Cache Entry: 82

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:downloaded
    Size (bytes):914523
    Entropy (8bit):7.86312825741696
    Encrypted:false
    SSDEEP:12288:ZKplMnsf/ls7jINGagPdUszhTwDFiNIpPNGtZPim+4K4KXVOdmY2S6yYmB9Ybstf:ZJYuV2sdsxy6s12KYmBJtZUo/Rsmb
    MD5:2A4E501C4E4E40F00B63A8EBACCF7C96
    SHA1:74F86C1E39DC4E0C3E3DC40981324DF39DFB225A
    SHA-256:6294E69B29B2F4C87E8734E7C31806D18F8B41CFE7A1C98AD3E63A926BC75A3F
    SHA-512:3D8685344455B1F7FB93B131A82F5C4620EA1D161AD18D131118CF35139191988D730598308BFC929EF2F9E6BCF02CD0E6B6D6FF048F34FCAE65055B2474054C
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/d4.gif
    Preview:GIF89a........e]....[-......f....o.v.higr.........+.(..f......i..g#..h.hW.F.....C..)..o.U............3..o.."h.m..NP..................P..._.)..........(.k....L.n.............42....l......M.......l.N....Nn...R.v7..1..}m..Wn!.......s.Hw....E....K5..$.0..U#.).k.+.nT)'.1./...d...E......,.DO..../.j...M.~.$.....g-.....d;.dE....H.2,.... t$....i..I.v.........%.T.'...+k....pXDD.r.>..G(....&-,..I.....Y..-...R.....|U......."...l....?....."....w......3..........U...!................w.....f.............U..A............U.................D.......U.....f............3.D...\......D....."V..............f........U........w.B......w...3........"..;..".....B.............5.D.>........f..U......9.....4.......................................`.......!......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 83

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:dropped
    Size (bytes):559572
    Entropy (8bit):7.856982891697924
    Encrypted:false
    SSDEEP:12288:Dj7h0TfiulL8IzDT80ELeDPh9faTt3sGI3qVE62yqsy:HBu9FTZELsZ9STtBIEKyG
    MD5:4636BAB274A32C5930212CEF2B643BB1
    SHA1:137662AFF11D3994DC1D948AD83DC0D587E4B79D
    SHA-256:8C9EF70F4390470409FE6EBB24BD09E53AE01DC08EC6B02A0EFA4D12AF64F8C5
    SHA-512:F10A2791D191AE785B9C777F0B09B38A195CC56CDD1447D599DB1D7329677BFC589F25B94923E451D05E7C976F1089FE6961FF147F32C77A2664BCA9B83FE478
    Malicious:false
    Reputation:low
    Preview:GIF89a...............S..[....e$...................h.6....eW......v..q..k.........s....R...u.N....j.....m....wD.q..D.....S.Z!..S....).YY[.......J..................){...g...)..V..G....1.......9.......V......,..!.B......k.......5...0....a.C...r............................2*..M$...5......)t....*.....v..Gv......R......_..,,,..........."..9..#...............{.#...,....0..<........#.d>.E...!...:m.....wy{.....9....R.......Y....).L..w.d.9..r...Q.............aI.T..N...3.....G>....DFH.j..:.....!........A...9......%....88;........U.....E.U.3.a.... !#..=....Z.. ..!j....3.......Fs... ......y.)*...J...1..!..!...........!..:.....1....R..R......1..!..).R........Z..R.....9....J...9.Z...1..,..!..)..9.....)..*....R.>.......)............!..!...!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 84

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):9739
    Entropy (8bit):7.914505260000532
    Encrypted:false
    SSDEEP:192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
    MD5:E94E30D49B2C58C8CE7BF1A96BE1458A
    SHA1:79334D2865DDD486A79F97725363F56655C80BDE
    SHA-256:93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
    SHA-512:9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

    Chrome Cache Entry: 85

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PNG image data, 1083 x 499, 8-bit colormap, non-interlaced
    Category:dropped
    Size (bytes):66150
    Entropy (8bit):7.978775494536139
    Encrypted:false
    SSDEEP:1536:PhDoHbk8I/2QFdssM8dMC6CA2AhXUIzu9AoJvYDQMb4p4aBtBlxyZJse8:Pe7k8pQnxM8CvqAhkIzuSk3AA7lx2se8
    MD5:1BC64AF22B7C6F477D1635B174C3E599
    SHA1:2F4DF7BB8F8AF81F97FC3A34673FDBA21008CD09
    SHA-256:9341108FEB5C7FE032FC0BDE2DC768A406707E978E94CC15B6E61E9A7EE716CF
    SHA-512:28AF04614AD1830455654E665F2084CD49C6B6D96D409DA15896A9CD0DB1F5EBE131C515DD89A1C4BF8897CE1F67BA13A00F5FFC0666B297F04FC9F848F368F5
    Malicious:false
    Reputation:low
    Preview:.PNG........IHDR...;............n....PLTE...........................................((,-.2. *...56:.........................1"";($$.....D--.}....(.......%7".!.$/.........t....JLR..c.....P|..}I25...ccer..j.....XW\p.....z....f...R68.........8?D.......~iimD)"..pqv......8&.Q2)...........Z=A.y......[....*2fBC....~.zu...&wy{...r..`..........U....DBF.......x.......}...}..ym....D..[b.^=1M.....kKM.kz............q.qi...w.....5....l........O\.ps..v....ih...=]uzPM._iO..........m...cT..pc.....SM...j...t..._Vyl'.......dn.G................O|.........s].@.............K{.wC9...M.....x............Gb..dc.f0,J\.Z.|O...]..!...d..F...1L.y..W..._....tU]..v.....7.2....z..E../..V..y.i.m<:m..z.........K'}.....,.......rk..m..e<...X.Q1uv,x...6..g.L..#..7.H.]...............tRNS..V)i.D..\t......IDATx.........................................................................`..eEq ..h:ml.F!E.A.\..UC.B...A.....O.N...b.Z...o....D..........................

