Edit tour

Windows Analysis Report
http://www.telegramhj.org/

Overview

General Information

Sample URL:	http://www.telegramhj.org/
Analysis ID:	1589338
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected ZipBomb

AI detected suspicious URL

Downloads suspicious files via Chrome

PE file contains section with special chars

Allocates memory with a write watch (potentially for evading sandboxes)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Entry point lies outside standard sections

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2028,i,1946802896583514028,4544835722773190472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

unarchiver.exe (PID: 6252 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)

7za.exe (PID: 6348 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\35riya3t.qhb" "C:\Users\user\Downloads\shater.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)

conhost.exe (PID: 4564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6048 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

shater.exe (PID: 2556 cmdline: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe MD5: D08BDF8F0948938687A6E0C1044E1962)

chrome.exe (PID: 6596 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramhj.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Users\user\Downloads\d7006076-06c1-44d1-a0b0-a18543e72be6.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\000e0422-99cf-4fe2-b591-f9f71f7032bd.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\a5a63ed2-b295-4b74-8914-8c29f79e61f2.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\78d2c4cb-3fcb-40e6-9dda-30a457439ec2.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://www.telegramhj.org/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.telegramhj.org
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://www.telegramhj.org

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: 7za.exe, 00000008.00000003.2802943230.0000000001080000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: chromecache_135.2.dr	String found in binary or memory: https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip
Source: chromecache_135.2.dr	String found in binary or memory: https://apps.apple.com/us/app/telegram-messenger/id686449807
Source: chromecache_135.2.dr	String found in binary or memory: https://beian.miit.gov.cn
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-12/to-top.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-18/logo2.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-18/td_laptop.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-favicon.ico
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/telegram-logo.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_12013.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_1222-1024x820.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_14-1-1.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_1490-1024x576-1-1.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_1595438958-89db9fcf7330be90f5da7bc1f1913a61-1-1-1024x558.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_1644499014-0c97040fe2da46a986b9c2ccb471c7b1-3-1-1024x558.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_1688906340-1646515406117222.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_1710660148-telegram-unlock-content-1024x683.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_202403311711862473364237.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_7f834dfeb42747f2b3cf014a95542fb3-1024x576.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_Pasted-245-1.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20231209113044-10
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20240328094803.pn
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_Telegram%e7%94%b5%e6%8a%a5%e5%ae%a3%e4%bc%a0%e5%9b%be-3.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_Telegram-co-bi-theo-doi-khong-1.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_app_review_telegram_wp_upload-1024x536.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_apps-6d00148dbc3b813d_%e5%89%af%e6%9c%ac.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_hq720-25.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_image-108-4-1024x611.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_image-169.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_image-20-3-1024x516-1.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_image-88-1-1024x546-1.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_image-88-1.png
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_maxresdefault-100-1024x576.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_maxresdefault-20-2-1024x576.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064515.883.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064757.034.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064800.305-1024x576.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_maxresdefault-5-1024x576.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_maxresdefault-92-1024x576.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_messenger-telegram-1024x614.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_shutterstock_1425817535-e1560832518594-1-1024x683.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_telegram-not-working.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_thumb-3.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_uVryd7f11689849626-1024x544-1.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_voi-cara-mengaktifkan-riwayat-obrolan-grup-tele.cropped_16375897
Source: chromecache_135.2.dr	String found in binary or memory: https://image.sanxiang-sh.com/thumb_wzbftyiavjw.jpg
Source: chromecache_135.2.dr	String found in binary or memory: https://www.sanxiang-sh.com/upload/Telegram.apk

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\shater.zip (copy)

Jump to dropped file

PE file contains section with special chars

Source: shater.exe.8.dr	Static PE information: section name: .g=V
Source: shater.exe.8.dr	Static PE information: section name: .g\O

Source: classification engine

Classification label: mal68.evad.win@35/158@0/17

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4564:120:WilError_03

Source: C:\Windows\SysWOW64\unarchiver.exe

File created: C:\Users\user\AppData\Local\Temp\unarchiver.log

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2028,i,1946802896583514028,4544835722773190472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramhj.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\35riya3t.qhb" "C:\Users\user\Downloads\shater.zip"
Source: C:\Windows\SysWOW64\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2028,i,1946802896583514028,4544835722773190472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\35riya3t.qhb" "C:\Users\user\Downloads\shater.zip"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe	Section loaded: 7z.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Section loaded: wldp.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: initial sample

Static PE information: section where entry point is pointing to: .g\O

Source: shater.exe.8.dr	Static PE information: section name: .g=V
Source: shater.exe.8.dr	Static PE information: section name: .TNH
Source: shater.exe.8.dr	Static PE information: section name: .g\O

Source: C:\Windows\SysWOW64\7za.exe

File created: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe

Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected ZipBomb

Source: Yara match	File source: C:\Users\user\Downloads\d7006076-06c1-44d1-a0b0-a18543e72be6.tmp, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\000e0422-99cf-4fe2-b591-f9f71f7032bd.tmp, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\a5a63ed2-b295-4b74-8914-8c29f79e61f2.tmp, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\78d2c4cb-3fcb-40e6-9dda-30a457439ec2.tmp, type: DROPPED

Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 1AA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 36F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 1AA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Last function: Thread delayed

Source: C:\Windows\SysWOW64\unarchiver.exe

Code function: 7_2_017CB1D6 GetSystemInfo,

7_2_017CB1D6

Source: C:\Windows\SysWOW64\unarchiver.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\35riya3t.qhb" "C:\Users\user\Downloads\shater.zip"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	13 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.telegramhj.org/	100%	Avira URL Cloud	phishing

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe	8%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://image.sanxiang-sh.com/thumb_messenger-telegram-1024x614.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20240328094803.pn	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_apps-6d00148dbc3b813d_%e5%89%af%e6%9c%ac.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064515.883.jpg	0%	Avira URL Cloud	safe
https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_image-88-1.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_Pasted-245-1.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_maxresdefault-92-1024x576.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_image-108-4-1024x611.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_Telegram-co-bi-theo-doi-khong-1.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_7f834dfeb42747f2b3cf014a95542fb3-1024x576.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_telegram-not-working.jpg	0%	Avira URL Cloud	safe
https://www.sanxiang-sh.com/upload/Telegram.apk	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_1644499014-0c97040fe2da46a986b9c2ccb471c7b1-3-1-1024x558.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_1490-1024x576-1-1.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_maxresdefault-100-1024x576.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-logo.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_1222-1024x820.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_12013.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_1688906340-1646515406117222.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_image-169.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-18/logo2.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_shutterstock_1425817535-e1560832518594-1-1024x683.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064800.305-1024x576.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20231209113044-10	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_uVryd7f11689849626-1024x544-1.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_app_review_telegram_wp_upload-1024x536.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_14-1-1.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_voi-cara-mengaktifkan-riwayat-obrolan-grup-tele.cropped_16375897	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_hq720-25.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_image-88-1-1024x546-1.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_maxresdefault-20-2-1024x576.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-18/td_laptop.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_wzbftyiavjw.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_image-20-3-1024x516-1.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_202403311711862473364237.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_maxresdefault-5-1024x576.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_1710660148-telegram-unlock-content-1024x683.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064757.034.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_Telegram%e7%94%b5%e6%8a%a5%e5%ae%a3%e4%bc%a0%e5%9b%be-3.jpg	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-favicon.ico	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/telegram-12/to-top.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_1595438958-89db9fcf7330be90f5da7bc1f1913a61-1-1-1024x558.png	0%	Avira URL Cloud	safe
https://image.sanxiang-sh.com/thumb_thumb-3.jpg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.telegramhj.org/	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20240328094803.pn	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_image-88-1.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_image-108-4-1024x611.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_messenger-telegram-1024x614.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_Pasted-245-1.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064515.883.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://beian.miit.gov.cn	chromecache_135.2.dr	false		high
https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_apps-6d00148dbc3b813d_%e5%89%af%e6%9c%ac.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_maxresdefault-92-1024x576.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_Telegram-co-bi-theo-doi-khong-1.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_7f834dfeb42747f2b3cf014a95542fb3-1024x576.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://www.sanxiang-sh.com/upload/Telegram.apk	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_1490-1024x576-1-1.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_telegram-not-working.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_1644499014-0c97040fe2da46a986b9c2ccb471c7b1-3-1-1024x558.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_maxresdefault-100-1024x576.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-logo.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_1222-1024x820.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_12013.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_1688906340-1646515406117222.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_image-169.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-18/logo2.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064800.305-1024x576.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_shutterstock_1425817535-e1560832518594-1-1024x683.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20231209113044-10	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_uVryd7f11689849626-1024x544-1.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_14-1-1.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_app_review_telegram_wp_upload-1024x536.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_voi-cara-mengaktifkan-riwayat-obrolan-grup-tele.cropped_16375897	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_hq720-25.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_image-88-1-1024x546-1.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-18/td_laptop.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_maxresdefault-20-2-1024x576.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_image-20-3-1024x516-1.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_1710660148-telegram-unlock-content-1024x683.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_wzbftyiavjw.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_maxresdefault-5-1024x576.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_202403311711862473364237.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064757.034.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_Telegram%e7%94%b5%e6%8a%a5%e5%ae%a3%e4%bc%a0%e5%9b%be-3.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-favicon.ico	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_1595438958-89db9fcf7330be90f5da7bc1f1913a61-1-1-1024x558.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/thumb_thumb-3.jpg	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown
https://image.sanxiang-sh.com/telegram-12/to-top.png	chromecache_135.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.91.74.208	unknown	United States	21859	ZNETUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
90.84.161.16	unknown	France	5511	OPENTRANSITFR	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
104.21.62.163	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.137.23	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
90.84.161.20	unknown	France	5511	OPENTRANSITFR	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
43.132.105.108	unknown	Japan	4249	LILLY-ASUS	false
104.21.20.160	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589338
Start date and time:	2025-01-12 01:19:49 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.telegramhj.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.evad.win@35/158@0/17
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 44 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: http://www.telegramhj.org/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://www.telegramhj.org Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://www.telegramhj.org
URL: https://www.telegramhj.org/static/js/public.js... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a benign script that handles basic UI functionality, such as a 'back to top' button and responsive header behavior. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily focused on DOM manipulation and event handling, which are common practices in web development. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with typical user interface enhancements and does not raise significant security concerns." }
$('#to-top').click(function() { $('body,html').animate({scrollTop:0},1); return false; }); $(window).scroll(function() { const scrollTop = $(window).scrollTop(); const windowHeight = $(window).height(); if (scrollTop > 200 ) { $('#to-top').fadeIn(1).css('display', 'flex'); } else { $('#to-top').fadeOut(1).css('display', 'none'); } // if (scrollTop > 400 ) { // $('header .button-box').addClass('on') // } else { // $('header .button-box').removeClass('on') // } if ($('.index-container .section3').length > 0) { if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) { $('.index-container .section3').addClass('animated') } } }); // function getOperatingSystem() { var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera; if (/android/i.test(userAgent)) { return "android"; } if (/iPad\|iPhone\|iPod/.test(userAgent) && !window.MSStream) { return "ios"; } return "pc"; } if(getOperatingSystem()=="android"){ $(".down-link").css("display",'none') $(".down-link.android").css("display",'inline-block') } if(getOperatingSystem()=="ios"){ $(".down-link").css("display",'none') $(".down-link.ios").css("display",'inline-block') } // $("header .nav.open").on("touchmove",function(event){ event.preventDefault(); }) $('#mobile-nav').click(function(){ if ($(this).hasClass('open')) { $(this).removeClass('open') $('header .nav').removeClass('open') } else { $(this).addClass('open') $('header .nav').addClass('open') } })
URL: https://www.telegramhj.org/static/js/jquery.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the minified version of the jQuery library, which is a widely-used and trusted JavaScript library. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The behaviors observed are typical of a legitimate JavaScript library, including DOM manipulation, event handling, and utility functions. While the code is obfuscated, this is a common practice for minified libraries to improve performance. Overall, this script poses a low risk and is likely a benign, widely-used JavaScript library." }
/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(o.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:n.sort,splice:n.splice},w.extend=w.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|g(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)\|\|(i=Array.isArray(r)))?(i?(i=!1,o=n&&Array.isArray(n)?n:[]):o=n&&w.isPlainObject(n)?n:{},a[t]=w.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},w.extend({expando:"jQuery"+("3.3.1"+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==c.call(e))&&(!(t=i(e))\|\|"function"==typeof(n=f.call(t,"constructor")&&t.constructor)&&p.call(n)===d)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e){m(e)},each:function(e,t){var n,r=0;if(C(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(T,"")},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(C(Object(e))?w.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:u.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r,i=[],o=0,a=e.length,s=!n;o<a;o++)(r=!t(e[o],o))!==s&&i.push(e[o]);return i},map:function(e,t,n){var r,i,o=0,s=[];if(C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function C(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!g(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle"+1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=function(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;retur
URL: https://www.telegramhj.org/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Telegram", "prominent_button_name": "Telegram", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.telegramhj.org/ Model: Joe Sandbox AI	{ "brands": [ "Telegram" ] }
	{ "brands": [ "Telegram" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe

Download File

Process:	C:\Windows\SysWOW64\7za.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	62891960
Entropy (8bit):	7.997907680828508
Encrypted:	true
SSDEEP:	786432:77srvs1bSCxuEKvJCDAJ8W/Db6RvFosNCGtXoVaC3DIRJO734MD7EoBRwyV87/U0:3srB0XW/Dm9FFj0KJ04M0Tv7UmNUKBQc
MD5:	D08BDF8F0948938687A6E0C1044E1962
SHA1:	3D36EADA36219A56229A310174A94656C01EF002
SHA-256:	D26E5D31133EA655D4DD0066EF5A850015B20D754ABC5FFC34A1D721D2D3101C
SHA-512:	7EB70D1C8D8281CD020288D3C5728DAFC30385F834984B85803D900C9279AF19DB88ED8E4B07D98C8C7B04D0D739E9A0F00E67595010D8A8A1ABCC13E4C2E5F7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{g.................t...h.......[............@...........................@......R....@..................................n..h.....>..............n...9....@..................................... .>.@............................................text....r.......................... ..`.rdata..PV..........................@..@.data...$...........................@....g=V....a0p......................... ..`.TNH................................@....g\O.....~... ...................... ..`.rsrc.........>.....................@..@.reloc........@......f..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\unarchiver.log

Download File

Process:	C:\Windows\SysWOW64\unarchiver.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1438
Entropy (8bit):	5.065318543950387
Encrypted:	false
SSDEEP:	24:LnVHxiJiiJjWIp0iJiiJUw8iJfwiJiiJFTPSiJbwiJsSiJo7iJ2iJiiJxpiJiiJw:Ln1xGiGbiGiGp8G4GiGpqGbwGzGqG2GD
MD5:	5CEE3088C9895DCECA19B822D1EF2992
SHA1:	1311CE030236F42DFDD757D13377695EB3327F85
SHA-256:	9F12F4A35C8A46F3244F104256573678C3EB9706505B2F11878F8204D149E88F
SHA-512:	0B0356C2662964BC42BBF79617AD0ADE5C22BF7B5C4042080949FAF712051EB881F30304643950FFE43E3BAE188A7332C6F8CD764CDF195C448743523CCD4C4E
Malicious:	false
Reputation:	low
Preview:	01/11/2025 7:21 PM: Unpack: C:\Users\user\Downloads\shater.zip..01/11/2025 7:21 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\35riya3t.qhb..01/11/2025 7:21 PM: Received from standard out: ..01/11/2025 7:21 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..01/11/2025 7:21 PM: Received from standard out: ..01/11/2025 7:21 PM: Received from standard out: Scanning the drive for archives:..01/11/2025 7:21 PM: Received from standard out: 1 file, 62506228 bytes (60 MiB)..01/11/2025 7:21 PM: Received from standard out: ..01/11/2025 7:21 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\shater.zip..01/11/2025 7:21 PM: Received from standard out: --..01/11/2025 7:21 PM: Received from standard out: Path = C:\Users\user\Downloads\shater.zip..01/11/2025 7:21 PM: Received from standard out: Type = zip..01/11/2025 7:21 PM: Received from standard out: Physical Size = 62506228..01/11/2025 7:21 PM: Received from standa

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:20:44 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.987219174135371
Encrypted:	false
SSDEEP:	48:8gMdRWTxyyp/HtidAKZdA19ehwiZUklqehHy+3:8K3Hoy
MD5:	E7EB606D9C6D7EA342BFAC5B7BBCBEDB
SHA1:	01D0887BEFE388F66883D1A133C783C4139DC302
SHA-256:	C8B932EFFBFD161CA86B79B6DB55E8C50577CCBEDFB6A5B9DBB12490C530D947
SHA-512:	140FA16B9075C9BA9CD48DC9EE787DDABEBF151B8548E9CD30FA359EA459CAFC167449770A01493882A24983216225C047D88550471DB6CFDCD7ABF9350BB1D6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....@..d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:20:43 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.002265624894244
Encrypted:	false
SSDEEP:	48:8uMdRWTxyyp/HtidAKZdA1weh/iZUkAQkqehYy+2:8w3t9Qdy
MD5:	10ABABDD148F85AE651C34D9A0C91C3F
SHA1:	E985E1F7AF8A3EFE23FBD071E8AC0188E09D0625
SHA-256:	B9CC3EFC2570AAC3C5C8B746FDE6B556A55A301A91CE701FE5465BC9B9A7E3FA
SHA-512:	48AADEE2D42C3B8B213CE4F98847817972A835FEEBD8D9EDE882DED8C27A9020137A25BB7A9B3D6611B654C3870C04463E2FEC6DEFAD2B48ED3FCFFAB58DB157
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....k..d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.012258509244076
Encrypted:	false
SSDEEP:	48:8xiMdRWTxyypsHtidAKZdA14tseh7sFiZUkmgqeh7s2y+BX:8x03Enky
MD5:	11C8CF37807B8882D65669B7BD4E0DB3
SHA1:	2E00A3091886D6BA46D8443B79668552EF7B7384
SHA-256:	26936693C17061987157D1594BB5FE82290839D9409FB117A3DAEF6397868BA9
SHA-512:	BB65AFBA6472B973DB45437648EADA4BD7A1B4BAC5D54C46CC75731663D912B838C7841B03A67501CF4D54EEA9507B47B43886496C720734C0C74078415F2452
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:20:43 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.000678719613919
Encrypted:	false
SSDEEP:	48:8IMdRWTxyyp/HtidAKZdA1vehDiZUkwqehcy+R:8C3Ouy
MD5:	FD0E82EE88AA261BDC81BA8F3C0BE338
SHA1:	FA29EE1AA5E356B53F0B6A974A57CB7EBBF479CF
SHA-256:	F4676988262F4C6AB6C35732398A86E8F404657408484C896856021650433D5F
SHA-512:	22E7041B4857695D5939BB78E1473CDDDB67A9A7A795A0CC52B129F053A19F7F28F061B6465964918FE7DB1FD53C859FB796A27E4975D85677E0AAFAF3C1B5B5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....k..d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:20:43 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.989112160101665
Encrypted:	false
SSDEEP:	48:8nMdRWTxyyp/HtidAKZdA1hehBiZUk1W1qehyy+C:873+9Sy
MD5:	69354E9AD922A86D4A3F1DB8AC8C268A
SHA1:	83A87BCB574B245C0563EB9E28F74987C41A3464
SHA-256:	B24AFA71F6EF3CA03E11D079C1499B1A9281EC045BAC5F85F3AA11E35F852825
SHA-512:	41188D8C0BAE756E89B23EC9F0F947C30CBD7E6CDA819FE4EB64DBE8D3C15534E3735C317479CBF3F8A6CB7A080419EB8148A062232FB9E8F48F22CC005A3BFE
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....y...d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:20:43 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.003047866542879
Encrypted:	false
SSDEEP:	48:8fMdRWTxyyp/HtidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbky+yT+:8j3gT/TbxWOvTbky7T
MD5:	618F0C3A55B1423AB96622D26A40C12A
SHA1:	55B580E27F0429AA79B4D8F96ECFE44D58C814CE
SHA-256:	781AE9E7666E0341A28168832A7A3A6AD428F7E0339F32AD6CAE62B7B91C6FCF
SHA-512:	189FE28239CD303A98F6DEBD8B2BF54437724FCE94DCBCDAEF7CB6000299740EDE4E13C44479E01C0EB87C219406B90666C8E93BBE9A580F74DB6A76362CFE98
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....}..d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............T.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\000e0422-99cf-4fe2-b591-f9f71f7032bd.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	15878
Entropy (8bit):	7.9820935497762715
Encrypted:	false
SSDEEP:	384:jgWa2pZ6u6GWVrJqYchD2fyXwu4Mf2syUY7cMZDEtPTTG:Zxsu6GWrJu2fVu4M1ylPDEtPTTG
MD5:	23F5295748B895D0BF4B38A15C8367F3
SHA1:	A7A9A394C2D53B01496EC16618FEEF3CFDF5D5E0
SHA-256:	70CF35DB75C0F59B08ADB11FEC2D99F9EE82DC0FD425AEC03516D2FF5002D1FB
SHA-512:	A0E9C1394B32D6A52973C13156ACBBA675998FBB11B104FDFB2F67B5E675ACB6269E4A66CFF048CD5990E6F004D50E436BE47CD8365FE04D883D9357513359E3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\000e0422-99cf-4fe2-b591-f9f71f7032bd.tmp, Author: Joe Security
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\78d2c4cb-3fcb-40e6-9dda-30a457439ec2.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	15878
Entropy (8bit):	7.9820935497762715
Encrypted:	false
SSDEEP:	384:jgWa2pZ6u6GWVrJqYchD2fyXwu4Mf2syUY7cMZDEtPTTG:Zxsu6GWrJu2fVu4M1ylPDEtPTTG
MD5:	23F5295748B895D0BF4B38A15C8367F3
SHA1:	A7A9A394C2D53B01496EC16618FEEF3CFDF5D5E0
SHA-256:	70CF35DB75C0F59B08ADB11FEC2D99F9EE82DC0FD425AEC03516D2FF5002D1FB
SHA-512:	A0E9C1394B32D6A52973C13156ACBBA675998FBB11B104FDFB2F67B5E675ACB6269E4A66CFF048CD5990E6F004D50E436BE47CD8365FE04D883D9357513359E3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\78d2c4cb-3fcb-40e6-9dda-30a457439ec2.tmp, Author: Joe Security
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\a5a63ed2-b295-4b74-8914-8c29f79e61f2.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	15882
Entropy (8bit):	7.982089638753701
Encrypted:	false
SSDEEP:	384:jgWa2pZ6u6GWVrJqYchD2fyXwu4Mf2syUY7cMZDEtPTT+:Zxsu6GWrJu2fVu4M1ylPDEtPTT+
MD5:	76D4178E720C4EFFA46607F8CF63D512
SHA1:	23001C681F8E0AC96FE99D41C871031D038FA241
SHA-256:	75CF4C7133564F47234E5DEBB664CD71B5AF58C074755DE5355CA247DCA07777
SHA-512:	6A6CC1286E1161665E85ACC9167BE1099E2404707183A30B3EC8B39579529368D37F9BE00DFD950D1392610173FC21207301F9CB864C709531A524C7D2458F2D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\a5a63ed2-b295-4b74-8914-8c29f79e61f2.tmp, Author: Joe Security
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\d7006076-06c1-44d1-a0b0-a18543e72be6.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	7694
Entropy (8bit):	7.96820694575913
Encrypted:	false
SSDEEP:	192:jgO1oQg2IwZUvN88/an37CGWVr54fs987YchD2f3CnXwnz:jgWa2pZ6u6GWVrJqYchD2fyXwz
MD5:	9C03E09FCDF738384BEC8D20D3C8AD20
SHA1:	F904B2735B5B7870F5B4A5C526649A28A7D50EC7
SHA-256:	E5D578676CC29095F547C11EE7025D9D47418200BA20C2BEDDD719851B8BCE03
SHA-512:	502273F801CB1E67DF2CE9680308DBBA39C8027CFF5B99BFAFEBC155CD2ED935E9616A202B7AEBC31CEE693CEA79ACF7BD97A65988C92D86E5A629866588010D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\d7006076-06c1-44d1-a0b0-a18543e72be6.tmp, Author: Joe Security
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater (1).zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	59775562
Entropy (8bit):	7.941863696707123
Encrypted:	false
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp+:fyzJWdkjrKNtdBo0TqYgmTPL/eb
MD5:	216DD2609836BDB2E22565CEB29D3E80
SHA1:	1AE7A0D2C2C45E196AFA02AD641961DDD6CE69E7
SHA-256:	0C0D2412CE7C57DD9DA4F94A51B4535D3FFDA3AF274E576415536B86750D6EEC
SHA-512:	7B1CCB3294AF184DF4666AA6CA945DCCBAD456A62735060976D794E4F750E81DB8F9D0CD3F58CE9B19A4AEC706AC93F9B6932979E3AD334312F81319F05CA1C0
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater (2).zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	31663410
Entropy (8bit):	7.940432539110523
Encrypted:	false
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+:fyzJWdkjrKNtdB
MD5:	19C9503B2CBC3998E3BC5AAA6918111D
SHA1:	E57C8D39EFD9A2D8CC2681253E564E4392F7E695
SHA-256:	19A214090FAEB94DDCDC8826F9F79624CBE0C1E6980DC4D7F864EF7351A90F1E
SHA-512:	3AC2CE8A6E7ED41FB55CBB5F870289D22F311FFEA833E8FCB587043A0D3251127005190CD5B79AAB0A52405CB12F26AF414B7EBF1FA349006C784AF7D2F931B5
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater (3).zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	5892038
Entropy (8bit):	7.935507801179714
Encrypted:	false
SSDEEP:	98304:tXJd7Ro5xlMIVgiYISdhjyspy8lCF1RBVCc6IGu5jN/HArCHNTzj5niQPW25Ib:tX5oXlPpYV/j5pyzRKc6IGuDHAru351T
MD5:	BADBBA6C304CC8F023A67C11008C0765
SHA1:	273B9FB1F266E1E4A2579AF95B1B5E86B0CB67C5
SHA-256:	163EFA511D33978F7298EA3B57EFCD09681802D5A2909154E8EFEA91D014BF4B
SHA-512:	716E3B870C680D450BB483D928BC2AD09D54BC837987CCC672578A9EE7203F7E03F4144A933AB94044904B219C034672BAFF08B17D698ADEB1EC11B729768B0C
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater.zip (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	62506228
Entropy (8bit):	7.999978556244661
Encrypted:	true
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
MD5:	115C3122F43560D183BF64DF477C0475
SHA1:	EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
SHA-256:	B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
SHA-512:	C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
Malicious:	true
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater.zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	62506228
Entropy (8bit):	7.999978556244661
Encrypted:	true
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
MD5:	115C3122F43560D183BF64DF477C0475
SHA1:	EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
SHA-256:	B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
SHA-512:	C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	86923
Entropy (8bit):	5.288942392211126
Encrypted:	false
SSDEEP:	1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
MD5:	B72AFE07A6F6F477120F3B0803D0A983
SHA1:	78EF8329A917D65F8BEDF5E1336724C6F5B80404
SHA-256:	F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
SHA-512:	823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
Malicious:	false
Reputation:	low
Preview:	/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 150x112, components 3
Category:	dropped
Size (bytes):	10561
Entropy (8bit):	7.901761975904386
Encrypted:	false
SSDEEP:	192:yw8/+sy8MPJiP0WMFQKrT7ofenVxYiqjyKLE9aNVijQX+ewiEy0SJ:yw87y8MPJNzN7o8Vxvqjy4E9oVSQX+GJ
MD5:	31D8C5DE7A1CF1631F6D528E39383A08
SHA1:	CEAF03D72E2BFDB4871F0D41B910CAAC62CEAF09
SHA-256:	B8785AF7368C9FBA871D3EC23E33255ECA70CF4BAED835D32BE67E0C40778663
SHA-512:	62B8F763A73748EB2BA95FC12D3E9850A331E8186E1747FE6D6727731900C50FD408C689518F21BE69942A07C5BAE37FD0639DBB50ACD96140582DD4281BFDDF
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..r.......i2.~......N..N.N...}.R...j.........+..Oe/.5).....qe.}....>..1._...........8\|@.&9-.^I+...eI!.....w....C...L..S..=A.....h.=.Z..^l...{t_...Y....7..^...O.+..../]./.."h7...Z)%....77....B./.?b..[......3x._o......1.>............#i.>..N.`.8.-.i..k....O....\|2.N..#.:l..K..g...^..`..U..%p..x<Fp88.(.y.mW.....v..-...e.Ly.;..w...y.._.!....Z...t...}N....+yc.Mw~'.w....E.k.....V......D.......

