Edit tour

Windows Analysis Report
http://www.telegramii.org/

Overview

General Information

Sample URL:	http://www.telegramii.org/
Analysis ID:	1589352
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected ZipBomb

AI detected suspicious URL

Downloads suspicious files via Chrome

PE file contains section with special chars

Switches to a custom stack to bypass stack traces

Allocates memory with a write watch (potentially for evading sandboxes)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Entry point lies outside standard sections

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1944,i,14542417775159232016,7630197861589992790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

unarchiver.exe (PID: 6820 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)

7za.exe (PID: 7052 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\erzzxmog.1b1" "C:\Users\user\Downloads\shater.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)

conhost.exe (PID: 2212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 5252 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

shater.exe (PID: 7156 cmdline: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe MD5: D08BDF8F0948938687A6E0C1044E1962)

chrome.exe (PID: 6512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramii.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Downloads\dcd6a57e-0a6b-48ef-99ac-65e7a289196c.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\c858a26a-b5df-43f4-b8a6-1298ff5996bc.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://www.telegramii.org/

Avira URL Cloud: detection malicious, Label: malware

Phishing

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.telegramii.org
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://www.telegramii.org

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: 7za.exe, 00000008.00000003.2417265463.00000000008C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\shater.zip (copy)

Jump to dropped file

PE file contains section with special chars

Source: shater.exe.8.dr	Static PE information: section name: .g=V
Source: shater.exe.8.dr	Static PE information: section name: .g\O

Source: classification engine

Classification label: mal72.evad.win@35/147@0/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\6f89b358-32b1-4a28-bdf4-216d6461b7ad.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:120:WilError_03

Source: C:\Windows\SysWOW64\unarchiver.exe

File created: C:\Users\user\AppData\Local\Temp\unarchiver.log

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1944,i,14542417775159232016,7630197861589992790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramii.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\erzzxmog.1b1" "C:\Users\user\Downloads\shater.zip"
Source: C:\Windows\SysWOW64\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1944,i,14542417775159232016,7630197861589992790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\erzzxmog.1b1" "C:\Users\user\Downloads\shater.zip"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe	Section loaded: 7z.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Section loaded: wldp.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: initial sample

Static PE information: section where entry point is pointing to: .g\O

Source: shater.exe.8.dr	Static PE information: section name: .g=V
Source: shater.exe.8.dr	Static PE information: section name: .TNH
Source: shater.exe.8.dr	Static PE information: section name: .g\O

Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 7_2_00CF2488 push 00000028h; iretd	7_2_00CF2491
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 7_2_00CF2586 push FFFFFFCCh; iretd	7_2_00CF25D5
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 7_2_00CF24A0 push 00000028h; iretd	7_2_00CF2491
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 7_2_00CF24A0 push 00000078h; iretd	7_2_00CF2581
Source: C:\Windows\SysWOW64\unarchiver.exe	Code function: 7_2_00CF24A0 push FFFFFFCCh; iretd	7_2_00CF25D5

Source: C:\Windows\SysWOW64\7za.exe

File created: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe

Jump to dropped file

Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected ZipBomb

Source: Yara match	File source: C:\Users\user\Downloads\dcd6a57e-0a6b-48ef-99ac-65e7a289196c.tmp, type: DROPPED
Source: Yara match	File source: C:\Users\user\Downloads\c858a26a-b5df-43f4-b8a6-1298ff5996bc.tmp, type: DROPPED

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 7DDFBCA
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 7D0BAFB
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 43DE296
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 75451CD
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 7E92D49
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 7486B04
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 7E5062A
Source: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	API/Special instruction interceptor: Address: 4385284

Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 2CC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 2CC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 4CC0000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Last function: Thread delayed

Source: C:\Windows\SysWOW64\unarchiver.exe

Code function: 7_2_00CFB1D6 GetSystemInfo,

7_2_00CFB1D6

Source: C:\Windows\SysWOW64\unarchiver.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\erzzxmog.1b1" "C:\Users\user\Downloads\shater.zip"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	113 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.telegramii.org/	100%	Avira URL Cloud	malware

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe	8%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.telegramii.org/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
199.91.74.209	unknown	United States	21859	ZNETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
148.153.240.68	unknown	United States	63199	CDSC-AS1US	false
104.21.80.1	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.193.48	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
43.132.105.108	unknown	Japan	4249	LILLY-ASUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589352
Start date and time:	2025-01-12 01:33:57 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.telegramii.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal72.evad.win@35/147@0/14
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 45 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: http://www.telegramii.org/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://www.telegramii.org Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://www.telegramii.org
URL: https://www.telegramii.org/static/js/public.js... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a benign script that handles basic UI functionality, such as a 'back to top' button and responsive header behavior. It does not contain any high-risk indicators like dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily focused on DOM manipulation and event handling, which are common practices in web development. While it uses some legacy APIs like `XDomainRequest`, the overall behavior is consistent with typical user interface enhancements and does not raise significant security concerns." }
$('#to-top').click(function() { $('body,html').animate({scrollTop:0},1); return false; }); $(window).scroll(function() { const scrollTop = $(window).scrollTop(); const windowHeight = $(window).height(); if (scrollTop > 200 ) { $('#to-top').fadeIn(1).css('display', 'flex'); } else { $('#to-top').fadeOut(1).css('display', 'none'); } // if (scrollTop > 400 ) { // $('header .button-box').addClass('on') // } else { // $('header .button-box').removeClass('on') // } if ($('.index-container .section3').length > 0) { if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) { $('.index-container .section3').addClass('animated') } } }); // function getOperatingSystem() { var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera; if (/android/i.test(userAgent)) { return "android"; } if (/iPad\|iPhone\|iPod/.test(userAgent) && !window.MSStream) { return "ios"; } return "pc"; } if(getOperatingSystem()=="android"){ $(".down-link").css("display",'none') $(".down-link.android").css("display",'inline-block') } if(getOperatingSystem()=="ios"){ $(".down-link").css("display",'none') $(".down-link.ios").css("display",'inline-block') } // $("header .nav.open").on("touchmove",function(event){ event.preventDefault(); }) $('#mobile-nav').click(function(){ if ($(this).hasClass('open')) { $(this).removeClass('open') $('header .nav').removeClass('open') } else { $(this).addClass('open') $('header .nav').addClass('open') } })
URL: https://www.telegramii.org/static/js/jquery.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the minified version of the jQuery library, which is a widely-used and trusted JavaScript library. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The behaviors observed are typical of a legitimate JavaScript library, including DOM manipulation, event handling, and utility functions. While the code is obfuscated, this is a common practice for minified libraries to improve performance. Overall, this script poses a low risk and is likely a benign, widely-used JavaScript library." }
/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(o.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:n.sort,splice:n.splice},w.extend=w.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|g(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)\|\|(i=Array.isArray(r)))?(i?(i=!1,o=n&&Array.isArray(n)?n:[]):o=n&&w.isPlainObject(n)?n:{},a[t]=w.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},w.extend({expando:"jQuery"+("3.3.1"+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==c.call(e))&&(!(t=i(e))\|\|"function"==typeof(n=f.call(t,"constructor")&&t.constructor)&&p.call(n)===d)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e){m(e)},each:function(e,t){var n,r=0;if(C(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(T,"")},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(C(Object(e))?w.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:u.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r,i=[],o=0,a=e.length,s=!n;o<a;o++)(r=!t(e[o],o))!==s&&i.push(e[o]);return i},map:function(e,t,n){var r,i,o=0,s=[];if(C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function C(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!g(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle"+1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=function(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;retur
URL: https://www.telegramii.org/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.telegramii.org/ Model: Joe Sandbox AI	{ "brands": [ "Telegram" ] }
	{ "brands": [ "Telegram" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe

Download File

Process:	C:\Windows\SysWOW64\7za.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	62891960
Entropy (8bit):	7.997907680828508
Encrypted:	true
SSDEEP:	786432:77srvs1bSCxuEKvJCDAJ8W/Db6RvFosNCGtXoVaC3DIRJO734MD7EoBRwyV87/U0:3srB0XW/Dm9FFj0KJ04M0Tv7UmNUKBQc
MD5:	D08BDF8F0948938687A6E0C1044E1962
SHA1:	3D36EADA36219A56229A310174A94656C01EF002
SHA-256:	D26E5D31133EA655D4DD0066EF5A850015B20D754ABC5FFC34A1D721D2D3101C
SHA-512:	7EB70D1C8D8281CD020288D3C5728DAFC30385F834984B85803D900C9279AF19DB88ED8E4B07D98C8C7B04D0D739E9A0F00E67595010D8A8A1ABCC13E4C2E5F7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{g.................t...h.......[............@...........................@......R....@..................................n..h.....>..............n...9....@..................................... .>.@............................................text....r.......................... ..`.rdata..PV..........................@..@.data...$...........................@....g=V....a0p......................... ..`.TNH................................@....g\O.....~... ...................... ..`.rsrc.........>.....................@..@.reloc........@......f..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\unarchiver.log

Download File

Process:	C:\Windows\SysWOW64\unarchiver.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1433
Entropy (8bit):	5.127941966145802
Encrypted:	false
SSDEEP:	24:L7qS1fqTiJKiJjWIpYiJKiJUwAiJfMiJKiJFTAS6iJbMiJTS6iJoriJGiJKiJx94:L7jqTGKGbKGKGpAG0GKGp+GbMGhGyGGD
MD5:	6624EABAE76B945DA60AD9D39417D5BC
SHA1:	7791E319FD19A0BEDDF9DC95BA9C7866BBB2AE75
SHA-256:	79DECB01A1361E1BB4E91217A5E964B349A5CE4A83E3BB2883B366D9274F08DB
SHA-512:	0BE659B99F805D626FD4D9A52A6E6E698DFF815C97A635A7F667FCFA75F2CDEBD2D10E9030F2C42A1ACA3C6F8F94B745E4D10F1E592AB68CC1BEF6BC9128DE04
Malicious:	false
Reputation:	low
Preview:	01/11/2025 7:36 PM: Unpack: C:\Users\user\Downloads\shater.zip..01/11/2025 7:36 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\erzzxmog.1b1..01/11/2025 7:36 PM: Received from standard out: ..01/11/2025 7:36 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..01/11/2025 7:36 PM: Received from standard out: ..01/11/2025 7:36 PM: Received from standard out: Scanning the drive for archives:..01/11/2025 7:36 PM: Received from standard out: 1 file, 62506228 bytes (60 MiB)..01/11/2025 7:36 PM: Received from standard out: ..01/11/2025 7:36 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\shater.zip..01/11/2025 7:36 PM: Received from standard out: --..01/11/2025 7:36 PM: Received from standard out: Path = C:\Users\user\Downloads\shater.zip..01/11/2025 7:36 PM: Received from standard out: Type = zip..01/11/2025 7:36 PM: Received from standard out: Physical Size = 62506228..01/11/2025 7:36 PM: Received from standard o

C:\Users\user\Downloads\c858a26a-b5df-43f4-b8a6-1298ff5996bc.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	15878
Entropy (8bit):	7.9820935497762715
Encrypted:	false
SSDEEP:	384:jgWa2pZ6u6GWVrJqYchD2fyXwu4Mf2syUY7cMZDEtPTTG:Zxsu6GWrJu2fVu4M1ylPDEtPTTG
MD5:	23F5295748B895D0BF4B38A15C8367F3
SHA1:	A7A9A394C2D53B01496EC16618FEEF3CFDF5D5E0
SHA-256:	70CF35DB75C0F59B08ADB11FEC2D99F9EE82DC0FD425AEC03516D2FF5002D1FB
SHA-512:	A0E9C1394B32D6A52973C13156ACBBA675998FBB11B104FDFB2F67B5E675ACB6269E4A66CFF048CD5990E6F004D50E436BE47CD8365FE04D883D9357513359E3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\c858a26a-b5df-43f4-b8a6-1298ff5996bc.tmp, Author: Joe Security
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\dcd6a57e-0a6b-48ef-99ac-65e7a289196c.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	7698
Entropy (8bit):	7.9682614377655145
Encrypted:	false
SSDEEP:	192:jgO1oQg2IwZUvN88/an37CGWVr54fs987YchD2f3CnXwn9:jgWa2pZ6u6GWVrJqYchD2fyXw9
MD5:	B5450D3A0106CAFD79BB0739EE068A0E
SHA1:	FA64376E8FF79B55703B1B0A071CF177F394DB2F
SHA-256:	B716B2CDD6B10700236D917056004CD783641F977779ABB3F83CA991401BD739
SHA-512:	8204E3B804B4D53FC40FBE1B9181B2F538F47F23A2573A590128D4DFB56CE6414781BE4F29240B7757843336551BAE5606CA86C3A79F127E828CE80234FCE02C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\dcd6a57e-0a6b-48ef-99ac-65e7a289196c.tmp, Author: Joe Security
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater (1).zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	59881890
Entropy (8bit):	7.935185281411222
Encrypted:	false
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp+:fyzJWdkjrKNtdBo0TqYgmTPL/eb
MD5:	BF7117F81B377B0EC39062ED5076D545
SHA1:	29FC611699B985B535F6A8AB9159B9CF8728DBA3
SHA-256:	BB5E94E21517FD996A511E5C4703E4BC4C75DA705690D4F1725D2055E2F4BE74
SHA-512:	B61A74C0E308EB63B6278CEBFD2391532364A7860DD4A536718C7FE8E2B27EB97C2CACC90084FDC1E16BC74694B6B9D11FB3ADBD92C6CCD1EA74F9E041BED44C
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater (2).zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	31679794
Entropy (8bit):	7.930662363925899
Encrypted:	false
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+:fyzJWdkjrKNtdB
MD5:	CC8A4DD187B066814DC22246CE79AA88
SHA1:	D043D82636BD81EABFD8F9CA02361A8E6587ACA5
SHA-256:	A084080B85CEA1551154ECA1C06D595F7167F414D3F4DCD32AA5A478BDC357CF
SHA-512:	472684F7149B813EF822B87429F0CFEC9C8ECD555AAFA6E0A70A8FF7BF48F91ACB13C00143915ADB72DB5018BAB4F5D1D5684EF90BB56B063CE15D7C2513ABD9
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater (3).zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	5441864
Entropy (8bit):	7.927391897103757
Encrypted:	false
SSDEEP:	98304:tXJd7Ro5xlMIVgiYISdhjyspy8lCF1RBVCc6IGu5jN/HArCHNTzj5n:tX5oXlPpYV/j5pyzRKc6IGuDHAru35
MD5:	BB842ECD1F531503C4C7102CE8329413
SHA1:	317BED03684C7E332B53245E11955FE9B222A0D8
SHA-256:	570C17750849F618820BCCE5A5729482277237FFBDBC119B9F622B77B3A376BC
SHA-512:	B94BE378E6751E54C1211587CAB6D35D0E4FA51A4C8E0918A08858142E04A85D5616251A58F68EAF523C202CA82A87453C0DD5AD7B5A0C22D5630ABC2E20883C
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater.zip (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	62506228
Entropy (8bit):	7.999978556244661
Encrypted:	true
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
MD5:	115C3122F43560D183BF64DF477C0475
SHA1:	EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
SHA-256:	B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
SHA-512:	C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
Malicious:	true
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

C:\Users\user\Downloads\shater.zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	62506228
Entropy (8bit):	7.999978556244661
Encrypted:	true
SSDEEP:	786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
MD5:	115C3122F43560D183BF64DF477C0475
SHA1:	EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
SHA-256:	B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
SHA-512:	C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
Malicious:	false
Reputation:	low
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 177x100, components 3
Category:	downloaded
Size (bytes):	3246
Entropy (8bit):	7.63353263792788
Encrypted:	false
SSDEEP:	48:yMuETA/TF+jxatETHOUUOtEDqkRHKtaWnpHSSc/hZ+rkz+REkk1S+:y3EeQjxaqTHBUOOqkRHKAWnWpkSb/d
MD5:	F3ED0D3BD84852879962E6FC0DA19A32
SHA1:	1243684016A30EBFC65BA023185128622140F25F
SHA-256:	5B74882C83E03E20E98AC8056EBAA3C939E0F3CE270F6A36E55A4F4CA61763D3
SHA-512:	C26AB72143D7C3C15ECCDA8C308CC27542D664D00A6F6EB33B3F477A25E3A1AFF8378A37193A7CFD9976CD622FE2A97D3B34B50DAF8055AB24FC40FE1E65C035
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_voi-cara-mengaktifkan-riwayat-obrolan-grup-tele.cropped_1637589736-1024x576.jpg
Preview:	..............................................................................................................................................d...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....._...e..;...?.~....\|L..f...".....[.....'..#....uk.F+v.Iz......5.:1r..%w.#.i...2:.=.0......i...p\|a...^...3....4...Z.....{.G...bI.....?.&..K.:._...g..K-.b..S.6k.^]#p...B..W.7.\|V..a.^_..?.....My.y.xo..".c..e.....m........x".....m~.X..."....g+....!U..d .{b...*.OmF5-k...W.\|.j~..{....QZ...Q@..Q@..Q@..`..0}...Q..h..4.QF.......

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	5963
Entropy (8bit):	7.890819216630827
Encrypted:	false
SSDEEP:	96:yNEte+VLtNaEhN0kR9P3K+JrXbupDflDQaEOsutmYvx226D0Gs39Z3HxweaT0xoF:yN8bVtNaw7RNKWXbuzE7buYUxGZcZL1S
MD5:	A811B25E799361D0A9A01E22DEDD6DA0
SHA1:	F756BD7B57969CF366AE938C1CADC10F069F7F97
SHA-256:	0329EC9483A0379B12E7B12FC9B6FB67E3611E9D89F773ECD1A365303870FEFD
SHA-512:	E5BC5513DCC42637D450778ADF3BB341605147F167900E9183EADA9D623B14186764C9EA38EABF528510FF5208D36AC8F31EA609E35865F0AD38CE9FA1B728F7
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1702297497-telegram-download-1024x538-1.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(..?+.(...(...k8..H....d.......%...y1.i.L.g.P.&zT7r..I..T...i._J...J.,s.<./&9.$...j.......y;T-&9.#.PI)."..IOAP..}i.NqP.&...I...q.V.f~.$..;T.N.....3c.Q....J:.....>.&."..=*)$.SM.m...PK)=O.I..,.g..Q.."....J...v...{}.Q^....PH.....y..I$.....<....IXW........).f..^.......T/)<.I$.....y=.&.RW.K;.@I'...'.{...._..0..^...I......=....X~.3z.R~._.lu;.>-...eK9.:$2.W._.>.R.........P....8b.&......c...E.^..

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	5.157520760822341
Encrypted:	false
SSDEEP:	48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
MD5:	975B4112A366CCA6B9BF2C84E268268C
SHA1:	97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
SHA-256:	181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
SHA-512:	1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-favicon.ico
Preview:	...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+....)....)..)....)......)....)..)..)..)..)..)..)..)..)....--.............................+..+..............................................+..+......................I....+..............+....+..+..+..+..+..+....+......+....+..+....,..I..................+..+..+..+..+..+..+..+..