    Chrome Cache Entry: 86

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:ASCII text, with very long lines (65536), with no line terminators
    Category:dropped
    Size (bytes):86923
    Entropy (8bit):5.288942392211126
    Encrypted:false
    SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
    MD5:B72AFE07A6F6F477120F3B0803D0A983
    SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
    SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
    SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
    Malicious:false
    Reputation:low
    Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

    Chrome Cache Entry: 87

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:dropped
    Size (bytes):643829
    Entropy (8bit):7.836560759064186
    Encrypted:false
    SSDEEP:12288:Kjyy8RAwLFpkPCaJaSOp62vU43BhJJEhTmO9VCh40zAG+K:hRASFpkPPJaSOpi43BPJoKqV/Kd+K
    MD5:4693BF1953572AC66E817FF1779E823D
    SHA1:B64371990FE461A9295A0EB17D7D2B4B6BFA62D7
    SHA-256:2D7A368AC2A3E89E1E3AD0DB2300D8323CAA97F6230170BD2266F97B5B17C02B
    SHA-512:85E0FB37E0FE64B07B41F48398A9DA478898B0B30D070E122B098DE7D0FAD71EEA3C1DC7469FDB276EDF26A49837A8282D071B9611E411F5E0D3AF1C57AD97D5
    Malicious:false
    Reputation:low
    Preview:GIF89a........-...o.......Z..................&o..l...........f!Z....n......E....O........-..fV............S...l..........B..E..7........]]_......l...............{........L...)..s.........Q....z...h.....5....J....e...xO....Z!w..g..}.......I......O...s$c........f......^.@..L...x...z..s..6........q.f..h[.w:.R.....:....;..z..f.j........h...R.............S.....3B..Y....#..#t..z......k...ju}.k,...BFI.....8............k8.{.\........>.J..2.S,/02.f.g....9.V.................@...>..'......_.rC..BL...; .....:..$.......V.....!k2D.....!.e............!.........@6....@.....!.....!.......!....B;...................................)...........).....!..,........!..)..!..+..-........)._'..... ..-..........,........ .sA..!........!..,........... ...!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 88

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:downloaded
    Size (bytes):577842
    Entropy (8bit):7.876652184571624
    Encrypted:false
    SSDEEP:12288:cPcYkYPGRnv0j5xjXOi0J4rWDGfWYqs9U7tBUtXelnBLGb9kkpDdo3T5H0vRUXS2:c0Ykbhv0jjei0gW6fl+TUB2nBqbOY23J
    MD5:5D2DD9D2BBC8F41A24F88EBB3AAEB58D
    SHA1:0749B5E7C377B52EAC28E847A1761E8035D09CB8
    SHA-256:CA29F7EA93894758B703BB579C513ADC90B0FD377C95D040AD4F69D8B1316187
    SHA-512:AC13ADBE4BF89E49229F11353810F63FC91FA8DEBD2D6B0F4AA05BC263B805E860F775386E18CA1F0CD3D31F5D349D07B39357039808941B827385D50CD680BF
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/d2.gif
    Preview:GIF89a.......ysf........0....0'....VPD..l..q.g"..!.....P74'...s.n....KE5......Z.....r..L.....m.&<...h.......-....*.............6..T.....}........skY.D.....m...{.........jcTB9-bZJ...&%".....m... *M...r...w...#;2...O..:......q...k..V..$..U.J..{.lS....Q.....eV).G...+..;.Z!.Lr....x;.....pxf)TF........=..M.vC..<...,..P1)!jcI.#..}h.....w......u..*..447.T'......{sZ.....$.k0s!.....!%....R......6.%...T..$.......1.j..e.wgB..(............d.c..;.....:.....s\k..v..R.>C(.Z...{{xPWk.J..z>l...W.....4..........&6..=....e......#45....s=N_Q......i....%2(.....!.........O7.zX.......).{c..)>?G.....!.sc.....)...........2)1.{k..!..!.. .....)..)..)..........{k............{c...........!........,...........,................!..).....%.....*...|sr.~h..'......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Chrome Cache Entry: 89

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
    Category:downloaded
    Size (bytes):25337202
    Entropy (8bit):7.8665232879343465
    Encrypted:false
    SSDEEP:393216:tX56P6bzyzkIPDHAr8ToylFR6zVwMYkBIqcB6yv3eKYhsbQM93MkjDXvCGSkOtS:t5zyzBk7zmMNMcyv3edyfmkjrvCN/t
    MD5:A5B37E6682105F8A2839BF4836085F3C
    SHA1:A8044830CF13D3DD04D3F0FB459D0818406F0071
    SHA-256:311BCB15376ECA9803A28AF6758E7FB11DD74843BEBFE6550D6E6860EA64C675
    SHA-512:E74854D350FBE7DAD38885DC840F082320680DCDA2AC9EEE05C4C656F25D36111A74E6F5EEBBE62603B486723D856B08654938ECEFADB33BFA612599A54A0A25
    Malicious:false
    Reputation:low
    URL:https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip
    Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