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x116, components 3
Category:	dropped
Size (bytes):	4918
Entropy (8bit):	7.869193450497874
Encrypted:	false
SSDEEP:	96:yeECIIIvJ0q2i7ywBpWiyKWkiMzbJB/PGPIDhpuBDEzakuGCEuD:yerIIIByi7ys+K5BzbJB/PGQDhgBDEOb
MD5:	E699C33D29E5067BD0E5278A37B0831E
SHA1:	377B0C5C6D79B8F8BF41D5CA03AB7215CAF03C17
SHA-256:	EA0FE09CCCEAA86326BAF68B15CD2E9952A98960940457CC163CEEAF9CD336FE
SHA-512:	7782F901DA8FA37C2E894BC42B0A1D6F391A6414F3F9B9B71E3321F290D25873375076FC17F62913BD819B7E4224D7420734EC29418C896E0505BC0985966C45
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................t...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....?..>.?.......<..._...G.K........A...?.......A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....~.@R. ..... .......(..../i )}..\|.T}..\|.Uw.?..y...i )}..\|.T}..\|.Uw.?..y........?..>.?.......<...K.H._d..?..d..?.].....A...H._d..?..d..?.].....A...H._d..?..d..?.].....A..@_.....R..s......g...tb.{.\|.c\....:.6.......(....I.{.<.cO.D=.......(....I.{.

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	6327
Entropy (8bit):	7.897313110393381
Encrypted:	false
SSDEEP:	192:yN5We5as1EHb/7ulrpfkccDIJ8zYuhZdDx47:yNQs1E3yfkxG8znk
MD5:	279DAFA720958747FA8E30F7B7424AF3
SHA1:	40C372342DAFA97D6D452DD72FDDC002230ABD66
SHA-256:	BC06D78EC50AAB6E5EDCE3BC78308DBD2E2E6894FFC16BF392031CF6B14E639F
SHA-512:	98B5B55D09628FBF735C6DC15F66D71D17ACC6DCF3B811CED617922928E4C2D13A90AC471B058B4DB724FE5EBA91893A695FF6C2663FF06C7212AC6B534FFF22
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_messenger-telegram-1024x614.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+.??...(...(...(...(...(...(...(...(...(...(...(...T...S..n.e.....@s!.S..J\.JWB.DtT....j...A.2....03.(..b:*J(..b::.....AN.9..v...:.(..a.I..]..E+.s1.=..;....M....KE..v!U=.......a..t..W..9.M...)7t.(..@.QE..QE..QU5.sL..u..j.a.......2O.]8<.+0.....R..c...JN.KV.i%..q40xy.+.F.NR.vI%v...<A....L...u{k.+u.5......?....!..H..xr..\|...G....i......?.".v..?h...z.c..\.o...F....c^.8.zC....+..-......Z<.

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 245 x 122, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10075
Entropy (8bit):	7.965005426042753
Encrypted:	false
SSDEEP:	192:08yiR8eR/c+1JoAFkbn8aqKJiWX2qrxk6niF973T1oz8Zu2zSgzsF/6:eiRK+MfLGMsvLFzSgzsFy
MD5:	E479114964B8AE33BD1A6598CBEB2B28
SHA1:	FEC58800576ABC72711C8ACC7D9A4A816631A979
SHA-256:	73F12094B5CC41A25DA18E2BDA2C5FA16E458189F5ECA2DCDDA37070E8F65FA6
SHA-512:	BA9A26EE29F91BF7788D2BBAFAA66CD405373C96610F93CDDDE16B1DADDBA999CAE4EC8B55B77CA870FFEC5A7897E3F4438EC3896935ACA77FF4A372C9B9C7AE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......z......5.?..'"IDATx...e[v...nN..h.}/_.[e.....V....e\6S..BB...@.<....L....G.a@.@....W..K.W..>..n........2"#3_d.....E.{.s.Y....V.......B.....KDo.=.3."......B.{\f....2.......}............q...w.........w...{\f....2...=.3z...2......=?.q........}......eF.{\f....e......z.xY...e.B...3..........}...P..{\^(......P=;.q......}}..eF_..q...'(o..p..1.@d.....!C..x...j.y`...(....[.XIF. ..W<.T...4H.a.#,.k.~8....].X.z...g....z.`.d..;f!..V6.lj..[.....;.....{..G..........u...4X0 .5T.q<.PK.3..7?......r. ....[K.'N........}.6...#..j.o..;.$...+.YdJ.Pk...9../."..}?'...K.z.......6.V......o.8.+..o...p.4..._.4.\|\|.@H....z....K...I2..D. k....5.............\.$.....W.Z ....R.d@....g.>.\|.@F$!.$Z..]{-..S...p..o.F.7....LS...ww7.tc.9.........*.D../..=.>g.'"..P..'....-........k....MK$<...C!.N.'.&.....=.`&....+.R..z..A._u.`d...cGG0i..yg.....>...kE,...-A. .$VJT.o?..?\............dK~rP...............~5$.s......V.[.....,...riI"..920......o....c..Z.

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 115, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	8015
Entropy (8bit):	7.962101684786648
Encrypted:	false
SSDEEP:	192:SjQh5uwIUVjlFHqDx+MtaGTgsJ0pD3Ff8M6ZuUWFO1iveZaQmnwx:xuwI6j7Hq9Pys8FHmZa1E
MD5:	09F7FBB00E36AEA072D3216E62588EE0
SHA1:	7631AE44009D29EF51F4A9331C0DF15E85930560
SHA-256:	8F4F03D0C1B0FD0F965FCE8A8E324EE9016435623F702829A4F67C5D19ED643E
SHA-512:	DF6178F143D32D01FB425D29941C5F8BB46D401D80FCC017C6807C94DC4EAA31EC2089C6508D7C2524039962981579AC96598A6D7EE4D05A24EC02B686107111
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1222-1024x820.png
Preview:	.PNG........IHDR.......s.....[.z.....IDATx..}k.d.u^........y...>H...+r%J"%Y.l......%..$0.?...F. ........P..I.X..H..$....(.(...r..%..y.<.y_Uu.[.}.wfv..3=.=....<z......9..\|.....9....z..8......w..l...1t8".p@s.c..:..=.#...-IH...2f....q.l.....@........E..n.r)....Y...LO..z.6].....tM[....HH..:.s...d.^..........e0i.EGX2.....%...![+..d.?.H.AC.1..3...AM5...;....X.@\|I..0Tk.nI....>.d.3.5.~Q.9.e.}.(.0fRm.V..\|9..X3yG...1......i.0.^..I.f,:i6..5..<Z1{....N &L..a.....>.@HM.<.....H.F..J..LY0i.l.u0...XU. I.=\..A.....d1FWJKMl:.U1\|^..$.0.d.L\..A.$...r0..Y5+C:...m..B.2.k....?yvb.fR}.k.9..,o..I'-.".$d....cy'.6.....@.......+..A..b$..t...NI.....l..RmH.....\...x&.?...r(.bp.T'c#......5A.J.p..vD2$.....R...t.6.R-Z(..A...Z...i]`.C9..B{2F..n...F...{[@.#.$.+..],....1...f.....f.... .U....H.k.c.....@.#S........HD......E.!...\|2.!..7..(T.1.K.....^._[,J.....H`.c#.~...X$\|J...s,.\.<..&.F.A)....-..^..L_*%.3&).p..\..\|x<o.........2.b4".X.e~..W... n.K.G.z..4...26-e.D...cY.Z.T.^.~

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	9091
Entropy (8bit):	7.898668893648029
Encrypted:	false
SSDEEP:	192:yNfEufkIJsxyj4q9s9+P0ppdNFJPYuhCEHgBxPcBgHT8mTDuqBZ:yN1fjJsOOVdNHPY+0xogzJnH/
MD5:	1C1BC9F0F634CDC139FC54C1050F3324
SHA1:	41E148262CAED1EA6E0813B35243ACA90D60E490
SHA-256:	38760335A0C016D3CE7A19F8205F132AFF2A1EDC1EFEDA41E845AFEA6CAB4B29
SHA-512:	081FC12820FB9A51DC5187CD857F907854B560045109C53A399C4953B5D62967EFCC4DE394F18ED8FA124BB7654C3FE0AA99AEA38988AE8AC8E622D74940ADD0
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064515.883.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(..:.......`.,H?)..]&.......r..d.$..R.....(.W..:......t.......X.6x.../.?.\|2.gw...>!...]Kqw#.i..A......$j...wPT._.............3..,....#.U.w....x#X.....VsH&..X..e.YI..F..}q....x'.><..~;i.*..Q.s.X..I.+..g"n..+...u.._.:....~......N.4..i..:..C,...P.$.k..Ng..V..RZ.......Ih..j..(...$.....L....~...'mv........w...$.g..J...'j.'.q.=k.5...'.tt.S......S.S.......!....+....K.e.At?.m_....uZ[.......

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 109, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	34215
Entropy (8bit):	7.981831865504436
Encrypted:	false
SSDEEP:	768:GcnxVGlB40UMMNqqZj3VYhkCm11va5CLqfz8rmxPLLX3MIzvJuVH:Nn+ruNnZj7DYQLqrxPLL9Dy
MD5:	93885869CB5F149E90600DCCB2170A82
SHA1:	EEB005C342213B91F6ECB94D27E216F7C3A4E258
SHA-256:	65FDE2B70F23AB89F3C04F4FD14B544B5E41D275EFB59653FD12D4C997373361
SHA-512:	FBA6B43B458BD2C8D3B76AD024305833FCA7135916C24D8D53E2DA5FF451DF3A7511B2576BB5FD0EC831CEBA970C4DDDE0C11184CCFAD41D426C3E83585810AA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......m.....b.......IDATx...y.].Y'..3..'..-Y...v.'....NLB.PL..P..jzA.]..4....44U4.kQ@.R..h.(.!.+.c..I...Q..Y..w:.j.o.s.}O..8......{.....q..?.2..#...d./.x.....\|.:X[...a..7.~..wo....c<....\X[[..Y.(.s.....c0.Q.EqL.E.k..PZal)...d........_.....1.Xd....%.#.,"..C..F[.?k..... ..;..d....87Bp{..Z.".R..TDq..L..i$Zi.M.4.8...;4.....m....c..W5x...~.....5J).did....c..&.rD.!.....$..=.....(&.....c.).....AH..iC,A.`..s....q.....t'e..j.;.$I.w......j..R..CVe...Q1..V.....}i..%...0.H0...b.....?..._LZ.d...&Uc...q.$YZU.6...0.k....hJ....,F.`...:..DO..F...:...3b..q/....H[..c.S.}.......[D....4.C.!..B.9....".3J8..qA.!........h.m.......j...O....{$......C........2......{..y?..7...!.~.../..t.....#.P..0......k..L......'I[../.v.v..wx..e...uc...$Iz.......;.......y.1...&.R.D.3..E..e,%s CZ;L..V1..q C k.`...x.u...j..0..;.A.U~B.%..f....3.... ..]..f.a.q3.n...60. .........9...........V..".=.......b...I.!.F..d.S;....K......Tc......?1.o/.......%H@m3..)...o.qv%4.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 213x101, components 3
Category:	downloaded
Size (bytes):	6052
Entropy (8bit):	7.896641690742874
Encrypted:	false
SSDEEP:	96:y+Ek2+u5NJBjJ56R9XfQzbHXXmzA2nkayLtaTqM3ykOSEZyE7st4nIEOplXut:y+1zuXJFSDQzbHnmzA2kascZyb18tijl
MD5:	407F398DECDB933DD6E6854B555847C9
SHA1:	4D01C65FAFA81C711854CCEC9365C880FDD6323B
SHA-256:	45E1904B4E11AB6A761182076D51E2DEAF19AB278257449C028ABBE974797BFC
SHA-512:	E6FE86957636EDAAE88DB99AB00C87B2D793D10995A1DAFFF7069D777FE92080D2DAA5873F010E426AEA3D91489D4085A3B25714E78CF430EB6C7FBDCE17D6F3
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_telegram-not-working.jpg
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(.(...+.l...+\|u..N....6.[..3...i....5 A.....[.....YU!.O..8B..d@{...(......FU...G.?.V.......S..O<.f.:.k#/QWL(}...D.h..U.P.4....Y. .0j6R..\M#>.Y`..2=....t....e..>..........5..A..DA....7t..N...1.U...._.2.=j...k&..L.<......g'..j..0zv5VH....a8#...fH....D9 }kF.....U....sJ=..s..,[..Rh.I.iM.S..<y..YI]...s.. G..M.?0.Z.,t.J.4De..iF.u9...M..53.I.t../.X.JJ.G.=.S.m..b..-.....<._^...;.,C..t..

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 245 x 122, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	10075
Entropy (8bit):	7.965005426042753
Encrypted:	false
SSDEEP:	192:08yiR8eR/c+1JoAFkbn8aqKJiWX2qrxk6niF973T1oz8Zu2zSgzsF/6:eiRK+MfLGMsvLFzSgzsFy
MD5:	E479114964B8AE33BD1A6598CBEB2B28
SHA1:	FEC58800576ABC72711C8ACC7D9A4A816631A979
SHA-256:	73F12094B5CC41A25DA18E2BDA2C5FA16E458189F5ECA2DCDDA37070E8F65FA6
SHA-512:	BA9A26EE29F91BF7788D2BBAFAA66CD405373C96610F93CDDDE16B1DADDBA999CAE4EC8B55B77CA870FFEC5A7897E3F4438EC3896935ACA77FF4A372C9B9C7AE
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20231209113044-1024x584.png
Preview:	.PNG........IHDR.......z......5.?..'"IDATx...e[v...nN..h.}/_.[e.....V....e\6S..BB...@.<....L....G.a@.@....W..K.W..>..n........2"#3_d.....E.{.s.Y....V.......B.....KDo.=.3."......B.{\f....2.......}............q...w.........w...{\f....2...=.3z...2......=?.q........}......eF.{\f....e......z.xY...e.B...3..........}...P..{\^(......P=;.q......}}..eF_..q...'(o..p..1.@d.....!C..x...j.y`...(....[.XIF. ..W<.T...4H.a.#,.k.~8....].X.z...g....z.`.d..;f!..V6.lj..[.....;.....{..G..........u...4X0 .5T.q<.PK.3..7?......r. ....[K.'N........}.6...#..j.o..;.$...+.YdJ.Pk...9../."..}?'...K.z.......6.V......o.8.+..o...p.4..._.4.\|\|.@H....z....K...I2..D. k....5.............\.$.....W.Z ....R.d@....g.>.\|.@F$!.$Z..]{-..S...p..o.F.7....LS...ww7.tc.9.........*.D../..=.>g.'"..P..'....-........k....MK$<...C!.N.'.&.....=.`&....+.R..z..A._u.`d...cGG0i..yg.....>...kE,...-A. .$VJT.o?..?\............dK~rP...............~5$.s......V.[.....,...riI"..920......o....c..Z.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	2361
Entropy (8bit):	7.479942781337839
Encrypted:	false
SSDEEP:	48:y6uETALukLzcjUXISBpPLkWoPu1wVpDm6Eq:yNEpk8gISBFLkDYwVYc
MD5:	CDBE5B9AE4C027C07462A5901331C613
SHA1:	69DC9C44A940E9FFEC378D5B7BBF0A266010C8FF
SHA-256:	B28E0001ABABBF7051DB78FE0F1399EC0CAF15BACED1C7AEAFE7A58BDD37E6A0
SHA-512:	470B5E0245B8270CC501AE5D7B08DD95F60A1819B60CF38D191A03EE8D3A108D5B8D389C55D1B6802CA3998898A705FCA1BC15BEAB978B1237CC26D5194130BD
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..(....?..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...m;N.5{...&.{...,....H}.T...)JQ..z.1...Wl....$.:.zW.........W.?'U...x/K.._V_2....u9S..].~.......&....t....a.Q.E....=...@....c._.....M...Y...\|..w.~...c...:~..U...?...?6..~.?..1........^...a..o..d*..&...xo_.w./<+."}?R.....+..$2/Ua......-......8.,q...:.....t...A....j....

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 181 x 110, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	26496
Entropy (8bit):	7.988573551764828
Encrypted:	false
SSDEEP:	768:+vaQJhw1xvEbz9FLQX+WJx7ha2SKR3yFEh:+ioSXkz92XFLHS2h
MD5:	2AA20BF9963BE3B61A151509C6BB243D
SHA1:	E9A766B4F38A50ABCC41ED24955C9F3A95DEBF0A
SHA-256:	AFCD3EA0CABD7E78A99F63FB172E0E834E62AB2FB62934E3DC0DA2FD87321219
SHA-512:	DFE7673BC688A43B10B84DD1BBE22C2A9B7C7043EE9A1F04621518BC944A0C802A6FE8E2988B7098B613CBD899A8C4365CCD83F2EF8D7B5FB5C498707E2E0863
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......n...........gGIDATx..y.&.u../3....gz.sg....S.@B ...d.i........t.A.B!......A.f(D.........8....{v..s.....L....}_]..Q.2..w..%iR..LO..UY./..{..R....1`.1@`..%"2.42........E.A..`@.D..m.....n..@.........{i....h0.. ........$.4....'....#c...>..e1.....(.....e.X......r..G..0....<..h&..p..~P.S._..N?....]t'.m?Z.....)......]07.r....{.3B4..f,f..C......kr.~s/....fb.'.:.SX<.\|.....p...E...i.>X..I.0.....i&......\...@.> }.n^.....b(.G..E.KRA.......6v..k.f......\|.9.......(7$.....6(m-#.F..M..n..[...4....Y95kEsI...../....@#......p......Ul.b1.:....@ER.....mFO.......n.......wg.b...H...i5..[...F...W.f..D..`.....M..t...d.V...8...W...... ....#..".v....v.dV.i..D.5.n.yMi.L...].^.~j..\v<..6.l.e..k.v`..^.[Ed>....u.....S...6......MO[.HO....0f.x...7@n?AB@.'..NU1.;........wAt.j&..0..R].$.\2Sh5.[*...L#.f.....Z.I_.B.N..C.\|U.'.%....mEtV..\...S.f..e......ZpZ>m....Rza..4..$Z..V..u ...CiE.F.......0.Q[..H.hD.....=...\|8.....y.?.s...%.QH:......O

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	11210
Entropy (8bit):	7.923835560431023
Encrypted:	false
SSDEEP:	192:yNVWOYFuRr7uLbsGLVP0NeRpsvMg1OH3CWw+CCi0MjdilGWYv5Ce65G0cAiW:yNVWOY8lbGLVSPo5xWjdilJG0c7W
MD5:	B5B24B1CC20F2EE2D469BB46243B6449
SHA1:	49D06A1896F73A5545248CD5CE668948C8AA1EF8
SHA-256:	A7A0694ABD59D1774A1DBAABB9E1939B78553648E13F5B9210233D7D37837E33
SHA-512:	E30C9B3C786E9598DCD6CBC33B3D8D8B486154CBA7FD27855D123F84D96B5E379BC35096C5E7261AC388FC999D4444965304A57AC586EA2BFEF0ADD2A3E2982B
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_thumb-3.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...............U...bl..Ny.Zi.}:9.;..,z.H..28..'.sa.T.%}..........p.MImm[L...g.J.[.,.......22..c..k.4.........x..v@.....pH#8.D...:T2.z.k.RG..6./,.t..,/.Z)c,.F.8?.#.9.VL...?..o.L.....\|.....R.......r.cQ.u.m.&.0.C..J.m...s.D.c.Fq..>m....Z2....6Ish.lou.....1X.4...uff (..$..........O..m...}GZ...6..[[.d.$V...0.[.[.......M.$.x....5KB......Z..'.&....r._....~..D..k.?.xGS....Io\|7..;.7.@.(I..b.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 620 x 147, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18924
Entropy (8bit):	7.9613813528567645
Encrypted:	false
SSDEEP:	384:t6/NdPSD5vUgC10Fd0TBm4JuWC1recYybdHRnAGdGPd0sXAUqSw9X55D:MVdqvUgd7YWPxLdOd0pp5D
MD5:	D26A7D2D140A45822E89CB4C9F40CA87
SHA1:	DDD46B0870B9952ABABFBA4C1D8BB104B8C4BCE4
SHA-256:	24D661E0B9818B3B0E9ACA1D1D7BB0F79106EDE5271CBF52DF67C2D2F3AC55D7
SHA-512:	684F6614601B20C74AA5158AF79280BE847947B99E6DD3C40C414B37607CAA8BA1A13A0CEE095680CBF9B3F1017369DCCEB1EBEEEE8E157A2E73C8780836E064
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...l.........3.E.....pHYs...............I.IDATx..w.\e....L.-..$...w..i..r..\...^...O...+rQ..`D.^.H.$.oz...^f.....;.n63;.)...z.+..gNy...m.(..(..(.Y..(..(..(...MQ.EQ...Q..(..(.R.`S.EQ.E)sT.)..(...9F..P..n.i..7:}.HlV..Z.9..>.gj.8.....Qk........X..-...s.c.#u~...k.4.......-..m.....X..S...6.E.(..(.g..l+VuL.....zwhyG(~.....akf(j..-....H\|z.i`M.&.a...{.....$......]_e.O....<.....[...k"N...(......lw...n....z..)..cgl...:....,.0..1.L.?.m...m..%..P...n........am...6.^;gQk.3...l..(.Rz*R...+../z....mmO.....$jYx....8.....q~.Ac.\......m.;.n.>\..M...(......l.u...^...W......=i.H\|I..w..LS'...7...j...4..\....E....V.-...A...(......l+VuL...^..}........1^...{...M.-....c.T.)..(J.)[......}i.g_..}_w(>.k.P....f....?3p...n...[K=.T.`S.EQ..Sv.h....l.....v.b-.....F..q."q..g.....u...?(7...6EQ.E)=e#.V..~_........k$6c_.j...f...43x......Sw.z\..MQ.EQ...D.?.........g.=.~#.&..n.A.s..]u...)..T.)..(J.).4...G.u......O..f.%..E2....=./...1su...MQ.EQJO........;..

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 190 x 114, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	23522
Entropy (8bit):	7.989926584280692
Encrypted:	false
SSDEEP:	384:2bc9wm7MweZ28KCFZAdyoGrcn1E/nUArnRU6RaT6zLJRc2CyivrzZ:JNh8KtTGrcMUAu6Y4eVyijzZ
MD5:	C9D3489D4761913EA3757A82480BFA16
SHA1:	D5BD2730E8E80C464E1FFCBAEB4B3A835C040F27
SHA-256:	152F143C1BE0119B7A854E0E3EEFAC2192B93266F59B1A9D8A3AFE46057F8231
SHA-512:	65E7372551870A9060FD31F6FB3A57ABCB0A38FDD0DDB5E0CA4D03AC49F2EB028B89CF09813598AF09A437D63A67628B67D2D410E42FC2FAB49EA12F1381C48E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......r.....b<....[.IDATx.....e.q..w.9...m3..X..;H. ...w..". %..%..I...KJ..RlG.8....vUb;.EI..D..e)."K.I-.(.".....$..0..3..oy..{.S...s.}......~.{..{N.^~..n.o..H.A.\/.......ED.....D......~.@.._...%.........^ ~F\|..GB....r.l....k.?..R\|'..]0.../Ad...v.......m.8.......M.Mn2?.L._?..rqy.yey;..A.../(........w.P].._..M...`.....9......n.....V...&.t/.(nq....&.?....z.^MV...'.._....T...F@.K.O.i.A...+.[n..\|......!...N.{s.....Cn(..(......~..U./U..?....%2.N..=T.`. ...8...V.M...e.IVD'>....tx.0....p.b i.....v.....E.I..I.z]t..g.(..w.."0n6f..5.u$..n.qo..Z...V.0...)...CvbE..X..je......BD.Mc.uKW1U%...w0.d,.3^F.>du...T ..9,..*..u......n..c.f.w>Y?.q...t..e.~..,.A&..X._..p..T....._.wS.y.....nGd...VR..M.u.....m/.9..Mabt..B..Dg....}+J.L....++..4.....Dp.V......OE&..Q".F3w...U=.-..!.C...u.#...p..N.j<..7.Uj...oOB.....R..v.....Juj.G..N..EU..V\|..l..w.2...7...w..%.$.....M..n..g...9SYG\..G..r.R....c..".C.>Yu.d.m.?!..w..:i..94S8. N>N.'.djj.D..Zn..d.9.y&...