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 190 x 114, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	23522
Entropy (8bit):	7.989926584280692
Encrypted:	false
SSDEEP:	384:2bc9wm7MweZ28KCFZAdyoGrcn1E/nUArnRU6RaT6zLJRc2CyivrzZ:JNh8KtTGrcMUAu6Y4eVyijzZ
MD5:	C9D3489D4761913EA3757A82480BFA16
SHA1:	D5BD2730E8E80C464E1FFCBAEB4B3A835C040F27
SHA-256:	152F143C1BE0119B7A854E0E3EEFAC2192B93266F59B1A9D8A3AFE46057F8231
SHA-512:	65E7372551870A9060FD31F6FB3A57ABCB0A38FDD0DDB5E0CA4D03AC49F2EB028B89CF09813598AF09A437D63A67628B67D2D410E42FC2FAB49EA12F1381C48E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......r.....b<....[.IDATx.....e.q..w.9...m3..X..;H. ...w..". %..%..I...KJ..RlG.8....vUb;.EI..D..e)."K.I-.(.".....$..0..3..oy..{.S...s.}......~.{..{N.^~..n.o..H.A.\/.......ED.....D......~.@.._...%.........^ ~F\|..GB....r.l....k.?..R\|'..]0.../Ad...v.......m.8.......M.Mn2?.L._?..rqy.yey;..A.../(........w.P].._..M...`.....9......n.....V...&.t/.(nq....&.?....z.^MV...'.._....T...F@.K.O.i.A...+.[n..\|......!...N.{s.....Cn(..(......~..U./U..?....%2.N..=T.`. ...8...V.M...e.IVD'>....tx.0....p.b i.....v.....E.I..I.z]t..g.(..w.."0n6f..5.u$..n.qo..Z...V.0...)...CvbE..X..je......BD.Mc.uKW1U%...w0.d,.3^F.>du...T ..9,..*..u......n..c.f.w>Y?.q...t..e.~..,.A&..X._..p..T....._.wS.y.....nGd...VR..M.u.....m/.9..Mabt..B..Dg....}+J.L....++..4.....Dp.V......OE&..Q".F3w...U=.-..!.C...u.#...p..N.j<..7.Uj...oOB.....R..v.....Juj.G..N..EU..V\|..l..w.2...7...w..%.$.....M..n..g...9SYG\..G..r.R....c..".C.>Yu.d.m.?!..w..:i..94S8. N>N.'.djj.D..Zn..d.9.y&...

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	dropped
Size (bytes):	9834
Entropy (8bit):	7.910145919030394
Encrypted:	false
SSDEEP:	192:yJUZ8YjH5mpeD9XPy5kKyXvsZolGP2qmUTMYAflKl+lptJ+EXnZ+:yJU5jZvDl65K2tA9FjGEp+
MD5:	FE2A031365FF972B5C79944B69A1C18C
SHA1:	3F123F4BE0E3670DC6DD071A91551AE660B8CDA0
SHA-256:	A3208AEE7C7BFB0EE0BC12C6F2BD86FF7F6C68502D56213FC54E1FA99C749FF7
SHA-512:	BA560546EA28A05C90A06A771CB28CEE3D2BF75F2E8960A209980AD1612E09366CDC4EDF384F0907E17455DC88DFE9D29C77F9833C0E875DD34E3BE7E10565FD
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..s..jW.9..,...U..,m...4...u...>Mx.3Iq.,..`Et...Z......%..d..&.o....%.<+&.;.C1...\|~.:.0X_..I:~..}$..e.s....3..S....d....@.b..........4..X.pTV...e...%......'8.......t...h.4h.G..I.X..c!Hg'i.F2z.+.._/.g.I.Cx{J.OiZO."...o{..z........C....(.o.x..O.L...\|...A.....kt......v..).B.4MVq#a~..I...F.;..e..oD...\|q.WF.g..G._.....b...+I!.....A..U..<'.:.......:D...........O....h....j.........k.?..G'.4.\..c

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 177x100, components 3
Category:	dropped
Size (bytes):	3246
Entropy (8bit):	7.63353263792788
Encrypted:	false
SSDEEP:	48:yMuETA/TF+jxatETHOUUOtEDqkRHKtaWnpHSSc/hZ+rkz+REkk1S+:y3EeQjxaqTHBUOOqkRHKAWnWpkSb/d
MD5:	F3ED0D3BD84852879962E6FC0DA19A32
SHA1:	1243684016A30EBFC65BA023185128622140F25F
SHA-256:	5B74882C83E03E20E98AC8056EBAA3C939E0F3CE270F6A36E55A4F4CA61763D3
SHA-512:	C26AB72143D7C3C15ECCDA8C308CC27542D664D00A6F6EB33B3F477A25E3A1AFF8378A37193A7CFD9976CD622FE2A97D3B34B50DAF8055AB24FC40FE1E65C035
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................d...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....._...e..;...?.~....\|L..f...".....[.....'..#....uk.F+v.Iz......5.:1r..%w.#.i...2:.=.0......i...p\|a...^...3....4...Z.....{.G...bI.....?.&..K.:._...g..K-.b..S.6k.^]#p...B..W.7.\|V..a.^_..?.....My.y.xo..".c..e.....m........x".....m~.X..."....g+....!U..d .{b...*.OmF5-k...W.\|.j~..{....QZ...Q@..Q@..Q@..`..0}...Q..h..4.QF.......

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 245 x 122, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	10075
Entropy (8bit):	7.965005426042753
Encrypted:	false
SSDEEP:	192:08yiR8eR/c+1JoAFkbn8aqKJiWX2qrxk6niF973T1oz8Zu2zSgzsF/6:eiRK+MfLGMsvLFzSgzsFy
MD5:	E479114964B8AE33BD1A6598CBEB2B28
SHA1:	FEC58800576ABC72711C8ACC7D9A4A816631A979
SHA-256:	73F12094B5CC41A25DA18E2BDA2C5FA16E458189F5ECA2DCDDA37070E8F65FA6
SHA-512:	BA9A26EE29F91BF7788D2BBAFAA66CD405373C96610F93CDDDE16B1DADDBA999CAE4EC8B55B77CA870FFEC5A7897E3F4438EC3896935ACA77FF4A372C9B9C7AE
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20231209113044-1024x584.png
Preview:	.PNG........IHDR.......z......5.?..'"IDATx...e[v...nN..h.}/_.[e.....V....e\6S..BB...@.<....L....G.a@.@....W..K.W..>..n........2"#3_d.....E.{.s.Y....V.......B.....KDo.=.3."......B.{\f....2.......}............q...w.........w...{\f....2...=.3z...2......=?.q........}......eF.{\f....e......z.xY...e.B...3..........}...P..{\^(......P=;.q......}}..eF_..q...'(o..p..1.@d.....!C..x...j.y`...(....[.XIF. ..W<.T...4H.a.#,.k.~8....].X.z...g....z.`.d..;f!..V6.lj..[.....;.....{..G..........u...4X0 .5T.q<.PK.3..7?......r. ....[K.'N........}.6...#..j.o..;.$...+.YdJ.Pk...9../."..}?'...K.z.......6.V......o.8.+..o...p.4..._.4.\|\|.@H....z....K...I2..D. k....5.............\.$.....W.Z ....R.d@....g.>.\|.@F$!.$Z..]{-..S...p..o.F.7....LS...ww7.tc.9.........*.D../..=.>g.'"..P..'....-........k....MK$<...C!.N.'.&.....=.`&....+.R..z..A._u.`d...cGG0i..yg.....>...kE,...-A. .$VJT.o?..?\............dK~rP...............~5$.s......V.[.....,...riI"..920......o....c..Z.

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 213 x 111, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	13381
Entropy (8bit):	7.978631033763193
Encrypted:	false
SSDEEP:	384:vc6Kh61C2aH/vOZoe1zFiNAv/fjcGwOKM8kyfF7EMr:rKQ1zimu4RiN2L8OKM8kyp
MD5:	F5BE23C7097EBE8FF3C0146F9ED943FE
SHA1:	EFCE05455497F0DE65DD376BED3AD223D8F0973A
SHA-256:	9D9E5DEBA4E1E9510ECF9E9C1B31A27E297E298804C9572E5FDD7F7EDDE52467
SHA-512:	49D8BF310010C14A65225F5B6580DC4F8C56A51580CDBA4C081F55A29861D9D1A83EA8F69CE7CD7B7943D0CDB664C3E933F9439143BCC80D4A6E29F144EEB121
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......o......s....4.IDATx..}go$I..HS.UtM.....q...{8..t..N.9...O.......}..a%h..p:.N#.wfv.i.nv.{..fF...b.aU....]U].\|..y......x...NC9.....V.....~.......p...6!...,,o.T........P.A^..9...\|..<../...}.pi..y...8.9..m!.f'...\..R.b...j.>^.....E.)@t...%.fGG.....0..tA.[.P._.z.H....2...S]{....ws.........E..).m.E......t..N.._....o.\|.d.{,..(5$.5-.......Y.&.....H.Q.\...u.2.'u2.m.{....A.!)<...;...o..>...,3V..>-.....o..g..\..GB.^..!....a...5..b...-q..(.......F..?..6....C...@......a.H...6...R..X.~.O...?...(Ok.C".\-...[U.\|...`H.,%>.A....J?. ..x..F.6].......>}.Gu\|<w....\T."x5L....:......_....<.@...pa....(Y.H\|\|.<....I\|jO...C..+.H..d...O.."S...>.....$.6.%.e.H.b.?..g..8..1\|.bY.=..}...Y&:.8..pm.5.Xw..N.....F...z.W...J.^..a..F....FE.h9..1..*.L...t.....?.T....7$...?a..l..f.A"&s..H...6. 3[.A;..E_.9-.....7j.V...&..{....:F..=.OP..~#`je..{x.\|..$w....\|B .#E\|(...............=....c..yh....Ei.....p..M.<\|[k..U.....M...5x..W......Hk......{..PE..F.

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 115, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	8015
Entropy (8bit):	7.962101684786648
Encrypted:	false
SSDEEP:	192:SjQh5uwIUVjlFHqDx+MtaGTgsJ0pD3Ff8M6ZuUWFO1iveZaQmnwx:xuwI6j7Hq9Pys8FHmZa1E
MD5:	09F7FBB00E36AEA072D3216E62588EE0
SHA1:	7631AE44009D29EF51F4A9331C0DF15E85930560
SHA-256:	8F4F03D0C1B0FD0F965FCE8A8E324EE9016435623F702829A4F67C5D19ED643E
SHA-512:	DF6178F143D32D01FB425D29941C5F8BB46D401D80FCC017C6807C94DC4EAA31EC2089C6508D7C2524039962981579AC96598A6D7EE4D05A24EC02B686107111
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1222-1024x820.png
Preview:	.PNG........IHDR.......s.....[.z.....IDATx..}k.d.u^........y...>H...+r%J"%Y.l......%..$0.?...F. ........P..I.X..H..$....(.(...r..%..y.<.y_Uu.[.}.wfv..3=.=....<z......9..\|.....9....z..8......w..l...1t8".p@s.c..:..=.#...-IH...2f....q.l.....@........E..n.r)....Y...LO..z.6].....tM[....HH..:.s...d.^..........e0i.EGX2.....%...![+..d.?.H.AC.1..3...AM5...;....X.@\|I..0Tk.nI....>.d.3.5.~Q.9.e.}.(.0fRm.V..\|9..X3yG...1......i.0.^..I.f,:i6..5..<Z1{....N &L..a.....>.@HM.<.....H.F..J..LY0i.l.u0...XU. I.=\..A.....d1FWJKMl:.U1\|^..$.0.d.L\..A.$...r0..Y5+C:...m..B.2.k....?yvb.fR}.k.9..,o..I'-.".$d....cy'.6.....@.......+..A..b$..t...NI.....l..RmH.....\...x&.?...r(.bp.T'c#......5A.J.p..vD2$.....R...t.6.R-Z(..A...Z...i]`.C9..B{2F..n...F...{[@.#.$.+..],....1...f.....f.... .U....H.k.c.....@.#S........HD......E.!...\|2.!..7..(T.1.K.....^._[,J.....H`.c#.~...X$\|J...s,.\.<..&.F.A)....-..^..L_*%.3&).p..\..\|x<o.........2.b4".X.e~..W... n.K.G.z..4...26-e.D...cY.Z.T.^.~

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 109, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	34215
Entropy (8bit):	7.981831865504436
Encrypted:	false
SSDEEP:	768:GcnxVGlB40UMMNqqZj3VYhkCm11va5CLqfz8rmxPLLX3MIzvJuVH:Nn+ruNnZj7DYQLqrxPLL9Dy
MD5:	93885869CB5F149E90600DCCB2170A82
SHA1:	EEB005C342213B91F6ECB94D27E216F7C3A4E258
SHA-256:	65FDE2B70F23AB89F3C04F4FD14B544B5E41D275EFB59653FD12D4C997373361
SHA-512:	FBA6B43B458BD2C8D3B76AD024305833FCA7135916C24D8D53E2DA5FF451DF3A7511B2576BB5FD0EC831CEBA970C4DDDE0C11184CCFAD41D426C3E83585810AA
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-88-1-1024x546-1.png
Preview:	.PNG........IHDR.......m.....b.......IDATx...y.].Y'..3..'..-Y...v.'....NLB.PL..P..jzA.]..4....44U4.kQ@.R..h.(.!.+.c..I...Q..Y..w:.j.o.s.}O..8......{.....q..?.2..#...d./.x.....\|.:X[...a..7.~..wo....c<....\X[[..Y.(.s.....c0.Q.EqL.E.k..PZal)...d........_.....1.Xd....%.#.,"..C..F[.?k..... ..;..d....87Bp{..Z.".R..TDq..L..i$Zi.M.4.8...;4.....m....c..W5x...~.....5J).did....c..&.rD.!.....$..=.....(&.....c.).....AH..iC,A.`..s....q.....t'e..j.;.$I.w......j..R..CVe...Q1..V.....}i..%...0.H0...b.....?..._LZ.d...&Uc...q.$YZU.6...0.k....hJ....,F.`...:..DO..F...:...3b..q/....H[..c.S.}.......[D....4.C.!..B.9....".3J8..qA.!........h.m.......j...O....{$......C........2......{..y?..7...!.~.../..t.....#.P..0......k..L......'I[../.v.v..wx..e...uc...$Iz.......;.......y.1...&.R.D.3..E..e,%s CZ;L..V1..q C k.`...x.u...j..0..;.A.U~B.%..f....3.... ..]..f.a.q3.n...60. .........9...........V..".=.......b...I.!.F..d.S;....K......Tc......?1.o/.......%H@m3..)...o.qv%4.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 170 x 105, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	24133
Entropy (8bit):	7.983664584003387
Encrypted:	false
SSDEEP:	384:nbby0NeamEU3O8LXJxO48hAvEddQCXp+OxvZkUvec59rY5G41Zvx8ib+hvbyaEys:n/yqeaPw97KayXXUOxvZkUvXG5G4jvxj
MD5:	E8AED60EAB94D807AA01B37EF1B13F7F
SHA1:	398C27B805D703A60C3E2A5B2181E3C25DC86130
SHA-256:	6F34B6ABD1CC9EFDF135C031CD9F4A47044EAC609AD80DC356FFC791CFFD2F69
SHA-512:	B2F644244A067808631E587A4C33A58CF9F536427B64AA3A4A297DAF2042DC5FF6C3EF0DB9B68286E33A7C42586CC04BF7C5654B621655009EDA3C554F09FE36
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......i.....%h/...^.IDATx....f.U&..F.[.=...U.J-.f...e.-l.nC..v....9...{z.if....sf.....ihz..`..x..[.....VI....._.{.q.D.{..r.E.g....\|K.X....!..}.1b@......0..1...~b..V.....P..../......."_2._...R 1Zw...l.1c.!..0.C..6..1.....X...xE.+....gA..n3..gD`.^.@..1..Z%.?.....?.LJ....HFd.U..)..^......u`~.CF.,{_C.........^.../7...7...w..1._@. ....t-..U.\ ;vv&.../...;........_m.2.0.0S.i.rvR..+&..Lt4..S...1&8+....90.2...P.QT...L+..A.._.............~.b7....W.v....[./..".~..e...`cS..l.".d.l.LZ...AV,+...Ad.G.1.#v.3w......^.....S.q.o.!.q...Ck...hN.I.\|.....OX..L..'..#..J..H.lg......+...h[i..u....N..;E.\|B.$......vd... .....DFP.uY....h.f........`....q......e..XZ.0z.}...e.8.7.`...,S.6....Y.\|"Z._...e..D..l.v4+S.....K.....i....;....w...`...jMa.]y..?...z.(..._(./...wB!.7....pnx+..A..z`.G".<.(...Bb....#..T.n.....SX....K+.l.=:`dF/...Vq.^+f.p.q.. U4`&.F..]c.....{k".9.....(W..7C.y...l....0....q....[..=........N.3../.c_z....}.dj..........R..

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 187x112, components 3
Category:	dropped
Size (bytes):	6620
Entropy (8bit):	7.921898058291516
Encrypted:	false
SSDEEP:	192:yRWoplGr/T3ba9eckIQqLJh2hG2rfBDYt6IPOqZm:yRWoplGr3a9eckIPUhG2rf0mqZm
MD5:	EE12AE8E6F2563706CED238BBA47F838
SHA1:	7253116387F119B9EC838B41DAB96DD13FAC4D76
SHA-256:	B3B47D264FD53307D39169B6B2E6CC476D001959F0DF13143341A1C711185A60
SHA-512:	E7A99881F74C9BF8B9D4BAAEB376E629A48E848C0E64020C49F947E291ADA6E36555A90B5EDB601C0A93662B07E2CAC47E6F2B808529490D58BFBC8CAB75F973
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..#.8..rsQF9.J....Z...c..jUR.I..3.RS[..QEY-.(...v.QW.7.o...UM..z..{!.Z..4.....s.QV.4..IF+v..l.....(.I.~.j..W._........MK.o..c......B....I>........>..&....C.j.........;.>.....G.T....G?)>9..#.Un.2O.?7..]y.sO.N1._,[...+iM..=....3.(#..>....n.(.jB2....y.R.2..5-.Wa.P....;....\..R.?... .5....R.AS.Y.tA..G..OaV...W.X=.....&1..W8...8...2[..rs....G T.Q$(.....]..o.....I.....$.6.r..X.pdn.....\K.*

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	11210
Entropy (8bit):	7.923835560431023
Encrypted:	false
SSDEEP:	192:yNVWOYFuRr7uLbsGLVP0NeRpsvMg1OH3CWw+CCi0MjdilGWYv5Ce65G0cAiW:yNVWOY8lbGLVSPo5xWjdilJG0c7W
MD5:	B5B24B1CC20F2EE2D469BB46243B6449
SHA1:	49D06A1896F73A5545248CD5CE668948C8AA1EF8
SHA-256:	A7A0694ABD59D1774A1DBAABB9E1939B78553648E13F5B9210233D7D37837E33
SHA-512:	E30C9B3C786E9598DCD6CBC33B3D8D8B486154CBA7FD27855D123F84D96B5E379BC35096C5E7261AC388FC999D4444965304A57AC586EA2BFEF0ADD2A3E2982B
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...............U...bl..Ny.Zi.}:9.;..,z.H..28..'.sa.T.%}..........p.MImm[L...g.J.[.,.......22..c..k.4.........x..v@.....pH#8.D...:T2.z.k.RG..6./,.t..,/.Z)c,.F.8?.#.9.VL...?..o.L.....\|.....R.......r.cQ.u.m.&.0.C..J.m...s.D.c.Fq..>m....Z2....6Ish.lou.....1X.4...uff (..$..........O..m...}GZ...6..[[.d.$V...0.[.[.......M.$.x....5KB......Z..'.&....r._....~..D..k.?.xGS....Io\|7..;.7.@.(I..b.