    Chrome Cache Entry: 90

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:GIF image data, version 89a, 128 x 128
    Category:downloaded
    Size (bytes):612115
    Entropy (8bit):7.85720210824962
    Encrypted:false
    SSDEEP:12288:UuPWpHSq8TmqXO1NrtQxEG40E43eoIBH6j6QQa/NfScvl+5UXmg5dT/:PPWZj8Tm2O1NG4z43e5hQRPvl6+mOt
    MD5:98F3CEF77493B7C487972E61D5C1AC1C
    SHA1:81496C73BA70EE8C573AA3A878701512C53F1738
    SHA-256:2FA514F6DD203840C98FFEFFBFE75F91BB0E432D321F9D1E43B96FEE841FEEA4
    SHA-512:A6276C6D924FB5976D0F91CC1C73ED87A6ECB147081A625E9B785A3C1F87903C5EAC50651222FA598401D2CF7E54B864AE3C3EEC9272508248BE9B0633E3A8EE
    Malicious:false
    Reputation:low
    URL:https://image.sanxiang-sh.com/telegram-19/d6.gif
    Preview:GIF89a........6....dde.z..h"...g......../.8p.6...Z.....$.......'.....d..U...my...k.\........I...O......o.......@.........Qo.E.....bR........{..{c.......lT......j....og....&...//0X..1{..T...................x@......$.............YB..P.G.)....U..<.....l...F....J...k.B..s..Z!.1.......E.2..?....+..1..f.Y......5.!..R..d..NM.}..}:.........!.....R.....$5BDGH........&..........L/..9.8).A.."/....S,......t...!.....!.g.3.U.........o(....J..R..m!h1?...y%.N...J.....g<....{............x.{..(..Yet....Csss.c.D...Z..Z..U.>...Y..6R..oM.Z..K.<;44..........S.........9......h..!..!.............!.:A...){...!...6c............!!s... )s...).................).{.9..J....!..!..*..))...{...!..*..)........!.k....){..{)...a....)..!{....;....,........)........5....!......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="

    Static File Info

    No static file info

    Network Behavior

    Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:1
    Start time:19:18:41
    Start date:11/01/2025
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Imagebase:0x7ff684c40000
    File size:3'242'272 bytes
    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:3
    Start time:19:18:44
    Start date:11/01/2025
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 --field-trial-handle=2368,i,956301653422315564,14894610209950881906,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Imagebase:0x7ff684c40000
    File size:3'242'272 bytes
    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:4
    Start time:19:18:49
    Start date:11/01/2025
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://whatsapp-cy.com/"
    Imagebase:0x7ff684c40000
    File size:3'242'272 bytes
    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:9
    Start time:19:20:04
    Start date:11/01/2025
    Path:C:\Windows\SysWOW64\unarchiver.exe
    Wow64 process (32bit):true
    Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
    Imagebase:0x5f0000
    File size:12'800 bytes
    MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:10
    Start time:19:20:04
    Start date:11/01/2025
    Path:C:\Windows\SysWOW64\7za.exe
    Wow64 process (32bit):true
    Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig" "C:\Users\user\Downloads\shater.zip"
    Imagebase:0xe10000
    File size:289'792 bytes
    MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:11
    Start time:19:20:04
    Start date:11/01/2025
    Path:C:\Windows\System32\conhost.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Imagebase:0x7ff66e660000
    File size:862'208 bytes
    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:12
    Start time:19:20:05
    Start date:11/01/2025
    Path:C:\Windows\SysWOW64\cmd.exe
    Wow64 process (32bit):true
    Commandline:"cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe"
    Imagebase:0x1c0000
    File size:236'544 bytes
    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:13
    Start time:19:20:05
    Start date:11/01/2025
    Path:C:\Windows\System32\conhost.exe
    Wow64 process (32bit):false
    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Imagebase:0x7ff66e660000
    File size:862'208 bytes
    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:false

    General

    Target ID:14
    Start time:19:20:06
    Start date:11/01/2025
    Path:C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe
    Wow64 process (32bit):
    Commandline:C:\Users\user\AppData\Local\Temp\gkqdnc03.3ig\shater.exe
    Imagebase:
    File size:62'891'960 bytes
    MD5 hash:D08BDF8F0948938687A6E0C1044E1962
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Antivirus matches:
    • Detection: 8%, ReversingLabs
    Reputation:low
    Has exited:false