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	dropped
Size (bytes):	9834
Entropy (8bit):	7.910145919030394
Encrypted:	false
SSDEEP:	192:yJUZ8YjH5mpeD9XPy5kKyXvsZolGP2qmUTMYAflKl+lptJ+EXnZ+:yJU5jZvDl65K2tA9FjGEp+
MD5:	FE2A031365FF972B5C79944B69A1C18C
SHA1:	3F123F4BE0E3670DC6DD071A91551AE660B8CDA0
SHA-256:	A3208AEE7C7BFB0EE0BC12C6F2BD86FF7F6C68502D56213FC54E1FA99C749FF7
SHA-512:	BA560546EA28A05C90A06A771CB28CEE3D2BF75F2E8960A209980AD1612E09366CDC4EDF384F0907E17455DC88DFE9D29C77F9833C0E875DD34E3BE7E10565FD
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..s..jW.9..,...U..,m...4...u...>Mx.3Iq.,..`Et...Z......%..d..&.o....%.<+&.;.C1...\|~.:.0X_..I:~..}$..e.s....3..S....d....@.b..........4..X.pTV...e...%......'8.......t...h.4h.G..I.X..c!Hg'i.F2z.+.._/.g.I.Cx{J.OiZO."...o{..z........C....(.o.x..O.L...\|...A.....kt......v..).B.4MVq#a~..I...F.;..e..oD...\|q.WF.g..G._.....b...+I!.....A..U..<'.:.......:D...........O....h....j.........k.?..G'.4.\..c

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 200x113, components 3
Category:	downloaded
Size (bytes):	14204
Entropy (8bit):	7.9200573180752265
Encrypted:	false
SSDEEP:	192:yjE4KrK9yvohx/UNRvxkTUNPWr0Xu6DxKAbOxbz9K5ZTD8DiaswYL5zM9fEkE9qH:yjE4/9Yqx+OY+E3D5ZZNLQrEJ+Y2rGhM
MD5:	BE89F724EA58283571CB8446B6E382E6
SHA1:	42DE34B2B19CEDFEF6CF7183FB4475AB365C688C
SHA-256:	DDDF4D7D96D2C124BBD828663436225CA6F2593A691A35A2BD4D481CC594B7AA
SHA-512:	87FC648F06142BC719A348369443FC0947A23C9A4C28AEF0AAD8149C0375DB3441969CEB1418345F0C9C66ADB57540F0C82100249027622D2CEFE1D477A0609A
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_apps-6d00148dbc3b813d_%e5%89%af%e6%9c%ac.jpg
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....~......4....m.. ,>..9.._......5........#............o.e.....$...>......[.3k...{Q&J....G...."..J.q..%h<..Q.m..C.:l.........?/q..r...f.[.....O...D.A.(....9.U....8...E..I.A.._........?N.DT.c.s.Q...U.]Ai._.p....R.*...^...>U.G.....8....QZ.c.\|.q.O\.._E~...._..i..k..K.&.....Uq..EkY\|....F.v.5..N.,V.,....{...<~.~..F....:....m..O..j.E...:._...5,....'....k[\|.~'.q>y......F..9]vv..s.p.+.Y...

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 177x100, components 3
Category:	dropped
Size (bytes):	3246
Entropy (8bit):	7.63353263792788
Encrypted:	false
SSDEEP:	48:yMuETA/TF+jxatETHOUUOtEDqkRHKtaWnpHSSc/hZ+rkz+REkk1S+:y3EeQjxaqTHBUOOqkRHKAWnWpkSb/d
MD5:	F3ED0D3BD84852879962E6FC0DA19A32
SHA1:	1243684016A30EBFC65BA023185128622140F25F
SHA-256:	5B74882C83E03E20E98AC8056EBAA3C939E0F3CE270F6A36E55A4F4CA61763D3
SHA-512:	C26AB72143D7C3C15ECCDA8C308CC27542D664D00A6F6EB33B3F477A25E3A1AFF8378A37193A7CFD9976CD622FE2A97D3B34B50DAF8055AB24FC40FE1E65C035
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................d...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....._...e..;...?.~....\|L..f...".....[.....'..#....uk.F+v.Iz......5.:1r..%w.#.i...2:.=.0......i...p\|a...^...3....4...Z.....{.G...bI.....?.&..K.:._...g..K-.b..S.6k.^]#p...B..W.7.\|V..a.^_..?.....My.y.xo..".c..e.....m........x".....m~.X..."....g+....!U..d .{b...*.OmF5-k...W.\|.j~..{....QZ...Q@..Q@..Q@..`..0}...Q..h..4.QF.......

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 187x112, components 3
Category:	downloaded
Size (bytes):	6620
Entropy (8bit):	7.921898058291516
Encrypted:	false
SSDEEP:	192:yRWoplGr/T3ba9eckIQqLJh2hG2rfBDYt6IPOqZm:yRWoplGr3a9eckIPUhG2rf0mqZm
MD5:	EE12AE8E6F2563706CED238BBA47F838
SHA1:	7253116387F119B9EC838B41DAB96DD13FAC4D76
SHA-256:	B3B47D264FD53307D39169B6B2E6CC476D001959F0DF13143341A1C711185A60
SHA-512:	E7A99881F74C9BF8B9D4BAAEB376E629A48E848C0E64020C49F947E291ADA6E36555A90B5EDB601C0A93662B07E2CAC47E6F2B808529490D58BFBC8CAB75F973
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_12013.jpg
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..#.8..rsQF9.J....Z...c..jUR.I..3.RS[..QEY-.(...v.QW.7.o...UM..z..{!.Z..4.....s.QV.4..IF+v..l.....(.I.~.j..W._........MK.o..c......B....I>........>..&....C.j.........;.>.....G.T....G?)>9..#.Un.2O.?7..]y.sO.N1._,[...+iM..=....3.(#..>....n.(.jB2....y.R.2..5-.Wa.P....;....\..R.?... .5....R.AS.Y.tA..G..OaV...W.X=.....&1..W8...8...2[..rs....G T.Q$(.....]..o.....I.....$.6.r..X.pdn.....\K.*

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 213 x 111, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	13381
Entropy (8bit):	7.978631033763193
Encrypted:	false
SSDEEP:	384:vc6Kh61C2aH/vOZoe1zFiNAv/fjcGwOKM8kyfF7EMr:rKQ1zimu4RiN2L8OKM8kyp
MD5:	F5BE23C7097EBE8FF3C0146F9ED943FE
SHA1:	EFCE05455497F0DE65DD376BED3AD223D8F0973A
SHA-256:	9D9E5DEBA4E1E9510ECF9E9C1B31A27E297E298804C9572E5FDD7F7EDDE52467
SHA-512:	49D8BF310010C14A65225F5B6580DC4F8C56A51580CDBA4C081F55A29861D9D1A83EA8F69CE7CD7B7943D0CDB664C3E933F9439143BCC80D4A6E29F144EEB121
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......o......s....4.IDATx..}go$I..HS.UtM.....q...{8..t..N.9...O.......}..a%h..p:.N#.wfv.i.nv.{..fF...b.aU....]U].\|..y......x...NC9.....V.....~.......p...6!...,,o.T........P.A^..9...\|..<../...}.pi..y...8.9..m!.f'...\..R.b...j.>^.....E.)@t...%.fGG.....0..tA.[.P._.z.H....2...S]{....ws.........E..).m.E......t..N.._....o.\|.d.{,..(5$.5-.......Y.&.....H.Q.\...u.2.'u2.m.{....A.!)<...;...o..>...,3V..>-.....o..g..\..GB.^..!....a...5..b...-q..(.......F..?..6....C...@......a.H...6...R..X.~.O...?...(Ok.C".\-...[U.\|...`H.,%>.A....J?. ..x..F.6].......>}.Gu\|<w....\T."x5L....:......_....<.@...pa....(Y.H\|\|.<....I\|jO...C..+.H..d...O.."S...>.....$.6.%.e.H.b.?..g..8..1\|.bY.=..}...Y&:.8..pm.5.Xw..N.....F...z.W...J.^..a..F....FE.h9..1..*.L...t.....?.T....7$...?a..l..f.A"&s..H...6. 3[.A;..E_.9-.....7j.V...&..{....:F..=.OP..~#`je..{x.\|..$w....\|B .#E\|(...............=....c..yh....Ei.....p..M.<\|[k..U.....M...5x..W......Hk......{..PE..F.

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1504
Entropy (8bit):	7.822690331974615
Encrypted:	false
SSDEEP:	24:vnITClnOzdtJ0mp6oXf8yTwjGz5ycOohdz6WWgei4Smf1rpVdc6N7oXB7f:vqdcm0+f8AeGzROWdzfgdb3NGBL
MD5:	A6C494041395F493B5C9A35EEB9D9B5B
SHA1:	3CAFF067C78EC36F992335351FFDF19B526AB45E
SHA-256:	B1816C471F0BB2863EF22009FDFBDE486F596BC22765DAE314BB9FF50AAFD752
SHA-512:	29E4D39AF7EA51F0D15120ECA454D0BD3A72B8EA58F8C851A679AFC1FC7E81EC7796CA8DF9926BEAFCBE1BF402AF0BFCB30A1791A8C7EA15AF367530EEF6FAE6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...3...3.....:.0....sBIT....\|.d.....IDAThC.ZM..7...u......wy1<..x\|....$.a...9....O`...e.\|..=<..LK.jh.?%ZRwg.^...R}..qV...m.+.;..&..p.;I.9..)..J...V?....K..`...\.......L16.2..w.....t....o`s.(T.0...=...Iq;.T.m.Z.i.6o.b.BA.u.^q6\.j.6......6.<..e....f...Rl.Z..o.+...or......b........TW&.......0.w:i.._.../...`d./....]...H.A...\..,@.`...%.....R.....?..r}._..&.!..9......S.....oP.....c...l...o..~L.Ulz7.].hj..$..8....1.........K...........j..L..Z..lP.^.7.W.V...Q. ..)c?q#:..Z.=yP.c..k.7`G.:v.8..).&i.....O......4W.S...pS1Q.B...._Di..<.o......h#.q.czp.......6....o....%........z.<_4\.=yx^0...\..H..<.....MF.........S...` .l.RqU/.Z.V.@:.{..{...)...y"{..A^c.."{.... ey......+.X._Y`.@..2..)..R...P.7.'~..b./....._.`(....sJl..8w.re........7.Y...z.....H...L.j..Z....`.1{.u...^6.TV.v...G.\hQt..q<g.P........]Y...A.......p...D.....1Q.T..Q...1.LQ6CxI(k.q..&............R....S.1.f%..d...M..)....M.3...:..R......3...j.....m[A...1S.2..r.$...+\|...

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 109, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	34215
Entropy (8bit):	7.981831865504436
Encrypted:	false
SSDEEP:	768:GcnxVGlB40UMMNqqZj3VYhkCm11va5CLqfz8rmxPLLX3MIzvJuVH:Nn+ruNnZj7DYQLqrxPLL9Dy
MD5:	93885869CB5F149E90600DCCB2170A82
SHA1:	EEB005C342213B91F6ECB94D27E216F7C3A4E258
SHA-256:	65FDE2B70F23AB89F3C04F4FD14B544B5E41D275EFB59653FD12D4C997373361
SHA-512:	FBA6B43B458BD2C8D3B76AD024305833FCA7135916C24D8D53E2DA5FF451DF3A7511B2576BB5FD0EC831CEBA970C4DDDE0C11184CCFAD41D426C3E83585810AA
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-88-1-1024x546-1.png
Preview:	.PNG........IHDR.......m.....b.......IDATx...y.].Y'..3..'..-Y...v.'....NLB.PL..P..jzA.]..4....44U4.kQ@.R..h.(.!.+.c..I...Q..Y..w:.j.o.s.}O..8......{.....q..?.2..#...d./.x.....\|.:X[...a..7.~..wo....c<....\X[[..Y.(.s.....c0.Q.EqL.E.k..PZal)...d........_.....1.Xd....%.#.,"..C..F[.?k..... ..;..d....87Bp{..Z.".R..TDq..L..i$Zi.M.4.8...;4.....m....c..W5x...~.....5J).did....c..&.rD.!.....$..=.....(&.....c.).....AH..iC,A.`..s....q.....t'e..j.;.$I.w......j..R..CVe...Q1..V.....}i..%...0.H0...b.....?..._LZ.d...&Uc...q.$YZU.6...0.k....hJ....,F.`...:..DO..F...:...3b..q/....H[..c.S.}.......[D....4.C.!..B.9....".3J8..qA.!........h.m.......j...O....{$......C........2......{..y?..7...!.~.../..t.....#.P..0......k..L......'I[../.v.v..wx..e...uc...$Iz.......;.......y.1...&.R.D.3..E..e,%s CZ;L..V1..q C k.`...x.u...j..0..;.A.U~B.%..f....3.... ..]..f.a.q3.n...60. .........9...........V..".=.......b...I.!.F..d.S;....K......Tc......?1.o/.......%H@m3..)...o.qv%4.

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	downloaded
Size (bytes):	9125
Entropy (8bit):	7.894391001399155
Encrypted:	false
SSDEEP:	192:y9dGOSRv26UzP8NeJQ4yyjzMSSfMzn+iSG4voCcmwMGy/ahrh0:y9QOSRvXUz0NGrZzbSf0KoCbz0rh0
MD5:	2F8C727C17CD363FA0D4C062CEC3E600
SHA1:	1D73649B6E96E1CDB5F7781C8CB5B067668AD8B7
SHA-256:	9A1454A6725EEA51450B4E0D63295FC995FDB0202FBDC53511C2FB3AC19655EA
SHA-512:	C7F6113452B13DA3D7D346824CABE4DC39553F3BCBA6E6A7779A0C451564846AE2EF81FB1A4A35554A6757452899D7186EB12C23294A866DBE6363A4A0878CE9
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_shutterstock_1425817535-e1560832518594-1-1024x683.jpg
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..J..~2+sK...0..S.-..rk..t.....S.&...p.B=.n.D\....'IR....[..R...d..N~..v....*x..'....6=.2..,a.%(+Ds.h.y+W ..pvV.6V.............^...7...OC....;ou...a......1.7..x............/._...u.......h6jM....mn..3....r.5...g.....-...g....:.A..Z....o...oP....:...?....b....\|AO..g._.Yy...~4.6>..T.V.e..?.n..DNil~.Z...S<{.e.Q...?.....M...j'.s.....h...Z..Vy.......U.K.......u..".........{..\|6.%........

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9739
Entropy (8bit):	7.914505260000532
Encrypted:	false
SSDEEP:	192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
MD5:	E94E30D49B2C58C8CE7BF1A96BE1458A
SHA1:	79334D2865DDD486A79F97725363F56655C80BDE
SHA-256:	93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
SHA-512:	9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-logo.png
Preview:	.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	86923
Entropy (8bit):	5.288942392211126
Encrypted:	false
SSDEEP:	1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
MD5:	B72AFE07A6F6F477120F3B0803D0A983
SHA1:	78EF8329A917D65F8BEDF5E1336724C6F5B80404
SHA-256:	F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
SHA-512:	823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
Malicious:	false
Reputation:	low
URL:	https://www.telegramhj.org/static/js/jquery.js
Preview:	/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 268 x 126, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	34163
Entropy (8bit):	7.9902500640664575
Encrypted:	true
SSDEEP:	768:eE11v9WVVpQkO45PjIS58uR0IrPRc0qYZ6oQ6GSDpyzSiFOZkyNdLM:eAv9a9O+M+R04cqlD+SisZkyzM
MD5:	02C061A8C2BF5B49CC6F3884AC1A90A5
SHA1:	AADD63BC7F6C3DA2331080F557C75C1C51516E3A
SHA-256:	36750201135764E68D694057FFBBC878AB8E06CCACC79B83884F621FA8C2514E
SHA-512:	8798EB1DC85FC1AD5E83CA42FDB66E1CFE0DC4C4914F302C014DD9AF4133E669BAA3AFE80CED9651FE2C5E2F7EF56F928271D0507CDF046ABA7A8BB793DD2570
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_14-1-1.png
Preview:	.PNG........IHDR.......~.....^s......IDATx....f.u...>...:}..2.`.@..E.JD...M.Z.-/Sr..d+..H..W&Z....0NH...p..mR...Vd.]"..$....Ly./..s..:....Wf..8\|......{....M?..O. "...........w.FR....O.....@I.........D.#...,..D.)..(.d!F.A.!..A....D.V.i.A!......_.y........Z.q..Y...=..L.....#A...O......a.Z...L.Ld...j.;....\#..s.wO......M..5......L/_.(.h.0....j.r%L..I..._..0Z!.....e.U.....#.!Q"..W....`E.O].Kq....../;..5.p8.?...1W..l....E...z)a`1.E.T..R..8L...-.Ig....D..aV....mm$......{.k..q:%.in]...Fi2.O".E..K'(..-...S_.....A.....s.l..v.{m~A...@dq.,.6..../W;.6.....7Y...kO..[8.....p.^......me,r...y.A.@...k.1....(.D.s...].......t../....!.6...V...,...M..Tq]......n..S.;7-.}..`x0Z........q.....6[K.Z.}..9p....dz.b..=...._3.f5..k?..I......^.C.ZH8*...x.~....N.4^.$.y..d..."...2..+.c..........b..D.CGzD..r.Nf.1#.ET..+B$T....d:.R92W..vY.u....mK.S..M.:.QW...V.....%..nua.2....O.a=1..X/L.a......Io]..fTn.g&....vm...A.3...ez.-~...p(b....Oh.)x.1H......:.`..........p.N.P.d.h=..

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	7055
Entropy (8bit):	7.883981599915443
Encrypted:	false
SSDEEP:	192:yNme6w6/BKhjcS5lWgnIhgJFccUcPcLc4YLu:yNX76/8hzlk8AAeci
MD5:	133770D28D29DA09E3AA387C96291C11
SHA1:	92D5E7EB326B30EE70A391AADC6013320269411A
SHA-256:	9C442E77C15BE3AC8E4D4AD404DBE57A390A6247D217A0E9D3A552CD4CA769DC
SHA-512:	8B3214CE09E1A169F1F529588ECA91BB9603E4F168319441B589B2B39C96B31A31D584852C0A6DBE0B9ABE9F1C41AE774B12B36E70A8737952308CB9DF23F6F0
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-20-2-1024x576.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....'..>.2.}..q..pL.7`};.n..NI2.B.u5......Dt........?{=..W..C.g.~..=.>'...m....S.:...!...O\c.y....KM_AWt.&.J...y.......S.!.:g...C.n!...)..P......YF[..y.p0........~.kw>.s._.I..w..R.O@.NO......e.....e.O.....l..e..{..]>...%.q.D.x."..`.`c........._..(.'...................$w.....?.:X.S......$.~.?b..e.T.F.?.9.6.7.7.(.{.{..?`.fO.(...

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 170 x 105, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	24133
Entropy (8bit):	7.983664584003387
Encrypted:	false
SSDEEP:	384:nbby0NeamEU3O8LXJxO48hAvEddQCXp+OxvZkUvec59rY5G41Zvx8ib+hvbyaEys:n/yqeaPw97KayXXUOxvZkUvXG5G4jvxj
MD5:	E8AED60EAB94D807AA01B37EF1B13F7F
SHA1:	398C27B805D703A60C3E2A5B2181E3C25DC86130
SHA-256:	6F34B6ABD1CC9EFDF135C031CD9F4A47044EAC609AD80DC356FFC791CFFD2F69
SHA-512:	B2F644244A067808631E587A4C33A58CF9F536427B64AA3A4A297DAF2042DC5FF6C3EF0DB9B68286E33A7C42586CC04BF7C5654B621655009EDA3C554F09FE36
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......i.....%h/...^.IDATx....f.U&..F.[.=...U.J-.f...e.-l.nC..v....9...{z.if....sf.....ihz..`..x..[.....VI....._.{.q.D.{..r.E.g....\|K.X....!..}.1b@......0..1...~b..V.....P..../......."_2._...R 1Zw...l.1c.!..0.C..6..1.....X...xE.+....gA..n3..gD`.^.@..1..Z%.?.....?.LJ....HFd.U..)..^......u`~.CF.,{_C.........^.../7...7...w..1._@. ....t-..U.\ ;vv&.../...;........_m.2.0.0S.i.rvR..+&..Lt4..S...1&8+....90.2...P.QT...L+..A.._.............~.b7....W.v....[./..".~..e...`cS..l.".d.l.LZ...AV,+...Ad.G.1.#v.3w......^.....S.q.o.!.q...Ck...hN.I.\|.....OX..L..'..#..J..H.lg......+...h[i..u....N..;E.\|B.$......vd... .....DFP.uY....h.f........`....q......e..XZ.0z.}...e.8.7.`...,S.6....Y.\|"Z._...e..D..l.v4+S.....K.....i....;....w...`...jMa.]y..?...z.(..._(./...wB!.7....pnx+..A..z`.G".<.(...Bb....#..T.n.....SX....K+.l.=:`dF/...Vq.^+f.p.q.. U4`&.F..]c.....{k".9.....(W..7C.y...l....0....q....[..=........N.3../.c_z....}.dj..........R..

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 187x112, components 3
Category:	dropped
Size (bytes):	6620
Entropy (8bit):	7.921898058291516
Encrypted:	false
SSDEEP:	192:yRWoplGr/T3ba9eckIQqLJh2hG2rfBDYt6IPOqZm:yRWoplGr3a9eckIPUhG2rf0mqZm
MD5:	EE12AE8E6F2563706CED238BBA47F838
SHA1:	7253116387F119B9EC838B41DAB96DD13FAC4D76
SHA-256:	B3B47D264FD53307D39169B6B2E6CC476D001959F0DF13143341A1C711185A60
SHA-512:	E7A99881F74C9BF8B9D4BAAEB376E629A48E848C0E64020C49F947E291ADA6E36555A90B5EDB601C0A93662B07E2CAC47E6F2B808529490D58BFBC8CAB75F973
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..#.8..rsQF9.J....Z...c..jUR.I..3.RS[..QEY-.(...v.QW.7.o...UM..z..{!.Z..4.....s.QV.4..IF+v..l.....(.I.~.j..W._........MK.o..c......B....I>........>..&....C.j.........;.>.....G.T....G?)>9..#.Un.2O.?7..]y.sO.N1._,[...+iM..=....3.(#..>....n.(.jB2....y.R.2..5-.Wa.P....;....\..R.?... .5....R.AS.Y.tA..G..OaV...W.X=.....&1..W8...8...2[..rs....G T.Q$(.....]..o.....I.....$.6.r..X.pdn.....\K.*

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	11210
Entropy (8bit):	7.923835560431023
Encrypted:	false
SSDEEP:	192:yNVWOYFuRr7uLbsGLVP0NeRpsvMg1OH3CWw+CCi0MjdilGWYv5Ce65G0cAiW:yNVWOY8lbGLVSPo5xWjdilJG0c7W
MD5:	B5B24B1CC20F2EE2D469BB46243B6449
SHA1:	49D06A1896F73A5545248CD5CE668948C8AA1EF8
SHA-256:	A7A0694ABD59D1774A1DBAABB9E1939B78553648E13F5B9210233D7D37837E33
SHA-512:	E30C9B3C786E9598DCD6CBC33B3D8D8B486154CBA7FD27855D123F84D96B5E379BC35096C5E7261AC388FC999D4444965304A57AC586EA2BFEF0ADD2A3E2982B
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...............U...bl..Ny.Zi.}:9.;..,z.H..28..'.sa.T.%}..........p.MImm[L...g.J.[.,.......22..c..k.4.........x..v@.....pH#8.D...:T2.z.k.RG..6./,.t..,/.Z)c,.F.8?.#.9.VL...?..o.L.....\|.....R.......r.cQ.u.m.&.0.C..J.m...s.D.c.Fq..>m....Z2....6Ish.lou.....1X.4...uff (..$..........O..m...}GZ...6..[[.d.$V...0.[.[.......M.$.x....5KB......Z..'.&....r._....~..D..k.?.xGS....Io\|7..;.7.@.(I..b.

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x112, components 3
Category:	dropped
Size (bytes):	5985
Entropy (8bit):	7.831035620841423
Encrypted:	false
SSDEEP:	96:yEE7qnszK+NpTQzwZbki/HBNfNAny1LCtdciLxummpZGbSBF9:yEAqnR+rbkCJWtCiBm/GY/
MD5:	9D22CD1D2CCAC9A06BF44C137CB719C1
SHA1:	FCD10908E1DE5990F8EB9B54421C6F35978B9769
SHA-256:	1A17CAD5D7AAF9AB43FD9BF1F54430E72961F56AE756DDDE1C6AD5CDE211B23B
SHA-512:	9D1A2C081D78254C0804FB14B178C0AF41209DE3481EE29FB0F346AB5F1F1275A798D5E74B914ABD3EDBF4936C4F2ECA278D3CD61DDDBCE7607751E80A2C9D2D
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..W.....:...[hz..s{{{p.Y.....q+.T..Agfb.P.$..}.....+._ixG............"..._N..0...+.,..H..........0..i..8..W..6.+....'...+..bvu..../.;._.k.r......'.C....y...m.....".........F........E..g.......?....._s>.......q..?.m.W...O..$Q.......^...t../...H..W,...........~;.}..g.tW.....N..G....j?....l.9LZn.%..O......../3..-.l.@ .^)]t...:rM>....)..Y.?0..+B..(...(...(...(...(...K......\|y.....U.k{.S.....?..p..W.u

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 299 x 149, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	72809
Entropy (8bit):	7.991474133347129
Encrypted:	true
SSDEEP:	1536:AZfNghoiwCiLl2GkMv9tVJ6dAbwjxgeV505ccErKGhGpnS0xO0Fr:AZ1g2iwz2tMVtVPIgeV5Kjy3MxO0F
MD5:	C4FC61738D3D6C744FD1990A9BE890AD
SHA1:	4A0B3AC05914EA7B72E3AA7FF70021FC79813F19
SHA-256:	404AE61BDEF5E896E2D4417406F62A42EECD1A9460C4FE884E033230970E7AFC
SHA-512:	5F95CF60B6B5C6A42A5ECD985D1FAA2B2C876C9C5A258632AF9B4689C214D0A84ED069EAC87E21F9D4D351A34B9C5BE56A4E236C2824A83040EE6A6EC982F057
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...+..........qKR....IDATx...[..Yv.4......s...jWuW..v.c+.P....q7..yM.!.. ..<......((..E.XB"B".."m.XJ.....t.9u..u./s.1..c.uN.A...>.k..Z...c\|.7n.....W...[kc...$....,Xb..!x.......#c.pp.Y..`.. ..(?..}.`..@..X..#..yl...#.g.....].1...`.0.c}#..,....v.:..q.+d.l..k.\|..T6..^.].....[.8..Xo..p,_:.vc...'......8.........A&2..k........_.`..>...l.1.H.D...,.R...Rv.F#.....R+qa...:.w&@...s...h.. ".k,.k.T.,.....BLiXu...:....2X.{.TM.F/.K.<.<.e.y4u6T....ur....su+.....R).".R).\j]j.X3r.r=D@.Y..<...M..~x.0.$.iX.O..03!._.qk...6..>..p....cn.8.'.x.e..Y."..b4!q..{p.x.6.yl.EO........8~...?..~t.'.l..}_..R.3..........Wkq.u].b(D.n..Xk]..EWe=LL>9o..*.qL..du.@.PLW.;9v..R..b.^.CWD.@V.915f....@,.x'...>.....b..P..A....1....q..G..G#4b...hld..u.&..h\...z..t.l{.............&.....p18........}......_.y...Ka9.bv..<......~?n..~..o....3.1...............4y..3..3T6..2.l..0USIl4.........O_......u.=.`..+~..bJf6.+.\.q....7..#.^..........d}.^.y.so......R.9..<.....w.]x7....