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x112, components 3
Category:	dropped
Size (bytes):	5985
Entropy (8bit):	7.831035620841423
Encrypted:	false
SSDEEP:	96:yEE7qnszK+NpTQzwZbki/HBNfNAny1LCtdciLxummpZGbSBF9:yEAqnR+rbkCJWtCiBm/GY/
MD5:	9D22CD1D2CCAC9A06BF44C137CB719C1
SHA1:	FCD10908E1DE5990F8EB9B54421C6F35978B9769
SHA-256:	1A17CAD5D7AAF9AB43FD9BF1F54430E72961F56AE756DDDE1C6AD5CDE211B23B
SHA-512:	9D1A2C081D78254C0804FB14B178C0AF41209DE3481EE29FB0F346AB5F1F1275A798D5E74B914ABD3EDBF4936C4F2ECA278D3CD61DDDBCE7607751E80A2C9D2D
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..W.....:...[hz..s{{{p.Y.....q+.T..Agfb.P.$..}.....+._ixG............"..._N..0...+.,..H..........0..i..8..W..6.+....'...+..bvu..../.;._.k.r......'.C....y...m.....".........F........E..g.......?....._s>.......q..?.m.W...O..$Q.......^...t../...H..W,...........~;.}..g.tW.....N..G....j?....l.9LZn.%..O......../3..-.l.@ .^)]t...:rM>....)..Y.?0..+B..(...(...(...(...(...K......\|y.....U.k{.S.....?..p..W.u

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	downloaded
Size (bytes):	9834
Entropy (8bit):	7.910145919030394
Encrypted:	false
SSDEEP:	192:yJUZ8YjH5mpeD9XPy5kKyXvsZolGP2qmUTMYAflKl+lptJ+EXnZ+:yJU5jZvDl65K2tA9FjGEp+
MD5:	FE2A031365FF972B5C79944B69A1C18C
SHA1:	3F123F4BE0E3670DC6DD071A91551AE660B8CDA0
SHA-256:	A3208AEE7C7BFB0EE0BC12C6F2BD86FF7F6C68502D56213FC54E1FA99C749FF7
SHA-512:	BA560546EA28A05C90A06A771CB28CEE3D2BF75F2E8960A209980AD1612E09366CDC4EDF384F0907E17455DC88DFE9D29C77F9833C0E875DD34E3BE7E10565FD
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1490-1024x576-1-1.jpg
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..s..jW.9..,...U..,m...4...u...>Mx.3Iq.,..`Et...Z......%..d..&.o....%.<+&.;.C1...\|~.:.0X_..I:~..}$..e.s....3..S....d....@.b..........4..X.pTV...e...%......'8.......t...h.4h.G..I.X..c!Hg'i.F2z.+.._/.g.I.Cx{J.OiZO."...o{..z........C....(.o.x..O.L...\|...A.....kt......v..).B.4MVq#a~..I...F.;..e..oD...\|q.WF.g..G._.....b...+I!.....A..U..<'.:.......:D...........O....h....j.........k.?..G'.4.\..c

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 299 x 149, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	72809
Entropy (8bit):	7.991474133347129
Encrypted:	true
SSDEEP:	1536:AZfNghoiwCiLl2GkMv9tVJ6dAbwjxgeV505ccErKGhGpnS0xO0Fr:AZ1g2iwz2tMVtVPIgeV5Kjy3MxO0F
MD5:	C4FC61738D3D6C744FD1990A9BE890AD
SHA1:	4A0B3AC05914EA7B72E3AA7FF70021FC79813F19
SHA-256:	404AE61BDEF5E896E2D4417406F62A42EECD1A9460C4FE884E033230970E7AFC
SHA-512:	5F95CF60B6B5C6A42A5ECD985D1FAA2B2C876C9C5A258632AF9B4689C214D0A84ED069EAC87E21F9D4D351A34B9C5BE56A4E236C2824A83040EE6A6EC982F057
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1688906340-1646515406117222.png
Preview:	.PNG........IHDR...+..........qKR....IDATx...[..Yv.4......s...jWuW..v.c+.P....q7..yM.!.. ..<......((..E.XB"B".."m.XJ.....t.9u..u./s.1..c.uN.A...>.k..Z...c\|.7n.....W...[kc...$....,Xb..!x.......#c.pp.Y..`.. ..(?..}.`..@..X..#..yl...#.g.....].1...`.0.c}#..,....v.:..q.+d.l..k.\|..T6..^.].....[.8..Xo..p,_:.vc...'......8.........A&2..k........_.`..>...l.1.H.D...,.R...Rv.F#.....R+qa...:.w&@...s...h.. ".k,.k.T.,.....BLiXu...:....2X.{.TM.F/.K.<.<.e.y4u6T....ur....su+.....R).".R).\j]j.X3r.r=D@.Y..<...M..~x.0.$.iX.O..03!._.qk...6..>..p....cn.8.'.x.e..Y."..b4!q..{p.x.6.yl.EO........8~...?..~t.'.l..}_..R.3..........Wkq.u].b(D.n..Xk]..EWe=LL>9o..*.qL..du.@.PLW.;9v..R..b.^.CWD.@V.915f....@,.x'...>.....b..P..A....1....q..G..G#4b...hld..u.&..h\...z..t.l{.............&.....p18........}......_.y...Ka9.bv..<......~?n..~..o....3.1...............4y..3..3T6..2.l..0USIl4.........O_......u.=.`..+~..bJf6.+.\.q....7..#.^..........d}.^.y.so......R.9..<.....w.]x7....

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 299 x 149, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	72809
Entropy (8bit):	7.991474133347129
Encrypted:	true
SSDEEP:	1536:AZfNghoiwCiLl2GkMv9tVJ6dAbwjxgeV505ccErKGhGpnS0xO0Fr:AZ1g2iwz2tMVtVPIgeV5Kjy3MxO0F
MD5:	C4FC61738D3D6C744FD1990A9BE890AD
SHA1:	4A0B3AC05914EA7B72E3AA7FF70021FC79813F19
SHA-256:	404AE61BDEF5E896E2D4417406F62A42EECD1A9460C4FE884E033230970E7AFC
SHA-512:	5F95CF60B6B5C6A42A5ECD985D1FAA2B2C876C9C5A258632AF9B4689C214D0A84ED069EAC87E21F9D4D351A34B9C5BE56A4E236C2824A83040EE6A6EC982F057
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...+..........qKR....IDATx...[..Yv.4......s...jWuW..v.c+.P....q7..yM.!.. ..<......((..E.XB"B".."m.XJ.....t.9u..u./s.1..c.uN.A...>.k..Z...c\|.7n.....W...[kc...$....,Xb..!x.......#c.pp.Y..`.. ..(?..}.`..@..X..#..yl...#.g.....].1...`.0.c}#..,....v.:..q.+d.l..k.\|..T6..^.].....[.8..Xo..p,_:.vc...'......8.........A&2..k........_.`..>...l.1.H.D...,.R...Rv.F#.....R+qa...:.w&@...s...h.. ".k,.k.T.,.....BLiXu...:....2X.{.TM.F/.K.<.<.e.y4u6T....ur....su+.....R).".R).\j]j.X3r.r=D@.Y..<...M..~x.0.$.iX.O..03!._.qk...6..>..p....cn.8.'.x.e..Y."..b4!q..{p.x.6.yl.EO........8~...?..~t.'.l..}_..R.3..........Wkq.u].b(D.n..Xk]..EWe=LL>9o..*.qL..du.@.PLW.;9v..R..b.^.CWD.@V.915f....@,.x'...>.....b..P..A....1....q..G..G#4b...hld..u.&..h\...z..t.l{.............&.....p18........}......_.y...Ka9.bv..<......~?n..~..o....3.1...............4y..3..3T6..2.l..0USIl4.........O_......u.=.`..+~..bJf6.+.\.q....7..#.^..........d}.^.y.so......R.9..<.....w.]x7....

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	86923
Entropy (8bit):	5.288942392211126
Encrypted:	false
SSDEEP:	1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
MD5:	B72AFE07A6F6F477120F3B0803D0A983
SHA1:	78EF8329A917D65F8BEDF5E1336724C6F5B80404
SHA-256:	F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
SHA-512:	823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
Malicious:	false
Reputation:	low
URL:	https://www.telegramii.org/static/js/jquery.js
Preview:	/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 200x100, components 3
Category:	dropped
Size (bytes):	11865
Entropy (8bit):	7.90957546074538
Encrypted:	false
SSDEEP:	192:yCCJUEcb5PsbDXaiNI8JB1ERAdsSmsokO89zCr+9RmzKaV6Ux/qmOkXgfo:yCCK/P1iWlAdskokbzGzKaV6Ux/qmBgw
MD5:	560E353A5048DCC9E58DAA900882F13F
SHA1:	8A658BC4C003BA7C60F64C31780C476A4B35B48B
SHA-256:	3436BBA243389E5C3B89D29F6219BBEA78F315752A8B16E9BD8B69B18E0DD1A3
SHA-512:	4E13852723C6A24A89B776D3CC3237FB91AFC168EBE71489CE34B22350C7FC0F0997C4E69A2B8B676D807A2B5D48E015732BEAD1FD84E9949AB5C4DF0935E6D1
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................d...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...c..hS\|....<.\...^.....2....._.._......?..wT...:c...T0o...lu...5n<...z....E........e..z.....i......+'....(R..O...J..j...G.....M}.N.Q)f.B.2B.4.J..{...M..U=.............e...?..8......j:...0E.H._.4.9..K.R;*/s^.:m......q.U...NO.HS.>.y...A.V^... .j..z.J.+...>....m...x........Un..k.e.4h....bX.....c.K.......4...6._..\.g'.f.....RG...Y.H.U.......w....9..t...\.o{..k...f.:....K.Y.y-[...k.

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	dropped
Size (bytes):	12901
Entropy (8bit):	7.909506568406205
Encrypted:	false
SSDEEP:	384:yJO7Rx2tGfNjJv5Ne//OruSnf/Hn9V2X25u:8IFfhNfqS3Hn9A
MD5:	BABC5C0EEF0733F717A03E9889C55FD8
SHA1:	1EE6549773274ACF5535677B4BAADA0177AFA0B2
SHA-256:	6AB3B79D89D527EB7B27DC159100247F71F3A026565BD81857FD8AD700C7E270
SHA-512:	4D0F0FC992A1E53B7F0A89DF48994B08B07177260098D17058FBE914B418D230E874721DFD4F3393008A1EC0FFA431C723172CD0C7DAAC4E0FA85BB498A29027
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..q.W.W...'.\|%..-..."..f...t..../.S.W...Q.Y..Zdg,w...~..'....n..Z_..o5[...[S..?d.........G...\..:_.._XG...a.I..w;...H.,>_.e.0x.,S.9..).qRN/g.I.=ny...R.8G.......Vr.2..(..%d.4i.D....i..\...>(\.Mcw,.,PG............?...o....\|-.K4...HZ......].......P..~.x$i....._.v..da.v..q.........+.....m......z...&.$d...E}..p.L.0.i..c ..:.-..vZ......`3OeS.\|..yj4.2W...&.t..'...oO..-.....\|_.5y<I..Fi...Y...zWS

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 200x100, components 3
Category:	downloaded
Size (bytes):	11865
Entropy (8bit):	7.90957546074538
Encrypted:	false
SSDEEP:	192:yCCJUEcb5PsbDXaiNI8JB1ERAdsSmsokO89zCr+9RmzKaV6Ux/qmOkXgfo:yCCK/P1iWlAdskokbzGzKaV6Ux/qmBgw
MD5:	560E353A5048DCC9E58DAA900882F13F
SHA1:	8A658BC4C003BA7C60F64C31780C476A4B35B48B
SHA-256:	3436BBA243389E5C3B89D29F6219BBEA78F315752A8B16E9BD8B69B18E0DD1A3
SHA-512:	4E13852723C6A24A89B776D3CC3237FB91AFC168EBE71489CE34B22350C7FC0F0997C4E69A2B8B676D807A2B5D48E015732BEAD1FD84E9949AB5C4DF0935E6D1
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1642539368-5b6223954f1937137805a2ff6a5b7f17-3.jpg
Preview:	..............................................................................................................................................d...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...c..hS\|....<.\...^.....2....._.._......?..wT...:c...T0o...lu...5n<...z....E........e..z.....i......+'....(R..O...J..j...G.....M}.N.Q)f.B.2B.4.J..{...M..U=.............e...?..8......j:...0E.H._.4.9..K.R;*/s^.:m......q.U...NO.HS.>.y...A.V^... .j..z.J.+...>....m...x........Un..k.e.4h....bX.....c.K.......4...6._..\.g'.f.....RG...Y.H.U.......w....9..t...\.o{..k...f.:....K.Y.y-[...k.

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	dropped
Size (bytes):	9023
Entropy (8bit):	7.888582845403039
Encrypted:	false
SSDEEP:	192:y9URiK1ThhHwT0hE96CDfmo1WwKTP+0mO8t7q:y9UoKRwT0hE4m+nwKhy0
MD5:	A04392B322A467B6FA53E08C951B630A
SHA1:	1CC445D21BFCF17CD4981718597B89FA9066C5EE
SHA-256:	3219A07B396FF9D134675CA29D772CF2938770B358E54BAB329D2884FAA1135C
SHA-512:	235E5EDBE36D422570E63A776EE3F66AA01380432B170EC59E60032031F598E2F99CBC0E16069930D27A5933768224E2DD58E8ACD9F0062C650A5A32CF05DCDD
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......I.k..q...0.$.xU..O`+..f..%.......[..m.G.../.5....:..yc..N...m.a/...We......yw.-.+o.~".[.$...8.$l=yVa..P.....~1....$.I..h6.d.......H..A..\|.@.....O.x.(qL..."tiQ.[.nQRm.get.{i{]...6S.b.X.q0S.I4..J.%.F..K..o...O......?....to.[...m.x.;.^.u-..4$.......^Yo.jx........................'....e..x.T....jv..s.....6.#v.1b...Y..'>...!g..[...\|E...:t+..C.h.j.s.l....$q... W..x.e_.......Y.K..@.

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x118, components 3
Category:	dropped
Size (bytes):	10751
Entropy (8bit):	7.906583331916719
Encrypted:	false
SSDEEP:	192:y0OYfP04BRQrPYyzAR/X0XqA2yWpkXtj97733QTIrgRPOxodPn5:y0OeronARh6Xtj93gIrgRmxk5
MD5:	0F0AA14D1C150BCC3DF8A1BBA148B3D8
SHA1:	6CDC0798E359F0AF9B5EBE626D876F32737707C1
SHA-256:	E82D176A429B81AB8067F9631A11F2258B2AC796705F164E66781B4D9ACD0D7B
SHA-512:	30D767212D0EFCFD3432651BD6FB4BA78F89F5344778E6C4E7FCA6D399C9444F246C1D40EE5EA74E17C4F69F7817A7C80C222FFFB5BA8062E8B1DE81674B5AB1
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................v...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...f.~s...........~...8.3.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RPHPY..u$...o...F.....T.78.Uc..........$...v...T.En.'."...o............X[......K....q.72..:UL.J#(.^...(.4......Tno...HHQ....N*..k......Y..........$....FG.P...oV5.5t.......}R..$...ON..P...?ZJW...I@..(...(...(...(...(........R...J.BO.j.%

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1504
Entropy (8bit):	7.822690331974615
Encrypted:	false
SSDEEP:	24:vnITClnOzdtJ0mp6oXf8yTwjGz5ycOohdz6WWgei4Smf1rpVdc6N7oXB7f:vqdcm0+f8AeGzROWdzfgdb3NGBL
MD5:	A6C494041395F493B5C9A35EEB9D9B5B
SHA1:	3CAFF067C78EC36F992335351FFDF19B526AB45E
SHA-256:	B1816C471F0BB2863EF22009FDFBDE486F596BC22765DAE314BB9FF50AAFD752
SHA-512:	29E4D39AF7EA51F0D15120ECA454D0BD3A72B8EA58F8C851A679AFC1FC7E81EC7796CA8DF9926BEAFCBE1BF402AF0BFCB30A1791A8C7EA15AF367530EEF6FAE6
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...3...3.....:.0....sBIT....\|.d.....IDAThC.ZM..7...u......wy1<..x\|....$.a...9....O`...e.\|..=<..LK.jh.?%ZRwg.^...R}..qV...m.+.;..&..p.;I.9..)..J...V?....K..`...\.......L16.2..w.....t....o`s.(T.0...=...Iq;.T.m.Z.i.6o.b.BA.u.^q6\.j.6......6.<..e....f...Rl.Z..o.+...or......b........TW&.......0.w:i.._.../...`d./....]...H.A...\..,@.`...%.....R.....?..r}._..&.!..9......S.....oP.....c...l...o..~L.Ulz7.].hj..$..8....1.........K...........j..L..Z..lP.^.7.W.V...Q. ..)c?q#:..Z.=yP.c..k.7`G.:v.8..).&i.....O......4W.S...pS1Q.B...._Di..<.o......h#.q.czp.......6....o....%........z.<_4\.=yx^0...\..H..<.....MF.........S...` .l.RqU/.Z.V.@:.{..{...)...y"{..A^c.."{.... ey......+.X._Y`.@..2..)..R...P.7.'~..b./....._.`(....sJl..8w.re........7.Y...z.....H...L.j..Z....`.1{.u...^6.TV.v...G.\hQt..q<g.P........]Y...A.......p...D.....1Q.T..Q...1.LQ6CxI(k.q..&............R....S.1.f%..d...M..)....M.3...:..R......3...j.....m[A...1S.2..r.$...+\|...