    Disassembly

    Reset < >

      Executed Functions

      Function 00CDB1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
      Download Yara Rule
      APIs
      • GetSystemInfo.KERNELBASE(?), ref: 00CDB208
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: InfoSystem
      • String ID:
      • API String ID: 31276548-0
      • Opcode ID: a7de3edf2d985403ebef35e35819dbc2fac0bef98718f4946e3c7946a352cb17
      • Instruction ID: dc10169cf2ba06c2e54a32f36abe266da96986d6f0df53f1bbae61551301e7cb
      • Opcode Fuzzy Hash: a7de3edf2d985403ebef35e35819dbc2fac0bef98718f4946e3c7946a352cb17
      • Instruction Fuzzy Hash: B1017875800244DFDB10CF15D88576AFBE4EF05321F0888AADE488F356D379A9188BA2
      Function 00CDB246 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
      Download Yara Rule
      APIs
      • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CDB2F3
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: DuplicateHandle
      • String ID:
      • API String ID: 3793708945-0
      • Opcode ID: 49ae77a4cca15689e0f1ea770192fa015693fd10eed70dfb4a6b6a80357e8897
      • Instruction ID: e98f66a67a20d5f605f0362589dae8c25a0630f7fbe23ed7e54075d48b77352f
      • Opcode Fuzzy Hash: 49ae77a4cca15689e0f1ea770192fa015693fd10eed70dfb4a6b6a80357e8897
      • Instruction Fuzzy Hash: B231C371404344AFE7228B21CC45FA6BFBCEF06314F04489EE985CB162D338A9098B71
      Function 00CDAD04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
      Download Yara Rule
      APIs
      • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CDADA7
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: DuplicateHandle
      • String ID:
      • API String ID: 3793708945-0
      • Opcode ID: 0d8b22fdbed12f9f7e5d34d6cf097c888d9051b4c14fc841d2c057eb1402f913
      • Instruction ID: e1e9d94458f8483a8a15643ef7449e821fc4c75c0d982a35b4b1e68175f892e7
      • Opcode Fuzzy Hash: 0d8b22fdbed12f9f7e5d34d6cf097c888d9051b4c14fc841d2c057eb1402f913
      • Instruction Fuzzy Hash: AA31C171404384AFEB228B65CC45FA7BFECEF06324F04489EE985CB252D334A919CB61
      Function 00CDAB76 Relevance: 1.6, APIs: 1, Instructions: 93pipeCOMMON
      Download Yara Rule
      APIs
      • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00CDAC36
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CreatePipe
      • String ID:
      • API String ID: 2719314638-0
      • Opcode ID: 96078667d57b0e389ef3c45c343a5888f9c6bac2bf3b9a2e56a3cdd52a72cb6a
      • Instruction ID: 36786715d504c400dfe5c86186b4f0d454510fa6691d22f9d8a045e2faf3878d
      • Opcode Fuzzy Hash: 96078667d57b0e389ef3c45c343a5888f9c6bac2bf3b9a2e56a3cdd52a72cb6a
      • Instruction Fuzzy Hash: 30317E7150E3C06FD3038B718C65A65BFB4AF47610F1A84CBD8C4DF2A3D2696919C762
      Function 00CDA5DC Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00CDA67D
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: d5b801e34c621a7788768393010bc3a4a2f3c8fc330f063938f49bb0a0569374
      • Instruction ID: e4937d231d1239e93ecd8eb5f6ae032b8ce15b509b6b0755106b5cbdde7fa801
      • Opcode Fuzzy Hash: d5b801e34c621a7788768393010bc3a4a2f3c8fc330f063938f49bb0a0569374
      • Instruction Fuzzy Hash: 68318FB1504340AFE721CF25DC45F66BFE8EF05220F08889EEA858B252D375E909CB71
      Function 00CDA120 Relevance: 1.6, APIs: 1, Instructions: 83fileCOMMON
      Download Yara Rule
      APIs
      • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00CDA1C2
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FileFindNext
      • String ID:
      • API String ID: 2029273394-0
      • Opcode ID: 996f9aa76c2c8e11244d005161ea03d6fe74da4775aa01b119e3dbf6bda0d799
      • Instruction ID: 0834fce5f907a2a41c1334c2cc095f0d410f76ac2e8ec7292b7b82172bddab23
      • Opcode Fuzzy Hash: 996f9aa76c2c8e11244d005161ea03d6fe74da4775aa01b119e3dbf6bda0d799
      • Instruction Fuzzy Hash: D421D37140D3C06FD3128B358C51B66BFB4EF47610F0945CBDC848F293D229A909CBA2
      Function 00CDB276 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
      Download Yara Rule
      APIs
      • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CDB2F3
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: DuplicateHandle
      • String ID:
      • API String ID: 3793708945-0
      • Opcode ID: 2ab56210f8ffe85f8e30827de27ddf4a182e8611efc4e42d87960f9628a91545
      • Instruction ID: 6edf7febef48d78855608f44b109026e40d8e0c6f646a6db6f4133a6e20674d9
      • Opcode Fuzzy Hash: 2ab56210f8ffe85f8e30827de27ddf4a182e8611efc4e42d87960f9628a91545
      • Instruction Fuzzy Hash: E621B271500304AFEB21DF65DC45FAAFBECEF04314F04886AEA458B251D775E9189BA1
      Function 00CDA370 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
      Download Yara Rule
      APIs
      • RegQueryValueExW.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA40C
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: QueryValue
      • String ID:
      • API String ID: 3660427363-0
      • Opcode ID: 8f0bb85a9df6f7ee8bcdc9500e18a9078b9ef202e6de89380d0c4a688314515a
      • Instruction ID: 3f825dec64e2a2345f553aaa539cc369d071c2328746226faefef4392b5f6a23
      • Opcode Fuzzy Hash: 8f0bb85a9df6f7ee8bcdc9500e18a9078b9ef202e6de89380d0c4a688314515a
      • Instruction Fuzzy Hash: 28216075504744AFD721CF25CC85FA6BBF8EF05710F08859AEA45CB252D364E909CB62
      Function 00CDAD2A Relevance: 1.6, APIs: 1, Instructions: 80COMMON
      Download Yara Rule
      APIs
      • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CDADA7
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: DuplicateHandle
      • String ID:
      • API String ID: 3793708945-0
      • Opcode ID: 0105c76164626615ee86896bb543a7e7c7b0c00e371e8e6b24bc2f44e32cdcc3
      • Instruction ID: 86ba944c181b1de83428bdf1c5906718969d6c976c44dd1ceff05397e3069eed
      • Opcode Fuzzy Hash: 0105c76164626615ee86896bb543a7e7c7b0c00e371e8e6b24bc2f44e32cdcc3
      • Instruction Fuzzy Hash: D321F171500304AFEB21CF65CC45FABFBECEF08324F04882AEA458B651D738E5188BA1
      Function 00CDA850 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
      Download Yara Rule
      APIs
      • SetFilePointer.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA8DE
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FilePointer
      • String ID:
      • API String ID: 973152223-0
      • Opcode ID: 76e1dac80c97e9def65041d946c77792d868e33267a401f90e90b95ed1e23d01
      • Instruction ID: 2a662df2aacea5ed0b90c9817849e67ba9d7a9234d5707eb0a59f9b88e098b7a
      • Opcode Fuzzy Hash: 76e1dac80c97e9def65041d946c77792d868e33267a401f90e90b95ed1e23d01
      • Instruction Fuzzy Hash: 7221C7714043806FE7128B24DC55FA6BFB8EF46714F0988DBE9848F152C274A909C775
      Function 00CDA933 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
      Download Yara Rule
      APIs
      • ReadFile.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA9C1
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FileRead
      • String ID:
      • API String ID: 2738559852-0
      • Opcode ID: 868b85e063a18cecc0f1a54d0f5341defd413227058d261dc15676b1c1c3eb8b
      • Instruction ID: 3754928ec0adcd546e247e6ff10f3f18fd795c4af92f84d6209e8024fa7a6047
      • Opcode Fuzzy Hash: 868b85e063a18cecc0f1a54d0f5341defd413227058d261dc15676b1c1c3eb8b
      • Instruction Fuzzy Hash: C121B571409380AFDB22CF65CC55F96BFB8EF06314F08889AE9849F252C375A509CB76
      Function 00CDA5FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
      Download Yara Rule
      APIs
      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00CDA67D
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CreateFile
      • String ID:
      • API String ID: 823142352-0
      • Opcode ID: 2ec9b7618f099fa7ea667cecf9323f99728f787a6bf3ec39af3a4fab41e5349c
      • Instruction ID: 4a84bac46c48611d3a5c776da8d42ee61396229c70aaea9aac44b34bd3188bcc
      • Opcode Fuzzy Hash: 2ec9b7618f099fa7ea667cecf9323f99728f787a6bf3ec39af3a4fab41e5349c
      • Instruction Fuzzy Hash: 2A219F75500200EFE720DF26DD45F66FBE8EF04310F08886AEA458B351D375E505CB62
      Function 00CDA78F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
      Download Yara Rule
      APIs
      • GetFileType.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA815
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FileType
      • String ID:
      • API String ID: 3081899298-0
      • Opcode ID: 89a56412b1522ecf2ee0356cec9d34a63a99523ee97c986752aa71bcd6da52ad
      • Instruction ID: 3261fe4ab72f4191ef0c90a99d8e3bd763e2228cf01bf1c050d1aab752129526
      • Opcode Fuzzy Hash: 89a56412b1522ecf2ee0356cec9d34a63a99523ee97c986752aa71bcd6da52ad
      • Instruction Fuzzy Hash: 0A21D8B54083806FE7128B25DC41BA6BFA8DF47314F0884DBED848B293D268A909D776
      Function 00CDAA0B Relevance: 1.6, APIs: 1, Instructions: 70COMMON
      Download Yara Rule
      APIs
      • CreateDirectoryW.KERNELBASE(?,?), ref: 00CDAA8B
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CreateDirectory
      • String ID:
      • API String ID: 4241100979-0
      • Opcode ID: 91975685ae68e65e3a0c941b94752582563e08c1700ba6c0cee4947596a53058
      • Instruction ID: a89d743efd894512ef74126c0ac8be166d3d345ed649240b26ffcedf9fbe9aca
      • Opcode Fuzzy Hash: 91975685ae68e65e3a0c941b94752582563e08c1700ba6c0cee4947596a53058
      • Instruction Fuzzy Hash: DE2180755093C05FDB12CB29DC55B92BFE8AF06314F0D85EAE988CF253D225D909CB61
      Function 00CDA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
      Download Yara Rule
      APIs
      • RegQueryValueExW.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA40C
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: QueryValue
      • String ID:
      • API String ID: 3660427363-0
      • Opcode ID: 9fa8f644c882530abc98fa9cdebbe29f3f29bc7d609a828499b1a157b546dfc6
      • Instruction ID: 9c77d870fdf87d34bec9cdb54fe235fe80d3cc456d2f01d0107598ce9611adf4
      • Opcode Fuzzy Hash: 9fa8f644c882530abc98fa9cdebbe29f3f29bc7d609a828499b1a157b546dfc6
      • Instruction Fuzzy Hash: C7215E756007049FEB20CF25CC85FA6B7ECEF04720F04895AEA458B351D7B4EA09CA76
      Function 00CDA962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
      Download Yara Rule
      APIs
      • ReadFile.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA9C1
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FileRead
      • String ID:
      • API String ID: 2738559852-0
      • Opcode ID: 6fbb5c2cac05c3a7fd0f70f66a00c24debeed05f16f8fdc35abd6b42c806d28b
      • Instruction ID: a60a34ca44befd4ae9517310f7894af6cf9841c67efb444daf03cba9fcddf669
      • Opcode Fuzzy Hash: 6fbb5c2cac05c3a7fd0f70f66a00c24debeed05f16f8fdc35abd6b42c806d28b
      • Instruction Fuzzy Hash: 7F110475400300AFEB21CF65CC41FAAFBE8EF04324F04885AEE458B251C378A508CBB6
      Function 00CDA882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
      Download Yara Rule
      APIs