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	dropped
Size (bytes):	12901
Entropy (8bit):	7.909506568406205
Encrypted:	false
SSDEEP:	384:yJO7Rx2tGfNjJv5Ne//OruSnf/Hn9V2X25u:8IFfhNfqS3Hn9A
MD5:	BABC5C0EEF0733F717A03E9889C55FD8
SHA1:	1EE6549773274ACF5535677B4BAADA0177AFA0B2
SHA-256:	6AB3B79D89D527EB7B27DC159100247F71F3A026565BD81857FD8AD700C7E270
SHA-512:	4D0F0FC992A1E53B7F0A89DF48994B08B07177260098D17058FBE914B418D230E874721DFD4F3393008A1EC0FFA431C723172CD0C7DAAC4E0FA85BB498A29027
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..q.W.W...'.\|%..-..."..f...t..../.S.W...Q.Y..Zdg,w...~..'....n..Z_..o5[...[S..?d.........G...\..:_.._XG...a.I..w;...H.,>_.e.0x.,S.9..).qRN/g.I.=ny...R.8G.......Vr.2..(..%d.4i.D....i..\...>(\.Mcw,.,PG............?...o....\|-.K4...HZ......].......P..~.x$i....._.v..da.v..q.........+.....m......z...&.$d...E}..p.L.0.i..c ..:.-..vZ......`3OeS.\|..yj4.2W...&.t..'...oO..-.....\|_.5y<I..Fi...Y...zWS

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 177x100, components 3
Category:	downloaded
Size (bytes):	3246
Entropy (8bit):	7.63353263792788
Encrypted:	false
SSDEEP:	48:yMuETA/TF+jxatETHOUUOtEDqkRHKtaWnpHSSc/hZ+rkz+REkk1S+:y3EeQjxaqTHBUOOqkRHKAWnWpkSb/d
MD5:	F3ED0D3BD84852879962E6FC0DA19A32
SHA1:	1243684016A30EBFC65BA023185128622140F25F
SHA-256:	5B74882C83E03E20E98AC8056EBAA3C939E0F3CE270F6A36E55A4F4CA61763D3
SHA-512:	C26AB72143D7C3C15ECCDA8C308CC27542D664D00A6F6EB33B3F477A25E3A1AFF8378A37193A7CFD9976CD622FE2A97D3B34B50DAF8055AB24FC40FE1E65C035
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_voi-cara-mengaktifkan-riwayat-obrolan-grup-tele.cropped_1637589736-1024x576.jpg
Preview:	..............................................................................................................................................d...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....._...e..;...?.~....\|L..f...".....[.....'..#....uk.F+v.Iz......5.:1r..%w.#.i...2:.=.0......i...p\|a...^...3....4...Z.....{.G...bI.....?.&..K.:._...g..K-.b..S.6k.^]#p...B..W.7.\|V..a.^_..?.....My.y.xo..".c..e.....m........x".....m~.X..."....g+....!U..d .{b...*.OmF5-k...W.\|.j~..{....QZ...Q@..Q@..Q@..`..0}...Q..h..4.QF.......

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	dropped
Size (bytes):	9023
Entropy (8bit):	7.888582845403039
Encrypted:	false
SSDEEP:	192:y9URiK1ThhHwT0hE96CDfmo1WwKTP+0mO8t7q:y9UoKRwT0hE4m+nwKhy0
MD5:	A04392B322A467B6FA53E08C951B630A
SHA1:	1CC445D21BFCF17CD4981718597B89FA9066C5EE
SHA-256:	3219A07B396FF9D134675CA29D772CF2938770B358E54BAB329D2884FAA1135C
SHA-512:	235E5EDBE36D422570E63A776EE3F66AA01380432B170EC59E60032031F598E2F99CBC0E16069930D27A5933768224E2DD58E8ACD9F0062C650A5A32CF05DCDD
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......I.k..q...0.$.xU..O`+..f..%.......[..m.G.../.5....:..yc..N...m.a/...We......yw.-.+o.~".[.$...8.$l=yVa..P.....~1....$.I..h6.d.......H..A..\|.@.....O.x.(qL..."tiQ.[.nQRm.get.{i{]...6S.b.X.q0S.I4..J.%.F..K..o...O......?....to.[...m.x.;.^.u-..4$.......^Yo.jx........................'....e..x.T....jv..s.....6.#v.1b...Y..'>...!g..[...\|E...:t+..C.h.j.s.l....$q... W..x.e_.......Y.K..@.

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	32278
Entropy (8bit):	6.352442464887222
Encrypted:	false
SSDEEP:	384:PlooYg0LqcBFLmoMLRzsfLVfL9SLxmLaEMSLOgLyhLlMcL3tL4yHX7iIL8RLQEQf:Pl7s0sQW0MIVSx6la+
MD5:	1B0F6C8126870BAD351A829F61EEB21B
SHA1:	A9B3B9D790C54CC4EA4E9139B6B46ED7AE1B1386
SHA-256:	795AD44D41FC1B2F492EA09799C61BA29B773716A5DA31EB8AA2DCD466A9C23E
SHA-512:	A76BFF7D1396BA60AE2F6228EB7A8E50F29149CE710846A87C4796EC52F1FDCFEEBF1EFB30BFD1C6B5ADE493FF07B6D62582FD4CCE9E3C23130BCF89B8CD1382
Malicious:	false
Reputation:	low
URL:	https://www.telegramhj.org/
Preview:	<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">......<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />.

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x118, components 3
Category:	dropped
Size (bytes):	10751
Entropy (8bit):	7.906583331916719
Encrypted:	false
SSDEEP:	192:y0OYfP04BRQrPYyzAR/X0XqA2yWpkXtj97733QTIrgRPOxodPn5:y0OeronARh6Xtj93gIrgRmxk5
MD5:	0F0AA14D1C150BCC3DF8A1BBA148B3D8
SHA1:	6CDC0798E359F0AF9B5EBE626D876F32737707C1
SHA-256:	E82D176A429B81AB8067F9631A11F2258B2AC796705F164E66781B4D9ACD0D7B
SHA-512:	30D767212D0EFCFD3432651BD6FB4BA78F89F5344778E6C4E7FCA6D399C9444F246C1D40EE5EA74E17C4F69F7817A7C80C222FFFB5BA8062E8B1DE81674B5AB1
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................v...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...f.~s...........~...8.3.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RPHPY..u$...o...F.....T.78.Uc..........$...v...T.En.'."...o............X[......K....q.72..:UL.J#(.^...(.4......Tno...HHQ....N*..k......Y..........$....FG.P...oV5.5t.......}R..$...ON..P...?ZJW...I@..(...(...(...(...(........R...J.BO.j.%

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x101, components 3
Category:	dropped
Size (bytes):	7096
Entropy (8bit):	7.905936927759236
Encrypted:	false
SSDEEP:	192:yNiaLBUvAgDGD/8eBywM0Xu/ZH3Kn3xgdu:yNiaLB9gc/t6/YWdu
MD5:	C9F9B678D0BA964BA9DFBF90E17A91EB
SHA1:	5138D609CEB9AA14E9A27AF59A1AA9EAE1360A98
SHA-256:	B1DD1101B81B16B013B12A19E8B1C54BCBF8F030ABB789885F6E126E5ED12F2E
SHA-512:	31574D2713EF4434E595CD9A19C8834E99D69F27165519E162402568D1A1DB9E54BEB28F1B59385FC2D2F54C86F355DB80812D614FBFC3F784800CE9986F4E38
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...s...0H.?.j.'.~7...E._.....Nc..4.......$.s....j.M.%..[n./6..T.T.QB.nOd.l....c@....=..o...F.....Kx....f............=.P.K4h.8...c....b/...).G......x.B..u..\|z..L..IebTFm....1...z...<a....I..h...S{/h.o.\.d.-.?H..)..8V.....\|.9...F7is]..?j..x..;..a..t..<A.x..<U...v:../n..-!X..'vDEP..R..`..vs....z..B3.y[I......(.(FWI.~.d....`.U....?.j..B.....V....\|P..1@....(....Q...(...px._..........

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 840 x 487, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	53316
Entropy (8bit):	7.965265678054814
Encrypted:	false
SSDEEP:	1536:gMPwGz33wW/wM+s3LHPYyE1+kn09/BETBfRO7hZ3:gun7/wMTYy2Vn0zETfq1
MD5:	F4EBBD76B086C583A0271B487FE34B85
SHA1:	B94F134B67FDF52BA1DEE9A2F1708A9DFD325BA2
SHA-256:	8AC29ED4158743CCBBE2C0F179008198627BB0C053060C017F2264476837293D
SHA-512:	0083EFA30FDFAFA664E28042576BE0ACD2EEAB68AF2EEB70C6F9B507D63EAAE811695EBD22310BE9CA4B98924D9B29ABE811B8B6F83F7A2DD2984A13134A4B46
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...H................PLTE...............666.........AAA......AAA...0........ ..&.....,..)..:..///988.........'''....................................0..fff.......~.....~r.w.....k.uj.oq.\|......q.q..{............~.{.........y.v............_........b.p...y..[......}..........b.h..\|.......................\|.\|.ott.{7..Y.iF.._`a....................a.....{..YXZNMMn.....lllTSS...y.._..U..trp...yxy........z.ws~.GFF...........e{.q............~.....Vz....is\|l^VH}...........k......nj................\|.....wedi.l...^hu........x........~n...w.o<t.......s...ztD...........}....}n....xsZO.`......gSD.}....r.......}0Ci...#j.W>7KUo...7I.^R.I].....M.j.p,4....H$Y..V....~..tc..)..T........m.e.g...ez,.@.G....?V,.../..J.I~.7W.~..^V......T.].^..O.:c/.......tRNS.R.x.x3...H..G....IDATx....j.0....B....=.^O..\|.-..ZS........l.E......#b..s...c...G.. j.......@......"[#.O.9...I"G.A..s.x.\|.....rs..?t.$.$8..K.....T...... ...o..!.<..$%.....$@.

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 171x109, components 3
Category:	dropped
Size (bytes):	11966
Entropy (8bit):	7.952304715543092
Encrypted:	false
SSDEEP:	192:yoxMmoT89eiYXrpk2gXbHXOx6fQbXrGcAKAMEZz4E8VY/8RkB2zFVH6Rng8+5N:yoxMPPbDubHhfUpARrzB8VY+kB2zKJgB
MD5:	42C20E616AD8789E6C0FF634E8E4E242
SHA1:	31C068206637D0D7EF3E6FB4590D7684719BF91E
SHA-256:	AF70F8D4E68CF6927216E5BA008595924C1F7C50119F4B8EDA3CA2EE1A6B2872
SHA-512:	ABC41BE1426EC4C57B988DD7F4A82B28CC579B315BF3AAD3933965A7BCF97E90C3665E7A3B5198F74F8DC130AC139BA3EA446C1F669402EA8917137B80632DCF
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...B..e..&V...8g....f.,V.l...rL..f...k..4.n..[.^'\.^.G.u...t..Sq0.;t..H.E.....8.+..0.D.u.....!M...7.q..?.P.b (f....Y.....<i{........z/.</.6...-..vQ...J..X.du.MyW.5.).Iv4.../1.rd..i...f..:.e5.oC....b...fm.Q.Y....&9o.j..c..E.Q...>.J.=........=....u...h~...[.......fb0...);.\|f?..[f%.i..[.1..S.........{o...S[}(....\|.P>.g#...3.I....]\|;..i^6...q$v..+....x.....J..^.&.......p..:....h....>.9...%J4f..k.o...

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	5.157520760822341
Encrypted:	false
SSDEEP:	48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
MD5:	975B4112A366CCA6B9BF2C84E268268C
SHA1:	97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
SHA-256:	181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
SHA-512:	1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-favicon.ico
Preview:	...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+....)....)..)....)......)....)..)..)..)..)..)..)..)..)....--.............................+..+..............................................+..+......................I....+..............+....+..+..+..+..+..+....+......+....+..+....,..I..................+..+..+..+..+..+..+..+..

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x110, components 3
Category:	dropped
Size (bytes):	8112
Entropy (8bit):	7.922411740666503
Encrypted:	false
SSDEEP:	192:yqaPsHL/W4gpCjHUJVR8GwHaFE19ip7+po5Yb0:yqaPK/jMCjE8arMpo5w0
MD5:	B9628599D071DC6A95E3639F3F029D9E
SHA1:	6251875D3F90AEF0B8EAB7E8BE9FA12CC0235CCF
SHA-256:	75750FAAF3E1603A2C3357B29638745CBAD38E2A613559AE5A2EEB695DF9B339
SHA-512:	028FC42FAF58470B198F0E5BF17826A1C5BD7D4FFAF73DF635BEE508DF12321F49F0F4DEAFDCEEC4F050C733DF7A988CCAB5D01E2F8FCE1652A74F893E8621E7
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................n...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......a....J..+.).ml......?sw.z.^.......Oi:.......-....B<.Q.....2M.[.9......t....+8....@......O....).3.{.......3.w:o.........q...g......>".x....>.e.d... .......Q...g<.O<\....,......O...\|Ee.S@_..<...?0.U.d.=....'......Z..[....t.L.$s....v.....[.Z.RN}..be.P94..J.`u......1A...`.......'..i....(.9.c....V....)........[..63...7.P.-Y...\|.g...W..`...pps.Tr..hRl.c\..2D.U.m.)..=...e.m.aU....?.ZO...4.

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x118, components 3
Category:	downloaded
Size (bytes):	10751
Entropy (8bit):	7.906583331916719
Encrypted:	false
SSDEEP:	192:y0OYfP04BRQrPYyzAR/X0XqA2yWpkXtj97733QTIrgRPOxodPn5:y0OeronARh6Xtj93gIrgRmxk5
MD5:	0F0AA14D1C150BCC3DF8A1BBA148B3D8
SHA1:	6CDC0798E359F0AF9B5EBE626D876F32737707C1
SHA-256:	E82D176A429B81AB8067F9631A11F2258B2AC796705F164E66781B4D9ACD0D7B
SHA-512:	30D767212D0EFCFD3432651BD6FB4BA78F89F5344778E6C4E7FCA6D399C9444F246C1D40EE5EA74E17C4F69F7817A7C80C222FFFB5BA8062E8B1DE81674B5AB1
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1644499014-0c97040fe2da46a986b9c2ccb471c7b1-3-1-1024x558.jpg
Preview:	..............................................................................................................................................v...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...f.~s...........~...8.3.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RPHPY..u$...o...F.....T.78.Uc..........$...v...T.En.'."...o............X[......K....q.72..:UL.J#(.^...(.4......Tno...HHQ....N*..k......Y..........$....FG.P...oV5.5t.......}R..$...ON..P...?ZJW...I@..(...(...(...(...(........R...J.BO.j.%

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 150x112, components 3
Category:	downloaded
Size (bytes):	10561
Entropy (8bit):	7.901761975904386
Encrypted:	false
SSDEEP:	192:yw8/+sy8MPJiP0WMFQKrT7ofenVxYiqjyKLE9aNVijQX+ewiEy0SJ:yw87y8MPJNzN7o8Vxvqjy4E9oVSQX+GJ
MD5:	31D8C5DE7A1CF1631F6D528E39383A08
SHA1:	CEAF03D72E2BFDB4871F0D41B910CAAC62CEAF09
SHA-256:	B8785AF7368C9FBA871D3EC23E33255ECA70CF4BAED835D32BE67E0C40778663
SHA-512:	62B8F763A73748EB2BA95FC12D3E9850A331E8186E1747FE6D6727731900C50FD408C689518F21BE69942A07C5BAE37FD0639DBB50ACD96140582DD4281BFDDF
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_Telegram-co-bi-theo-doi-khong-1.jpg
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..r.......i2.~......N..N.N...}.R...j.........+..Oe/.5).....qe.}....>..1._...........8\|@.&9-.^I+...eI!.....w....C...L..S..=A.....h.=.Z..^l...{t_...Y....7..^...O.+..../]./.."h7...Z)%....77....B./.?b..[......3x._o......1.>............#i.>..N.`.8.-.i..k....O....\|2.N..#.:l..K..g...^..`..U..%p..x<Fp88.(.y.mW.....v..-...e.Ly.;..w...y.._.!....Z...t...}N....+yc.Mw~'.w....E.k.....V......D.......

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1857
Entropy (8bit):	7.855222877921013
Encrypted:	false
SSDEEP:	48:J4c1oVOCC38+S2V8Tm8YTDf5Jmeqyhgmu:JFyVo/CNaf5apmu
MD5:	805A8459450FF428463CA4BA365412CB
SHA1:	1C46F97F32C1BFE579988D7AE5DADD5A6464B011
SHA-256:	F2484603A4C0D535E032DA9232E456B3C6AD1F4998B1AA57D275CD58DC28B0F9
SHA-512:	1C0F710B4311387D7E795733D1F3772404BE33551BD41422E17CFDC6BF7291F34C4AC5E80B893E1D06ADA9B26FC84E724A9A4CB293737355F031ECA16AFFF2F7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...@...@......iq.....sRGB.........IDATx^.[}..e.~...Cz.fV#A4R...Hh....'..b..).....G.bo.....h@>n..F...J.Z.5....g........A....g...Y..vgvwfgw.kw...}<.3..7.;..q~.8....8....f....... =.-..n.a..z...C@_..td.;.\.IT.Ge.Ns.....'..6..H.(7.q.....D....(./N..n..u.r..R..5.......{......./.qW.....%..H....;."o.Xi[.'....5..By-!.6. ..M0..N.8V.'1.$6..za.j.o.X /.d6..._.....H.......G.'f.......P.J....A...X..G...F....p.}_......:)BG.8..>....^.#.._...+.../.x..A~4.C...?s.M..;%BG...S$?.&.g`V.x.}..Z...#CC...s."....].2HL..../..........Y....cb.......`./.P#...=.$^#......$N.O......v....g..7.....O....#..{....O.f....h.p.A... W.S.cib......$...#.....xZ...^(....kb.<i[....Z.....D.{%..'..........N.kz._....m o......6.....^C.G!p.2.......3.\........X.[...B.(.....8..h.H].y.................#.$....gdY.......7.../....1.p.H.H..(=...9}..~...n....r3\|...1.k..-$.T.g..;.vq...^..9..z2...-.fN...w.<.'_.WO.5....~..wj.-.8.V.\|..o....{..#..^Y4...'.M.."....noR.+.+_p.......q

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	9091
Entropy (8bit):	7.898668893648029
Encrypted:	false
SSDEEP:	192:yNfEufkIJsxyj4q9s9+P0ppdNFJPYuhCEHgBxPcBgHT8mTDuqBZ:yN1fjJsOOVdNHPY+0xogzJnH/
MD5:	1C1BC9F0F634CDC139FC54C1050F3324
SHA1:	41E148262CAED1EA6E0813B35243ACA90D60E490
SHA-256:	38760335A0C016D3CE7A19F8205F132AFF2A1EDC1EFEDA41E845AFEA6CAB4B29
SHA-512:	081FC12820FB9A51DC5187CD857F907854B560045109C53A399C4953B5D62967EFCC4DE394F18ED8FA124BB7654C3FE0AA99AEA38988AE8AC8E622D74940ADD0
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(..:.......`.,H?)..]&.......r..d.$..R.....(.W..:......t.......X.6x.../.?.\|2.gw...>!...]Kqw#.i..A......$j...wPT._.............3..,....#.U.w....x#X.....VsH&..X..e.YI..F..}q....x'.><..~;i.*..Q.s.X..I.+..g"n..+...u.._.:....~......N.4..i..:..C,...P.$.k..Ng..V..RZ.......Ih..j..(...$.....L....~...'mv........w...$.g..J...'j.'.q.=k.5...'.tt.S......S.S.......!....+....K.e.At?.m_....uZ[.......

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x116, components 3
Category:	downloaded
Size (bytes):	4918
Entropy (8bit):	7.869193450497874
Encrypted:	false
SSDEEP:	96:yeECIIIvJ0q2i7ywBpWiyKWkiMzbJB/PGPIDhpuBDEzakuGCEuD:yerIIIByi7ys+K5BzbJB/PGQDhgBDEOb
MD5:	E699C33D29E5067BD0E5278A37B0831E
SHA1:	377B0C5C6D79B8F8BF41D5CA03AB7215CAF03C17
SHA-256:	EA0FE09CCCEAA86326BAF68B15CD2E9952A98960940457CC163CEEAF9CD336FE
SHA-512:	7782F901DA8FA37C2E894BC42B0A1D6F391A6414F3F9B9B71E3321F290D25873375076FC17F62913BD819B7E4224D7420734EC29418C896E0505BC0985966C45
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-92-1024x576.jpg
Preview:	..............................................................................................................................................t...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....?..>.?.......<..._...G.K........A...?.......A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....~.@R. ..... .......(..../i )}..\|.T}..\|.Uw.?..y...i )}..\|.T}..\|.Uw.?..y........?..>.?.......<...K.H._d..?..d..?.].....A...H._d..?..d..?.].....A...H._d..?..d..?.].....A..@_.....R..s......g...tb.{.\|.c\....:.6.......(....I.{.<.cO.D=.......(....I.{.

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 213 x 111, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	13381
Entropy (8bit):	7.978631033763193
Encrypted:	false
SSDEEP:	384:vc6Kh61C2aH/vOZoe1zFiNAv/fjcGwOKM8kyfF7EMr:rKQ1zimu4RiN2L8OKM8kyp
MD5:	F5BE23C7097EBE8FF3C0146F9ED943FE
SHA1:	EFCE05455497F0DE65DD376BED3AD223D8F0973A
SHA-256:	9D9E5DEBA4E1E9510ECF9E9C1B31A27E297E298804C9572E5FDD7F7EDDE52467
SHA-512:	49D8BF310010C14A65225F5B6580DC4F8C56A51580CDBA4C081F55A29861D9D1A83EA8F69CE7CD7B7943D0CDB664C3E933F9439143BCC80D4A6E29F144EEB121
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-169.png
Preview:	.PNG........IHDR.......o......s....4.IDATx..}go$I..HS.UtM.....q...{8..t..N.9...O.......}..a%h..p:.N#.wfv.i.nv.{..fF...b.aU....]U].\|..y......x...NC9.....V.....~.......p...6!...,,o.T........P.A^..9...\|..<../...}.pi..y...8.9..m!.f'...\..R.b...j.>^.....E.)@t...%.fGG.....0..tA.[.P._.z.H....2...S]{....ws.........E..).m.E......t..N.._....o.\|.d.{,..(5$.5-.......Y.&.....H.Q.\...u.2.'u2.m.{....A.!)<...;...o..>...,3V..>-.....o..g..\..GB.^..!....a...5..b...-q..(.......F..?..6....C...@......a.H...6...R..X.~.O...?...(Ok.C".\-...[U.\|...`H.,%>.A....J?. ..x..F.6].......>}.Gu\|<w....\T."x5L....:......_....<.@...pa....(Y.H\|\|.<....I\|jO...C..+.H..d...O.."S...>.....$.6.%.e.H.b.?..g..8..1\|.bY.=..}...Y&:.8..pm.5.Xw..N.....F...z.W...J.^..a..F....FE.h9..1..*.L...t.....?.T....7$...?a..l..f.A"&s..H...6. 3[.A;..E_.9-.....7j.V...&..{....:F..=.OP..~#`je..{x.\|..$w....\|B .#E\|(...............=....c..yh....Ei.....p..M.<\|[k..U.....M...5x..W......Hk......{..PE..F.