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 213 x 111, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	13381
Entropy (8bit):	7.978631033763193
Encrypted:	false
SSDEEP:	384:vc6Kh61C2aH/vOZoe1zFiNAv/fjcGwOKM8kyfF7EMr:rKQ1zimu4RiN2L8OKM8kyp
MD5:	F5BE23C7097EBE8FF3C0146F9ED943FE
SHA1:	EFCE05455497F0DE65DD376BED3AD223D8F0973A
SHA-256:	9D9E5DEBA4E1E9510ECF9E9C1B31A27E297E298804C9572E5FDD7F7EDDE52467
SHA-512:	49D8BF310010C14A65225F5B6580DC4F8C56A51580CDBA4C081F55A29861D9D1A83EA8F69CE7CD7B7943D0CDB664C3E933F9439143BCC80D4A6E29F144EEB121
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-169.png
Preview:	.PNG........IHDR.......o......s....4.IDATx..}go$I..HS.UtM.....q...{8..t..N.9...O.......}..a%h..p:.N#.wfv.i.nv.{..fF...b.aU....]U].\|..y......x...NC9.....V.....~.......p...6!...,,o.T........P.A^..9...\|..<../...}.pi..y...8.9..m!.f'...\..R.b...j.>^.....E.)@t...%.fGG.....0..tA.[.P._.z.H....2...S]{....ws.........E..).m.E......t..N.._....o.\|.d.{,..(5$.5-.......Y.&.....H.Q.\...u.2.'u2.m.{....A.!)<...;...o..>...,3V..>-.....o..g..\..GB.^..!....a...5..b...-q..(.......F..?..6....C...@......a.H...6...R..X.~.O...?...(Ok.C".\-...[U.\|...`H.,%>.A....J?. ..x..F.6].......>}.Gu\|<w....\T."x5L....:......_....<.@...pa....(Y.H\|\|.<....I\|jO...C..+.H..d...O.."S...>.....$.6.%.e.H.b.?..g..8..1\|.bY.=..}...Y&:.8..pm.5.Xw..N.....F...z.W...J.^..a..F....FE.h9..1..*.L...t.....?.T....7$...?a..l..f.A"&s..H...6. 3[.A;..E_.9-.....7j.V...&..{....:F..=.OP..~#`je..{x.\|..$w....\|B .#E\|(...............=....c..yh....Ei.....p..M.<\|[k..U.....M...5x..W......Hk......{..PE..F.

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 240x113, components 3
Category:	downloaded
Size (bytes):	7705
Entropy (8bit):	7.911099322873193
Encrypted:	false
SSDEEP:	192:yLA8DBTFsHzOf5cmETpJzpPchoqkZowIuyPCxP:yLnDBiH6f5cTpZ1D3awIrM
MD5:	1A003D47608336EFFA12D901CB3E50E2
SHA1:	2AC6BF734E5F7232E9552862F4FA9FFECBDB8A76
SHA-256:	61E78EDC9AA251EB3FD785493B7D2F2DC4048A40CF47A0473A48B1E4A392C5F4
SHA-512:	F0AF9BE09BE734038C8385006B2FBC199A320800DD106107B67DCA39824C8AFFB6EB3ED18D0E31E8F410E807D783932579F3D03EB9571563EA866AFAE6D05F69
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064757.034.jpg
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....<.8....x.'.F......]....~.....\|.O..B.=.......xo<...]u...~..W#....+.b.7T.8......J_.F...]...@....v...c..>.{$p.....?...9.?.....a.T...Mf2}E..7.{...Q........(....".Q.S..}..g......X...s.._.].h.?.~T......fMu%.83.._.L>....W]......I8..I.`.U...A...j.,...\|.2....R/..#g...._+..%p..e..].......&.B.Ns}.S.[#...w8..G..Qu$...z.d.l...6{.Q?...?.A.?.'........j...>i..`R..x..u..'......k.t.\|.G...?..?.~...^.,W..

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 115, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	16489
Entropy (8bit):	7.979724067217304
Encrypted:	false
SSDEEP:	384:ZkX15rkyKMrGfmzppPMzBMmHnuRjVXhIyOKHuB0xPbzbS4aQ4biG9:KXrSsGOzj61Kjh2yOxS/Jcim
MD5:	CB233C7E09308384805A4B87723F1C96
SHA1:	1E18A68A0E3DACEC4A759AA215C3454601B11DB5
SHA-256:	407EDCBD948A6CF243BC5492D127AB1A8A23B4F401776B04AEEF305129A2AEC4
SHA-512:	4B02548E73314342BB8F41B6F934B7E56AB5BC5573C8CF7A2F2C6A3EB1AD099AD5435B0AAB3529DB20A218BF34E9842E7F9D787A0E8C3713D7811C0B00E1C473
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......s.....[.z...@0IDATx.....Wy7..s..^.....rAr........C....H .S.4 @b.....P.06`..dY.$...j.....s..33..U.{W2....Y..s..o.^.xz7...:.9...PY...D.Q.B.D.H..2O...4...5."....?..^.d..-O.:p....P^......6.....I$....\|.../.u\|.3......%..3O.o}.....5.PY.......;.mR.w.R..@.._9. ..Ba.G.k.....;.=..c.d..N..=g....>q...U5...Q&..6q........_.u........_9. ..$..^z...].{>.J..QrigP.Z0..-..5&..o.O.m{..u..Y..PQ......+.m...^Y....j.........!.....K..@...\|nA......./l.w.....to.PW[......j..(^.....SG..kj....J...x......s/+II.!..g..P.....U.0.;...djx#".e!..3..^..fL..Sn..dDJ......z.......L...%.....m.....@.z....$O.n.~...%J.......`........x.U....{.K..}+2..t2..F.CNG..:.......h._6W~.K.n. E!s...Pn.KB.L...U....R.2@......A....a".L..<...cK...\..S.o<.?s.}..I.,..:((.L!.o.\.....H....g.;.44..r.'A)%..s.3.....P........F..5......%.........j..=....9D.....s..y.....<Mk.`.w..c.S..6...o0_.!..a....kM.`...]....U....9fiQ)U.b.....QuCD"....MrQ.`B.*.w3.F..t%...(.~.B{.~.T#.....M.

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 171x109, components 3
Category:	dropped
Size (bytes):	11966
Entropy (8bit):	7.952304715543092
Encrypted:	false
SSDEEP:	192:yoxMmoT89eiYXrpk2gXbHXOx6fQbXrGcAKAMEZz4E8VY/8RkB2zFVH6Rng8+5N:yoxMPPbDubHhfUpARrzB8VY+kB2zKJgB
MD5:	42C20E616AD8789E6C0FF634E8E4E242
SHA1:	31C068206637D0D7EF3E6FB4590D7684719BF91E
SHA-256:	AF70F8D4E68CF6927216E5BA008595924C1F7C50119F4B8EDA3CA2EE1A6B2872
SHA-512:	ABC41BE1426EC4C57B988DD7F4A82B28CC579B315BF3AAD3933965A7BCF97E90C3665E7A3B5198F74F8DC130AC139BA3EA446C1F669402EA8917137B80632DCF
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...B..e..&V...8g....f.,V.l...rL..f...k..4.n..[.^'\.^.G.u...t..Sq0.;t..H.E.....8.+..0.D.u.....!M...7.q..?.P.b (f....Y.....<i{........z/.</.6...-..vQ...J..X.du.MyW.5.).Iv4.../1.rd..i...f..:.e5.oC....b...fm.Q.Y....&9o.j..c..E.Q...>.J.=........=....u...h~...[.......fb0...);.\|f?..[f%.i..[.1..S.........{o...S[}(....\|.P>.g#...3.I....]\|;..i^6...q$v..+....x.....J..^.&.......p..:....h....>.9...%J4f..k.o...

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 190 x 114, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	23522
Entropy (8bit):	7.989926584280692
Encrypted:	false
SSDEEP:	384:2bc9wm7MweZ28KCFZAdyoGrcn1E/nUArnRU6RaT6zLJRc2CyivrzZ:JNh8KtTGrcMUAu6Y4eVyijzZ
MD5:	C9D3489D4761913EA3757A82480BFA16
SHA1:	D5BD2730E8E80C464E1FFCBAEB4B3A835C040F27
SHA-256:	152F143C1BE0119B7A854E0E3EEFAC2192B93266F59B1A9D8A3AFE46057F8231
SHA-512:	65E7372551870A9060FD31F6FB3A57ABCB0A38FDD0DDB5E0CA4D03AC49F2EB028B89CF09813598AF09A437D63A67628B67D2D410E42FC2FAB49EA12F1381C48E
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-88-1.png
Preview:	.PNG........IHDR.......r.....b<....[.IDATx.....e.q..w.9...m3..X..;H. ...w..". %..%..I...KJ..RlG.8....vUb;.EI..D..e)."K.I-.(.".....$..0..3..oy..{.S...s.}......~.{..{N.^~..n.o..H.A.\/.......ED.....D......~.@.._...%.........^ ~F\|..GB....r.l....k.?..R\|'..]0.../Ad...v.......m.8.......M.Mn2?.L._?..rqy.yey;..A.../(........w.P].._..M...`.....9......n.....V...&.t/.(nq....&.?....z.^MV...'.._....T...F@.K.O.i.A...+.[n..\|......!...N.{s.....Cn(..(......~..U./U..?....%2.N..=T.`. ...8...V.M...e.IVD'>....tx.0....p.b i.....v.....E.I..I.z]t..g.(..w.."0n6f..5.u$..n.qo..Z...V.0...)...CvbE..X..je......BD.Mc.uKW1U%...w0.d,.3^F.>du...T ..9,..*..u......n..c.f.w>Y?.q...t..e.~..,.A&..X._..p..T....._.wS.y.....nGd...VR..M.u.....m/.9..Mabt..B..Dg....}+J.L....++..4.....Dp.V......OE&..Q".F3w...U=.-..!.C...u.#...p..N.j<..7.Uj...oOB.....R..v.....Juj.G..N..EU..V\|..l..w.2...7...w..%.$.....M..n..g...9SYG\..G..r.R....c..".C.>Yu.d.m.?!..w..:i..94S8. N>N.'.djj.D..Zn..d.9.y&...

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3393
Entropy (8bit):	7.861381453330033
Encrypted:	false
SSDEEP:	96:k6V1NQz8ZW1B/+bs6/qHgzraL//qt9ahig7Fe4b:v1NQz//+bsYqHgzmLHqt8ig5e4b
MD5:	941D950538F7CA436158C908C7DEC967
SHA1:	69E4EB157989D26A2F71778BCD9EE78BE57C3290
SHA-256:	44E36F9777D5A9DAF22BAC2890247E92466C2842947B5F4AFAF65AD91BF3F94F
SHA-512:	BAA766C378592012B190AF6658A24578A8C8551EFDD0C82BB1DAC1FB9C70C19A8ACEA56E4270B9E401C35494519A286B4E57F85C2F400715C1134B1A204ED2C2
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................PLTE...'..&..'..%.."..%..'..'....&..)..#..$..(..$..'..#..#.."..(..$..%..%.."..).."..%..(..#..#..)..$..(..%..#..(..#....'.."..#..)..(.."..'..$..)..#..&..&..)..%..$....'..).."..(..$..(..#..(..#..&.."...."..)..#..)..$..(.."..$..)..&..#..)..)..)..)..'....#..(..#..&..&..'..&..$..'..&..'..#..".."..$....'..&..#..(..%..)..#..#..$..(..#..).."..$....)..&..&..#..(..).."..(.."..'..)..%.."......)..%..).....#..(..#..$..(..(..%..)..&..'..%..#..'..&..(..$..).."..'..%..'....'............................P..1...........C..L..G....)..(..........................}..g..9..*..5..>..,.................k..]..U..1.............x..n..5..-..-..5..............c..<..@..9.......................p..U..G..e..8..............\|..t.._..Z..]..L..r.........tRNS.......,....1.K.....2#......\|oIBA............E)&...........\L<<7...................hda.............wrmh[SO..........wkT...c`....&.....IDATx...M..@...d.d..S... ...l=....H. .h$...^<........-..07.........y.}...?<.

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1857
Entropy (8bit):	7.855222877921013
Encrypted:	false
SSDEEP:	48:J4c1oVOCC38+S2V8Tm8YTDf5Jmeqyhgmu:JFyVo/CNaf5apmu
MD5:	805A8459450FF428463CA4BA365412CB
SHA1:	1C46F97F32C1BFE579988D7AE5DADD5A6464B011
SHA-256:	F2484603A4C0D535E032DA9232E456B3C6AD1F4998B1AA57D275CD58DC28B0F9
SHA-512:	1C0F710B4311387D7E795733D1F3772404BE33551BD41422E17CFDC6BF7291F34C4AC5E80B893E1D06ADA9B26FC84E724A9A4CB293737355F031ECA16AFFF2F7
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...@...@......iq.....sRGB.........IDATx^.[}..e.~...Cz.fV#A4R...Hh....'..b..).....G.bo.....h@>n..F...J.Z.5....g........A....g...Y..vgvwfgw.kw...}<.3..7.;..q~.8....8....f....... =.-..n.a..z...C@_..td.;.\.IT.Ge.Ns.....'..6..H.(7.q.....D....(./N..n..u.r..R..5.......{......./.qW.....%..H....;."o.Xi[.'....5..By-!.6. ..M0..N.8V.'1.$6..za.j.o.X /.d6..._.....H.......G.'f.......P.J....A...X..G...F....p.}_......:)BG.8..>....^.#.._...+.../.x..A~4.C...?s.M..;%BG...S$?.&.g`V.x.}..Z...#CC...s."....].2HL..../..........Y....cb.......`./.P#...=.$^#......$N.O......v....g..7.....O....#..{....O.f....h.p.A... W.S.cib......$...#.....xZ...^(....kb.<i[....Z.....D.{%..'..........N.kz._....m o......6.....^C.G!p.2.......3.\........X.[...B.(.....8..h.H].y.................#.$....gdY.......7.../....1.p.H.H..(=...9}..~...n....r3\|...1.k..-$.T.g..;.vq...^..9..z2...-.fN...w.<.'_.WO.5....~..wj.-.8.V.\|..o....{..#..^Y4...'.M.."....noR.+.+_p.......q

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 171x109, components 3
Category:	downloaded
Size (bytes):	11966
Entropy (8bit):	7.952304715543092
Encrypted:	false
SSDEEP:	192:yoxMmoT89eiYXrpk2gXbHXOx6fQbXrGcAKAMEZz4E8VY/8RkB2zFVH6Rng8+5N:yoxMPPbDubHhfUpARrzB8VY+kB2zKJgB
MD5:	42C20E616AD8789E6C0FF634E8E4E242
SHA1:	31C068206637D0D7EF3E6FB4590D7684719BF91E
SHA-256:	AF70F8D4E68CF6927216E5BA008595924C1F7C50119F4B8EDA3CA2EE1A6B2872
SHA-512:	ABC41BE1426EC4C57B988DD7F4A82B28CC579B315BF3AAD3933965A7BCF97E90C3665E7A3B5198F74F8DC130AC139BA3EA446C1F669402EA8917137B80632DCF
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_202403311711862473364237.jpg
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...B..e..&V...8g....f.,V.l...rL..f...k..4.n..[.^'\.^.G.u...t..Sq0.;t..H.E.....8.+..0.D.u.....!M...7.q..?.P.b (f....Y.....<i{........z/.</.6...-..vQ...J..X.du.MyW.5.).Iv4.../1.rd..i...f..:.e5.oC....b...fm.Q.Y....&9o.j..c..E.Q...>.J.=........=....u...h~...[.......fb0...);.\|f?..[f%.i..[.1..S.........{o...S[}(....\|.P>.g#...3.I....]\|;..i^6...q$v..+....x.....J..^.&.......p..:....h....>.9...%J4f..k.o...

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	9091
Entropy (8bit):	7.898668893648029
Encrypted:	false
SSDEEP:	192:yNfEufkIJsxyj4q9s9+P0ppdNFJPYuhCEHgBxPcBgHT8mTDuqBZ:yN1fjJsOOVdNHPY+0xogzJnH/
MD5:	1C1BC9F0F634CDC139FC54C1050F3324
SHA1:	41E148262CAED1EA6E0813B35243ACA90D60E490
SHA-256:	38760335A0C016D3CE7A19F8205F132AFF2A1EDC1EFEDA41E845AFEA6CAB4B29
SHA-512:	081FC12820FB9A51DC5187CD857F907854B560045109C53A399C4953B5D62967EFCC4DE394F18ED8FA124BB7654C3FE0AA99AEA38988AE8AC8E622D74940ADD0
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(..:.......`.,H?)..]&.......r..d.$..R.....(.W..:......t.......X.6x.../.?.\|2.gw...>!...]Kqw#.i..A......$j...wPT._.............3..,....#.U.w....x#X.....VsH&..X..e.YI..F..}q....x'.><..~;i.*..Q.s.X..I.+..g"n..+...u.._.:....~......N.4..i..:..C,...P.$.k..Ng..V..RZ.......Ih..j..(...$.....L....~...'mv........w...$.g..J...'j.'.q.=k.5...'.tt.S......S.S.......!....+....K.e.At?.m_....uZ[.......

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x106, components 3
Category:	downloaded
Size (bytes):	8535
Entropy (8bit):	7.910756349094721
Encrypted:	false
SSDEEP:	192:y27omwMNSbVW1dUxov7Ub377AUYv6QUOv5/RLQSMDW8XEymVziQOyX9:y27hwM/zUCTq3773YhUy/jjyOeGX9
MD5:	740873A21E9A42A22AE09F8CD5700422
SHA1:	51894D061BDCC782866935A8EE3B9B780810F75A
SHA-256:	4D87BDC8CA8CF19B899AD528C651F7AA213BFEFDF113E9B68D9B748BFF475612
SHA-512:	867B9D39EBE429EB47B379FD8D245F765CDD1F7080B883535C57019FBB4C22A0EEA74A7E7AC7315E5189D5ADCFE084887BC2AD3CE020444AD84E81687C0DA224
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_7f834dfeb42747f2b3cf014a95542fb3-1024x576.jpg
Preview:	..............................................................................................................................................j...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..D..+....(...(....u-?G..U.......qq<..4.Y........-.....2...A.. ..s....&...srq.....^34..B7........\./...ef.KY?E../3._.x....:..5.=>...k...a...........;...4..S\.9.......u.m..+.O..."...../T.H...rKu4...4.I...p.R2J.......?..4...?.V.g.j.5.oq....Ws.o...n.#8....H...Y.Tw.j7j.kv.G.b...<g..N0.uy4.d..._3.5...D.......O.ZZ......!Vb2.,.p..&..k...d....i......~1...k....<../...f.&.l...1.. .*\ ....g8$.f.SA.