      • SetFilePointer.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA8DE
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FilePointer
      • String ID:
      • API String ID: 973152223-0
      • Opcode ID: 3b70308621ec0e794aa1bfca3b21f38ce0b8b66273a8bc774fc944e3de0aa734
      • Instruction ID: d077fc316b5b160c87aea64b54dc0f081d7c3ad1b702d188e86fb9af1be2790d
      • Opcode Fuzzy Hash: 3b70308621ec0e794aa1bfca3b21f38ce0b8b66273a8bc774fc944e3de0aa734
      • Instruction Fuzzy Hash: CB112375400300AFEB20CF65CC41FA6FBE8EF44320F04885BEE449B241C378A5088BB2
      Function 00CDA2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON
      Download Yara Rule
      APIs
      • SetErrorMode.KERNELBASE(?), ref: 00CDA30C
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: ErrorMode
      • String ID:
      • API String ID: 2340568224-0
      • Opcode ID: a229a95421fedca8a1052b778e8169113aee4ab8131f89238377c2662746ee79
      • Instruction ID: 6c374d7e6b2d5d1424b32ab9515478501a9ee458a12c8ca81bf33e9b12c702fd
      • Opcode Fuzzy Hash: a229a95421fedca8a1052b778e8169113aee4ab8131f89238377c2662746ee79
      • Instruction Fuzzy Hash: 8E11A0758093C09FDB228B25DC54A52BFB4EF17320F0984DBDD848F263D269A918CB72
      Function 00CDAA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
      Download Yara Rule
      APIs
      • CreateDirectoryW.KERNELBASE(?,?), ref: 00CDAA8B
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CreateDirectory
      • String ID:
      • API String ID: 4241100979-0
      • Opcode ID: f29c4d953fee894e64f8197487eda720e6827d83791f479d8a05f2a4c93f52c3
      • Instruction ID: 49160e5f3ea1e50a1a41d69fbdcf2f3715e178a534bf799fa51cd6d780584eed
      • Opcode Fuzzy Hash: f29c4d953fee894e64f8197487eda720e6827d83791f479d8a05f2a4c93f52c3
      • Instruction Fuzzy Hash: 10117C756002409FEB10CF29D985B66BBD8AF04720F0889AADE49CB351E778E904DE62
      Function 00CDA7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
      Download Yara Rule
      APIs
      • GetFileType.KERNELBASE(?,00000E24,74AE6690,00000000,00000000,00000000,00000000), ref: 00CDA815
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FileType
      • String ID:
      • API String ID: 3081899298-0
      • Opcode ID: a5f6e1f3f7de7756c43f09713118da7e484dc68a4084e90f754d9b8c8fea699f
      • Instruction ID: df358e69461238e5348c21958f6df01ead68952b3ea2cc7dd9586ddbe19d0ebb
      • Opcode Fuzzy Hash: a5f6e1f3f7de7756c43f09713118da7e484dc68a4084e90f754d9b8c8fea699f
      • Instruction Fuzzy Hash: 5501D675500304AEE720CB25DC46BA6FBD8DF45724F14C45AEE058B381D378E9098AB6
      Function 00CDAF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CloseFind
      • String ID:
      • API String ID: 1863332320-0
      • Opcode ID: 0d6b679a0d607b6c57b6a613804b0f3c811dae7428aa9a16bb234c5d96107f8e
      • Instruction ID: 3e09ed56de973942d564896fbc13165f0a5380a315be809238115ad88f66927f
      • Opcode Fuzzy Hash: 0d6b679a0d607b6c57b6a613804b0f3c811dae7428aa9a16bb234c5d96107f8e
      • Instruction Fuzzy Hash: 89119E715093809FDB128B25DC45A52BFF4EF06220F0984DFED898B262D369A918CB61
      Function 00CDB1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
      Download Yara Rule
      APIs
      • GetSystemInfo.KERNELBASE(?), ref: 00CDB208
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: InfoSystem
      • String ID:
      • API String ID: 31276548-0
      • Opcode ID: 72d99cc15742bf64c7763bc0f1787ba56438544c37fa5f43dde4b326ac3e6637
      • Instruction ID: e00cf642b507eaa2b3f53bead67c0f6f6ca63c8d5a7f5316b34981132ce3a828
      • Opcode Fuzzy Hash: 72d99cc15742bf64c7763bc0f1787ba56438544c37fa5f43dde4b326ac3e6637
      • Instruction Fuzzy Hash: EA1170714093809FDB12CF15DC85B56FFA4DF56220F0984EBED849F252D279A908CB62
      Function 00CDABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON
      Download Yara Rule
      APIs
      • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00CDAC36
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CreatePipe
      • String ID:
      • API String ID: 2719314638-0
      • Opcode ID: 5068aa2a50238dee3783ff580326d168dd3a308240de7bfe404d599996124307
      • Instruction ID: 1a430163aac1a15a258d5e09608c3c1f492aba2091075fd72bc476371f49bcea
      • Opcode Fuzzy Hash: 5068aa2a50238dee3783ff580326d168dd3a308240de7bfe404d599996124307
      • Instruction Fuzzy Hash: 3701B171900200AFD310DF26CC46B26FBE8FB88A20F14851AEC489B741D735F915CBE1
      Function 00CDA172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
      Download Yara Rule
      APIs
      • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00CDA1C2
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: FileFindNext
      • String ID:
      • API String ID: 2029273394-0
      • Opcode ID: 4de1ada14c1d409f130321221d6ef80b748234e83c9ff3bfa2eec18aef2228d7
      • Instruction ID: 0357c523aaf50536454e4767411134ad3b74abc460481992294dcef921058734
      • Opcode Fuzzy Hash: 4de1ada14c1d409f130321221d6ef80b748234e83c9ff3bfa2eec18aef2228d7
      • Instruction Fuzzy Hash: F601B171900200AFD310DF26CC46B26FBE8FB88A20F14855AEC089B741D735F911CBE1
      Function 00CDAFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
      Download Yara Rule
      APIs
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CloseFind
      • String ID:
      • API String ID: 1863332320-0
      • Opcode ID: b86746b1307fbf0cf6607ff91a3d54833e7357373559d0f4a503df745b13c56d