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 183 x 103, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	18209
Entropy (8bit):	7.983612443674371
Encrypted:	false
SSDEEP:	384:rD0ENiXSw+jEYRwLktLN0klxXe6I8dk1jVmuwB4QokE:P0E0XfjYRUQTDXHI8deVcB4P
MD5:	2FC0702AB0F3B6A6625E4BBAC1817D32
SHA1:	46633FA38D49EBAEA85E19EC817D3ABDB83A1A5F
SHA-256:	6E1C47ADD27B5B21921D76E364368069674A76D73404A223C7BD6FEED1C0853B
SHA-512:	C947482687C34A1950CCDC04C50CC3340C087F454B03BE6C2A603C53A909BC9E6DFB64387A84787A5548BB93B51DB61EBD0FA5B489A4B025AA79CF50FF038002
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_app_review_telegram_wp_upload-1024x536.png
Preview:	.PNG........IHDR.......g......2D...F.IDATx....eEu8\|NU.{...2...t.2.0.....(...qC J.h\.}.M4...?1...(.. .eSV.E.a.a.f...^_...U....{.....u..O.X.ox..zuk9u.:...... ... ............].........H.$`{.pB..p<..R....G......U....`.._....../o?d........z...O29.^19...N.. ..:9.......M:9..2Y...P6Xf.B...$.}E0H...nUb...&.X.....J8.."\..MQ.dP62F.D`.\H.T.h..Z.......Pm.j.....Z.....%@..K....2..x.O.I.p.J.G.'...A..I.3........5....T....8.:/.}..>s<..T.8.. ......%N.gA..U..Q....1.)m..Y!@.......d.wK=.@..~.DT..@T'.O..O29.^19P}r......MB ....q..Xh...-...^........U})"a.o....%...L....}G.t@..LiPS...kr~...AU0...EJ`....N.:e.(..D...W....0.J.....,....."......#%...{..=....;s9......o.....Y.7(#..._.v............._...1>...A.o...w.EE...L...H_.l..\..h.X......."/..n..dm`.-.D.h4.....U+..B}=..Ap..Y.ye'...j....).]..W....P_O.ch...._.3.....1.p..WF.....x.,.....D.........t.2..:h....n2h...f0..f.g.{.'.=....Ym..X...I...].....U...'...t&..O.d....OT. .^R....D..L.q..0.RJJ``(..e...t<...i...).&.. .2`. .

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 240x113, components 3
Category:	downloaded
Size (bytes):	7705
Entropy (8bit):	7.911099322873193
Encrypted:	false
SSDEEP:	192:yLA8DBTFsHzOf5cmETpJzpPchoqkZowIuyPCxP:yLnDBiH6f5cTpZ1D3awIrM
MD5:	1A003D47608336EFFA12D901CB3E50E2
SHA1:	2AC6BF734E5F7232E9552862F4FA9FFECBDB8A76
SHA-256:	61E78EDC9AA251EB3FD785493B7D2F2DC4048A40CF47A0473A48B1E4A392C5F4
SHA-512:	F0AF9BE09BE734038C8385006B2FBC199A320800DD106107B67DCA39824C8AFFB6EB3ED18D0E31E8F410E807D783932579F3D03EB9571563EA866AFAE6D05F69
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064757.034.jpg
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....<.8....x.'.F......]....~.....\|.O..B.=.......xo<...]u...~..W#....+.b.7T.8......J_.F...]...@....v...c..>.{$p.....?...9.?.....a.T...Mf2}E..7.{...Q........(....".Q.S..}..g......X...s.._.].h.?.~T......fMu%.83.._.L>....W]......I8..I.`.U...A...j.,...\|.2....R/..#g...._+..%p..e..].......&.B.Ns}.S.[#...w8..G..Qu$...z.d.l...6{.Q?...?.A.?.'........j...>i..`R..x..u..'......k.t.\|.G...?..?.~...^.,W..

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1857
Entropy (8bit):	7.855222877921013
Encrypted:	false
SSDEEP:	48:J4c1oVOCC38+S2V8Tm8YTDf5Jmeqyhgmu:JFyVo/CNaf5apmu
MD5:	805A8459450FF428463CA4BA365412CB
SHA1:	1C46F97F32C1BFE579988D7AE5DADD5A6464B011
SHA-256:	F2484603A4C0D535E032DA9232E456B3C6AD1F4998B1AA57D275CD58DC28B0F9
SHA-512:	1C0F710B4311387D7E795733D1F3772404BE33551BD41422E17CFDC6BF7291F34C4AC5E80B893E1D06ADA9B26FC84E724A9A4CB293737355F031ECA16AFFF2F7
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-12/to-top.png
Preview:	.PNG........IHDR...@...@......iq.....sRGB.........IDATx^.[}..e.~...Cz.fV#A4R...Hh....'..b..).....G.bo.....h@>n..F...J.Z.5....g........A....g...Y..vgvwfgw.kw...}<.3..7.;..q~.8....8....f....... =.-..n.a..z...C@_..td.;.\.IT.Ge.Ns.....'..6..H.(7.q.....D....(./N..n..u.r..R..5.......{......./.qW.....%..H....;."o.Xi[.'....5..By-!.6. ..M0..N.8V.'1.$6..za.j.o.X /.d6..._.....H.......G.'f.......P.J....A...X..G...F....p.}_......:)BG.8..>....^.#.._...+.../.x..A~4.C...?s.M..;%BG...S$?.&.g`V.x.}..Z...#CC...s."....].2HL..../..........Y....cb.......`./.P#...=.$^#......$N.O......v....g..7.....O....#..{....O.f....h.p.A... W.S.cib......$...#.....xZ...^(....kb.<i[....Z.....D.{%..'..........N.kz._....m o......6.....^C.G!p.2.......3.\........X.[...B.(.....8..h.H].y.................#.$....gdY.......7.../....1.p.H.H..(=...9}..~...n....r3\|...1.k..-$.T.g..;.vq...^..9..z2...-.fN...w.<.'_.WO.5....~..wj.-.8.V.\|..o....{..#..^Y4...'.M.."....noR.+.+_p.......q

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x112, components 3
Category:	downloaded
Size (bytes):	5985
Entropy (8bit):	7.831035620841423
Encrypted:	false
SSDEEP:	96:yEE7qnszK+NpTQzwZbki/HBNfNAny1LCtdciLxummpZGbSBF9:yEAqnR+rbkCJWtCiBm/GY/
MD5:	9D22CD1D2CCAC9A06BF44C137CB719C1
SHA1:	FCD10908E1DE5990F8EB9B54421C6F35978B9769
SHA-256:	1A17CAD5D7AAF9AB43FD9BF1F54430E72961F56AE756DDDE1C6AD5CDE211B23B
SHA-512:	9D1A2C081D78254C0804FB14B178C0AF41209DE3481EE29FB0F346AB5F1F1275A798D5E74B914ABD3EDBF4936C4F2ECA278D3CD61DDDBCE7607751E80A2C9D2D
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_hq720-25.jpg
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..W.....:...[hz..s{{{p.Y.....q+.T..Agfb.P.$..}.....+._ixG............"..._N..0...+.,..H..........0..i..8..W..6.+....'...+..bvu..../.;._.k.r......'.C....y...m.....".........F........E..g.......?....._s>.......q..?.m.W...O..$Q.......^...t../...H..W,...........~;.}..g.tW.....N..G....j?....l.9LZn.%..O......../3..-.l.@ .^)]t...:rM>....)..Y.?0..+B..(...(...(...(...(...K......\|y.....U.k{.S.....?..p..W.u

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 168 x 115, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	42093
Entropy (8bit):	7.988071399302453
Encrypted:	false
SSDEEP:	768:DDsIeoDkGjplNLJassQy/vILZSIHJSagdzz5yYzb/oq3VB0b:HsIe8R9lNLsvQy/24IpSa8z1yEb/LlB8
MD5:	A586A0B950DD69E95FAC57F5CF58C48E
SHA1:	BA31B98D3DADD59C170E9018709629BFD8FAACC1
SHA-256:	F7C783FBE4C3C5F68DA60198098C5CCC9A25EA4FB4F7FFD30B756705E693C2EC
SHA-512:	C4E8A3F84DE4FD0247012C89CA0133F808D77D84B267BC9045023BE0B753B806FF484A6214600FE76C5517A8F26810004A09F8F34399DD90A2593C462D969335
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......s.............IDATx.d.....y&..T.s...g0... ..L`..(Q.%K.W.....'yW.%.d..:...e.+...K*R... A....sO.\.s.....6....].]u..~..."........\|...%....Fe........-.. ...H8....@.0t.2.........A.1...q.i6..V.]].-..g.s....[..?.O...}...6_n..[GA....I.E....P.@&. .....;>....z...+??{.bwgg@....s..T,.XV4. ....j..z.........z....g.0.:eJi.^....E.....?O.....ym=/h............oD.EB@Y.`...-...#......\|.,a..U^.0..^......t%lH,..eP.$A.Q.R.W:..hD.k......}!...R...if:..aIP../.1..\.W....m......paf...5..,...D..1...[Y....3...r....X8L)...>.b.\|`.6..6.gx..........{+.!AP.@.....I.ns.]q..Q.P.o...3..q.^.ezv...4...+.?.xog......R1.K`.=..\|....o_..[..S...c.0.eQV.....(.F."D.......e.3....!..s%.....\|.J....0.DQ.( +.J,.J.#XR.@..R... ..5)G:.P.....)....1.....@.8...D.d....' R.VF.n..-g.....r......"<s...7........;..K&TYc^.#..9F.i6^~.g\V...DA.....K..k..tGZ..a+z.P...Z..}...o.i4..._..F....l.....WL.,.a.. b..n...Z.y.eY..:.Q...z..]/.=..0....KK..r!.Hv...P.a..~p;.p~.'.>C.H.)..o.....b....kj.UZ.E

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 213x101, components 3
Category:	dropped
Size (bytes):	6052
Entropy (8bit):	7.896641690742874
Encrypted:	false
SSDEEP:	96:y+Ek2+u5NJBjJ56R9XfQzbHXXmzA2nkayLtaTqM3ykOSEZyE7st4nIEOplXut:y+1zuXJFSDQzbHnmzA2kascZyb18tijl
MD5:	407F398DECDB933DD6E6854B555847C9
SHA1:	4D01C65FAFA81C711854CCEC9365C880FDD6323B
SHA-256:	45E1904B4E11AB6A761182076D51E2DEAF19AB278257449C028ABBE974797BFC
SHA-512:	E6FE86957636EDAAE88DB99AB00C87B2D793D10995A1DAFFF7069D777FE92080D2DAA5873F010E426AEA3D91489D4085A3B25714E78CF430EB6C7FBDCE17D6F3
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(.(...+.l...+\|u..N....6.[..3...i....5 A.....[.....YU!.O..8B..d@{...(......FU...G.?.V.......S..O<.f.:.k#/QWL(}...D.h..U.P.4....Y. .0j6R..\M#>.Y`..2=....t....e..>..........5..A..DA....7t..N...1.U...._.2.=j...k&..L.<......g'..j..0zv5VH....a8#...fH....D9 }kF.....U....sJ=..s..,[..Rh.I.iM.S..<y..YI]...s.. G..M.?0.Z.,t.J.4De..iF.u9...M..53.I.t../.X.JJ.G.=.S.m..b..-.....<._^...;.,C..t..

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 299 x 149, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	72809
Entropy (8bit):	7.991474133347129
Encrypted:	true
SSDEEP:	1536:AZfNghoiwCiLl2GkMv9tVJ6dAbwjxgeV505ccErKGhGpnS0xO0Fr:AZ1g2iwz2tMVtVPIgeV5Kjy3MxO0F
MD5:	C4FC61738D3D6C744FD1990A9BE890AD
SHA1:	4A0B3AC05914EA7B72E3AA7FF70021FC79813F19
SHA-256:	404AE61BDEF5E896E2D4417406F62A42EECD1A9460C4FE884E033230970E7AFC
SHA-512:	5F95CF60B6B5C6A42A5ECD985D1FAA2B2C876C9C5A258632AF9B4689C214D0A84ED069EAC87E21F9D4D351A34B9C5BE56A4E236C2824A83040EE6A6EC982F057
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1688906340-1646515406117222.png
Preview:	.PNG........IHDR...+..........qKR....IDATx...[..Yv.4......s...jWuW..v.c+.P....q7..yM.!.. ..<......((..E.XB"B".."m.XJ.....t.9u..u./s.1..c.uN.A...>.k..Z...c\|.7n.....W...[kc...$....,Xb..!x.......#c.pp.Y..`.. ..(?..}.`..@..X..#..yl...#.g.....].1...`.0.c}#..,....v.:..q.+d.l..k.\|..T6..^.].....[.8..Xo..p,_:.vc...'......8.........A&2..k........_.`..>...l.1.H.D...,.R...Rv.F#.....R+qa...:.w&@...s...h.. ".k,.k.T.,.....BLiXu...:....2X.{.TM.F/.K.<.<.e.y4u6T....ur....su+.....R).".R).\j]j.X3r.r=D@.Y..<...M..~x.0.$.iX.O..03!._.qk...6..>..p....cn.8.'.x.e..Y."..b4!q..{p.x.6.yl.EO........8~...?..~t.'.l..}_..R.3..........Wkq.u].b(D.n..Xk]..EWe=LL>9o..*.qL..du.@.PLW.;9v..R..b.^.CWD.@V.915f....@,.x'...>.....b..P..A....1....q..G..G#4b...hld..u.&..h\...z..t.l{.............&.....p18........}......_.y...Ka9.bv..<......~?n..~..o....3.1...............4y..3..3T6..2.l..0USIl4.........O_......u.=.`..+~..bJf6.+.\.q....7..#.^..........d}.^.y.so......R.9..<.....w.]x7....

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	13503
Entropy (8bit):	7.949065795064964
Encrypted:	false
SSDEEP:	384:yNuKJZZGEQD1KP9gxUDm/bZ66tZQ2sP4gDsc:gnZZGEHP9gxUDm/n/s3DT
MD5:	2A4057DDF8A342182C0F1D077BCD3F8C
SHA1:	B6886060EB41D419D9BB096E97A8C9D42792C1FA
SHA-256:	2ADD6C33D05E8195C5B2254740EA420303A452ECF285EFF6FA2DAEFB4D0C2433
SHA-512:	D84BAD3D3D46B171DFC2115EF57E5EB4FCC8FAB4942211740EFF7186C8C8075A0CDEF4DFB0E9F61EA9F8EA715F6A27800E0174FF7125B319A0DDB9EAD8EB2925
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6.m...$.]...]..n@#.{(....>.9.x....&*.2...2.........R=OO...r;..GB1.A..+..O....K>3..b$..8.~.....~...O ......"..g.k..i...1K...s..J......o........)..>!^. ..C.>...d...........\|cC..M...b.......W....K...j.D.w7.].W..VA....Tj...m..../..1.:.Q.\|../.....NX..X...z.. .b>Q\...._^.......N.Nd...x.G..g.p+...<..<I}..:.K....g..H......n....R..Wp.Y........+^....6......}....Z......,.I}{..R..Y...zs'5..x...

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x106, components 3
Category:	dropped
Size (bytes):	8535
Entropy (8bit):	7.910756349094721
Encrypted:	false
SSDEEP:	192:y27omwMNSbVW1dUxov7Ub377AUYv6QUOv5/RLQSMDW8XEymVziQOyX9:y27hwM/zUCTq3773YhUy/jjyOeGX9
MD5:	740873A21E9A42A22AE09F8CD5700422
SHA1:	51894D061BDCC782866935A8EE3B9B780810F75A
SHA-256:	4D87BDC8CA8CF19B899AD528C651F7AA213BFEFDF113E9B68D9B748BFF475612
SHA-512:	867B9D39EBE429EB47B379FD8D245F765CDD1F7080B883535C57019FBB4C22A0EEA74A7E7AC7315E5189D5ADCFE084887BC2AD3CE020444AD84E81687C0DA224
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................j...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..D..+....(...(....u-?G..U.......qq<..4.Y........-.....2...A.. ..s....&...srq.....^34..B7........\./...ef.KY?E../3._.x....:..5.=>...k...a...........;...4..S\.9.......u.m..+.O..."...../T.H...rKu4...4.I...p.R2J.......?..4...?.V.g.j.5.oq....Ws.o...n.#8....H...Y.Tw.j7j.kv.G.b...<g..N0.uy4.d..._3.5...D.......O.ZZ......!Vb2.,.p..&..k...d....i......~1...k....<../...f.&.l...1.. .*\ ....g8$.f.SA.

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 180x101, components 3
Category:	dropped
Size (bytes):	11341
Entropy (8bit):	7.924463832478985
Encrypted:	false
SSDEEP:	192:y7RVevp113q9+jXhqUWusTTIvSdhE03LHhwJ2KZJR3Ep1azFUZM5Dj23/JF0ZE:y7WB19q9+lzWtIAf3mnJOLazFcMxjQ/5
MD5:	EBF6BC8854B66167A59D2A8A8839835B
SHA1:	A7B42499AC0B01AFB6EDA0460C6916D04A95AF38
SHA-256:	85006D6716B718D508C8E87B3C728C65B8298D0713AEEDDDAFDC6FE013E81EF9
SHA-512:	C5C702D0A2EBA6C2D57639F087A1D22EA3BFE45694CDFDC1745A218148191376E0FA316294A6D02057CA92A1BF9D3228D13C890A8EC0CBE897CFCC718ECF6786
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..kJ...WBe{/..).-.....d.dt..._.....REK.....I$X.d...s..>..Iqa...1#Z....i2.m...$w.l.~...ll....-o...R...K.O....S_>..}.iE..=.J.....?..$.....yJH_...\|.?._....,..fO.....9..,v.\|.S.T..+.....7W....5,......Z. .q.V5..s..`..Jv.Y..)`.C....;F=.'B...Y=.t.i{..jz....t......[Gs"1%..._m....>.\|.......+.`+.M+.g$q.}...........@xJ+.l.nm.....9.Z.......y......K.0..8^..W..4.Q.}o.........k_n. ..5....'.p._.........x..P......

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x106, components 3
Category:	downloaded
Size (bytes):	8535
Entropy (8bit):	7.910756349094721
Encrypted:	false
SSDEEP:	192:y27omwMNSbVW1dUxov7Ub377AUYv6QUOv5/RLQSMDW8XEymVziQOyX9:y27hwM/zUCTq3773YhUy/jjyOeGX9
MD5:	740873A21E9A42A22AE09F8CD5700422
SHA1:	51894D061BDCC782866935A8EE3B9B780810F75A
SHA-256:	4D87BDC8CA8CF19B899AD528C651F7AA213BFEFDF113E9B68D9B748BFF475612
SHA-512:	867B9D39EBE429EB47B379FD8D245F765CDD1F7080B883535C57019FBB4C22A0EEA74A7E7AC7315E5189D5ADCFE084887BC2AD3CE020444AD84E81687C0DA224
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_7f834dfeb42747f2b3cf014a95542fb3-1024x576.jpg
Preview:	..............................................................................................................................................j...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..D..+....(...(....u-?G..U.......qq<..4.Y........-.....2...A.. ..s....&...srq.....^34..B7........\./...ef.KY?E../3._.x....:..5.=>...k...a...........;...4..S\.9.......u.m..+.O..."...../T.H...rKu4...4.I...p.R2J.......?..4...?.V.g.j.5.oq....Ws.o...n.#8....H...Y.Tw.j7j.kv.G.b...<g..N0.uy4.d..._3.5...D.......O.ZZ......!Vb2.,.p..&..k...d....i......~1...k....<../...f.&.l...1.. .*\ ....g8$.f.SA.

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 171x109, components 3
Category:	downloaded
Size (bytes):	11966
Entropy (8bit):	7.952304715543092
Encrypted:	false
SSDEEP:	192:yoxMmoT89eiYXrpk2gXbHXOx6fQbXrGcAKAMEZz4E8VY/8RkB2zFVH6Rng8+5N:yoxMPPbDubHhfUpARrzB8VY+kB2zKJgB
MD5:	42C20E616AD8789E6C0FF634E8E4E242
SHA1:	31C068206637D0D7EF3E6FB4590D7684719BF91E
SHA-256:	AF70F8D4E68CF6927216E5BA008595924C1F7C50119F4B8EDA3CA2EE1A6B2872
SHA-512:	ABC41BE1426EC4C57B988DD7F4A82B28CC579B315BF3AAD3933965A7BCF97E90C3665E7A3B5198F74F8DC130AC139BA3EA446C1F669402EA8917137B80632DCF
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_202403311711862473364237.jpg
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...B..e..&V...8g....f.,V.l...rL..f...k..4.n..[.^'\.^.G.u...t..Sq0.;t..H.E.....8.+..0.D.u.....!M...7.q..?.P.b (f....Y.....<i{........z/.</.6...-..vQ...J..X.du.MyW.5.).Iv4.../1.rd..i...f..:.e5.oC....b...fm.Q.Y....&9o.j..c..E.Q...>.J.=........=....u...h~...[.......fb0...);.\|f?..[f%.i..[.1..S.........{o...S[}(....\|.P>.g#...3.I....]\|;..i^6...q$v..+....x.....J..^.&.......p..:....h....>.9...%J4f..k.o...

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	13503
Entropy (8bit):	7.949065795064964
Encrypted:	false
SSDEEP:	384:yNuKJZZGEQD1KP9gxUDm/bZ66tZQ2sP4gDsc:gnZZGEHP9gxUDm/n/s3DT
MD5:	2A4057DDF8A342182C0F1D077BCD3F8C
SHA1:	B6886060EB41D419D9BB096E97A8C9D42792C1FA
SHA-256:	2ADD6C33D05E8195C5B2254740EA420303A452ECF285EFF6FA2DAEFB4D0C2433
SHA-512:	D84BAD3D3D46B171DFC2115EF57E5EB4FCC8FAB4942211740EFF7186C8C8075A0CDEF4DFB0E9F61EA9F8EA715F6A27800E0174FF7125B319A0DDB9EAD8EB2925
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-100-1024x576.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6.m...$.]...]..n@#.{(....>.9.x....&*.2...2.........R=OO...r;..GB1.A..+..O....K>3..b$..8.~.....~...O ......"..g.k..i...1K...s..J......o........)..>!^. ..C.>...d...........\|cC..M...b.......W....K...j.D.w7.].W..VA....Tj...m..../..1.:.Q.\|../.....NX..X...z.. .b>Q\...._^.......N.Nd...x.G..g.p+...<..<I}..:.K....g..H......n....R..Wp.Y........+^....6......}....Z......,.I}{..R..Y...zs'5..x...

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 180x101, components 3
Category:	downloaded
Size (bytes):	11341
Entropy (8bit):	7.924463832478985
Encrypted:	false
SSDEEP:	192:y7RVevp113q9+jXhqUWusTTIvSdhE03LHhwJ2KZJR3Ep1azFUZM5Dj23/JF0ZE:y7WB19q9+lzWtIAf3mnJOLazFcMxjQ/5
MD5:	EBF6BC8854B66167A59D2A8A8839835B
SHA1:	A7B42499AC0B01AFB6EDA0460C6916D04A95AF38
SHA-256:	85006D6716B718D508C8E87B3C728C65B8298D0713AEEDDDAFDC6FE013E81EF9
SHA-512:	C5C702D0A2EBA6C2D57639F087A1D22EA3BFE45694CDFDC1745A218148191376E0FA316294A6D02057CA92A1BF9D3228D13C890A8EC0CBE897CFCC718ECF6786
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_wzbftyiavjw.jpg
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..kJ...WBe{/..).-.....d.dt..._.....REK.....I$X.d...s..>..Iqa...1#Z....i2.m...$w.l.~...ll....-o...R...K.O....S_>..}.iE..=.J.....?..$.....yJH_...\|.?._....,..fO.....9..,v.\|.S.T..+.....7W....5,......Z. .q.V5..s..`..Jv.Y..)`.C....;F=.'B...Y=.t.i{..jz....t......[Gs"1%..._m....>.\|.......+.`+.M+.g$q.}...........@xJ+.l.nm.....9.Z.......y......K.0..8^..W..4.Q.}o.........k_n. ..5....'.p._.........x..P......

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	7055
Entropy (8bit):	7.883981599915443
Encrypted:	false
SSDEEP:	192:yNme6w6/BKhjcS5lWgnIhgJFccUcPcLc4YLu:yNX76/8hzlk8AAeci
MD5:	133770D28D29DA09E3AA387C96291C11
SHA1:	92D5E7EB326B30EE70A391AADC6013320269411A
SHA-256:	9C442E77C15BE3AC8E4D4AD404DBE57A390A6247D217A0E9D3A552CD4CA769DC
SHA-512:	8B3214CE09E1A169F1F529588ECA91BB9603E4F168319441B589B2B39C96B31A31D584852C0A6DBE0B9ABE9F1C41AE774B12B36E70A8737952308CB9DF23F6F0
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....'..>.2.}..q..pL.7`};.n..NI2.B.u5......Dt........?{=..W..C.g.~..=.>'...m....S.:...!...O\c.y....KM_AWt.&.J...y.......S.!.:g...C.n!...)..P......YF[..y.p0........~.kw>.s._.I..w..R.O@.NO......e.....e.O.....l..e..{..]>...%.q.D.x."..`.`c........._..(.'...................$w.....?.:X.S......$.~.?b..e.T.F.?.9.6.7.7.(.{.{..?`.fO.(...

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	downloaded
Size (bytes):	9023
Entropy (8bit):	7.888582845403039
Encrypted:	false
SSDEEP:	192:y9URiK1ThhHwT0hE96CDfmo1WwKTP+0mO8t7q:y9UoKRwT0hE4m+nwKhy0
MD5:	A04392B322A467B6FA53E08C951B630A
SHA1:	1CC445D21BFCF17CD4981718597B89FA9066C5EE
SHA-256:	3219A07B396FF9D134675CA29D772CF2938770B358E54BAB329D2884FAA1135C
SHA-512:	235E5EDBE36D422570E63A776EE3F66AA01380432B170EC59E60032031F598E2F99CBC0E16069930D27A5933768224E2DD58E8ACD9F0062C650A5A32CF05DCDD
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_uVryd7f11689849626-1024x544-1.jpg
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......I.k..q...0.$.xU..O`+..f..%.......[..m.G.../.5....:..yc..N...m.a/...We......yw.-.+o.~".[.$...8.$l=yVa..P.....~1....$.I..h6.d.......H..A..\|.@.....O.x.(qL..."tiQ.[.nQRm.get.{i{]...6S.b.X.q0S.I4..J.%.F..K..o...O......?....to.[...m.x.;.^.u-..4$.......^Yo.jx........................'....e..x.T....jv..s.....6.#v.1b...Y..'>...!g..[...\|E...:t+..C.h.j.s.l....$q... W..x.e_.......Y.K..@.