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1857
Entropy (8bit):	7.855222877921013
Encrypted:	false
SSDEEP:	48:J4c1oVOCC38+S2V8Tm8YTDf5Jmeqyhgmu:JFyVo/CNaf5apmu
MD5:	805A8459450FF428463CA4BA365412CB
SHA1:	1C46F97F32C1BFE579988D7AE5DADD5A6464B011
SHA-256:	F2484603A4C0D535E032DA9232E456B3C6AD1F4998B1AA57D275CD58DC28B0F9
SHA-512:	1C0F710B4311387D7E795733D1F3772404BE33551BD41422E17CFDC6BF7291F34C4AC5E80B893E1D06ADA9B26FC84E724A9A4CB293737355F031ECA16AFFF2F7
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-12/to-top.png
Preview:	.PNG........IHDR...@...@......iq.....sRGB.........IDATx^.[}..e.~...Cz.fV#A4R...Hh....'..b..).....G.bo.....h@>n..F...J.Z.5....g........A....g...Y..vgvwfgw.kw...}<.3..7.;..q~.8....8....f....... =.-..n.a..z...C@_..td.;.\.IT.Ge.Ns.....'..6..H.(7.q.....D....(./N..n..u.r..R..5.......{......./.qW.....%..H....;."o.Xi[.'....5..By-!.6. ..M0..N.8V.'1.$6..za.j.o.X /.d6..._.....H.......G.'f.......P.J....A...X..G...F....p.}_......:)BG.8..>....^.#.._...+.../.x..A~4.C...?s.M..;%BG...S$?.&.g`V.x.}..Z...#CC...s."....].2HL..../..........Y....cb.......`./.P#...=.$^#......$N.O......v....g..7.....O....#..{....O.f....h.p.A... W.S.cib......$...#.....xZ...^(....kb.<i[....Z.....D.{%..'..........N.kz._....m o......6.....^C.G!p.2.......3.\........X.[...B.(.....8..h.H].y.................#.$....gdY.......7.../....1.p.H.H..(=...9}..~...n....r3\|...1.k..-$.T.g..;.vq...^..9..z2...-.fN...w.<.'_.WO.5....~..wj.-.8.V.\|..o....{..#..^Y4...'.M.."....noR.+.+_p.......q

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 183 x 103, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	18209
Entropy (8bit):	7.983612443674371
Encrypted:	false
SSDEEP:	384:rD0ENiXSw+jEYRwLktLN0klxXe6I8dk1jVmuwB4QokE:P0E0XfjYRUQTDXHI8deVcB4P
MD5:	2FC0702AB0F3B6A6625E4BBAC1817D32
SHA1:	46633FA38D49EBAEA85E19EC817D3ABDB83A1A5F
SHA-256:	6E1C47ADD27B5B21921D76E364368069674A76D73404A223C7BD6FEED1C0853B
SHA-512:	C947482687C34A1950CCDC04C50CC3340C087F454B03BE6C2A603C53A909BC9E6DFB64387A84787A5548BB93B51DB61EBD0FA5B489A4B025AA79CF50FF038002
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_app_review_telegram_wp_upload-1024x536.png
Preview:	.PNG........IHDR.......g......2D...F.IDATx....eEu8\|NU.{...2...t.2.0.....(...qC J.h\.}.M4...?1...(.. .eSV.E.a.a.f...^_...U....{.....u..O.X.ox..zuk9u.:...... ... ............].........H.$`{.pB..p<..R....G......U....`.._....../o?d........z...O29.^19...N.. ..:9.......M:9..2Y...P6Xf.B...$.}E0H...nUb...&.X.....J8.."\..MQ.dP62F.D`.\H.T.h..Z.......Pm.j.....Z.....%@..K....2..x.O.I.p.J.G.'...A..I.3........5....T....8.:/.}..>s<..T.8.. ......%N.gA..U..Q....1.)m..Y!@.......d.wK=.@..~.DT..@T'.O..O29.^19P}r......MB ....q..Xh...-...^........U})"a.o....%...L....}G.t@..LiPS...kr~...AU0...EJ`....N.:e.(..D...W....0.J.....,....."......#%...{..=....;s9......o.....Y.7(#..._.v............._...1>...A.o...w.EE...L...H_.l..\..h.X......."/..n..dm`.-.D.h4.....U+..B}=..Ap..Y.ye'...j....).]..W....P_O.ch...._.3.....1.p..WF.....x.,.....D.........t.2..:h....n2h...f0..f.g.{.'.=....Ym..X...I...].....U...'...t&..O.d....OT. .^R....D..L.q..0.RJJ``(..e...t<...i...).&.. .2`. .

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 168 x 115, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	42093
Entropy (8bit):	7.988071399302453
Encrypted:	false
SSDEEP:	768:DDsIeoDkGjplNLJassQy/vILZSIHJSagdzz5yYzb/oq3VB0b:HsIe8R9lNLsvQy/24IpSa8z1yEb/LlB8
MD5:	A586A0B950DD69E95FAC57F5CF58C48E
SHA1:	BA31B98D3DADD59C170E9018709629BFD8FAACC1
SHA-256:	F7C783FBE4C3C5F68DA60198098C5CCC9A25EA4FB4F7FFD30B756705E693C2EC
SHA-512:	C4E8A3F84DE4FD0247012C89CA0133F808D77D84B267BC9045023BE0B753B806FF484A6214600FE76C5517A8F26810004A09F8F34399DD90A2593C462D969335
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......s.............IDATx.d.....y&..T.s...g0... ..L`..(Q.%K.W.....'yW.%.d..:...e.+...K*R... A....sO.\.s.....6....].]u..~..."........\|...%....Fe........-.. ...H8....@.0t.2.........A.1...q.i6..V.]].-..g.s....[..?.O...}...6_n..[GA....I.E....P.@&. .....;>....z...+??{.bwgg@....s..T,.XV4. ....j..z.........z....g.0.:eJi.^....E.....?O.....ym=/h............oD.EB@Y.`...-...#......\|.,a..U^.0..^......t%lH,..eP.$A.Q.R.W:..hD.k......}!...R...if:..aIP../.1..\.W....m......paf...5..,...D..1...[Y....3...r....X8L)...>.b.\|`.6..6.gx..........{+.!AP.@.....I.ns.]q..Q.P.o...3..q.^.ezv...4...+.?.xog......R1.K`.=..\|....o_..[..S...c.0.eQV.....(.F."D.......e.3....!..s%.....\|.J....0.DQ.( +.J,.J.#XR.@..R... ..5)G:.P.....)....1.....@.8...D.d....' R.VF.n..-g.....r......"<s...7........;..K&TYc^.#..9F.i6^~.g\V...DA.....K..k..tGZ..a+z.P...Z..}...o.i4..._..F....l.....WL.,.a.. b..n...Z.y.eY..:.Q...z..]/.=..0....KK..r!.Hv...P.a..~p;.p~.'.>C.H.)..o.....b....kj.UZ.E

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 213x101, components 3
Category:	dropped
Size (bytes):	6052
Entropy (8bit):	7.896641690742874
Encrypted:	false
SSDEEP:	96:y+Ek2+u5NJBjJ56R9XfQzbHXXmzA2nkayLtaTqM3ykOSEZyE7st4nIEOplXut:y+1zuXJFSDQzbHnmzA2kascZyb18tijl
MD5:	407F398DECDB933DD6E6854B555847C9
SHA1:	4D01C65FAFA81C711854CCEC9365C880FDD6323B
SHA-256:	45E1904B4E11AB6A761182076D51E2DEAF19AB278257449C028ABBE974797BFC
SHA-512:	E6FE86957636EDAAE88DB99AB00C87B2D793D10995A1DAFFF7069D777FE92080D2DAA5873F010E426AEA3D91489D4085A3B25714E78CF430EB6C7FBDCE17D6F3
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(.(...+.l...+\|u..N....6.[..3...i....5 A.....[.....YU!.O..8B..d@{...(......FU...G.?.V.......S..O<.f.:.k#/QWL(}...D.h..U.P.4....Y. .0j6R..\M#>.Y`..2=....t....e..>..........5..A..DA....7t..N...1.U...._.2.=j...k&..L.<......g'..j..0zv5VH....a8#...fH....D9 }kF.....U....sJ=..s..,[..Rh.I.iM.S..<y..YI]...s.. G..M.?0.Z.,t.J.4De..iF.u9...M..53.I.t../.X.JJ.G.=.S.m..b..-.....<._^...;.,C..t..

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	7055
Entropy (8bit):	7.883981599915443
Encrypted:	false
SSDEEP:	192:yNme6w6/BKhjcS5lWgnIhgJFccUcPcLc4YLu:yNX76/8hzlk8AAeci
MD5:	133770D28D29DA09E3AA387C96291C11
SHA1:	92D5E7EB326B30EE70A391AADC6013320269411A
SHA-256:	9C442E77C15BE3AC8E4D4AD404DBE57A390A6247D217A0E9D3A552CD4CA769DC
SHA-512:	8B3214CE09E1A169F1F529588ECA91BB9603E4F168319441B589B2B39C96B31A31D584852C0A6DBE0B9ABE9F1C41AE774B12B36E70A8737952308CB9DF23F6F0
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-20-2-1024x576.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....'..>.2.}..q..pL.7`};.n..NI2.B.u5......Dt........?{=..W..C.g.~..=.>'...m....S.:...!...O\c.y....KM_AWt.&.J...y.......S.!.:g...C.n!...)..P......YF[..y.p0........~.kw>.s._.I..w..R.O@.NO......e.....e.O.....l..e..{..]>...%.q.D.x."..`.`c........._..(.'...................$w.....?.:X.S......$.~.?b..e.T.F.?.9.6.7.7.(.{.{..?`.fO.(...

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 107, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	10100
Entropy (8bit):	7.968295146349326
Encrypted:	false
SSDEEP:	192:c8KJI1/GbC5s56V8wKfplgENgusq02KL0laVOA+kLdrMxoalAJUdmQssVNaijyzB:n/GbCC5twKluqDKL0lsikLlEoalAJUQr
MD5:	3DCBE2C6871DF34FC3063B5CCD539920
SHA1:	CB44AF95B177EBB221D376F0BF7E797D14BE915C
SHA-256:	D00D8E01C54599ED92AB26C851575B7C7DE636B229EA10AB83CFED5AE59B9BEA
SHA-512:	3BF530A0296B27EF24A87A37117BF5010A4E0DE116BFBFB36C74A638C3905D24AA914354EF783ED4D325E5F920942680CB5672B2CC582B3B71B4462194CCA8D3
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-20-3-1024x516-1.png
Preview:	.PNG........IHDR.......k......Y....';IDATx..}..#.y.t.......}....3/"u..RY".GR......%Q..U..q.V.J"....JfdFT.HI.(LJ.m.....#....>.X...nwo..]`......Lw../z.0x...[.-...t.t...o..n.F!J...j..B.u.t..1Y.).#58FG..B.4...X,f...]@/.fsmm..a.$IZYY..{..Th..a.[.y.v..!.JM..]..V.UB.w.B).eY.$....L&#..G.O.F....!...sa....l.....4M/p.1VUU.4OA....:......P(d...[..F..B.R..\|..O.Q....)..zI&..m..i.....c.8..q~...8&..\|.d2...8]..d.a4.M.S!..~......F..J`..z.;..........K..<.O.MOi4.5.M....,.........A....B..2#J.h...o.f../(..l.BF..N..N.f.i...t'.!.H$......./0.F..T.(...x..@..ht......AOu2x9...a..p....U..h .u].......2.^,`f~..r..ld..,.X.S/.sdt..c7....bo!6..d.R.1(d..A.7.......'.1....._ZZ..te..$iB........F....l_.J....E.........Z.(.p....(.Ph..M..D..'..F.Q..:L......SU.K}.E.?.....(...F......9@..6!d..c.H$....<..l0......}..j..B=.I .<U.XG.i~0...H$B)5-2.c.Z3p.H$..d@d.....k.4...=..xJ.9....F.4.'.'.,.^...e.d...N.R.@@.u....s..B....T*.V....?xx.B.....r%.Y4..%,!D.f.. .H.$."...-`....(,.!......."....iZ.T

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x116, components 3
Category:	downloaded
Size (bytes):	4918
Entropy (8bit):	7.869193450497874
Encrypted:	false
SSDEEP:	96:yeECIIIvJ0q2i7ywBpWiyKWkiMzbJB/PGPIDhpuBDEzakuGCEuD:yerIIIByi7ys+K5BzbJB/PGQDhgBDEOb
MD5:	E699C33D29E5067BD0E5278A37B0831E
SHA1:	377B0C5C6D79B8F8BF41D5CA03AB7215CAF03C17
SHA-256:	EA0FE09CCCEAA86326BAF68B15CD2E9952A98960940457CC163CEEAF9CD336FE
SHA-512:	7782F901DA8FA37C2E894BC42B0A1D6F391A6414F3F9B9B71E3321F290D25873375076FC17F62913BD819B7E4224D7420734EC29418C896E0505BC0985966C45
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-92-1024x576.jpg
Preview:	..............................................................................................................................................t...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....?..>.?.......<..._...G.K........A...?.......A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....~.@R. ..... .......(..../i )}..\|.T}..\|.Uw.?..y...i )}..\|.T}..\|.Uw.?..y........?..>.?.......<...K.H._d..?..d..?.].....A...H._d..?..d..?.].....A...H._d..?..d..?.].....A..@_.....R..s......g...tb.{.\|.c\....:.6.......(....I.{.<.cO.D=.......(....I.{.

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x106, components 3
Category:	dropped
Size (bytes):	8535
Entropy (8bit):	7.910756349094721
Encrypted:	false
SSDEEP:	192:y27omwMNSbVW1dUxov7Ub377AUYv6QUOv5/RLQSMDW8XEymVziQOyX9:y27hwM/zUCTq3773YhUy/jjyOeGX9
MD5:	740873A21E9A42A22AE09F8CD5700422
SHA1:	51894D061BDCC782866935A8EE3B9B780810F75A
SHA-256:	4D87BDC8CA8CF19B899AD528C651F7AA213BFEFDF113E9B68D9B748BFF475612
SHA-512:	867B9D39EBE429EB47B379FD8D245F765CDD1F7080B883535C57019FBB4C22A0EEA74A7E7AC7315E5189D5ADCFE084887BC2AD3CE020444AD84E81687C0DA224
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................j...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..D..+....(...(....u-?G..U.......qq<..4.Y........-.....2...A.. ..s....&...srq.....^34..B7........\./...ef.KY?E../3._.x....:..5.=>...k...a...........;...4..S\.9.......u.m..+.O..."...../T.H...rKu4...4.I...p.R2J.......?..4...?.V.g.j.5.oq....Ws.o...n.#8....H...Y.Tw.j7j.kv.G.b...<g..N0.uy4.d..._3.5...D.......O.ZZ......!Vb2.,.p..&..k...d....i......~1...k....<../...f.&.l...1.. .*\ ....g8$.f.SA.

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x112, components 3
Category:	downloaded
Size (bytes):	5985
Entropy (8bit):	7.831035620841423
Encrypted:	false
SSDEEP:	96:yEE7qnszK+NpTQzwZbki/HBNfNAny1LCtdciLxummpZGbSBF9:yEAqnR+rbkCJWtCiBm/GY/
MD5:	9D22CD1D2CCAC9A06BF44C137CB719C1
SHA1:	FCD10908E1DE5990F8EB9B54421C6F35978B9769
SHA-256:	1A17CAD5D7AAF9AB43FD9BF1F54430E72961F56AE756DDDE1C6AD5CDE211B23B
SHA-512:	9D1A2C081D78254C0804FB14B178C0AF41209DE3481EE29FB0F346AB5F1F1275A798D5E74B914ABD3EDBF4936C4F2ECA278D3CD61DDDBCE7607751E80A2C9D2D
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_hq720-25.jpg
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..W.....:...[hz..s{{{p.Y.....q+.T..Agfb.P.$..}.....+._ixG............"..._N..0...+.,..H..........0..i..8..W..6.+....'...+..bvu..../.;._.k.r......'.C....y...m.....".........F........E..g.......?....._s>.......q..?.m.W...O..$Q.......^...t../...H..W,...........~;.}..g.tW.....N..G....j?....l.9LZn.%..O......../3..-.l.@ .^)]t...:rM>....)..Y.?0..+B..(...(...(...(...(...K......\|y.....U.k{.S.....?..p..W.u

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 182 x 102, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	22641
Entropy (8bit):	7.986103651753607
Encrypted:	false
SSDEEP:	384:g/JIpHK/NFWg/776hppTwMQfvsSG2Bf+7rRGgmsDvitjnCwHOPoxm5AiAKmdvtGi:y4KrW22QcJMGPRgYitjzHOPoQ53Edvy0
MD5:	B1ED40B402888BE998709AB484554495
SHA1:	BD516D2F438057A076C254ACA9F44A5169F6229C
SHA-256:	3FEA0AEB832E21875F7A82175B7461963D744D5E5F92BFC68EBF775C80DDA5FA
SHA-512:	2CE5BE0D3972C33E7EC6F57296C4CE15E235F936EBB017A06F60E63B158A08FDE479E678F56AE0891D1D5D08E742E81FC64FEE72C766EEF9FD61F2F09E5A21D1
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......f.....f.k+..X8IDATx...y...y.....no.... @........!n...g.8.#{.e4..8..;9..ql+.$....3.'.xl9..qd[.."..II.).\@.$H......Usj.....M....wo..._}........C@A..@.=)..'..'.;..y..?.P./I.....G.....\....k.7.b.....\..9..=.o.k.`M......`....Q?..&....#I.r..q.....R`.(.7.a...j`}8......x.=....A.e.h<.t?.:....4;..#G...[.:.`.&.{...n...k.>.A...-.m'e{.1...L.."....._.......j.E.!?r\.{.k......."..].k%o..<!.).. .q... ..d`..i..?.~0.h.j..<.....VQl.E...xO...ul....v&..U...{.m....GM..0!.sE..R.Gd.....eGO,}>.j...1..G..+qh.n.w.~.s..e.0..u......."a.\.....].._\|.,...g..........1J...4B......g.x.8...Nv......@.c.Mr....2p.d...J1..W........C....t)Q.....D..xa..i$..77..... .u..;...H../U.wV........r..5B;~...%..:..~r.5'c:<...Z..D.W'`...o..QY.$LA.O@GO.Q`RK....T..o......=..u..VI.5.A.....=.....`/.\|...#..h...........Tt........b`P...&..l.B..Bq..</...Z.bI....&...2.._W...I.j..A..7...^..%..fn..7N.Z]..5..r5.......<JP..9..,.^..y....(....@Y....gz.B....qS..TX..[.j'.(.Q..

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 213x101, components 3
Category:	downloaded
Size (bytes):	6052
Entropy (8bit):	7.896641690742874
Encrypted:	false
SSDEEP:	96:y+Ek2+u5NJBjJ56R9XfQzbHXXmzA2nkayLtaTqM3ykOSEZyE7st4nIEOplXut:y+1zuXJFSDQzbHnmzA2kascZyb18tijl
MD5:	407F398DECDB933DD6E6854B555847C9
SHA1:	4D01C65FAFA81C711854CCEC9365C880FDD6323B
SHA-256:	45E1904B4E11AB6A761182076D51E2DEAF19AB278257449C028ABBE974797BFC
SHA-512:	E6FE86957636EDAAE88DB99AB00C87B2D793D10995A1DAFFF7069D777FE92080D2DAA5873F010E426AEA3D91489D4085A3B25714E78CF430EB6C7FBDCE17D6F3
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_telegram-not-working.jpg
Preview:	..............................................................................................................................................e...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(.(...+.l...+\|u..N....6.[..3...i....5 A.....[.....YU!.O..8B..d@{...(......FU...G.?.V.......S..O<.f.:.k#/QWL(}...D.h..U.P.4....Y. .0j6R..\M#>.Y`..2=....t....e..>..........5..A..DA....7t..N...1.U...._.2.=j...k&..L.<......g'..j..0zv5VH....a8#...fH....D9 }kF.....U....sJ=..s..,[..Rh.I.iM.S..<y..YI]...s.. G..M.?0.Z.,t.J.4De..iF.u9...M..53.I.t../.X.JJ.G.=.S.m..b..-.....<._^...;.,C..t..