      • Instruction ID: f0acc27c5dfddd866cc64beee454ccf319a156ff712e2d6a82e3f0ef5b5dd92f
      • Opcode Fuzzy Hash: b86746b1307fbf0cf6607ff91a3d54833e7357373559d0f4a503df745b13c56d
      • Instruction Fuzzy Hash: CF01ADB45002448FDB10CF1AD885762FBD4EF04320F08C4ABDE5A8B352D379E958DAA2
      Function 00CDA2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
      Download Yara Rule
      APIs
      • SetErrorMode.KERNELBASE(?), ref: 00CDA30C
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: ErrorMode
      • String ID:
      • API String ID: 2340568224-0
      • Opcode ID: f1a78a238acebc2d6176a9f8279a6a9bbfca79e074051152041cd01da53783fd
      • Instruction ID: b7025d9c01a9c69b152196a90fda801afb551e975c34acfa36ef7695749efd48
      • Opcode Fuzzy Hash: f1a78a238acebc2d6176a9f8279a6a9bbfca79e074051152041cd01da53783fd
      • Instruction Fuzzy Hash: 8FF08C74904244CFDB20DF16D885762FBE0EF04720F08C49ADE494B366D3B9E928CAA2
      Function 01210C99 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID: [MR
      • API String ID: 0-2332344759
      • Opcode ID: a06cb4d018714b629b14bd4c1d20482bd0d9442a27461d32b8b56778ffc721b4
      • Instruction ID: 68f99e04af90185bcbe10a68dc9f0a77ebd755a7c7de4ece0c01d6ccbb2a069c
      • Opcode Fuzzy Hash: a06cb4d018714b629b14bd4c1d20482bd0d9442a27461d32b8b56778ffc721b4
      • Instruction Fuzzy Hash: 6B2135707102444FCB15EB3984857AE7AD79FD5208B8A883DD485CB382CF36ED0697A6
      Function 01210CA8 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
      Download Yara Rule
      Strings
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID: [MR
      • API String ID: 0-2332344759
      • Opcode ID: 967042db4cdc2b16fa561ae75ec603da3fadb1579790dfe7f14c3513d1945a70
      • Instruction ID: c10e81d9867793405328a5291979c0ac2001ef04b30657619ae4254333d1712f
      • Opcode Fuzzy Hash: 967042db4cdc2b16fa561ae75ec603da3fadb1579790dfe7f14c3513d1945a70
      • Instruction Fuzzy Hash: E62137707002448FCB15EB39844466EBBDA9FC5204B86882DD485CB386DF7AED0297A5
      Function 00CDA6D4 Relevance: 1.3, APIs: 1, Instructions: 68COMMON
      Download Yara Rule
      APIs
      • CloseHandle.KERNELBASE(?), ref: 00CDA748
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CloseHandle
      • String ID:
      • API String ID: 2962429428-0
      • Opcode ID: 6783bb883f8ff380d71b2b78093070ba1000489553863d811700ab21e70a3522
      • Instruction ID: 482588b5a7395949b94135c83b4998c93193dee3fec4f95e465b0895902c5b43
      • Opcode Fuzzy Hash: 6783bb883f8ff380d71b2b78093070ba1000489553863d811700ab21e70a3522
      • Instruction Fuzzy Hash: 6121C2B59097C09FDB128B25DC95792BFB4AF02320F0984DBDC858F2A3D224A908C772
      Function 00CDA716 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
      Download Yara Rule
      APIs
      • CloseHandle.KERNELBASE(?), ref: 00CDA748
      Memory Dump Source
      • Source File: 00000009.00000002.2971839220.0000000000CDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CDA000, based on PE: false
      Similarity
      • API ID: CloseHandle
      • String ID:
      • API String ID: 2962429428-0
      • Opcode ID: a39eabd57b7346757db0b76def3b088aff87cc0cb32393215899eed65f9c01d6
      • Instruction ID: df6029fe37dd94c34a7699a025f9f90f68021922d20b6414dbbad5b54448983d
      • Opcode Fuzzy Hash: a39eabd57b7346757db0b76def3b088aff87cc0cb32393215899eed65f9c01d6
      • Instruction Fuzzy Hash: C901DF749002408FDB10CF29D885766FBE4EF00320F08C4ABDD498F352D279A918CAA2
      Function 012102C0 Relevance: .3, Instructions: 285COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e81e6d4b47f2191c39d5b620b9347acdfc94b4db931108883a5cc4a77d4f7e6f
      • Instruction ID: 14c0168df27bbecc9d209933821e6e7fb644995a7856aac9c7f069f0e3862798
      • Opcode Fuzzy Hash: e81e6d4b47f2191c39d5b620b9347acdfc94b4db931108883a5cc4a77d4f7e6f
      • Instruction Fuzzy Hash: F4B16F34701254EFC718EB64E99CB5E7BF2EF88200B52982AE646DB359DF309C45CB91
      Function 01210799 Relevance: .3, Instructions: 284COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: c29a786af422f1251bdf22b7148681c68d3a9d0cb7fbc128b9e237a31aeb61f2
      • Instruction ID: 8fe76e110b45c0e0575e9252ce459e26b624d2e625a908e56bbd456e4b1693cb
      • Opcode Fuzzy Hash: c29a786af422f1251bdf22b7148681c68d3a9d0cb7fbc128b9e237a31aeb61f2
      • Instruction Fuzzy Hash: 29A18134B002448FDB14AB78D45973E77F3AB84308F15842AEA06DB39ADF799D52CB51
      Function 01210B8F Relevance: .1, Instructions: 65COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 4d5d6ecf5abe675a76389b84fcb342fb163354af8efa4ed466c01e4064cfcfbe
      • Instruction ID: b20690192afb135443f3d1a334147f131f2c17379758ab091fa4fc60e03b932b
      • Opcode Fuzzy Hash: 4d5d6ecf5abe675a76389b84fcb342fb163354af8efa4ed466c01e4064cfcfbe
      • Instruction Fuzzy Hash: 2711D335A102186FCB049B74D848D9E7BF2BF88204B16457AE506E7266DE719C1A8B81
      Function 01210BA0 Relevance: .1, Instructions: 60COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: bb929addde5d17adcd77be60d3f27b728d8152f1407c37899655cb99ca66aa5d
      • Instruction ID: b647f093e764e9bcb69d1252ef832a25df01c4fd465d8e3b2229f769e609dc90
      • Opcode Fuzzy Hash: bb929addde5d17adcd77be60d3f27b728d8152f1407c37899655cb99ca66aa5d
      • Instruction Fuzzy Hash: 91119131A10218AFCB04ABB8D848D9E7BF6FF88214B164479E606E7225DF319C158BC1