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9739
Entropy (8bit):	7.914505260000532
Encrypted:	false
SSDEEP:	192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
MD5:	E94E30D49B2C58C8CE7BF1A96BE1458A
SHA1:	79334D2865DDD486A79F97725363F56655C80BDE
SHA-256:	93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
SHA-512:	9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 240x113, components 3
Category:	dropped
Size (bytes):	7705
Entropy (8bit):	7.911099322873193
Encrypted:	false
SSDEEP:	192:yLA8DBTFsHzOf5cmETpJzpPchoqkZowIuyPCxP:yLnDBiH6f5cTpZ1D3awIrM
MD5:	1A003D47608336EFFA12D901CB3E50E2
SHA1:	2AC6BF734E5F7232E9552862F4FA9FFECBDB8A76
SHA-256:	61E78EDC9AA251EB3FD785493B7D2F2DC4048A40CF47A0473A48B1E4A392C5F4
SHA-512:	F0AF9BE09BE734038C8385006B2FBC199A320800DD106107B67DCA39824C8AFFB6EB3ED18D0E31E8F410E807D783932579F3D03EB9571563EA866AFAE6D05F69
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....<.8....x.'.F......]....~.....\|.O..B.=.......xo<...]u...~..W#....+.b.7T.8......J_.F...]...@....v...c..>.{$p.....?...9.?.....a.T...Mf2}E..7.{...Q........(....".Q.S..}..g......X...s.._.].h.?.~T......fMu%.83.._.L>....W]......I8..I.`.U...A...j.,...\|.2....R/..#g...._+..%p..e..].......&.B.Ns}.S.[#...w8..G..Qu$...z.d.l...6{.Q?...?.A.?.'........j...>i..`R..x..u..'......k.t.\|.G...?..?.~...^.,W..

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	downloaded
Size (bytes):	12901
Entropy (8bit):	7.909506568406205
Encrypted:	false
SSDEEP:	384:yJO7Rx2tGfNjJv5Ne//OruSnf/Hn9V2X25u:8IFfhNfqS3Hn9A
MD5:	BABC5C0EEF0733F717A03E9889C55FD8
SHA1:	1EE6549773274ACF5535677B4BAADA0177AFA0B2
SHA-256:	6AB3B79D89D527EB7B27DC159100247F71F3A026565BD81857FD8AD700C7E270
SHA-512:	4D0F0FC992A1E53B7F0A89DF48994B08B07177260098D17058FBE914B418D230E874721DFD4F3393008A1EC0FFA431C723172CD0C7DAAC4E0FA85BB498A29027
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-5-1024x576.jpg
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..q.W.W...'.\|%..-..."..f...t..../.S.W...Q.Y..Zdg,w...~..'....n..Z_..o5[...[S..?d.........G...\..:_.._XG...a.I..w;...H.,>_.e.0x.,S.9..).qRN/g.I.=ny...R.8G.......Vr.2..(..%d.4i.D....i..\...>(\.Mcw,.,PG............?...o....\|-.K4...HZ......].......P..~.x$i....._.v..da.v..q.........+.....m......z...&.$d...E}..p.L.0.i..c ..:.-..vZ......`3OeS.\|..yj4.2W...&.t..'...oO..-.....\|_.5y<I..Fi...Y...zWS

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	1734
Entropy (8bit):	5.05685263555574
Encrypted:	false
SSDEEP:	48:sSaDafoASE99PPEpMEXaHvB5TP+JOOP+du:XaGUpKJpP+JO+
MD5:	45FA04438A564600785830CBFF0B507F
SHA1:	7AFB7668DE4BA0ED485720EA7212F8D624B0E098
SHA-256:	8CA11CC9520EB4FA744708ED8BABA68CEC8903C6FF8940AA0DC0FEACD04B309C
SHA-512:	6414CAD666044A7B51DD40377CA8B05275B7A535EECB232246F7C00B5E119AABEEDC68E392C287853C9E2DF2352EC6DE88E89732BD42E0147738A0C5320250AD
Malicious:	false
Reputation:	low
Preview:	$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }.... // if (scrollTop > 400 ) {.. // $('header .button-box').addClass('on').. // } else {.. // $('header .button-box').removeClass('on').. // }.. .. if ($('.index-container .section3').length > 0) {.. if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) {.. $('.index-container .section3').addClass('animated').. }.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera;.. if (/android/i.test(userAgent)) {.. return "android";..

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1734
Entropy (8bit):	5.05685263555574
Encrypted:	false
SSDEEP:	48:sSaDafoASE99PPEpMEXaHvB5TP+JOOP+du:XaGUpKJpP+JO+
MD5:	45FA04438A564600785830CBFF0B507F
SHA1:	7AFB7668DE4BA0ED485720EA7212F8D624B0E098
SHA-256:	8CA11CC9520EB4FA744708ED8BABA68CEC8903C6FF8940AA0DC0FEACD04B309C
SHA-512:	6414CAD666044A7B51DD40377CA8B05275B7A535EECB232246F7C00B5E119AABEEDC68E392C287853C9E2DF2352EC6DE88E89732BD42E0147738A0C5320250AD
Malicious:	false
Reputation:	low
URL:	https://www.telegramhj.org/static/js/public.js
Preview:	$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }.... // if (scrollTop > 400 ) {.. // $('header .button-box').addClass('on').. // } else {.. // $('header .button-box').removeClass('on').. // }.. .. if ($('.index-container .section3').length > 0) {.. if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) {.. $('.index-container .section3').addClass('animated').. }.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera;.. if (/android/i.test(userAgent)) {.. return "android";..

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 168 x 115, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	42093
Entropy (8bit):	7.988071399302453
Encrypted:	false
SSDEEP:	768:DDsIeoDkGjplNLJassQy/vILZSIHJSagdzz5yYzb/oq3VB0b:HsIe8R9lNLsvQy/24IpSa8z1yEb/LlB8
MD5:	A586A0B950DD69E95FAC57F5CF58C48E
SHA1:	BA31B98D3DADD59C170E9018709629BFD8FAACC1
SHA-256:	F7C783FBE4C3C5F68DA60198098C5CCC9A25EA4FB4F7FFD30B756705E693C2EC
SHA-512:	C4E8A3F84DE4FD0247012C89CA0133F808D77D84B267BC9045023BE0B753B806FF484A6214600FE76C5517A8F26810004A09F8F34399DD90A2593C462D969335
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_Pasted-245-1.png
Preview:	.PNG........IHDR.......s.............IDATx.d.....y&..T.s...g0... ..L`..(Q.%K.W.....'yW.%.d..:...e.+...K*R... A....sO.\.s.....6....].]u..~..."........\|...%....Fe........-.. ...H8....@.0t.2.........A.1...q.i6..V.]].-..g.s....[..?.O...}...6_n..[GA....I.E....P.@&. .....;>....z...+??{.bwgg@....s..T,.XV4. ....j..z.........z....g.0.:eJi.^....E.....?O.....ym=/h............oD.EB@Y.`...-...#......\|.,a..U^.0..^......t%lH,..eP.$A.Q.R.W:..hD.k......}!...R...if:..aIP../.1..\.W....m......paf...5..,...D..1...[Y....3...r....X8L)...>.b.\|`.6..6.gx..........{+.!AP.@.....I.ns.]q..Q.P.o...3..q.^.ezv...4...+.?.xog......R1.K`.=..\|....o_..[..S...c.0.eQV.....(.F."D.......e.3....!..s%.....\|.J....0.DQ.( +.J,.J.#XR.@..R... ..5)G:.P.....)....1.....@.8...D.d....' R.VF.n..-g.....r......"<s...7........;..K&TYc^.#..9F.i6^~.g\V...DA.....K..k..tGZ..a+z.P...Z..}...o.i4..._..F....l.....WL.,.a.. b..n...Z.y.eY..:.Q...z..]/.=..0....KK..r!.Hv...P.a..~p;.p~.'.>C.H.)..o.....b....kj.UZ.E

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1504
Entropy (8bit):	7.822690331974615
Encrypted:	false
SSDEEP:	24:vnITClnOzdtJ0mp6oXf8yTwjGz5ycOohdz6WWgei4Smf1rpVdc6N7oXB7f:vqdcm0+f8AeGzROWdzfgdb3NGBL
MD5:	A6C494041395F493B5C9A35EEB9D9B5B
SHA1:	3CAFF067C78EC36F992335351FFDF19B526AB45E
SHA-256:	B1816C471F0BB2863EF22009FDFBDE486F596BC22765DAE314BB9FF50AAFD752
SHA-512:	29E4D39AF7EA51F0D15120ECA454D0BD3A72B8EA58F8C851A679AFC1FC7E81EC7796CA8DF9926BEAFCBE1BF402AF0BFCB30A1791A8C7EA15AF367530EEF6FAE6
Malicious:	false
Reputation:	low
URL:	https://www.telegramhj.org/static/image/icon_date.png
Preview:	.PNG........IHDR...3...3.....:.0....sBIT....\|.d.....IDAThC.ZM..7...u......wy1<..x\|....$.a...9....O`...e.\|..=<..LK.jh.?%ZRwg.^...R}..qV...m.+.;..&..p.;I.9..)..J...V?....K..`...\.......L16.2..w.....t....o`s.(T.0...=...Iq;.T.m.Z.i.6o.b.BA.u.^q6\.j.6......6.<..e....f...Rl.Z..o.+...or......b........TW&.......0.w:i.._.../...`d./....]...H.A...\..,@.`...%.....R.....?..r}._..&.!..9......S.....oP.....c...l...o..~L.Ulz7.].hj..$..8....1.........K...........j..L..Z..lP.^.7.W.V...Q. ..)c?q#:..Z.=yP.c..k.7`G.:v.8..).&i.....O......4W.S...pS1Q.B...._Di..<.o......h#.q.czp.......6....o....%........z.<_4\.=yx^0...\..H..<.....MF.........S...` .l.RqU/.Z.V.@:.{..{...)...y"{..A^c.."{.... ey......+.X._Y`.@..2..)..R...P.7.'~..b./....._.`(....sJl..8w.re........7.Y...z.....H...L.j..Z....`.1{.u...^6.TV.v...G.\hQt..q<g.P........]Y...A.......p...D.....1Q.T..Q...1.LQ6CxI(k.q..&............R....S.1.f%..d...M..)....M.3...:..R......3...j.....m[A...1S.2..r.$...+\|...

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 170 x 105, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	24133
Entropy (8bit):	7.983664584003387
Encrypted:	false
SSDEEP:	384:nbby0NeamEU3O8LXJxO48hAvEddQCXp+OxvZkUvec59rY5G41Zvx8ib+hvbyaEys:n/yqeaPw97KayXXUOxvZkUvXG5G4jvxj
MD5:	E8AED60EAB94D807AA01B37EF1B13F7F
SHA1:	398C27B805D703A60C3E2A5B2181E3C25DC86130
SHA-256:	6F34B6ABD1CC9EFDF135C031CD9F4A47044EAC609AD80DC356FFC791CFFD2F69
SHA-512:	B2F644244A067808631E587A4C33A58CF9F536427B64AA3A4A297DAF2042DC5FF6C3EF0DB9B68286E33A7C42586CC04BF7C5654B621655009EDA3C554F09FE36
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20240328094803.png
Preview:	.PNG........IHDR.......i.....%h/...^.IDATx....f.U&..F.[.=...U.J-.f...e.-l.nC..v....9...{z.if....sf.....ihz..`..x..[.....VI....._.{.q.D.{..r.E.g....\|K.X....!..}.1b@......0..1...~b..V.....P..../......."_2._...R 1Zw...l.1c.!..0.C..6..1.....X...xE.+....gA..n3..gD`.^.@..1..Z%.?.....?.LJ....HFd.U..)..^......u`~.CF.,{_C.........^.../7...7...w..1._@. ....t-..U.\ ;vv&.../...;........_m.2.0.0S.i.rvR..+&..Lt4..S...1&8+....90.2...P.QT...L+..A.._.............~.b7....W.v....[./..".~..e...`cS..l.".d.l.LZ...AV,+...Ad.G.1.#v.3w......^.....S.q.o.!.q...Ck...hN.I.\|.....OX..L..'..#..J..H.lg......+...h[i..u....N..;E.\|B.$......vd... .....DFP.uY....h.f........`....q......e..XZ.0z.}...e.8.7.`...,S.6....Y.\|"Z._...e..D..l.v4+S.....K.....i....;....w...`...jMa.]y..?...z.(..._(./...wB!.7....pnx+..A..z`.G".<.(...Bb....#..T.n.....SX....K+.l.=:`dF/...Vq.^+f.p.q.. U4`&.F..]c.....{k".9.....(W..7C.y...l....0....q....[..=........N.3../.c_z....}.dj..........R..

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 107, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	10100
Entropy (8bit):	7.968295146349326
Encrypted:	false
SSDEEP:	192:c8KJI1/GbC5s56V8wKfplgENgusq02KL0laVOA+kLdrMxoalAJUdmQssVNaijyzB:n/GbCC5twKluqDKL0lsikLlEoalAJUQr
MD5:	3DCBE2C6871DF34FC3063B5CCD539920
SHA1:	CB44AF95B177EBB221D376F0BF7E797D14BE915C
SHA-256:	D00D8E01C54599ED92AB26C851575B7C7DE636B229EA10AB83CFED5AE59B9BEA
SHA-512:	3BF530A0296B27EF24A87A37117BF5010A4E0DE116BFBFB36C74A638C3905D24AA914354EF783ED4D325E5F920942680CB5672B2CC582B3B71B4462194CCA8D3
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-20-3-1024x516-1.png
Preview:	.PNG........IHDR.......k......Y....';IDATx..}..#.y.t.......}....3/"u..RY".GR......%Q..U..q.V.J"....JfdFT.HI.(LJ.m.....#....>.X...nwo..]`......Lw../z.0x...[.-...t.t...o..n.F!J...j..B.u.t..1Y.).#58FG..B.4...X,f...]@/.fsmm..a.$IZYY..{..Th..a.[.y.v..!.JM..]..V.UB.w.B).eY.$....L&#..G.O.F....!...sa....l.....4M/p.1VUU.4OA....:......P(d...[..F..B.R..\|..O.Q....)..zI&..m..i.....c.8..q~...8&..\|.d2...8]..d.a4.M.S!..~......F..J`..z.;..........K..<.O.MOi4.5.M....,.........A....B..2#J.h...o.f../(..l.BF..N..N.f.i...t'.!.H$......./0.F..T.(...x..@..ht......AOu2x9...a..p....U..h .u].......2.^,`f~..r..ld..,.X.S/.sdt..c7....bo!6..d.R.1(d..A.7.......'.1....._ZZ..te..$iB........F....l_.J....E.........Z.(.p....(.Ph..M..D..'..F.Q..:L......SU.K}.E.?.....(...F......9@..6!d..c.H$....<..l0......}..j..B=.I .<U.XG.i~0...H$B)5-2.c.Z3p.H$..d@d.....k.4...=..xJ.9....F.4.'.'.,.^...e.d...N.R.@@.u....s..B....T*.V....?xx.B.....r%.Y4..%,!D.f.. .H.$."...-`....(,.!......."....iZ.T

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	downloaded
Size (bytes):	9834
Entropy (8bit):	7.910145919030394
Encrypted:	false
SSDEEP:	192:yJUZ8YjH5mpeD9XPy5kKyXvsZolGP2qmUTMYAflKl+lptJ+EXnZ+:yJU5jZvDl65K2tA9FjGEp+
MD5:	FE2A031365FF972B5C79944B69A1C18C
SHA1:	3F123F4BE0E3670DC6DD071A91551AE660B8CDA0
SHA-256:	A3208AEE7C7BFB0EE0BC12C6F2BD86FF7F6C68502D56213FC54E1FA99C749FF7
SHA-512:	BA560546EA28A05C90A06A771CB28CEE3D2BF75F2E8960A209980AD1612E09366CDC4EDF384F0907E17455DC88DFE9D29C77F9833C0E875DD34E3BE7E10565FD
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1490-1024x576-1-1.jpg
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..s..jW.9..,...U..,m...4...u...>Mx.3Iq.,..`Et...Z......%..d..&.o....%.<+&.;.C1...\|~.:.0X_..I:~..}$..e.s....3..S....d....@.b..........4..X.pTV...e...%......'8.......t...h.4h.G..I.X..c!Hg'i.F2z.+.._/.g.I.Cx{J.OiZO."...o{..z........C....(.o.x..O.L...\|...A.....kt......v..).B.4MVq#a~..I...F.;..e..oD...\|q.WF.g..G._.....b...+I!.....A..U..<'.:.......:D...........O....h....j.........k.?..G'.4.\..c

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	downloaded
Size (bytes):	5057222
Entropy (8bit):	7.999847658474687
Encrypted:	true
SSDEEP:	98304:tXJd7Ro5xlMIVgiYISdhjyspy8lCF1RBVCc6IGu5jN/HArCHNTzji:tX5oXlPpYV/j5pyzRKc6IGuDHAru3i
MD5:	0610420C9C60216997FD6A4688EDE1D5
SHA1:	5F05EDC16CD7465D5A0A5AB3513F648BAA931776
SHA-256:	81778FA9ACDF69F96F6E8B51418DE2E44DD131D8D11129699CD23FEEDE2EDE25
SHA-512:	3D50A68F0A23EF59B7B500F1BAE963570ACC3EB4FB2697B75F25E9F7313AFAFD08FB738EAB909088478A0423D22BBF36D67CE0031720899CBEEA1B9692C63DF8
Malicious:	false
Reputation:	low
URL:	https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	2361
Entropy (8bit):	7.479942781337839
Encrypted:	false
SSDEEP:	48:y6uETALukLzcjUXISBpPLkWoPu1wVpDm6Eq:yNEpk8gISBFLkDYwVYc
MD5:	CDBE5B9AE4C027C07462A5901331C613
SHA1:	69DC9C44A940E9FFEC378D5B7BBF0A266010C8FF
SHA-256:	B28E0001ABABBF7051DB78FE0F1399EC0CAF15BACED1C7AEAFE7A58BDD37E6A0
SHA-512:	470B5E0245B8270CC501AE5D7B08DD95F60A1819B60CF38D191A03EE8D3A108D5B8D389C55D1B6802CA3998898A705FCA1BC15BEAB978B1237CC26D5194130BD
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_Telegram%e7%94%b5%e6%8a%a5%e5%ae%a3%e4%bc%a0%e5%9b%be-3.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..(....?..(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...m;N.5{...&.{...,....H}.T...)JQ..z.1...Wl....$.:.zW.........W.?'U...x/K.._V_2....u9S..].~.......&....t....a.Q.E....=...@....c._.....M...Y...\|..w.~...c...:~..U...?...?6..~.?..1........^...a..o..d*..&...xo_.w./<+."}?R.....+..$2/Ua......-......8.,q...:.....t...A....j....

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 200x113, components 3
Category:	dropped
Size (bytes):	14204
Entropy (8bit):	7.9200573180752265
Encrypted:	false
SSDEEP:	192:yjE4KrK9yvohx/UNRvxkTUNPWr0Xu6DxKAbOxbz9K5ZTD8DiaswYL5zM9fEkE9qH:yjE4/9Yqx+OY+E3D5ZZNLQrEJ+Y2rGhM
MD5:	BE89F724EA58283571CB8446B6E382E6
SHA1:	42DE34B2B19CEDFEF6CF7183FB4475AB365C688C
SHA-256:	DDDF4D7D96D2C124BBD828663436225CA6F2593A691A35A2BD4D481CC594B7AA
SHA-512:	87FC648F06142BC719A348369443FC0947A23C9A4C28AEF0AAD8149C0375DB3441969CEB1418345F0C9C66ADB57540F0C82100249027622D2CEFE1D477A0609A
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....~......4....m.. ,>..9.._......5........#............o.e.....$...>......[.3k...{Q&J....G...."..J.q..%h<..Q.m..C.:l.........?/q..r...f.[.....O...D.A.(....9.U....8...E..I.A.._........?N.DT.c.s.Q...U.]Ai._.p....R.*...^...>U.G.....8....QZ.c.\|.q.O\.._E~...._..i..k..K.&.....Uq..EkY\|....F.v.5..N.,V.,....{...<~.~..F....:....m..O..j.E...:._...5,....'....k[\|.~'.q>y......F..9]vv..s.p.+.Y...

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 268 x 126, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	34163
Entropy (8bit):	7.9902500640664575
Encrypted:	true
SSDEEP:	768:eE11v9WVVpQkO45PjIS58uR0IrPRc0qYZ6oQ6GSDpyzSiFOZkyNdLM:eAv9a9O+M+R04cqlD+SisZkyzM
MD5:	02C061A8C2BF5B49CC6F3884AC1A90A5
SHA1:	AADD63BC7F6C3DA2331080F557C75C1C51516E3A
SHA-256:	36750201135764E68D694057FFBBC878AB8E06CCACC79B83884F621FA8C2514E
SHA-512:	8798EB1DC85FC1AD5E83CA42FDB66E1CFE0DC4C4914F302C014DD9AF4133E669BAA3AFE80CED9651FE2C5E2F7EF56F928271D0507CDF046ABA7A8BB793DD2570
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......~.....^s......IDATx....f.u...>...:}..2.`.@..E.JD...M.Z.-/Sr..d+..H..W&Z....0NH...p..mR...Vd.]"..$....Ly./..s..:....Wf..8\|......{....M?..O. "...........w.FR....O.....@I.........D.#...,..D.)..(.d!F.A.!..A....D.V.i.A!......_.y........Z.q..Y...=..L.....#A...O......a.Z...L.Ld...j.;....\#..s.wO......M..5......L/_.(.h.0....j.r%L..I..._..0Z!.....e.U.....#.!Q"..W....`E.O].Kq....../;..5.p8.?...1W..l....E...z)a`1.E.T..R..8L...-.Ig....D..aV....mm$......{.k..q:%.in]...Fi2.O".E..K'(..-...S_.....A.....s.l..v.{m~A...@dq.,.6..../W;.6.....7Y...kO..[8.....p.^......me,r...y.A.@...k.1....(.D.s...].......t../....!.6...V...,...M..Tq]......n..S.;7-.}..`x0Z........q.....6[K.Z.}..9p....dz.b..=...._3.f5..k?..I......^.C.ZH8*...x.~....N.4^.$.y..d..."...2..+.c..........b..D.CGzD..r.Nf.1#.ET..+B$T....d:.R92W..vY.u....mK.S..M.:.QW...V.....%..nua.2....O.a=1..X/L.a......Io]..fTn.g&....vm...A.3...ez.-~...p(b....Oh.)x.1H......:.`..........p.N.P.d.h=..

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	dropped
Size (bytes):	9125
Entropy (8bit):	7.894391001399155
Encrypted:	false
SSDEEP:	192:y9dGOSRv26UzP8NeJQ4yyjzMSSfMzn+iSG4voCcmwMGy/ahrh0:y9QOSRvXUz0NGrZzbSf0KoCbz0rh0
MD5:	2F8C727C17CD363FA0D4C062CEC3E600
SHA1:	1D73649B6E96E1CDB5F7781C8CB5B067668AD8B7
SHA-256:	9A1454A6725EEA51450B4E0D63295FC995FDB0202FBDC53511C2FB3AC19655EA
SHA-512:	C7F6113452B13DA3D7D346824CABE4DC39553F3BCBA6E6A7779A0C451564846AE2EF81FB1A4A35554A6757452899D7186EB12C23294A866DBE6363A4A0878CE9
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..J..~2+sK...0..S.-..rk..t.....S.&...p.B=.n.D\....'IR....[..R...d..N~..v....*x..'....6=.2..,a.%(+Ds.h.y+W ..pvV.6V.............^...7...OC....;ou...a......1.7..x............/._...u.......h6jM....mn..3....r.5...g.....-...g....:.A..Z....o...oP....:...?....b....\|AO..g._.Yy...~4.6>..T.V.e..?.n..DNil~.Z...S<{.e.Q...?.....M...j'.s.....h...Z..Vy.......U.K.......u..".........{..\|6.%........

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 840 x 487, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	53316
Entropy (8bit):	7.965265678054814
Encrypted:	false
SSDEEP:	1536:gMPwGz33wW/wM+s3LHPYyE1+kn09/BETBfRO7hZ3:gun7/wMTYy2Vn0zETfq1
MD5:	F4EBBD76B086C583A0271B487FE34B85
SHA1:	B94F134B67FDF52BA1DEE9A2F1708A9DFD325BA2
SHA-256:	8AC29ED4158743CCBBE2C0F179008198627BB0C053060C017F2264476837293D
SHA-512:	0083EFA30FDFAFA664E28042576BE0ACD2EEAB68AF2EEB70C6F9B507D63EAAE811695EBD22310BE9CA4B98924D9B29ABE811B8B6F83F7A2DD2984A13134A4B46
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-18/td_laptop.png
Preview:	.PNG........IHDR...H................PLTE...............666.........AAA......AAA...0........ ..&.....,..)..:..///988.........'''....................................0..fff.......~.....~r.w.....k.uj.oq.\|......q.q..{............~.{.........y.v............_........b.p...y..[......}..........b.h..\|.......................\|.\|.ott.{7..Y.iF.._`a....................a.....{..YXZNMMn.....lllTSS...y.._..U..trp...yxy........z.ws~.GFF...........e{.q............~.....Vz....is\|l^VH}...........k......nj................\|.....wedi.l...^hu........x........~n...w.o<t.......s...ztD...........}....}n....xsZO.`......gSD.}....r.......}0Ci...#j.W>7KUo...7I.^R.I].....M.j.p,4....H$Y..V....~..tc..)..T........m.e.g...ez,.@.G....?V,.../..J.I~.7W.~..^V......T.].^..O.:c/.......tRNS.R.x.x3...H..G....IDATx....j.0....B....=.^O..\|.-..ZS........l.E......#b..s...c...G.. j.......@......"[#.O.9...I"G.A..s.x.\|.....rs..?t.$.$8..K.....T...... ...o..!.<..$%.....$@.