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 170 x 105, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	24133
Entropy (8bit):	7.983664584003387
Encrypted:	false
SSDEEP:	384:nbby0NeamEU3O8LXJxO48hAvEddQCXp+OxvZkUvec59rY5G41Zvx8ib+hvbyaEys:n/yqeaPw97KayXXUOxvZkUvXG5G4jvxj
MD5:	E8AED60EAB94D807AA01B37EF1B13F7F
SHA1:	398C27B805D703A60C3E2A5B2181E3C25DC86130
SHA-256:	6F34B6ABD1CC9EFDF135C031CD9F4A47044EAC609AD80DC356FFC791CFFD2F69
SHA-512:	B2F644244A067808631E587A4C33A58CF9F536427B64AA3A4A297DAF2042DC5FF6C3EF0DB9B68286E33A7C42586CC04BF7C5654B621655009EDA3C554F09FE36
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_QQ%e6%b5%8f%e8%a7%88%e5%99%a8%e6%88%aa%e5%9b%be20240328094803.png
Preview:	.PNG........IHDR.......i.....%h/...^.IDATx....f.U&..F.[.=...U.J-.f...e.-l.nC..v....9...{z.if....sf.....ihz..`..x..[.....VI....._.{.q.D.{..r.E.g....\|K.X....!..}.1b@......0..1...~b..V.....P..../......."_2._...R 1Zw...l.1c.!..0.C..6..1.....X...xE.+....gA..n3..gD`.^.@..1..Z%.?.....?.LJ....HFd.U..)..^......u`~.CF.,{_C.........^.../7...7...w..1._@. ....t-..U.\ ;vv&.../...;........_m.2.0.0S.i.rvR..+&..Lt4..S...1&8+....90.2...P.QT...L+..A.._.............~.b7....W.v....[./..".~..e...`cS..l.".d.l.LZ...AV,+...Ad.G.1.#v.3w......^.....S.q.o.!.q...Ck...hN.I.\|.....OX..L..'..#..J..H.lg......+...h[i..u....N..;E.\|B.$......vd... .....DFP.uY....h.f........`....q......e..XZ.0z.}...e.8.7.`...,S.6....Y.\|"Z._...e..D..l.v4+S.....K.....i....;....w...`...jMa.]y..?...z.(..._(./...wB!.7....pnx+..A..z`.G".<.(...Bb....#..T.n.....SX....K+.l.=:`dF/...Vq.^+f.p.q.. U4`&.F..]c.....{k".9.....(W..7C.y...l....0....q....[..=........N.3../.c_z....}.dj..........R..

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 182 x 102, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	22641
Entropy (8bit):	7.986103651753607
Encrypted:	false
SSDEEP:	384:g/JIpHK/NFWg/776hppTwMQfvsSG2Bf+7rRGgmsDvitjnCwHOPoxm5AiAKmdvtGi:y4KrW22QcJMGPRgYitjzHOPoQ53Edvy0
MD5:	B1ED40B402888BE998709AB484554495
SHA1:	BD516D2F438057A076C254ACA9F44A5169F6229C
SHA-256:	3FEA0AEB832E21875F7A82175B7461963D744D5E5F92BFC68EBF775C80DDA5FA
SHA-512:	2CE5BE0D3972C33E7EC6F57296C4CE15E235F936EBB017A06F60E63B158A08FDE479E678F56AE0891D1D5D08E742E81FC64FEE72C766EEF9FD61F2F09E5A21D1
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_Create-Telegram-Bot-2.png
Preview:	.PNG........IHDR.......f.....f.k+..X8IDATx...y...y.....no.... @........!n...g.8.#{.e4..8..;9..ql+.$....3.'.xl9..qd[.."..II.).\@.$H......Usj.....M....wo..._}........C@A..@.=)..'..'.;..y..?.P./I.....G.....\....k.7.b.....\..9..=.o.k.`M......`....Q?..&....#I.r..q.....R`.(.7.a...j`}8......x.=....A.e.h<.t?.:....4;..#G...[.:.`.&.{...n...k.>.A...-.m'e{.1...L.."....._.......j.E.!?r\.{.k......."..].k%o..<!.).. .q... ..d`..i..?.~0.h.j..<.....VQl.E...xO...ul....v&..U...{.m....GM..0!.sE..R.Gd.....eGO,}>.j...1..G..+qh.n.w.~.s..e.0..u......."a.\.....].._\|.,...g..........1J...4B......g.x.8...Nv......@.c.Mr....2p.d...J1..W........C....t)Q.....D..xa..i$..77..... .u..;...H../U.wV........r..5B;~...%..:..~r.5'c:<...Z..D.W'`...o..QY.$LA.O@GO.Q`RK....T..o......=..u..VI.5.A.....=.....`/.\|...#..h...........Tt........b`P...&..l.B..Bq..</...Z.bI....&...2.._W...I.j..A..7...^..%..fn..7N.Z]..5..r5.......<JP..9..,.^..y....(....@Y....gz.B....qS..TX..[.j'.(.Q..

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	7055
Entropy (8bit):	7.883981599915443
Encrypted:	false
SSDEEP:	192:yNme6w6/BKhjcS5lWgnIhgJFccUcPcLc4YLu:yNX76/8hzlk8AAeci
MD5:	133770D28D29DA09E3AA387C96291C11
SHA1:	92D5E7EB326B30EE70A391AADC6013320269411A
SHA-256:	9C442E77C15BE3AC8E4D4AD404DBE57A390A6247D217A0E9D3A552CD4CA769DC
SHA-512:	8B3214CE09E1A169F1F529588ECA91BB9603E4F168319441B589B2B39C96B31A31D584852C0A6DBE0B9ABE9F1C41AE774B12B36E70A8737952308CB9DF23F6F0
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(....'..>.2.}..q..pL.7`};.n..NI2.B.u5......Dt........?{=..W..C.g.~..=.>'...m....S.:...!...O\c.y....KM_AWt.&.J...y.......S.!.:g...C.n!...)..P......YF[..y.p0........~.kw>.s._.I..w..R.O@.NO......e.....e.O.....l..e..{..]>...%.q.D.x."..`.`c........._..(.'...................$w.....?.:X.S......$.~.?b..e.T.F.?.9.6.7.7.(.{.{..?`.fO.(...

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 200x118, components 3
Category:	downloaded
Size (bytes):	5107
Entropy (8bit):	7.85006356247023
Encrypted:	false
SSDEEP:	96:yoEV7NZW5dMiz7pp1Ro8+TkKn7ThbaVG3e1p+CYzdIooWq520yIW:yoE7NZw6ihvR4T/cVK6DYa920y5
MD5:	63B3D60227B6D2C9DC2D5A24715269AD
SHA1:	7522E1207AD543459B3348CC8F9CABA8F319996C
SHA-256:	D0F89E5E92972ACB27B0113078B179DD8F511146D5EF052746A02CC6CC0084EF
SHA-512:	4738DDB34A50595C1B2A1E7F5E8189CD3D47BED010E9C279C851C358BC0C254CCA33A72E4097D2F0389AA5F56EDF62FA103212715198E1750183DAA740598E59
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-2024-05-09T112012.845-2-1024x576.jpg
Preview:	..............................................................................................................................................v...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?............d.}.W.....Q.........}.Q.AE..\|...........d.}.Qt..!...?<.........d.].G....!...?..AG...@Q.........}.Q.AE..\|...........d.}.Qt..!...?<.........d.].G....!...?..AG...@Q.........}.Q.AE..\|...........d.}.Qt..!...?<.........d.].G....!...?..AG...@h}...h.3.p..}../.s{F_)..f......Z..e....{F..G.....7..k.....Q..r..fo..>...5.._j>..G.a.d}...h.3.p...-.iE...h...3.p..f....;&..?..#;0=

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9739
Entropy (8bit):	7.914505260000532
Encrypted:	false
SSDEEP:	192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
MD5:	E94E30D49B2C58C8CE7BF1A96BE1458A
SHA1:	79334D2865DDD486A79F97725363F56655C80BDE
SHA-256:	93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
SHA-512:	9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 240x113, components 3
Category:	dropped
Size (bytes):	7705
Entropy (8bit):	7.911099322873193
Encrypted:	false
SSDEEP:	192:yLA8DBTFsHzOf5cmETpJzpPchoqkZowIuyPCxP:yLnDBiH6f5cTpZ1D3awIrM
MD5:	1A003D47608336EFFA12D901CB3E50E2
SHA1:	2AC6BF734E5F7232E9552862F4FA9FFECBDB8A76
SHA-256:	61E78EDC9AA251EB3FD785493B7D2F2DC4048A40CF47A0473A48B1E4A392C5F4
SHA-512:	F0AF9BE09BE734038C8385006B2FBC199A320800DD106107B67DCA39824C8AFFB6EB3ED18D0E31E8F410E807D783932579F3D03EB9571563EA866AFAE6D05F69
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....<.8....x.'.F......]....~.....\|.O..B.=.......xo<...]u...~..W#....+.b.7T.8......J_.F...]...@....v...c..>.{$p.....?...9.?.....a.T...Mf2}E..7.{...Q........(....".Q.S..}..g......X...s.._.].h.?.~T......fMu%.83.._.L>....W]......I8..I.`.U...A...j.,...\|.2....R/..#g...._+..%p..e..].......&.B.Ns}.S.[#...w8..G..Qu$...z.d.l...6{.Q?...?.A.?.'........j...>i..`R..x..u..'......k.t.\|.G...?..?.~...^.,W..

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 170x113, components 3
Category:	downloaded
Size (bytes):	12901
Entropy (8bit):	7.909506568406205
Encrypted:	false
SSDEEP:	384:yJO7Rx2tGfNjJv5Ne//OruSnf/Hn9V2X25u:8IFfhNfqS3Hn9A
MD5:	BABC5C0EEF0733F717A03E9889C55FD8
SHA1:	1EE6549773274ACF5535677B4BAADA0177AFA0B2
SHA-256:	6AB3B79D89D527EB7B27DC159100247F71F3A026565BD81857FD8AD700C7E270
SHA-512:	4D0F0FC992A1E53B7F0A89DF48994B08B07177260098D17058FBE914B418D230E874721DFD4F3393008A1EC0FFA431C723172CD0C7DAAC4E0FA85BB498A29027
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-5-1024x576.jpg
Preview:	..............................................................................................................................................q...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..q.W.W...'.\|%..-..."..f...t..../.S.W...Q.Y..Zdg,w...~..'....n..Z_..o5[...[S..?d.........G...\..:_.._XG...a.I..w;...H.,>_.e.0x.,S.9..).qRN/g.I.=ny...R.8G.......Vr.2..(..%d.4i.D....i..\...>(\.Mcw,.,PG............?...o....\|-.K4...HZ......].......P..~.x$i....._.v..da.v..q.........+.....m......z...&.$d...E}..p.L.0.i..c ..:.-..vZ......`3OeS.\|..yj4.2W...&.t..'...oO..-.....\|_.5y<I..Fi...Y...zWS

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 268 x 126, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	34163
Entropy (8bit):	7.9902500640664575
Encrypted:	true
SSDEEP:	768:eE11v9WVVpQkO45PjIS58uR0IrPRc0qYZ6oQ6GSDpyzSiFOZkyNdLM:eAv9a9O+M+R04cqlD+SisZkyzM
MD5:	02C061A8C2BF5B49CC6F3884AC1A90A5
SHA1:	AADD63BC7F6C3DA2331080F557C75C1C51516E3A
SHA-256:	36750201135764E68D694057FFBBC878AB8E06CCACC79B83884F621FA8C2514E
SHA-512:	8798EB1DC85FC1AD5E83CA42FDB66E1CFE0DC4C4914F302C014DD9AF4133E669BAA3AFE80CED9651FE2C5E2F7EF56F928271D0507CDF046ABA7A8BB793DD2570
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_14-1-1.png
Preview:	.PNG........IHDR.......~.....^s......IDATx....f.u...>...:}..2.`.@..E.JD...M.Z.-/Sr..d+..H..W&Z....0NH...p..mR...Vd.]"..$....Ly./..s..:....Wf..8\|......{....M?..O. "...........w.FR....O.....@I.........D.#...,..D.)..(.d!F.A.!..A....D.V.i.A!......_.y........Z.q..Y...=..L.....#A...O......a.Z...L.Ld...j.;....\#..s.wO......M..5......L/_.(.h.0....j.r%L..I..._..0Z!.....e.U.....#.!Q"..W....`E.O].Kq....../;..5.p8.?...1W..l....E...z)a`1.E.T..R..8L...-.Ig....D..aV....mm$......{.k..q:%.in]...Fi2.O".E..K'(..-...S_.....A.....s.l..v.{m~A...@dq.,.6..../W;.6.....7Y...kO..[8.....p.^......me,r...y.A.@...k.1....(.D.s...].......t../....!.6...V...,...M..Tq]......n..S.;7-.}..`x0Z........q.....6[K.Z.}..9p....dz.b..=...._3.f5..k?..I......^.C.ZH8*...x.~....N.4^.$.y..d..."...2..+.c..........b..D.CGzD..r.Nf.1#.ET..+B$T....d:.R92W..vY.u....mK.S..M.:.QW...V.....%..nua.2....O.a=1..X/L.a......Io]..fTn.g&....vm...A.3...ez.-~...p(b....Oh.)x.1H......:.`..........p.N.P.d.h=..

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 51, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1504
Entropy (8bit):	7.822690331974615
Encrypted:	false
SSDEEP:	24:vnITClnOzdtJ0mp6oXf8yTwjGz5ycOohdz6WWgei4Smf1rpVdc6N7oXB7f:vqdcm0+f8AeGzROWdzfgdb3NGBL
MD5:	A6C494041395F493B5C9A35EEB9D9B5B
SHA1:	3CAFF067C78EC36F992335351FFDF19B526AB45E
SHA-256:	B1816C471F0BB2863EF22009FDFBDE486F596BC22765DAE314BB9FF50AAFD752
SHA-512:	29E4D39AF7EA51F0D15120ECA454D0BD3A72B8EA58F8C851A679AFC1FC7E81EC7796CA8DF9926BEAFCBE1BF402AF0BFCB30A1791A8C7EA15AF367530EEF6FAE6
Malicious:	false
Reputation:	low
URL:	https://www.telegramii.org/static/image/icon_date.png
Preview:	.PNG........IHDR...3...3.....:.0....sBIT....\|.d.....IDAThC.ZM..7...u......wy1<..x\|....$.a...9....O`...e.\|..=<..LK.jh.?%ZRwg.^...R}..qV...m.+.;..&..p.;I.9..)..J...V?....K..`...\.......L16.2..w.....t....o`s.(T.0...=...Iq;.T.m.Z.i.6o.b.BA.u.^q6\.j.6......6.<..e....f...Rl.Z..o.+...or......b........TW&.......0.w:i.._.../...`d./....]...H.A...\..,@.`...%.....R.....?..r}._..&.!..9......S.....oP.....c...l...o..~L.Ulz7.].hj..$..8....1.........K...........j..L..Z..lP.^.7.W.V...Q. ..)c?q#:..Z.=yP.c..k.7`G.:v.8..).&i.....O......4W.S...pS1Q.B...._Di..<.o......h#.q.czp.......6....o....%........z.<_4\.=yx^0...\..H..<.....MF.........S...` .l.RqU/.Z.V.@:.{..{...)...y"{..A^c.."{.... ey......+.X._Y`.@..2..)..R...P.7.'~..b./....._.`(....sJl..8w.re........7.Y...z.....H...L.j..Z....`.1{.u...^6.TV.v...G.\hQt..q<g.P........]Y...A.......p...D.....1Q.T..Q...1.LQ6CxI(k.q..&............R....S.1.f%..d...M..)....M.3...:..R......3...j.....m[A...1S.2..r.$...+\|...

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	1734
Entropy (8bit):	5.05685263555574
Encrypted:	false
SSDEEP:	48:sSaDafoASE99PPEpMEXaHvB5TP+JOOP+du:XaGUpKJpP+JO+
MD5:	45FA04438A564600785830CBFF0B507F
SHA1:	7AFB7668DE4BA0ED485720EA7212F8D624B0E098
SHA-256:	8CA11CC9520EB4FA744708ED8BABA68CEC8903C6FF8940AA0DC0FEACD04B309C
SHA-512:	6414CAD666044A7B51DD40377CA8B05275B7A535EECB232246F7C00B5E119AABEEDC68E392C287853C9E2DF2352EC6DE88E89732BD42E0147738A0C5320250AD
Malicious:	false
Reputation:	low
Preview:	$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }.... // if (scrollTop > 400 ) {.. // $('header .button-box').addClass('on').. // } else {.. // $('header .button-box').removeClass('on').. // }.. .. if ($('.index-container .section3').length > 0) {.. if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) {.. $('.index-container .section3').addClass('animated').. }.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera;.. if (/android/i.test(userAgent)) {.. return "android";..

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 116, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10554
Entropy (8bit):	7.973820453547006
Encrypted:	false
SSDEEP:	192:IeEH7S1GZAMZ8jwoaOZGxTefB6fxXRPhOvEQ13LWWDUlCBCs2L9NOqAMYmDQzZBQ:lEbS1GRZ+5YxyaxVhO8QlLTUlC8L9NOg
MD5:	CE75BD62F217D0205CF43967EF44BD3B
SHA1:	2F1CCB71AF39861C7D8516D4CCA1D8AA6EE4AFD6
SHA-256:	89C4C0CC492D5FCD4B7DE2FB7147AB6700A6EE095F1382E5CAFE32199D67BB08
SHA-512:	DBDB50005BEBF4E3062D8B061F64CBF3FDA911B524EDAF0DED4F7F24682B5A8D0E3DAC3218C8C1F82D3945CB07186211B74BC1490D7BDE1E957A7D6ED017C38B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......t.....F.J...).IDATx....\.u7^...{..L..X..F+h...Y.b06.N.`....6../.;...8..Kbb'q../.@,..... ..$$!.BB..[.tO.o....ff4...3.A.;}.Z=......n.....EU...!....8......(.....E ......a'.d...B..I..t.T.I....].k...jl.T.l.`........99..e.....u. U....ds.......'.[V........u. ..,fT.l.`.)....qQ.VN.......KQ...85..g.........`.FU.f.@."t\.z..FU.f...-H.H...S.d..C.7V...d3.Pc)....76-T.l6..:.p..N.....B...4hV...d3.F........B>]...O..y..J...b.....DUV..q....1...e.).'`.e.!..2....:...QW.[.U9...B...d.........l.......J./..S..T.3.P.E.FuQ93,..a..!......W....Dhkk....u0..;.R......7.`..N.Vb(:m..%...'.N.0 ..Q.....$.Fll. .?yqcH.??.^.r..2..1@:...w......@..\|..Ev;....2@.0.I.MMQM"LP....C..[..;3......&.XG...)..S.e....T.....3.U\|............6y.5ma.0......-..?.....c.NuZ..F.".{..k..._......) ......5f....OL$...n-Ch..z...?a..S.`q.8....B..P\...8..."eo.o.Q....2q........G..akk...I.L..W..Z..@........a......k......S/*.E.I?.6.....v.....Ew....e..#...%.B.....p...7..u(..