      Function 01230809 Relevance: .0, Instructions: 50COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973233592.0000000001230000.00000040.00000020.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: a27e73a2d0bc19f3e51c3162ab2ffce28f13012104c014d019ac77bb3c89d5d3
      • Instruction ID: 2d8b0a0f7adede15b89ab524f5da4c32178bd54e09c54242b054122f22078da0
      • Opcode Fuzzy Hash: a27e73a2d0bc19f3e51c3162ab2ffce28f13012104c014d019ac77bb3c89d5d3
      • Instruction Fuzzy Hash: CB0184B240D3546FD701DF15AC41C56BFFCEF96524F08C5AEEC888B606D269A918CBA2
      Function 012305E1 Relevance: .0, Instructions: 45COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973233592.0000000001230000.00000040.00000020.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 894bbc46aabb93acd19e6707d3a006488ed2d4d55f667358c001385cefe6e865
      • Instruction ID: 78b833684602a74491fc07d7f38575f57decbc4e87033826dac26205cc0ef46e
      • Opcode Fuzzy Hash: 894bbc46aabb93acd19e6707d3a006488ed2d4d55f667358c001385cefe6e865
      • Instruction Fuzzy Hash: 070186B65093805FD711CF169C41863FFF8EE86620709C4AFEC898B612D239B908CB75
      Function 0123082E Relevance: .0, Instructions: 34COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973233592.0000000001230000.00000040.00000020.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 62c677e8b26c1a8046b198ecd2ab2dd5d31dfcae8a30f92af30b2a2a8875a578
      • Instruction ID: eefbf14a9d1d1a5e3e2d9123e4daeff4a551396714ed2c10603d421af964af33
      • Opcode Fuzzy Hash: 62c677e8b26c1a8046b198ecd2ab2dd5d31dfcae8a30f92af30b2a2a8875a578
      • Instruction Fuzzy Hash: EBF082B2945204AB9200DF15ED46866F7ECEF84525F04C52EEC488B300E27AB9158AE6
      Function 01210C50 Relevance: .0, Instructions: 27COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: e0a7201fe5654c353ae0d91a15cdc138b6e87b3f1c921b3a5ddb3b1abe818395
      • Instruction ID: 550c5907931b1ed75518a1f60a0d55a44ff6d5b294f0bef601d5be644e406916
      • Opcode Fuzzy Hash: e0a7201fe5654c353ae0d91a15cdc138b6e87b3f1c921b3a5ddb3b1abe818395
      • Instruction Fuzzy Hash: DFE0D831F192941FCB44DFB8445455E7FA6DB85150F9645BDD005D7252EE3588428381
      Function 01230606 Relevance: .0, Instructions: 27COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973233592.0000000001230000.00000040.00000020.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: efae401a8b4c99f4ebed74a0c652a411cf1529f1f4612d6b45366476e1031a57
      • Instruction ID: cc21608931ddfd3ff4ced30e97d24d8fa370efa2d00d7c9428baf0622418d27f
      • Opcode Fuzzy Hash: efae401a8b4c99f4ebed74a0c652a411cf1529f1f4612d6b45366476e1031a57
      • Instruction Fuzzy Hash: 13E092BAA006008B9750CF0AEC42462F7D8EB84630708C47FDC0D8B701E239B504CFA5
      Function 01210C60 Relevance: .0, Instructions: 22COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 5cb0d9e7d38a7c7d1f54d74c4e1b5b3e9a6fc20dc5810c326e6139873b41b252
      • Instruction ID: d9d17be7c81d3ac3a246d197b6cbf74cde1a2e6d6912686e44ef1ce207c64679
      • Opcode Fuzzy Hash: 5cb0d9e7d38a7c7d1f54d74c4e1b5b3e9a6fc20dc5810c326e6139873b41b252
      • Instruction Fuzzy Hash: DDD01231F042281B8B48DEF9584455F7BEA9BC4154B56447DD009D7341EE35994287D0
      Function 01210DD1 Relevance: .0, Instructions: 18COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: d3fc3cf79e240f82eea39bb1654c7d08f0cba5e8caf786cacaf45ef06947af68
      • Instruction ID: ff1728a361ebe95284564f7e1d553075a1dd8ff864cf6fbb2ca072f4c99c5054
      • Opcode Fuzzy Hash: d3fc3cf79e240f82eea39bb1654c7d08f0cba5e8caf786cacaf45ef06947af68
      • Instruction Fuzzy Hash: A2E0CD2011D2804FC706D73488269543F615F91104F4A81AAD444C75ABC5648885C740
      Function 00CD23F4 Relevance: .0, Instructions: 15COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2971803731.0000000000CD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD2000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 503a8d12317296a41d0b3fe3f2a524fd23817fb42e6da1ede24a6a4f11beb667
      • Instruction ID: e0775966255a81aec17c02103d3760d5862f5a6d59fab72bbf44364a3930663c
      • Opcode Fuzzy Hash: 503a8d12317296a41d0b3fe3f2a524fd23817fb42e6da1ede24a6a4f11beb667
      • Instruction Fuzzy Hash: 82D05E792056814FD3279A1CC5A5B9937D4AB61718F4A44FBAC00CB763C768DA81E600
      Function 00CD23BC Relevance: .0, Instructions: 14COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2971803731.0000000000CD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD2000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 963a10c8a997097ce05a805897f301789e1b8087fbca5f36bd38de0ad3e54afe
      • Instruction ID: 1fd1b54293d9c6b11eb2df82bb97ede7afc6d0e22ea32ee983172c2eefb59f72
      • Opcode Fuzzy Hash: 963a10c8a997097ce05a805897f301789e1b8087fbca5f36bd38de0ad3e54afe
      • Instruction Fuzzy Hash: 99D05E382002818BC725DA1CC2D4F5933D8AB90714F0644E9AC208B372C7A9D9C0DA00
      Function 01210DE0 Relevance: .0, Instructions: 12COMMON
      Download Yara Rule
      Memory Dump Source
      • Source File: 00000009.00000002.2973201171.0000000001210000.00000040.00000800.00020000.00000000.sdmp, Offset: 01210000, based on PE: false
      Similarity
      • API ID:
      • String ID:
      • API String ID:
      • Opcode ID: 84c6ebd061b2b0ced2e4c61a4ba5c299fc74a38821a90377871ce6ae3f16ea58
      • Instruction ID: e9ddcd19479c633549c758d151bf3c525a4bd39ce5249768c4d08c465bf37f28
      • Opcode Fuzzy Hash: 84c6ebd061b2b0ced2e4c61a4ba5c299fc74a38821a90377871ce6ae3f16ea58
      • Instruction Fuzzy Hash: 61C012303102088BD704EB69D41CE2977DA6BE0604F4AC565A5484B359DA74EC80C6C8