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 190 x 114, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	23522
Entropy (8bit):	7.989926584280692
Encrypted:	false
SSDEEP:	384:2bc9wm7MweZ28KCFZAdyoGrcn1E/nUArnRU6RaT6zLJRc2CyivrzZ:JNh8KtTGrcMUAu6Y4eVyijzZ
MD5:	C9D3489D4761913EA3757A82480BFA16
SHA1:	D5BD2730E8E80C464E1FFCBAEB4B3A835C040F27
SHA-256:	152F143C1BE0119B7A854E0E3EEFAC2192B93266F59B1A9D8A3AFE46057F8231
SHA-512:	65E7372551870A9060FD31F6FB3A57ABCB0A38FDD0DDB5E0CA4D03AC49F2EB028B89CF09813598AF09A437D63A67628B67D2D410E42FC2FAB49EA12F1381C48E
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-88-1.png
Preview:	.PNG........IHDR.......r.....b<....[.IDATx.....e.q..w.9...m3..X..;H. ...w..". %..%..I...KJ..RlG.8....vUb;.EI..D..e)."K.I-.(.".....$..0..3..oy..{.S...s.}......~.{..{N.^~..n.o..H.A.\/.......ED.....D......~.@.._...%.........^ ~F\|..GB....r.l....k.?..R\|'..]0.../Ad...v.......m.8.......M.Mn2?.L._?..rqy.yey;..A.../(........w.P].._..M...`.....9......n.....V...&.t/.(nq....&.?....z.^MV...'.._....T...F@.K.O.i.A...+.[n..\|......!...N.{s.....Cn(..(......~..U./U..?....%2.N..=T.`. ...8...V.M...e.IVD'>....tx.0....p.b i.....v.....E.I..I.z]t..g.(..w.."0n6f..5.u$..n.qo..Z...V.0...)...CvbE..X..je......BD.Mc.uKW1U%...w0.d,.3^F.>du...T ..9,..*..u......n..c.f.w>Y?.q...t..e.~..,.A&..X._..p..T....._.wS.y.....nGd...VR..M.u.....m/.9..Mabt..B..Dg....}+J.L....++..4.....Dp.V......OE&..Q".F3w...U=.-..!.C...u.#...p..N.j<..7.Uj...oOB.....R..v.....Juj.G..N..EU..V\|..l..w.2...7...w..%.$.....M..n..g...9SYG\..G..r.R....c..".C.>Yu.d.m.?!..w..:i..94S8. N>N.'.djj.D..Zn..d.9.y&...

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 115, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8015
Entropy (8bit):	7.962101684786648
Encrypted:	false
SSDEEP:	192:SjQh5uwIUVjlFHqDx+MtaGTgsJ0pD3Ff8M6ZuUWFO1iveZaQmnwx:xuwI6j7Hq9Pys8FHmZa1E
MD5:	09F7FBB00E36AEA072D3216E62588EE0
SHA1:	7631AE44009D29EF51F4A9331C0DF15E85930560
SHA-256:	8F4F03D0C1B0FD0F965FCE8A8E324EE9016435623F702829A4F67C5D19ED643E
SHA-512:	DF6178F143D32D01FB425D29941C5F8BB46D401D80FCC017C6807C94DC4EAA31EC2089C6508D7C2524039962981579AC96598A6D7EE4D05A24EC02B686107111
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......s.....[.z.....IDATx..}k.d.u^........y...>H...+r%J"%Y.l......%..$0.?...F. ........P..I.X..H..$....(.(...r..%..y.<.y_Uu.[.}.wfv..3=.=....<z......9..\|.....9....z..8......w..l...1t8".p@s.c..:..=.#...-IH...2f....q.l.....@........E..n.r)....Y...LO..z.6].....tM[....HH..:.s...d.^..........e0i.EGX2.....%...![+..d.?.H.AC.1..3...AM5...;....X.@\|I..0Tk.nI....>.d.3.5.~Q.9.e.}.(.0fRm.V..\|9..X3yG...1......i.0.^..I.f,:i6..5..<Z1{....N &L..a.....>.@HM.<.....H.F..J..LY0i.l.u0...XU. I.=\..A.....d1FWJKMl:.U1\|^..$.0.d.L\..A.$...r0..Y5+C:...m..B.2.k....?yvb.fR}.k.9..,o..I'-.".$d....cy'.6.....@.......+..A..b$..t...NI.....l..RmH.....\...x&.?...r(.bp.T'c#......5A.J.p..vD2$.....R...t.6.R-Z(..A...Z...i]`.C9..B{2F..n...F...{[@.#.$.+..],....1...f.....f.... .U....H.k.c.....@.#S........HD......E.!...\|2.!..7..(T.1.K.....^._[,J.....H`.c#.~...X$\|J...s,.\.<..&.F.A)....-..^..L_*%.3&).p..\..\|x<o.........2.b4".X.e~..W... n.K.G.z..4...26-e.D...cY.Z.T.^.~

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x101, components 3
Category:	downloaded
Size (bytes):	7096
Entropy (8bit):	7.905936927759236
Encrypted:	false
SSDEEP:	192:yNiaLBUvAgDGD/8eBywM0Xu/ZH3Kn3xgdu:yNiaLB9gc/t6/YWdu
MD5:	C9F9B678D0BA964BA9DFBF90E17A91EB
SHA1:	5138D609CEB9AA14E9A27AF59A1AA9EAE1360A98
SHA-256:	B1DD1101B81B16B013B12A19E8B1C54BCBF8F030ABB789885F6E126E5ED12F2E
SHA-512:	31574D2713EF4434E595CD9A19C8834E99D69F27165519E162402568D1A1DB9E54BEB28F1B59385FC2D2F54C86F355DB80812D614FBFC3F784800CE9986F4E38
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064800.305-1024x576.jpg
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...s...0H.?.j.'.~7...E._.....Nc..4.......$.s....j.M.%..[n./6..T.T.QB.nOd.l....c@....=..o...F.....Kx....f............=.P.K4h.8...c....b/...).G......x.B..u..\|z..L..IebTFm....1...z...<a....I..h...S{/h.o.\.d.-.?H..)..8V.....\|.9...F7is]..?j..x..;..a..t..<A.x..<U...v:../n..-!X..'vDEP..R..`..vs....z..B3.y[I......(.(FWI.~.d....`.U....?.j..B.....V....\|P..1@....(....Q...(...px._..........

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14948), with no line terminators
Category:	downloaded
Size (bytes):	14948
Entropy (8bit):	4.957987667846091
Encrypted:	false
SSDEEP:	192:zTT2OmpBnFb9pjfV75xKKsuifr3mHhP/9mM3wytavGxs6id/O/2opo4op85YBnVh:z2bT/jVxKzp88MWjZ28SUuo
MD5:	0840441C651835B21849F8D81B49D2C5
SHA1:	CEE482ADCA6BAE270D77713FD273256FB7A0EFB1
SHA-256:	81972851FA470CAAE1C3EA58D17883A0FCE887E24567AABA96E24EB542390D00
SHA-512:	E7849BA79C0695DB5CE33C1CD7E7AC449C7ED7A6BC045C81E9C17F1945AB0C09D68996F42A7419790FD07392022A545B8F662200ABF87F4709093A4F15F03198
Malicious:	false
Reputation:	low
URL:	https://www.telegramhj.org/static/css/style.min.css
Preview:	:root{--headerHeight: 64px;--padding: 72px;--themeColor: #179cde}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{background-color:#fff}.android,.ios,.pc{display:inline-block}.android,.ios{display:none}#to-top{position:fixed;bottom:120px;right:30px;cursor:pointer;color:#3d73ed;z-index:1000;display:none;width:50px;height:50px;border-radius:50%;border:2px solid #3d73ed;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;background-color:#fff}#to-top img{width:30px;height:30px}header{background-color:#fff;position:relative;-webkit-box-shadow:0 2px 6px 0 rgba(32,33,37,.1);box-shadow:0 2px 6px 0 rgba(32,33,37,.1);padding:0 12px;position:fixed;left:0;top:0;width:100%;height:var(--headerHeight);z-index:99;background-color:#fff}header .wrapper{disp

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 107, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10100
Entropy (8bit):	7.968295146349326
Encrypted:	false
SSDEEP:	192:c8KJI1/GbC5s56V8wKfplgENgusq02KL0laVOA+kLdrMxoalAJUdmQssVNaijyzB:n/GbCC5twKluqDKL0lsikLlEoalAJUQr
MD5:	3DCBE2C6871DF34FC3063B5CCD539920
SHA1:	CB44AF95B177EBB221D376F0BF7E797D14BE915C
SHA-256:	D00D8E01C54599ED92AB26C851575B7C7DE636B229EA10AB83CFED5AE59B9BEA
SHA-512:	3BF530A0296B27EF24A87A37117BF5010A4E0DE116BFBFB36C74A638C3905D24AA914354EF783ED4D325E5F920942680CB5672B2CC582B3B71B4462194CCA8D3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......k......Y....';IDATx..}..#.y.t.......}....3/"u..RY".GR......%Q..U..q.V.J"....JfdFT.HI.(LJ.m.....#....>.X...nwo..]`......Lw../z.0x...[.-...t.t...o..n.F!J...j..B.u.t..1Y.).#58FG..B.4...X,f...]@/.fsmm..a.$IZYY..{..Th..a.[.y.v..!.JM..]..V.UB.w.B).eY.$....L&#..G.O.F....!...sa....l.....4M/p.1VUU.4OA....:......P(d...[..F..B.R..\|..O.Q....)..zI&..m..i.....c.8..q~...8&..\|.d2...8]..d.a4.M.S!..~......F..J`..z.;..........K..<.O.MOi4.5.M....,.........A....B..2#J.h...o.f../(..l.BF..N..N.f.i...t'.!.H$......./0.F..T.(...x..@..ht......AOu2x9...a..p....U..h .u].......2.^,`f~..r..ld..,.X.S/.sdt..c7....bo!6..d.R.1(d..A.7.......'.1....._ZZ..te..$iB........F....l_.J....E.........Z.(.p....(.Ph..M..D..'..F.Q..:L......SU.K}.E.?.....(...F......9@..6!d..c.H$....<..l0......}..j..B=.I .<U.XG.i~0...H$B)5-2.c.Z3p.H$..d@d.....k.4...=..xJ.9....F.4.'.'.,.^...e.d...N.R.@@.u....s..B....T*.V....?xx.B.....r%.Y4..%,!D.f.. .H.$."...-`....(,.!......."....iZ.T

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 116, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	25492
Entropy (8bit):	7.9865342194514675
Encrypted:	false
SSDEEP:	768:VtbSXRHK2szG1VKgYIuHOtjD8hYoniUcgz7+N:mtKlG1dxWY5lgGN
MD5:	5F698F17B32665B9CA338DEB604245C3
SHA1:	A34580C27CC8DB7ABFB897B8F6AFA041CA3987C4
SHA-256:	E0E43FA39377854DD91D01DB6D95F6076B44FBC1C208D227217D607772908CB9
SHA-512:	271C0C131C856A8B4190AD2465CE2B0C9A4BB5EB2CF934623277124F848E4BCAF259491AE89B43B4EF9E65B270B52163078535D2EC075C49319CC41E6B8C74D9
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......t.....F.J...c[IDATx.....d.y...f.....{.........J$A.").2M....)..-+.2-....a.}.!..... AZ.x...Q0A......v....gz...zW..xG..........NWW.......G.......!$.'..(!@0y.....?.....q]J).....G..;o.;k.K @.......I.@. ..tb..f.m... ...GRJ.~-}z.uB.M^..6!........{..R...Buk...e$.....g/.]...pfzjz\|l..h8......P@?.^$.!...0...b.p+..!.....o..._B.t$..&.iF.9..t..M.l:f.M.6...p. c..~.......k.n...k.......D@J>T.M^..= ..:..ENd.....z.....4...!.j.....NP...5{0._.r..^...b.N8%..e...M.D...L@.T.!e.J.QJAX...KY)m...@.u$.4.]:2P.C.+'..c...T....7..gV._\.\|v.......t......fI...A..@vBy.b;......q......h.~+Wi.HF.l$!.=.{..D8..3...0o.-'.:.c..Ck6....snY.m....5....2..&mf.^.'g.\|.d...\|..tjP..\|6.{....*86...i..H8..."H..O.~.A....p@d...(!.0....E)....Z.i.2.......0.f.u3.2.....+yG.y...J...I..O..?......_._...l6[.Wc.".2...a ...q/.k!>.qC`G..6..5..>.d.c...Y...![.....\..lX.q6.I.'bl..P..5.Y.e..8..:.cY..;.E.+.2$=s.P.....D.)s....L^.j.Mb..Pi..5..b"..C.R.5D.'... ..J..?4..R.X.).B(

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	5.157520760822341
Encrypted:	false
SSDEEP:	48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
MD5:	975B4112A366CCA6B9BF2C84E268268C
SHA1:	97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
SHA-256:	181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
SHA-512:	1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
Malicious:	false
Reputation:	low
Preview:	...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+....)....)..)....)......)....)..)..)..)..)..)..)..)..)....--.............................+..+..............................................+..+......................I....+..............+....+..+..+..+..+..+....+......+....+..+....,..I..................+..+..+..+..+..+..+..+..

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	6327
Entropy (8bit):	7.897313110393381
Encrypted:	false
SSDEEP:	192:yN5We5as1EHb/7ulrpfkccDIJ8zYuhZdDx47:yNQs1E3yfkxG8znk
MD5:	279DAFA720958747FA8E30F7B7424AF3
SHA1:	40C372342DAFA97D6D452DD72FDDC002230ABD66
SHA-256:	BC06D78EC50AAB6E5EDCE3BC78308DBD2E2E6894FFC16BF392031CF6B14E639F
SHA-512:	98B5B55D09628FBF735C6DC15F66D71D17ACC6DCF3B811CED617922928E4C2D13A90AC471B058B4DB724FE5EBA91893A695FF6C2663FF06C7212AC6B534FFF22
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+.??...(...(...(...(...(...(...(...(...(...(...(...T...S..n.e.....@s!.S..J\.JWB.DtT....j...A.2....03.(..b:*J(..b::.....AN.9..v...:.(..a.I..]..E+.s1.=..;....M....KE..v!U=.......a..t..W..9.M...)7t.(..@.QE..QE..QU5.sL..u..j.a.......2O.]8<.+0.....R..c...JN.KV.i%..q40xy.+.F.NR.vI%v...<A....L...u{k.+u.5......?....!..H..xr..\|...G....i......?.".v..?h...z.c..\.o...F....c^.8.zC....+..-......Z<.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 183 x 103, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	18209
Entropy (8bit):	7.983612443674371
Encrypted:	false
SSDEEP:	384:rD0ENiXSw+jEYRwLktLN0klxXe6I8dk1jVmuwB4QokE:P0E0XfjYRUQTDXHI8deVcB4P
MD5:	2FC0702AB0F3B6A6625E4BBAC1817D32
SHA1:	46633FA38D49EBAEA85E19EC817D3ABDB83A1A5F
SHA-256:	6E1C47ADD27B5B21921D76E364368069674A76D73404A223C7BD6FEED1C0853B
SHA-512:	C947482687C34A1950CCDC04C50CC3340C087F454B03BE6C2A603C53A909BC9E6DFB64387A84787A5548BB93B51DB61EBD0FA5B489A4B025AA79CF50FF038002
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......g......2D...F.IDATx....eEu8\|NU.{...2...t.2.0.....(...qC J.h\.}.M4...?1...(.. .eSV.E.a.a.f...^_...U....{.....u..O.X.ox..zuk9u.:...... ... ............].........H.$`{.pB..p<..R....G......U....`.._....../o?d........z...O29.^19...N.. ..:9.......M:9..2Y...P6Xf.B...$.}E0H...nUb...&.X.....J8.."\..MQ.dP62F.D`.\H.T.h..Z.......Pm.j.....Z.....%@..K....2..x.O.I.p.J.G.'...A..I.3........5....T....8.:/.}..>s<..T.8.. ......%N.gA..U..Q....1.)m..Y!@.......d.wK=.@..~.DT..@T'.O..O29.^19P}r......MB ....q..Xh...-...^........U})"a.o....%...L....}G.t@..LiPS...kr~...AU0...EJ`....N.:e.(..D...W....0.J.....,....."......#%...{..=....;s9......o.....Y.7(#..._.v............._...1>...A.o...w.EE...L...H_.l..\..h.X......."/..n..dm`.-.D.h4.....U+..B}=..Ap..Y.ye'...j....).]..W....P_O.ch...._.3.....1.p..WF.....x.,.....D.........t.2..:h....n2h...f0..f.g.{.'.=....Ym..X...I...].....U...'...t&..O.d....OT. .^R....D..L.q..0.RJJ``(..e...t<...i...).&.. .2`. .

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 181 x 110, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	26496
Entropy (8bit):	7.988573551764828
Encrypted:	false
SSDEEP:	768:+vaQJhw1xvEbz9FLQX+WJx7ha2SKR3yFEh:+ioSXkz92XFLHS2h
MD5:	2AA20BF9963BE3B61A151509C6BB243D
SHA1:	E9A766B4F38A50ABCC41ED24955C9F3A95DEBF0A
SHA-256:	AFCD3EA0CABD7E78A99F63FB172E0E834E62AB2FB62934E3DC0DA2FD87321219
SHA-512:	DFE7673BC688A43B10B84DD1BBE22C2A9B7C7043EE9A1F04621518BC944A0C802A6FE8E2988B7098B613CBD899A8C4365CCD83F2EF8D7B5FB5C498707E2E0863
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-108-4-1024x611.png
Preview:	.PNG........IHDR.......n...........gGIDATx..y.&.u../3....gz.sg....S.@B ...d.i........t.A.B!......A.f(D.........8....{v..s.....L....}_]..Q.2..w..%iR..LO..UY./..{..R....1`.1@`..%"2.42........E.A..`@.D..m.....n..@.........{i....h0.. ........$.4....'....#c...>..e1.....(.....e.X......r..G..0....<..h&..p..~P.S._..N?....]t'.m?Z.....)......]07.r....{.3B4..f,f..C......kr.~s/....fb.'.:.SX<.\|.....p...E...i.>X..I.0.....i&......\...@.> }.n^.....b(.G..E.KRA.......6v..k.f......\|.9.......(7$.....6(m-#.F..M..n..[...4....Y95kEsI...../....@#......p......Ul.b1.:....@ER.....mFO.......n.......wg.b...H...i5..[...F...W.f..D..`.....M..t...d.V...8...W...... ....#..".v....v.dV.i..D.5.n.yMi.L...].^.~j..\v<..6.l.e..k.v`..^.[Ed>....u.....S...6......MO[.HO....0f.x...7@n?AB@.'..NU1.;........wAt.j&..0..R].$.\2Sh5.[*...L#.f.....Z.I_.B.N..C.\|U.'.%....mEtV..\...S.f..e......ZpZ>m....Rza..4..$Z..V..u ...CiE.F.......0.Q[..H.hD.....=...\|8.....y.?.s...%.QH:......O

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 116, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	25492
Entropy (8bit):	7.9865342194514675
Encrypted:	false
SSDEEP:	768:VtbSXRHK2szG1VKgYIuHOtjD8hYoniUcgz7+N:mtKlG1dxWY5lgGN
MD5:	5F698F17B32665B9CA338DEB604245C3
SHA1:	A34580C27CC8DB7ABFB897B8F6AFA041CA3987C4
SHA-256:	E0E43FA39377854DD91D01DB6D95F6076B44FBC1C208D227217D607772908CB9
SHA-512:	271C0C131C856A8B4190AD2465CE2B0C9A4BB5EB2CF934623277124F848E4BCAF259491AE89B43B4EF9E65B270B52163078535D2EC075C49319CC41E6B8C74D9
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1595438958-89db9fcf7330be90f5da7bc1f1913a61-1-1-1024x558.png
Preview:	.PNG........IHDR.......t.....F.J...c[IDATx.....d.y...f.....{.........J$A.").2M....)..-+.2-....a.}.!..... AZ.x...Q0A......v....gz...zW..xG..........NWW.......G.......!$.'..(!@0y.....?.....q]J).....G..;o.;k.K @.......I.@. ..tb..f.m... ...GRJ.~-}z.uB.M^..6!........{..R...Buk...e$.....g/.]...pfzjz\|l..h8......P@?.^$.!...0...b.p+..!.....o..._B.t$..&.iF.9..t..M.l:f.M.6...p. c..~.......k.n...k.......D@J>T.M^..= ..:..ENd.....z.....4...!.j.....NP...5{0._.r..^...b.N8%..e...M.D...L@.T.!e.J.QJAX...KY)m...@.u$.4.]:2P.C.+'..c...T....7..gV._\.\|v.......t......fI...A..@vBy.b;......q......h.~+Wi.HF.l$!.=.{..D8..3...0o.-'.:.c..Ck6....snY.m....5....2..&mf.^.'g.\|.d...\|..tjP..\|6.{....*86...i..H8..."H..O.~.A....p@d...(!.0....E)....Z.i.2.......0.f.u3.2.....+yG.y...J...I..O..?......_._...l6[.Wc.".2...a ...q/.k!>.qC`G..6..5..>.d.c...Y...![.....\..lX.q6.I.'bl..P..5.Y.e..8..:.cY..;.E.+.2$=s.P.....D.)s....L^.j.Mb..Pi..5..b"..C.R.5D.'... ..J..?4..R.X.).B(

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 620 x 147, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18924
Entropy (8bit):	7.9613813528567645
Encrypted:	false
SSDEEP:	384:t6/NdPSD5vUgC10Fd0TBm4JuWC1recYybdHRnAGdGPd0sXAUqSw9X55D:MVdqvUgd7YWPxLdOd0pp5D
MD5:	D26A7D2D140A45822E89CB4C9F40CA87
SHA1:	DDD46B0870B9952ABABFBA4C1D8BB104B8C4BCE4
SHA-256:	24D661E0B9818B3B0E9ACA1D1D7BB0F79106EDE5271CBF52DF67C2D2F3AC55D7
SHA-512:	684F6614601B20C74AA5158AF79280BE847947B99E6DD3C40C414B37607CAA8BA1A13A0CEE095680CBF9B3F1017369DCCEB1EBEEEE8E157A2E73C8780836E064
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-18/logo2.png
Preview:	.PNG........IHDR...l.........3.E.....pHYs...............I.IDATx..w.\e....L.-..$...w..i..r..\...^...O...+rQ..`D.^.H.$.oz...^f.....;.n63;.)...z.+..gNy...m.(..(..(.Y..(..(..(...MQ.EQ...Q..(..(.R.`S.EQ.E)sT.)..(...9F..P..n.i..7:}.HlV..Z.9..>.gj.8.....Qk........X..-...s.c.#u~...k.4.......-..m.....X..S...6.E.(..(.g..l+VuL.....zwhyG(~.....akf(j..-....H\|z.i`M.&.a...{.....$......]_e.O....<.....[...k"N...(......lw...n....z..)..cgl...:....,.0..1.L.?.m...m..%..P...n........am...6.^;gQk.3...l..(.Rz*R...+../z....mmO.....$jYx....8.....q~.Ac.\......m.;.n.>\..M...(......l.u...^...W......=i.H\|I..w..LS'...7...j...4..\....E....V.-...A...(......l+VuL...^..}........1^...{...M.-....c.T.)..(J.)[......}i.g_..}_w(>.k.P....f....?3p...n...[K=.T.`S.EQ..Sv.h....l.....v.b-.....F..q."q..g.....u...?(7...6EQ.E)=e#.V..~_........k$6c_.j...f...43x......Sw.z\..MQ.EQ...D.?.........g.=.~#.&..n.A.s..]u...)..T.)..(J.).4...G.u......O..f.%..E2....=./...1su...MQ.EQJO........;..

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x110, components 3
Category:	downloaded
Size (bytes):	8112
Entropy (8bit):	7.922411740666503
Encrypted:	false
SSDEEP:	192:yqaPsHL/W4gpCjHUJVR8GwHaFE19ip7+po5Yb0:yqaPK/jMCjE8arMpo5w0
MD5:	B9628599D071DC6A95E3639F3F029D9E
SHA1:	6251875D3F90AEF0B8EAB7E8BE9FA12CC0235CCF
SHA-256:	75750FAAF3E1603A2C3357B29638745CBAD38E2A613559AE5A2EEB695DF9B339
SHA-512:	028FC42FAF58470B198F0E5BF17826A1C5BD7D4FFAF73DF635BEE508DF12321F49F0F4DEAFDCEEC4F050C733DF7A988CCAB5D01E2F8FCE1652A74F893E8621E7
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1710660148-telegram-unlock-content-1024x683.jpg
Preview:	..............................................................................................................................................n...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......a....J..+.).ml......?sw.z.^.......Oi:.......-....B<.Q.....2M.[.9......t....+8....@......O....).3.{.......3.w:o.........q...g......>".x....>.e.d... .......Q...g<.O<\....,......O...\|Ee.S@_..<...?0.U.d.=....'......Z..[....t.L.$s....v.....[.Z.RN}..be.P94..J.`u......1A...`.......'..i....(.9.c....V....)........[..63...7.P.-Y...\|.g...W..`...pps.Tr..hRl.c\..2D.U.m.)..=...e.m.aU....?.ZO...4.