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	downloaded
Size (bytes):	3838280
Entropy (8bit):	7.999759598137534
Encrypted:	true
SSDEEP:	98304:tXJd7Ro5xlMIVgiYISdhjyspy8lCF1RBVCc6O:tX5oXlPpYV/j5pyzRKc6O
MD5:	A6364BE6B1386BC5AE1D48BE2572B7BD
SHA1:	577257F866F584790EB4620A9A9D2D70A5065C48
SHA-256:	D06AB0D6F71E4E5813A2CAC594C851B0F77AFEEAE6781169C863DF7962FCB790
SHA-512:	80EF3606BDE27C3423D9498F31279C0A0668E6DF2269FBA9C41FE7626D58E40F520DE1631A1CD833D253D03F898E35C29A49262380FB2362C67F5490950F5CB6
Malicious:	false
Reputation:	low
URL:	https://00-25-1333705940.cos.ap-hongkong.myqcloud.com/shater.zip
Preview:	PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k\|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+..........S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.........V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............s....XUtI.$".6..'..U..W.Y?....W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 268 x 126, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	34163
Entropy (8bit):	7.9902500640664575
Encrypted:	true
SSDEEP:	768:eE11v9WVVpQkO45PjIS58uR0IrPRc0qYZ6oQ6GSDpyzSiFOZkyNdLM:eAv9a9O+M+R04cqlD+SisZkyzM
MD5:	02C061A8C2BF5B49CC6F3884AC1A90A5
SHA1:	AADD63BC7F6C3DA2331080F557C75C1C51516E3A
SHA-256:	36750201135764E68D694057FFBBC878AB8E06CCACC79B83884F621FA8C2514E
SHA-512:	8798EB1DC85FC1AD5E83CA42FDB66E1CFE0DC4C4914F302C014DD9AF4133E669BAA3AFE80CED9651FE2C5E2F7EF56F928271D0507CDF046ABA7A8BB793DD2570
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......~.....^s......IDATx....f.u...>...:}..2.`.@..E.JD...M.Z.-/Sr..d+..H..W&Z....0NH...p..mR...Vd.]"..$....Ly./..s..:....Wf..8\|......{....M?..O. "...........w.FR....O.....@I.........D.#...,..D.)..(.d!F.A.!..A....D.V.i.A!......_.y........Z.q..Y...=..L.....#A...O......a.Z...L.Ld...j.;....\#..s.wO......M..5......L/_.(.h.0....j.r%L..I..._..0Z!.....e.U.....#.!Q"..W....`E.O].Kq....../;..5.p8.?...1W..l....E...z)a`1.E.T..R..8L...-.Ig....D..aV....mm$......{.k..q:%.in]...Fi2.O".E..K'(..-...S_.....A.....s.l..v.{m~A...@dq.,.6..../W;.6.....7Y...kO..[8.....p.^......me,r...y.A.@...k.1....(.D.s...].......t../....!.6...V...,...M..Tq]......n..S.;7-.}..`x0Z........q.....6[K.Z.}..9p....dz.b..=...._3.f5..k?..I......^.C.ZH8*...x.~....N.4^.$.y..d..."...2..+.c..........b..D.CGzD..r.Nf.1#.ET..+B$T....d:.R92W..vY.u....mK.S..M.:.QW...V.....%..nua.2....O.a=1..X/L.a......Io]..fTn.g&....vm...A.3...ez.-~...p(b....Oh.)x.1H......:.`..........p.N.P.d.h=..

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	dropped
Size (bytes):	9125
Entropy (8bit):	7.894391001399155
Encrypted:	false
SSDEEP:	192:y9dGOSRv26UzP8NeJQ4yyjzMSSfMzn+iSG4voCcmwMGy/ahrh0:y9QOSRvXUz0NGrZzbSf0KoCbz0rh0
MD5:	2F8C727C17CD363FA0D4C062CEC3E600
SHA1:	1D73649B6E96E1CDB5F7781C8CB5B067668AD8B7
SHA-256:	9A1454A6725EEA51450B4E0D63295FC995FDB0202FBDC53511C2FB3AC19655EA
SHA-512:	C7F6113452B13DA3D7D346824CABE4DC39553F3BCBA6E6A7779A0C451564846AE2EF81FB1A4A35554A6757452899D7186EB12C23294A866DBE6363A4A0878CE9
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..J..~2+sK...0..S.-..rk..t.....S.&...p.B=.n.D\....'IR....[..R...d..N~..v....*x..'....6=.2..,a.%(+Ds.h.y+W ..pvV.6V.............^...7...OC....;ou...a......1.7..x............/._...u.......h6jM....mn..3....r.5...g.....-...g....:.A..Z....o...oP....:...?....b....\|AO..g._.Yy...~4.6>..T.V.e..?.n..DNil~.Z...S<{.e.Q...?.....M...j'.s.....h...Z..Vy.......U.K.......u..".........{..\|6.%........

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 116, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	25492
Entropy (8bit):	7.9865342194514675
Encrypted:	false
SSDEEP:	768:VtbSXRHK2szG1VKgYIuHOtjD8hYoniUcgz7+N:mtKlG1dxWY5lgGN
MD5:	5F698F17B32665B9CA338DEB604245C3
SHA1:	A34580C27CC8DB7ABFB897B8F6AFA041CA3987C4
SHA-256:	E0E43FA39377854DD91D01DB6D95F6076B44FBC1C208D227217D607772908CB9
SHA-512:	271C0C131C856A8B4190AD2465CE2B0C9A4BB5EB2CF934623277124F848E4BCAF259491AE89B43B4EF9E65B270B52163078535D2EC075C49319CC41E6B8C74D9
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1595438958-89db9fcf7330be90f5da7bc1f1913a61-1-1-1024x558.png
Preview:	.PNG........IHDR.......t.....F.J...c[IDATx.....d.y...f.....{.........J$A.").2M....)..-+.2-....a.}.!..... AZ.x...Q0A......v....gz...zW..xG..........NWW.......G.......!$.'..(!@0y.....?.....q]J).....G..;o.;k.K @.......I.@. ..tb..f.m... ...GRJ.~-}z.uB.M^..6!........{..R...Buk...e$.....g/.]...pfzjz\|l..h8......P@?.^$.!...0...b.p+..!.....o..._B.t$..&.iF.9..t..M.l:f.M.6...p. c..~.......k.n...k.......D@J>T.M^..= ..:..ENd.....z.....4...!.j.....NP...5{0._.r..^...b.N8%..e...M.D...L@.T.!e.J.QJAX...KY)m...@.u$.4.]:2P.C.+'..c...T....7..gV._\.\|v.......t......fI...A..@vBy.b;......q......h.~+Wi.HF.l$!.=.{..D8..3...0o.-'.:.c..Ck6....snY.m....5....2..&mf.^.'g.\|.d...\|..tjP..\|6.{....*86...i..H8..."H..O.~.A....p@d...(!.0....E)....Z.i.2.......0.f.u3.2.....+yG.y...J...I..O..?......_._...l6[.Wc.".2...a ...q/.k!>.qC`G..6..5..>.d.c...Y...![.....\..lX.q6.I.'bl..P..5.Y.e..8..:.cY..;.E.+.2$=s.P.....D.)s....L^.j.Mb..Pi..5..b"..C.R.5D.'... ..J..?4..R.X.).B(

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	11210
Entropy (8bit):	7.923835560431023
Encrypted:	false
SSDEEP:	192:yNVWOYFuRr7uLbsGLVP0NeRpsvMg1OH3CWw+CCi0MjdilGWYv5Ce65G0cAiW:yNVWOY8lbGLVSPo5xWjdilJG0c7W
MD5:	B5B24B1CC20F2EE2D469BB46243B6449
SHA1:	49D06A1896F73A5545248CD5CE668948C8AA1EF8
SHA-256:	A7A0694ABD59D1774A1DBAABB9E1939B78553648E13F5B9210233D7D37837E33
SHA-512:	E30C9B3C786E9598DCD6CBC33B3D8D8B486154CBA7FD27855D123F84D96B5E379BC35096C5E7261AC388FC999D4444965304A57AC586EA2BFEF0ADD2A3E2982B
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_thumb-3.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...............U...bl..Ny.Zi.}:9.;..,z.H..28..'.sa.T.%}..........p.MImm[L...g.J.[.,.......22..c..k.4.........x..v@.....pH#8.D...:T2.z.k.RG..6./,.t..,/.Z)c,.F.8?.#.9.VL...?..o.L.....\|.....R.......r.cQ.u.m.&.0.C..J.m...s.D.c.Fq..>m....Z2....6Ish.lou.....1X.4...uff (..$..........O..m...}GZ...6..[[.d.$V...0.[.[.......M.$.x....5KB......Z..'.&....r._....~..D..k.?.xGS....Io\|7..;.7.@.(I..b.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 115, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8015
Entropy (8bit):	7.962101684786648
Encrypted:	false
SSDEEP:	192:SjQh5uwIUVjlFHqDx+MtaGTgsJ0pD3Ff8M6ZuUWFO1iveZaQmnwx:xuwI6j7Hq9Pys8FHmZa1E
MD5:	09F7FBB00E36AEA072D3216E62588EE0
SHA1:	7631AE44009D29EF51F4A9331C0DF15E85930560
SHA-256:	8F4F03D0C1B0FD0F965FCE8A8E324EE9016435623F702829A4F67C5D19ED643E
SHA-512:	DF6178F143D32D01FB425D29941C5F8BB46D401D80FCC017C6807C94DC4EAA31EC2089C6508D7C2524039962981579AC96598A6D7EE4D05A24EC02B686107111
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......s.....[.z.....IDATx..}k.d.u^........y...>H...+r%J"%Y.l......%..$0.?...F. ........P..I.X..H..$....(.(...r..%..y.<.y_Uu.[.}.wfv..3=.=....<z......9..\|.....9....z..8......w..l...1t8".p@s.c..:..=.#...-IH...2f....q.l.....@........E..n.r)....Y...LO..z.6].....tM[....HH..:.s...d.^..........e0i.EGX2.....%...![+..d.?.H.AC.1..3...AM5...;....X.@\|I..0Tk.nI....>.d.3.5.~Q.9.e.}.(.0fRm.V..\|9..X3yG...1......i.0.^..I.f,:i6..5..<Z1{....N &L..a.....>.@HM.<.....H.F..J..LY0i.l.u0...XU. I.=\..A.....d1FWJKMl:.U1\|^..$.0.d.L\..A.$...r0..Y5+C:...m..B.2.k....?yvb.fR}.k.9..,o..I'-.".$d....cy'.6.....@.......+..A..b$..t...NI.....l..RmH.....\...x&.?...r(.bp.T'c#......5A.J.p..vD2$.....R...t.6.R-Z(..A...Z...i]`.C9..B{2F..n...F...{[@.#.$.+..],....1...f.....f.... .U....H.k.c.....@.#S........HD......E.!...\|2.!..7..(T.1.K.....^._[,J.....H`.c#.~...X$\|J...s,.\.<..&.F.A)....-..^..L_*%.3&).p..\..\|x<o.........2.b4".X.e~..W... n.K.G.z..4...26-e.D...cY.Z.T.^.~

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 256x119, components 3
Category:	downloaded
Size (bytes):	9933
Entropy (8bit):	7.910220117634332
Encrypted:	false
SSDEEP:	192:ymyQ1rPA7J9HWyupUT0tpZVppixPkUJrEfGUQtSen7x9xWoB:ymTAGlUT0tpHClkSEfGUQtSen7x9xWO
MD5:	DD81630C294A974EEDC4B510AB93AFEB
SHA1:	CD9B19F6CC37926ACC80DCF139382FE54712BFCF
SHA-256:	172C639A8E49F6DC985E5257C4E4964E37195BA456D08DAD68641A2592AC6301
SHA-512:	BA347FA4B57C425BA9CD5D545400CB7AC85DFE631D2B6C282EF7448928176A73A17C284DDE2E0A5871A2BF1FF3CD1132EDCBFE9D037EB78D82D3A76D6DD40BE3
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_29612140-1024x683.jpg
Preview:	..............................................................................................................................................w...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...=..G........O.G..O._.>..<....C.Q.q....#.....#.....Xr.>.=..G........O.G..O.G.a.P.8.?..g.....b?.?..b?.?...)C....T}.z......t.t}...t.t{V.....C.Ry..V.z0..^..'....k.o..>"/.t=.J..2Y5.I4.......(.8...A^~e.e.E.[.QB-.7..d.....Y&g..]..'Ri]..mv..n........C.W.....C...o..l.....$c.i...w^....[~..PV...V...q...$_._'..7............r.m...........y.....,V.y.p..zrO._......e......?E....=.....+..~....

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 107, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10100
Entropy (8bit):	7.968295146349326
Encrypted:	false
SSDEEP:	192:c8KJI1/GbC5s56V8wKfplgENgusq02KL0laVOA+kLdrMxoalAJUdmQssVNaijyzB:n/GbCC5twKluqDKL0lsikLlEoalAJUQr
MD5:	3DCBE2C6871DF34FC3063B5CCD539920
SHA1:	CB44AF95B177EBB221D376F0BF7E797D14BE915C
SHA-256:	D00D8E01C54599ED92AB26C851575B7C7DE636B229EA10AB83CFED5AE59B9BEA
SHA-512:	3BF530A0296B27EF24A87A37117BF5010A4E0DE116BFBFB36C74A638C3905D24AA914354EF783ED4D325E5F920942680CB5672B2CC582B3B71B4462194CCA8D3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......k......Y....';IDATx..}..#.y.t.......}....3/"u..RY".GR......%Q..U..q.V.J"....JfdFT.HI.(LJ.m.....#....>.X...nwo..]`......Lw../z.0x...[.-...t.t...o..n.F!J...j..B.u.t..1Y.).#58FG..B.4...X,f...]@/.fsmm..a.$IZYY..{..Th..a.[.y.v..!.JM..]..V.UB.w.B).eY.$....L&#..G.O.F....!...sa....l.....4M/p.1VUU.4OA....:......P(d...[..F..B.R..\|..O.Q....)..zI&..m..i.....c.8..q~...8&..\|.d2...8]..d.a4.M.S!..~......F..J`..z.;..........K..<.O.MOi4.5.M....,.........A....B..2#J.h...o.f../(..l.BF..N..N.f.i...t'.!.H$......./0.F..T.(...x..@..ht......AOu2x9...a..p....U..h .u].......2.^,`f~..r..ld..,.X.S/.sdt..c7....bo!6..d.R.1(d..A.7.......'.1....._ZZ..te..$iB........F....l_.J....E.........Z.(.p....(.Ph..M..D..'..F.Q..:L......SU.K}.E.?.....(...F......9@..6!d..c.H$....<..l0......}..j..B=.I .<U.XG.i~0...H$B)5-2.c.Z3p.H$..d@d.....k.4...=..xJ.9....F.4.'.'.,.^...e.d...N.R.@@.u....s..B....T*.V....?xx.B.....r%.Y4..%,!D.f.. .H.$."...-`....(,.!......."....iZ.T

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	86923
Entropy (8bit):	5.288942392211126
Encrypted:	false
SSDEEP:	1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
MD5:	B72AFE07A6F6F477120F3B0803D0A983
SHA1:	78EF8329A917D65F8BEDF5E1336724C6F5B80404
SHA-256:	F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
SHA-512:	823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
Malicious:	false
Reputation:	low
Preview:	/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 116, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	25492
Entropy (8bit):	7.9865342194514675
Encrypted:	false
SSDEEP:	768:VtbSXRHK2szG1VKgYIuHOtjD8hYoniUcgz7+N:mtKlG1dxWY5lgGN
MD5:	5F698F17B32665B9CA338DEB604245C3
SHA1:	A34580C27CC8DB7ABFB897B8F6AFA041CA3987C4
SHA-256:	E0E43FA39377854DD91D01DB6D95F6076B44FBC1C208D227217D607772908CB9
SHA-512:	271C0C131C856A8B4190AD2465CE2B0C9A4BB5EB2CF934623277124F848E4BCAF259491AE89B43B4EF9E65B270B52163078535D2EC075C49319CC41E6B8C74D9
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......t.....F.J...c[IDATx.....d.y...f.....{.........J$A.").2M....)..-+.2-....a.}.!..... AZ.x...Q0A......v....gz...zW..xG..........NWW.......G.......!$.'..(!@0y.....?.....q]J).....G..;o.;k.K @.......I.@. ..tb..f.m... ...GRJ.~-}z.uB.M^..6!........{..R...Buk...e$.....g/.]...pfzjz\|l..h8......P@?.^$.!...0...b.p+..!.....o..._B.t$..&.iF.9..t..M.l:f.M.6...p. c..~.......k.n...k.......D@J>T.M^..= ..:..ENd.....z.....4...!.j.....NP...5{0._.r..^...b.N8%..e...M.D...L@.T.!e.J.QJAX...KY)m...@.u$.4.]:2P.C.+'..c...T....7..gV._\.\|v.......t......fI...A..@vBy.b;......q......h.~+Wi.HF.l$!.=.{..D8..3...0o.-'.:.c..Ck6....snY.m....5....2..&mf.^.'g.\|.d...\|..tjP..\|6.{....*86...i..H8..."H..O.~.A....p@d...(!.0....E)....Z.i.2.......0.f.u3.2.....+yG.y...J...I..O..?......_._...l6[.Wc.".2...a ...q/.k!>.qC`G..6..5..>.d.c...Y...![.....\..lX.q6.I.'bl..P..5.Y.e..8..:.cY..;.E.+.2$=s.P.....D.)s....L^.j.Mb..Pi..5..b"..C.R.5D.'... ..J..?4..R.X.).B(

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	5.157520760822341
Encrypted:	false
SSDEEP:	48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
MD5:	975B4112A366CCA6B9BF2C84E268268C
SHA1:	97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
SHA-256:	181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
SHA-512:	1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
Malicious:	false
Reputation:	low
Preview:	...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+....)....)..)....)......)....)..)..)..)..)..)..)..)..)....--.............................+..+..............................................+..+......................I....+..............+....+..+..+..+..+..+....+......+....+..+....,..I..................+..+..+..+..+..+..+..+..

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	6327
Entropy (8bit):	7.897313110393381
Encrypted:	false
SSDEEP:	192:yN5We5as1EHb/7ulrpfkccDIJ8zYuhZdDx47:yNQs1E3yfkxG8znk
MD5:	279DAFA720958747FA8E30F7B7424AF3
SHA1:	40C372342DAFA97D6D452DD72FDDC002230ABD66
SHA-256:	BC06D78EC50AAB6E5EDCE3BC78308DBD2E2E6894FFC16BF392031CF6B14E639F
SHA-512:	98B5B55D09628FBF735C6DC15F66D71D17ACC6DCF3B811CED617922928E4C2D13A90AC471B058B4DB724FE5EBA91893A695FF6C2663FF06C7212AC6B534FFF22
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+.??...(...(...(...(...(...(...(...(...(...(...(...T...S..n.e.....@s!.S..J\.JWB.DtT....j...A.2....03.(..b:*J(..b::.....AN.9..v...:.(..a.I..]..E+.s1.=..;....M....KE..v!U=.......a..t..W..9.M...)7t.(..@.QE..QE..QU5.sL..u..j.a.......2O.]8<.+0.....R..c...JN.KV.i%..q40xy.+.F.NR.vI%v...<A....L...u{k.+u.5......?....!..H..xr..\|...G....i......?.".v..?h...z.c..\.o...F....c^.8.zC....+..-......Z<.