Static File Info

⊘No static file info

Network Behavior

⊘Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4092, Parent PID: 5544

General

Target ID:	0
Start time:	19:20:37
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2892, Parent PID: 4092

General

Target ID:	2
Start time:	19:20:41
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=2028,i,1946802896583514028,4544835722773190472,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6596, Parent PID: 5544

General

Target ID:	3
Start time:	19:20:48
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramhj.org/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: unarchiver.exePID: 6252, Parent PID: 4092

General

Target ID:	7
Start time:	19:21:52
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\unarchiver.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
Imagebase:	0xff0000
File size:	12'800 bytes
MD5 hash:	16FF3CC6CC330A08EED70CBC1D35F5D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: 7za.exePID: 6348, Parent PID: 6252

General

Target ID:	8
Start time:	19:21:52
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\7za.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\35riya3t.qhb" "C:\Users\user\Downloads\shater.zip"
Imagebase:	0x760000
File size:	289'792 bytes
MD5 hash:	77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4564, Parent PID: 6348

General

Target ID:	9
Start time:	19:21:53
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 6048, Parent PID: 6252

General

Target ID:	10
Start time:	19:21:55
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C "C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5476, Parent PID: 6048

General

Target ID:	11
Start time:	19:21:55
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: shater.exePID: 2556, Parent PID: 6048

General

Target ID:	12
Start time:	19:21:56
Start date:	11/01/2025
Path:	C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe
Imagebase:	0xeb0000
File size:	62'891'960 bytes
MD5 hash:	D08BDF8F0948938687A6E0C1044E1962
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 8%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: unarchiver.exePID: 6252, Parent PID: 4092COMMON

Executed Functions

Function 017CB1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 017CB208

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: dcb760cea526a4af930b06a674ed226fb4938fa2d8db413a2c9a5602b192151a
Instruction ID: 1e53c6cc5c7ca6b77d08a4e2c5b91bd4f6f715d9a80567b2a7dc73eeca28be4a
Opcode Fuzzy Hash: dcb760cea526a4af930b06a674ed226fb4938fa2d8db413a2c9a5602b192151a
Instruction Fuzzy Hash: 3701A2705082409FDB10CF15D986765FBD4EF05724F08C4AEED498F256D379A404CB62

Function 01BB0C99 Relevance: 5.1, Strings: 4, Instructions: 90COMMON

Download Yara Rule

Strings

``j, xrefs: 01BB0D37
``j, xrefs: 01BB0D62
Pbj, xrefs: 01BB0CC8
[M=, xrefs: 01BB0D43, 01BB0D48

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID: Pbj$[M=$``j$``j
API String ID: 0-3545847690
Opcode ID: 0e6516a717ad700c183182049eb6f2419800d8a0b693921d2adb2b3ab965cb92
Instruction ID: d0391ac90c3b65958ffd31dad3300b6536ddd5fca80c224aaf04c0fdaeab2a7f
Opcode Fuzzy Hash: 0e6516a717ad700c183182049eb6f2419800d8a0b693921d2adb2b3ab965cb92
Instruction Fuzzy Hash: 26214730B043048BCB16EB3985543BFBAE69FC5204F55846CD986DB346EF76A8428B92

Function 01BB0CA8 Relevance: 5.1, Strings: 4, Instructions: 82COMMON

Download Yara Rule

Strings

``j, xrefs: 01BB0D37
``j, xrefs: 01BB0D62
Pbj, xrefs: 01BB0CC8
[M=, xrefs: 01BB0D43, 01BB0D48

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID: Pbj$[M=$``j$``j
API String ID: 0-3545847690
Opcode ID: a5752126ec211183b0afd25e2e15e296b6beee58b64e92f5c51a30dfba24e4d9
Instruction ID: 48626b0893292666ad9b62dcf4fc91a7771cdb17515b70e18de1156e751d2d90
Opcode Fuzzy Hash: a5752126ec211183b0afd25e2e15e296b6beee58b64e92f5c51a30dfba24e4d9
Instruction Fuzzy Hash: D621F6307002048BCB15EB39C95436EBAE7AFC5204B55882CD586DB786EF7AED028792

Function 017CB246 Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 017CB2F3

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 14e66b257d1bc3bcf109501d8ac4330f79bcff78f707298598d85a1a682f9637
Instruction ID: d53fd672bcca7eeaac0d60da0c854b5c953802ad0d7429a2678158ebd38864f1
Opcode Fuzzy Hash: 14e66b257d1bc3bcf109501d8ac4330f79bcff78f707298598d85a1a682f9637
Instruction Fuzzy Hash: 4431A271404344AFE7228B25DC45FA6BFB8EF06214F04849EE985CB152D234A909DBA1

Function 017CAD04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 017CADA7

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4d45b77c4f2d4d4eb722710d09bb99fc9f7e2f7c295300b649e624a7c33a77f9
Instruction ID: d81f908c1a16a666022af5f3dfe393b794e13b095c61beca78c17690f20fe4b1
Opcode Fuzzy Hash: 4d45b77c4f2d4d4eb722710d09bb99fc9f7e2f7c295300b649e624a7c33a77f9
Instruction Fuzzy Hash: E431A171504344AFEB228B65DC45FA7BFACEF05224F04889EF985CB156D234A449DBA1

Function 017CAB76 Relevance: 1.6, APIs: 1, Instructions: 92pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 017CAC36

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: b95906b35b9c6cc58c0d22b83922719c2fcaf2eb9b7f11f261dac0eea97214ee
Instruction ID: a89844345aa98bcf02e7fc6758c50c4a50c27608d19b168903e2d5f473b5b26e
Opcode Fuzzy Hash: b95906b35b9c6cc58c0d22b83922719c2fcaf2eb9b7f11f261dac0eea97214ee
Instruction Fuzzy Hash: B6316C6150E3C05FD3138B758C65A66BFB4AF47610F1A84CBD8C4CF1A3D269A819CBA2

Function 017CA5DC Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 017CA67D

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8642d4e5d67a8f2d9b792a89b2442f7dd43570434c2862ea6204bda8fba0b684
Instruction ID: d5e4d5fa6bec8d7061c500534152fdad0e1261d3257ced2b4998021c7f01f364
Opcode Fuzzy Hash: 8642d4e5d67a8f2d9b792a89b2442f7dd43570434c2862ea6204bda8fba0b684
Instruction Fuzzy Hash: B7318BB1504244AFE722CB25CC45F62BFE8EF45724F0884AEEA859B252D375E808CB71

Function 017CA120 Relevance: 1.6, APIs: 1, Instructions: 83fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 017CA1C2

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 92ac701ee7e693d16ee11fe9199025a72fc5767c5c4c61ef1b729c5d45116e53
Instruction ID: 1ffbac96909d00978b5006db8bc041d8b1368e088e83ef3276211dda4c062eeb
Opcode Fuzzy Hash: 92ac701ee7e693d16ee11fe9199025a72fc5767c5c4c61ef1b729c5d45116e53
Instruction Fuzzy Hash: F521BF7150D3C06FD3128B258C51BA2BFB4EF47620F0981CBD8848F293D239A91AC7A2

Function 017CB276 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 017CB2F3

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0b4b3bb9ea5bceca66a422dec6d2a8f4999d87dda071af682f664a36ef799e86
Instruction ID: 4a89c41f2ec9233c032ebcf3bd1e59980c3ed0923cc4d9bf42cf059400a20a02
Opcode Fuzzy Hash: 0b4b3bb9ea5bceca66a422dec6d2a8f4999d87dda071af682f664a36ef799e86
Instruction Fuzzy Hash: 0821AC72500204AFEB219F65DC46FAAFBA8EF04724F04886EFA458B255D374A408CBA1

Function 017CA370 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA40C

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0569bed86972a660b2f953bd1c901be1323fff76fda0404f352b99e1de802e8d
Instruction ID: d4eeb5c1aa62d9c2b6fb564f2536beb2c2490c546b077821797fde2042443b0b
Opcode Fuzzy Hash: 0569bed86972a660b2f953bd1c901be1323fff76fda0404f352b99e1de802e8d
Instruction Fuzzy Hash: 55215C75504744AFE721CB15CC85FA6FBF8EF05610F08849EE945CB292D364E948CBA1

Function 017CAD2A Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 017CADA7

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ef49cdac5cbb22843343b3b348f30b516642791fb6c20a4679b68356efda51df
Instruction ID: 29297b90bcb2958e52baf8b351aa18cc3cf30b4e8aff2acc7e8c128856134483
Opcode Fuzzy Hash: ef49cdac5cbb22843343b3b348f30b516642791fb6c20a4679b68356efda51df
Instruction Fuzzy Hash: 6621AE71500208AFEB219F64DC45FABFBA8EF04724F04886EEA458B655D734E444CBA1

Function 017CA850 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA8DE

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: f4b3a938646b9481bea8e4d2b9218fc5d8081e56dd503158638313056952c830
Instruction ID: ea087a142d211f3bfa9fe1190b1b25335d44494d1bdc6670c1efe9259493331a
Opcode Fuzzy Hash: f4b3a938646b9481bea8e4d2b9218fc5d8081e56dd503158638313056952c830
Instruction Fuzzy Hash: 4221A4715083846FE7228B24DC45FA6BFB8EF46714F0984DEE9848B153D275A909C7B1

Function 017CA933 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA9C1

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f1f87b66238f421cc0950afe829b4ff3a05b4012f15a449a1cd6750e9fe099e2
Instruction ID: 2c5257cd6aaf9b7d97ec42646e0bc0bb97a8c5b8cb7b2406d9ac0c5cf22ddfcb
Opcode Fuzzy Hash: f1f87b66238f421cc0950afe829b4ff3a05b4012f15a449a1cd6750e9fe099e2
Instruction Fuzzy Hash: 5421AE71409380AFDB22CF25CC45F96BFB8EF06314F08849EE9859B162D375A408CBB2

Function 017CA5FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 017CA67D

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c99ad69915d192f2825749277f65a9c48fceef6bfd40de1083617150da26460a
Instruction ID: b8f4ac4726c2eaf0aa25a9d603652d267e6f8b08611b87a5ddecc8273bd35f63
Opcode Fuzzy Hash: c99ad69915d192f2825749277f65a9c48fceef6bfd40de1083617150da26460a
Instruction Fuzzy Hash: 62219071604604AFEB21CF25CD45F66FBE8EF08724F08846EEA459B651E375E404CB61

Function 017CA78F Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA815

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 77cbc2d5f045d9a511e77d444377cae6c49ef6e63a221c344388be4e8e02aa65
Instruction ID: ca32b5ceaf819e3097fc2590837e9538ea17c5f2e57c6bf6ec2ce39b450f6d9f
Opcode Fuzzy Hash: 77cbc2d5f045d9a511e77d444377cae6c49ef6e63a221c344388be4e8e02aa65
Instruction Fuzzy Hash: 0A21D8B54083846FE7128B25DC45FA2BFB8DF46714F0880DAE9848B193D278A909D775

Function 017CAA0B Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 017CAA8B

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: cdc7a69c69572f963793b014d4e9a3dd899f06d3397b96082585dfbce1636edd
Instruction ID: ba1125352f644625d56d79c4430cc97d6ab94ea2a755d7289be55b58d37cbcbf
Opcode Fuzzy Hash: cdc7a69c69572f963793b014d4e9a3dd899f06d3397b96082585dfbce1636edd
Instruction Fuzzy Hash: A0217F755083C45FEB12CB29DC55B96BFE8AF06314F0D84EEE984CB253E225E909CB61

Function 017CA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA40C

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b0a22942fa44b552e85c11a81dea9b8dd812f9cd6de2b4072b8369e978ba8dbf
Instruction ID: 6ccf2db0986653183b156cee78650813f2395525c33e6b72678edc48eb6f687e
Opcode Fuzzy Hash: b0a22942fa44b552e85c11a81dea9b8dd812f9cd6de2b4072b8369e978ba8dbf
Instruction Fuzzy Hash: 5E218E75600604AFE721CF29CC85F66FBECEF04B11F08846EEA458B251E374E905CAB1

Function 017CA962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA9C1

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 39b0bb5d10b2e67b403ce0161f2b5e7a816f8f6e15295da78ec133b5e6d19b9e
Instruction ID: 02a8c9bc498b21241accd7904851ca6e3d9acb57d5726cc21a1327c3d5c2faf8
Opcode Fuzzy Hash: 39b0bb5d10b2e67b403ce0161f2b5e7a816f8f6e15295da78ec133b5e6d19b9e
Instruction Fuzzy Hash: 25112371500204AFEB21CF25DD46FAAFBE8EF04724F0484AEEE498B255D378A444CBB1

Function 017CA882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA8DE

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: cc1c1493c1d4e1cf270ece9c017ea15ed4f513f950bdb61e3e39d18329ecfebf
Instruction ID: c62fb9008d6d94370611abe969f099fcdb44e8e5586e8545e1e4174e3c630b75
Opcode Fuzzy Hash: cc1c1493c1d4e1cf270ece9c017ea15ed4f513f950bdb61e3e39d18329ecfebf
Instruction Fuzzy Hash: 0D11E371504204AFEB21CF68DD45FA6FBE8EF44724F0484AEEE499B245D378A404CBB1

Function 017CA2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 017CA30C

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: aa6667509e113d564f7b580a4cc3205295c1989a665f03d397eafb21c846b152
Instruction ID: 52e404d516fb81c943913d97020108bfc10eecc34cbd2ea114e8968723ac4b78
Opcode Fuzzy Hash: aa6667509e113d564f7b580a4cc3205295c1989a665f03d397eafb21c846b152
Instruction Fuzzy Hash: 34118F754093C49FD7228B25DC55A52BFB4DF07620F0980DED9858F263D265A809CB62

Function 017CAA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 017CAA8B

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 6ff91c381e479a236881cf84cdcce39e5528838e2db4dfb5828507d9a155db2b
Instruction ID: 09001292b0ead6a910a2b5307cf40926ea75b089a818e2385184ad6181f6cf54
Opcode Fuzzy Hash: 6ff91c381e479a236881cf84cdcce39e5528838e2db4dfb5828507d9a155db2b
Instruction Fuzzy Hash: AD1179716042489FEB10CF29D985B6AFBD8EF04725F0884AEED49CB242E375E904CB61

Function 017CA7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,64E7DCC8,00000000,00000000,00000000,00000000), ref: 017CA815

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 2e8662b2ab0f2a7e5929211b678dc66ab8db82bfd35c0439b86c38feec7cb4f5
Instruction ID: 9f676c32277e41db876873d781097b2686f3968a0d090c7db2322c6bc4392d6f
Opcode Fuzzy Hash: 2e8662b2ab0f2a7e5929211b678dc66ab8db82bfd35c0439b86c38feec7cb4f5
Instruction Fuzzy Hash: D901D675544244AFE721CB15DD45F67FBD8DF04725F04C0AEEE458B245E378A804CAB5

Function 017CB1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 017CB208

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 1eed2ede6f9bd4397d008aff1fb0cfe17444fca3b786084a3ca3d29593bf985d
Instruction ID: 2010af42433dad63598391a563e5e1c666efe396beed91366d25c7db1df76600
Opcode Fuzzy Hash: 1eed2ede6f9bd4397d008aff1fb0cfe17444fca3b786084a3ca3d29593bf985d
Instruction Fuzzy Hash: 271170715093C09FDB12CF15DD45B56FFA4DF46224F0884EAED858F253D275A908CB62

Function 017CAF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 017CAFE4

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 84f9fe56825c37d571229272300759684cf585a97b394a6bd6c31826509691cd
Instruction ID: 8ef430c4974adeb5d2001960f9dabf851cb0af2590f521f81346e5dd0c8a7018
Opcode Fuzzy Hash: 84f9fe56825c37d571229272300759684cf585a97b394a6bd6c31826509691cd
Instruction Fuzzy Hash: BB1170755093C09FD7128B25DC45B52FFF4EF46220F0984EEED858B263D275A848DB61

Function 017CA172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 017CA1C2

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 86731860500dee74eb02790b4b47692edc633bf8d22ecc5df9638c054c6633e0
Instruction ID: ff92d7c9659f887e2bff68ef633430f2975fccfd916e8f32661e64068be67a07
Opcode Fuzzy Hash: 86731860500dee74eb02790b4b47692edc633bf8d22ecc5df9638c054c6633e0
Instruction Fuzzy Hash: C6017171600200ABD310DF26DD46B36FBE8FB88A24F14855AED089B741D775F915CBE6

Function 017CABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 017CAC36

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: 5c65177402b146c605ce279a9c2f52932687dafadd153aef00c1ea50a9e3f594
Instruction ID: e9c1f14864f22b799e6efd28b6fd9557609e548d3aa6442f7a97716d1cd36bf0
Opcode Fuzzy Hash: 5c65177402b146c605ce279a9c2f52932687dafadd153aef00c1ea50a9e3f594
Instruction Fuzzy Hash: F4019E71600200ABD210DF26CC46B26FBA8FB88A20F14815AED089B641D735B915CBE6

Function 017CAFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 017CAFE4

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: d10eb9b5b8bf31b2b34069124bbdadab1f48a96c22fcc71f04eeed201ea85cb8
Instruction ID: f6c26c5e72959f2333fcf7ecf1254225f34e7cd56d95afd612aadee1774598a7
Opcode Fuzzy Hash: d10eb9b5b8bf31b2b34069124bbdadab1f48a96c22fcc71f04eeed201ea85cb8
Instruction Fuzzy Hash: A601F4746046449FDB108F19DC86762FBE4EF04721F08C0EEED498B792E279E844DEA2

Function 017CA2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 017CA30C

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 65313c0ff98b2c698a34e1f85099b4b0f653fae3c6fc4944282cfb814f13d74d
Instruction ID: 5d2d49dff4a5874823e8d175c8a0b6fb331ede9141ee7197bdbe59ea27ce902a
Opcode Fuzzy Hash: 65313c0ff98b2c698a34e1f85099b4b0f653fae3c6fc4944282cfb814f13d74d
Instruction Fuzzy Hash: FEF0AF349046449FDB208F19D985762FBE0EF04B25F08C0EEDD494B756E3B9A404CEA2

Function 017CA6D4 Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 017CA748

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: c1bf3119ae1bd9e16aa9b747749f49d0115211f2b0e7e364b49ffb958157118b
Instruction ID: 0b8e3c0e3e7284b28d552310e74148a285e9807de941f0d2d79a9afca19afc1b
Opcode Fuzzy Hash: c1bf3119ae1bd9e16aa9b747749f49d0115211f2b0e7e364b49ffb958157118b
Instruction Fuzzy Hash: 2C21B0B59097C45FD7128B299C55792BFB4AF02320F0980DAEC858B1A3D224A908C762

Function 017CA716 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 017CA748

Memory Dump Source

Source File: 00000007.00000002.2881079722.00000000017CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CA000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: da16002cd4b0737610d8ecce063efa1061a413a721618238cacf21d01a969f98
Instruction ID: f8cc5feb6b47f5a1bfcd713a06e797d52c6902119093fc331717856e66920006
Opcode Fuzzy Hash: da16002cd4b0737610d8ecce063efa1061a413a721618238cacf21d01a969f98
Instruction Fuzzy Hash: F401DF74A042448FDB10CF29D985766FBE4EF00721F08C4AEDD4A8B652E279E404CFA2

Function 01C00808 Relevance: 1.0, Instructions: 1002COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881956033.0000000001C00000.00000040.00000020.00020000.00000000.sdmp, Offset: 01C00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18e7568ab0f54849513a07aefccc32b4597e2dfe6ef22c0705a242f10084b860
Instruction ID: f17dc797aead7b0bf233fbdbe52fa9e750c921a0ceb40ecc4f429c1902847b9f
Opcode Fuzzy Hash: 18e7568ab0f54849513a07aefccc32b4597e2dfe6ef22c0705a242f10084b860
Instruction Fuzzy Hash: F331B17254D7C09FD7038B749C929917FF4DE43124B0A86DBD884CB6A3D26D990BC7A2

Function 01BB02C0 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e27d721b34fc67da5009324e3a6064c5e0b4169b52c0d635210e9bf4c3a5f0a1
Instruction ID: 6cf27741bf61fee6c4ca47f81a0ea8999f394b22caa772392ee0d8609b34d775
Opcode Fuzzy Hash: e27d721b34fc67da5009324e3a6064c5e0b4169b52c0d635210e9bf4c3a5f0a1
Instruction Fuzzy Hash: 21B16E35701214CFC718EF64E9A8AAA7BB3FF88350B1090A9E94697355EF3A9C40CF51

Function 01BB0799 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7be0c55ffbc1c5a66dba556fb9d5d47bf86f6efdd19b7a9e3c2288a0a8037271
Instruction ID: 38f4bbd71e34b6803a29cc952c3157e23f6f10f0f7249ccccfc61711ee674156
Opcode Fuzzy Hash: 7be0c55ffbc1c5a66dba556fb9d5d47bf86f6efdd19b7a9e3c2288a0a8037271
Instruction Fuzzy Hash: 47A18E30B002048FDB18AFB4D5A57BE77B3FB98308F158069DA4697795EF798C418B91

Function 01BB0B8F Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93b0676d065e6a3fa79bfb511ea3debe8001b3bc8a453b476c24366b546a1a42
Instruction ID: 6cea5305aa17de8928d17e402ea7a9dd5ce2cacaf98843828e4a3ea448cb8ebc
Opcode Fuzzy Hash: 93b0676d065e6a3fa79bfb511ea3debe8001b3bc8a453b476c24366b546a1a42
Instruction Fuzzy Hash: 1411D331A102186F8F04DBB8D8889EF7BF6EF88218B154475E606E7266EF719C158B81

Function 01BB0BA0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7954e017c7ebb9724e13c54fae3437698eca80cd9f64b0775e093f188e41e90b
Instruction ID: d74f94e48676d91a0643a614dd0dacfc6c317b6e76fccb98d4e4bc47c7cf06c9
Opcode Fuzzy Hash: 7954e017c7ebb9724e13c54fae3437698eca80cd9f64b0775e093f188e41e90b
Instruction Fuzzy Hash: A9119131A10218AFCB04DBB8D8589DF7BF6FF88214B164075E606E7221EF31DC558B81

Function 01C005DF Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881956033.0000000001C00000.00000040.00000020.00020000.00000000.sdmp, Offset: 01C00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c47d41392d8d19baccd76af9172cfc8b80e8017b3afe7092b06c813aa0447a59
Instruction ID: 83152e830dd91db7e1b3b4d51ac4681cd9d4de1f342204f41566fc90bd058115
Opcode Fuzzy Hash: c47d41392d8d19baccd76af9172cfc8b80e8017b3afe7092b06c813aa0447a59
Instruction Fuzzy Hash: 400186B65097806FD7118F159C41863FFB8EF86630709C4DFEC498B652D279A909CBB2

Function 01C0082E Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881956033.0000000001C00000.00000040.00000020.00020000.00000000.sdmp, Offset: 01C00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b34cdfb11a1035d7d16d0967ae635b355b2841a2626a00c8cf0b918e9423908
Instruction ID: 7f6025434568c1d69fc8993b1c5010e6577153821626ba51f7869abd837445d1
Opcode Fuzzy Hash: 0b34cdfb11a1035d7d16d0967ae635b355b2841a2626a00c8cf0b918e9423908
Instruction Fuzzy Hash: 5CF082B69452046BD200DF15ED46C67F7ECEF84921F18C56EED088B300E376A9158AF7

Function 01BB0C50 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a85e6d04b7f4cba7565e60a67ddda816c1f9c4a2d83b5f3a25aa51edbcc4d4a0
Instruction ID: bd1a9a7bca1bf1077d1a6e749049b977c55e7ea1b5f284c81efa9d821eeb93ce
Opcode Fuzzy Hash: a85e6d04b7f4cba7565e60a67ddda816c1f9c4a2d83b5f3a25aa51edbcc4d4a0
Instruction Fuzzy Hash: E0E09271B143582FCB44DABCA8441FF7FF6DB92564B5544BAD008DB242EE35D8028391

Function 01C00606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881956033.0000000001C00000.00000040.00000020.00020000.00000000.sdmp, Offset: 01C00000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6692938c3daac7912acdf67e66f6ffe5a4204b7757503392d6d4047f63c9ea2d
Instruction ID: 0d10411c96d7599c2de77b3134a2eb0f34b2ad7192cfc58d6ed77664d8680200
Opcode Fuzzy Hash: 6692938c3daac7912acdf67e66f6ffe5a4204b7757503392d6d4047f63c9ea2d
Instruction Fuzzy Hash: A4E092BA6006004B9750CF0AED41452FBD8EB84630718C07FDC0D8B701D279B904CFA6

Function 01BB0DD1 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aa2ae1c28cd6593fc810e9cf07a782bba8d7b87c70582c795b3d04aaa030799
Instruction ID: 8c1e8622eafd35af99677a8f6a83a1bd99564bb9c13ac81a8f74c7e88055b583
Opcode Fuzzy Hash: 7aa2ae1c28cd6593fc810e9cf07a782bba8d7b87c70582c795b3d04aaa030799
Instruction Fuzzy Hash: BAE0D82024C3854FCF0BA77888A46FA3FB55B91114F49C0D6E8448B9E7D7A4E844C792

Function 01BB0C60 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0420fd044d104bc1b587ebd7ba0e27c8abe8429d2ef1b0159bf3b14dae22625a
Instruction ID: 4f92462cc5feea1044ed25b70441e1babaf690ad450cfb2ab5427dc8ead8961f
Opcode Fuzzy Hash: 0420fd044d104bc1b587ebd7ba0e27c8abe8429d2ef1b0159bf3b14dae22625a
Instruction Fuzzy Hash: 22D01231F002182F8B44DAB998445AF7AEAAB85558B664479D009D7341EE35DC418790

Function 017C23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881059014.00000000017C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 017C2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25126849c0a68169ddf54f2c1dda961897a0b28b80d4182588e41af2f3ac8ee
Instruction ID: cf4834a5785ef468aec9ff6c7844d2e8408964be3d0dae53dce758713e3dca98
Opcode Fuzzy Hash: f25126849c0a68169ddf54f2c1dda961897a0b28b80d4182588e41af2f3ac8ee
Instruction Fuzzy Hash: F0D02E3A3006804FE3128A1CC1A9B85BBE4AB40B04F0A00FEA8008B363C728EA81C600

Function 017C23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881059014.00000000017C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 017C2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a140dceca8b886dae6d90b87c454e3467f71fedb89712d7d2c3435c4ea46615
Instruction ID: 83f9d679d16422d4f44e61e9da6d792c7c66cd2598856532869be8345c8af28a
Opcode Fuzzy Hash: 7a140dceca8b886dae6d90b87c454e3467f71fedb89712d7d2c3435c4ea46615
Instruction Fuzzy Hash: B3D05E343002814BD715DA1CC2D5F5977D4AB40B14F0644EDAC108B262C7A8D8C1CA10

Function 01BB0DE0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2881908795.0000000001BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01BB0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fa70b35902856eaa19ff796eec8d621b9d6b0d30dd24c5d24926c837f23b0b2
Instruction ID: d58fce3fc6e1bde6bcb09b0145a203ec3f66ae0ad0e78c75aac71cb839677968
Opcode Fuzzy Hash: 1fa70b35902856eaa19ff796eec8d621b9d6b0d30dd24c5d24926c837f23b0b2
Instruction Fuzzy Hash: 30C012303403048FDB08A768D469A7677A69BD0208F45C0A4D5094B651EFB4EC40D685

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.telegramhj.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\35riya3t.qhb\shater.exe

C:\Users\user\AppData\Local\Temp\unarchiver.log

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\000e0422-99cf-4fe2-b591-f9f71f7032bd.tmp

C:\Users\user\Downloads\78d2c4cb-3fcb-40e6-9dda-30a457439ec2.tmp

C:\Users\user\Downloads\a5a63ed2-b295-4b74-8914-8c29f79e61f2.tmp

C:\Users\user\Downloads\d7006076-06c1-44d1-a0b0-a18543e72be6.tmp

C:\Users\user\Downloads\shater (1).zip.crdownload

C:\Users\user\Downloads\shater (2).zip.crdownload

C:\Users\user\Downloads\shater (3).zip.crdownload

C:\Users\user\Downloads\shater.zip (copy)

C:\Users\user\Downloads\shater.zip.crdownload

Chrome Cache Entry: 100

Windows Analysis Report
http://www.telegramhj.org/