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9739
Entropy (8bit):	7.914505260000532
Encrypted:	false
SSDEEP:	192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
MD5:	E94E30D49B2C58C8CE7BF1A96BE1458A
SHA1:	79334D2865DDD486A79F97725363F56655C80BDE
SHA-256:	93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
SHA-512:	9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-logo.png
Preview:	.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 115, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	16489
Entropy (8bit):	7.979724067217304
Encrypted:	false
SSDEEP:	384:ZkX15rkyKMrGfmzppPMzBMmHnuRjVXhIyOKHuB0xPbzbS4aQ4biG9:KXrSsGOzj61Kjh2yOxS/Jcim
MD5:	CB233C7E09308384805A4B87723F1C96
SHA1:	1E18A68A0E3DACEC4A759AA215C3454601B11DB5
SHA-256:	407EDCBD948A6CF243BC5492D127AB1A8A23B4F401776B04AEEF305129A2AEC4
SHA-512:	4B02548E73314342BB8F41B6F934B7E56AB5BC5573C8CF7A2F2C6A3EB1AD099AD5435B0AAB3529DB20A218BF34E9842E7F9D787A0E8C3713D7811C0B00E1C473
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_telegram%e6%89%8b%e6%9c%ba%e5%8f%b7%e4%b8%8d%e7%94%a8%e4%ba%86%e6%80%8e%e4%b9%88%e7%99%bb%e9%99%86%ef%bc%9f-2.png
Preview:	.PNG........IHDR.......s.....[.z...@0IDATx.....Wy7..s..^.....rAr........C....H .S.4 @b.....P.06`..dY.$...j.....s..33..U.{W2....Y..s..o.^.xz7...:.9...PY...D.Q.B.D.H..2O...4...5."....?..^.d..-O.:p....P^......6.....I$....\|.../.u\|.3......%..3O.o}.....5.PY.......;.mR.w.R..@.._9. ..Ba.G.k.....;.=..c.d..N..=g....>q...U5...Q&..6q........_.u........_9. ..$..^z...].{>.J..QrigP.Z0..-..5&..o.O.m{..u..Y..PQ......+.m...^Y....j.........!.....K..@...\|nA......./l.w.....to.PW[......j..(^.....SG..kj....J...x......s/+II.!..g..P.....U.0.;...djx#".e!..3..^..fL..Sn..dDJ......z.......L...%.....m.....@.z....$O.n.~...%J.......`........x.U....{.K..}+2..t2..F.CNG..:.......h._6W~.K.n. E!s...Pn.KB.L...U....R.2@......A....a".L..<...cK...\..S.o<.?s.}..I.,..:((.L!.o.\.....H....g.;.44..r.'A)%..s.3.....P........F..5......%.........j..=....9D.....s..y.....<Mk.`.w..c.S..6...o0_.!..a....kM.`...]....U....9fiQ)U.b.....QuCD"....MrQ.`B.*.w3.F..t%...(.~.B{.~.T#.....M.

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 183 x 103, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	18209
Entropy (8bit):	7.983612443674371
Encrypted:	false
SSDEEP:	384:rD0ENiXSw+jEYRwLktLN0klxXe6I8dk1jVmuwB4QokE:P0E0XfjYRUQTDXHI8deVcB4P
MD5:	2FC0702AB0F3B6A6625E4BBAC1817D32
SHA1:	46633FA38D49EBAEA85E19EC817D3ABDB83A1A5F
SHA-256:	6E1C47ADD27B5B21921D76E364368069674A76D73404A223C7BD6FEED1C0853B
SHA-512:	C947482687C34A1950CCDC04C50CC3340C087F454B03BE6C2A603C53A909BC9E6DFB64387A84787A5548BB93B51DB61EBD0FA5B489A4B025AA79CF50FF038002
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......g......2D...F.IDATx....eEu8\|NU.{...2...t.2.0.....(...qC J.h\.}.M4...?1...(.. .eSV.E.a.a.f...^_...U....{.....u..O.X.ox..zuk9u.:...... ... ............].........H.$`{.pB..p<..R....G......U....`.._....../o?d........z...O29.^19...N.. ..:9.......M:9..2Y...P6Xf.B...$.}E0H...nUb...&.X.....J8.."\..MQ.dP62F.D`.\H.T.h..Z.......Pm.j.....Z.....%@..K....2..x.O.I.p.J.G.'...A..I.3........5....T....8.:/.}..>s<..T.8.. ......%N.gA..U..Q....1.)m..Y!@.......d.wK=.@..~.DT..@T'.O..O29.^19P}r......MB ....q..Xh...-...^........U})"a.o....%...L....}G.t@..LiPS...kr~...AU0...EJ`....N.:e.(..D...W....0.J.....,....."......#%...{..=....;s9......o.....Y.7(#..._.v............._...1>...A.o...w.EE...L...H_.l..\..h.X......."/..n..dm`.-.D.h4.....U+..B}=..Ap..Y.ye'...j....).]..W....P_O.ch...._.3.....1.p..WF.....x.,.....D.........t.2..:h....n2h...f0..f.g.{.'.=....Ym..X...I...].....U...'...t&..O.d....OT. .^R....D..L.q..0.RJJ``(..e...t<...i...).&.. .2`. .

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 256x119, components 3
Category:	dropped
Size (bytes):	9933
Entropy (8bit):	7.910220117634332
Encrypted:	false
SSDEEP:	192:ymyQ1rPA7J9HWyupUT0tpZVppixPkUJrEfGUQtSen7x9xWoB:ymTAGlUT0tpHClkSEfGUQtSen7x9xWO
MD5:	DD81630C294A974EEDC4B510AB93AFEB
SHA1:	CD9B19F6CC37926ACC80DCF139382FE54712BFCF
SHA-256:	172C639A8E49F6DC985E5257C4E4964E37195BA456D08DAD68641A2592AC6301
SHA-512:	BA347FA4B57C425BA9CD5D545400CB7AC85DFE631D2B6C282EF7448928176A73A17C284DDE2E0A5871A2BF1FF3CD1132EDCBFE9D037EB78D82D3A76D6DD40BE3
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................w...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...=..G........O.G..O._.>..<....C.Q.q....#.....#.....Xr.>.=..G........O.G..O.G.a.P.8.?..g.....b?.?..b?.?...)C....T}.z......t.t}...t.t{V.....C.Ry..V.z0..^..'....k.o..>"/.t=.J..2Y5.I4.......(.8...A^~e.e.E.[.QB-.7..d.....Y&g..]..'Ri]..mv..n........C.W.....C...o..l.....$c.i...w^....[~..PV...V...q...$_._'..7............r.m...........y.....,V.y.p..zrO._......e......?E....=.....+..~....

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 150 x 150, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3393
Entropy (8bit):	7.861381453330033
Encrypted:	false
SSDEEP:	96:k6V1NQz8ZW1B/+bs6/qHgzraL//qt9ahig7Fe4b:v1NQz//+bsYqHgzmLHqt8ig5e4b
MD5:	941D950538F7CA436158C908C7DEC967
SHA1:	69E4EB157989D26A2F71778BCD9EE78BE57C3290
SHA-256:	44E36F9777D5A9DAF22BAC2890247E92466C2842947B5F4AFAF65AD91BF3F94F
SHA-512:	BAA766C378592012B190AF6658A24578A8C8551EFDD0C82BB1DAC1FB9C70C19A8ACEA56E4270B9E401C35494519A286B4E57F85C2F400715C1134B1A204ED2C2
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-17/logo.png
Preview:	.PNG........IHDR....................PLTE...'..&..'..%.."..%..'..'....&..)..#..$..(..$..'..#..#.."..(..$..%..%.."..).."..%..(..#..#..)..$..(..%..#..(..#....'.."..#..)..(.."..'..$..)..#..&..&..)..%..$....'..).."..(..$..(..#..(..#..&.."...."..)..#..)..$..(.."..$..)..&..#..)..)..)..)..'....#..(..#..&..&..'..&..$..'..&..'..#..".."..$....'..&..#..(..%..)..#..#..$..(..#..).."..$....)..&..&..#..(..).."..(.."..'..)..%.."......)..%..).....#..(..#..$..(..(..%..)..&..'..%..#..'..&..(..$..).."..'..%..'....'............................P..1...........C..L..G....)..(..........................}..g..9..*..5..>..,.................k..]..U..1.............x..n..5..-..-..5..............c..<..@..9.......................p..U..G..e..8..............\|..t.._..Z..]..L..r.........tRNS.......,....1.K.....2#......\|oIBA............E)&...........\L<<7...................hda.............wrmh[SO..........wkT...c`....&.....IDATx...M..@...d.d..S... ...l=....H. .h$...^<........-..07.........y.}...?<.

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	33123
Entropy (8bit):	6.326618341350303
Encrypted:	false
SSDEEP:	384:PlPVtqTf0qSRBlq2Xsq6WsXqZ2q9NqpTqFXaqBtqnnTXTqVSqUDqoT8qzEq3yKr0:PlcQns0JXtusx+jy
MD5:	56458B36D866B56977CAFADB88049F87
SHA1:	FA78259F9992D272E32D35255C3AAD8ABCA5F48D
SHA-256:	6B3D4AD2B4DC199F16746210FF6A606F713524854496C9D179D756E25D7175A5
SHA-512:	3196EF49913B42557DEBAEA0AB7853F32A20934992571D15C738896EBD67D653373D883FE72372C4BD18405160C80C1151B106D98E856413E0D2C0119FC8D623
Malicious:	false
Reputation:	low
URL:	https://www.telegramii.org/
Preview:	<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">......<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	downloaded
Size (bytes):	9125
Entropy (8bit):	7.894391001399155
Encrypted:	false
SSDEEP:	192:y9dGOSRv26UzP8NeJQ4yyjzMSSfMzn+iSG4voCcmwMGy/ahrh0:y9QOSRvXUz0NGrZzbSf0KoCbz0rh0
MD5:	2F8C727C17CD363FA0D4C062CEC3E600
SHA1:	1D73649B6E96E1CDB5F7781C8CB5B067668AD8B7
SHA-256:	9A1454A6725EEA51450B4E0D63295FC995FDB0202FBDC53511C2FB3AC19655EA
SHA-512:	C7F6113452B13DA3D7D346824CABE4DC39553F3BCBA6E6A7779A0C451564846AE2EF81FB1A4A35554A6757452899D7186EB12C23294A866DBE6363A4A0878CE9
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_shutterstock_1425817535-e1560832518594-1-1024x683.jpg
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..J..~2+sK...0..S.-..rk..t.....S.&...p.B=.n.D\....'IR....[..R...d..N~..v....*x..'....6=.2..,a.%(+Ds.h.y+W ..pvV.6V.............^...7...OC....;ou...a......1.7..x............/._...u.......h6jM....mn..3....r.5...g.....-...g....:.A..Z....o...oP....:...?....b....\|AO..g._.Yy...~4.6>..T.V.e..?.n..DNil~.Z...S<{.e.Q...?.....M...j'.s.....h...Z..Vy.......U.K.......u..".........{..\|6.%........

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	6327
Entropy (8bit):	7.897313110393381
Encrypted:	false
SSDEEP:	192:yN5We5as1EHb/7ulrpfkccDIJ8zYuhZdDx47:yNQs1E3yfkxG8znk
MD5:	279DAFA720958747FA8E30F7B7424AF3
SHA1:	40C372342DAFA97D6D452DD72FDDC002230ABD66
SHA-256:	BC06D78EC50AAB6E5EDCE3BC78308DBD2E2E6894FFC16BF392031CF6B14E639F
SHA-512:	98B5B55D09628FBF735C6DC15F66D71D17ACC6DCF3B811CED617922928E4C2D13A90AC471B058B4DB724FE5EBA91893A695FF6C2663FF06C7212AC6B534FFF22
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_messenger-telegram-1024x614.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....+.??...(...(...(...(...(...(...(...(...(...(...(...T...S..n.e.....@s!.S..J\.JWB.DtT....j...A.2....03.(..b:*J(..b::.....AN.9..v...:.(..a.I..]..E+.s1.=..;....M....KE..v!U=.......a..t..W..9.M...)7t.(..@.QE..QE..QU5.sL..u..j.a.......2O.]8<.+0.....R..c...JN.KV.i%..q40xy.+.F.NR.vI%v...<A....L...u{k.+u.5......?....!..H..xr..\|...G....i......?.".v..?h...z.c..\.o...F....c^.8.zC....+..-......Z<.

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 200x118, components 3
Category:	dropped
Size (bytes):	5107
Entropy (8bit):	7.85006356247023
Encrypted:	false
SSDEEP:	96:yoEV7NZW5dMiz7pp1Ro8+TkKn7ThbaVG3e1p+CYzdIooWq520yIW:yoE7NZw6ihvR4T/cVK6DYa920y5
MD5:	63B3D60227B6D2C9DC2D5A24715269AD
SHA1:	7522E1207AD543459B3348CC8F9CABA8F319996C
SHA-256:	D0F89E5E92972ACB27B0113078B179DD8F511146D5EF052746A02CC6CC0084EF
SHA-512:	4738DDB34A50595C1B2A1E7F5E8189CD3D47BED010E9C279C851C358BC0C254CCA33A72E4097D2F0389AA5F56EDF62FA103212715198E1750183DAA740598E59
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................v...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?............d.}.W.....Q.........}.Q.AE..\|...........d.}.Qt..!...?<.........d.].G....!...?..AG...@Q.........}.Q.AE..\|...........d.}.Qt..!...?<.........d.].G....!...?..AG...@Q.........}.Q.AE..\|...........d.}.Qt..!...?<.........d.].G....!...?..AG...@h}...h.3.p..}../.s{F_)..f......Z..e....{F..G.....7..k.....Q..r..fo..>...5.._j>..G.a.d}...h.3.p...-.iE...h...3.p..f....;&..?..#;0=

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2664 x 2744, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	687893
Entropy (8bit):	7.959198303368434
Encrypted:	false
SSDEEP:	12288:J7CJd3qZC+boVMd/tYx7wmCIfHZPYsCr9CojmqJsH/b:gy7qq/tYpwxISYLYsfb
MD5:	7EA114F508DD0209331BFF9F4F8F2BBA
SHA1:	B04750E533DBCAAD563EAAA63226AD9007CEB16A
SHA-256:	5A211F1F5EEB5DEB8EDF132667BC3EC787CBA7F3850A7A0FA952BA4B167052F5
SHA-512:	CA55C04E6FCA4F9B6FF669984D707F5A35D62B4ACAAEFE885654D9A7482DA94F2CDD78AC817C21CC367D619501A3283A9062824CCBB1A10B43C5381F5395174B
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-17/phone.png
Preview:	.PNG........IHDR...h.........~#^v....PLTE...vvvqqqmmmggg^^^cccGGITST...mmm.........\|\|\|........................wwu...............................................................................%$$...........9.....c..........===...........].4..iij...s.......D..pqq...........................R...v.MNR.....<....xyyS......#......aab.............^q......B..*..+....YZ[...p...................Z..uj.............gVS.....kb]..Zdu.....\|TA...aKpG6...J..^LD..Y@1....nX...waW.}q....\|\..y....Mb.....e%j.G5(:..Yw;t....K..r.b..s..~h.^..p..9$.....\|.Z....a...mI..F^,y......3.Gw.X.HK.......wW.......du....m..7[.I..+<_..^L.i1.o......n.}#.}.S'.L..._/.9.3......tRNS..-?Ol]...b...S"........b.......IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.};H.....H....^T.A<9.....o.....6.).%.P-.:C)K.(..3....t..`.`:.j.....@.,...b1.F.......k..R.....?pwN.b......w.P

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2664 x 2744, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	687893
Entropy (8bit):	7.959198303368434
Encrypted:	false
SSDEEP:	12288:J7CJd3qZC+boVMd/tYx7wmCIfHZPYsCr9CojmqJsH/b:gy7qq/tYpwxISYLYsfb
MD5:	7EA114F508DD0209331BFF9F4F8F2BBA
SHA1:	B04750E533DBCAAD563EAAA63226AD9007CEB16A
SHA-256:	5A211F1F5EEB5DEB8EDF132667BC3EC787CBA7F3850A7A0FA952BA4B167052F5
SHA-512:	CA55C04E6FCA4F9B6FF669984D707F5A35D62B4ACAAEFE885654D9A7482DA94F2CDD78AC817C21CC367D619501A3283A9062824CCBB1A10B43C5381F5395174B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...h.........~#^v....PLTE...vvvqqqmmmggg^^^cccGGITST...mmm.........\|\|\|........................wwu...............................................................................%$$...........9.....c..........===...........].4..iij...s.......D..pqq...........................R...v.MNR.....<....xyyS......#......aab.............^q......B..*..+....YZ[...p...................Z..uj.............gVS.....kb]..Zdu.....\|TA...aKpG6...J..^LD..Y@1....nX...waW.}q....\|\..y....Mb.....e%j.G5(:..Yw;t....K..r.b..s..~h.^..p..9$.....\|.Z....a...mI..F^,y......3.Gw.X.HK.......wW.......du....m..7[.I..+<_..^L.i1.o......n.}#.}.S'.L..._/.9.3......tRNS..-?Ol]...b...S"........b.......IDATx.........................................................................`..@.........TUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU.};H.....H....^T.A<9.....o.....6.).%.P-.:C)K.(..3....t..`.`:.j.....@.,...b1.F.......k..R.....?pwN.b......w.P

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x116, components 3
Category:	dropped
Size (bytes):	4918
Entropy (8bit):	7.869193450497874
Encrypted:	false
SSDEEP:	96:yeECIIIvJ0q2i7ywBpWiyKWkiMzbJB/PGPIDhpuBDEzakuGCEuD:yerIIIByi7ys+K5BzbJB/PGQDhgBDEOb
MD5:	E699C33D29E5067BD0E5278A37B0831E
SHA1:	377B0C5C6D79B8F8BF41D5CA03AB7215CAF03C17
SHA-256:	EA0FE09CCCEAA86326BAF68B15CD2E9952A98960940457CC163CEEAF9CD336FE
SHA-512:	7782F901DA8FA37C2E894BC42B0A1D6F391A6414F3F9B9B71E3321F290D25873375076FC17F62913BD819B7E4224D7420734EC29418C896E0505BC0985966C45
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................t...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....?..>.?.......<..._...G.K........A...?.......A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....=....A...Q.A...U. ..xQ....~.@R. ..... .......(..../i )}..\|.T}..\|.Uw.?..y...i )}..\|.T}..\|.Uw.?..y........?..>.?.......<...K.H._d..?..d..?.].....A...H._d..?..d..?.].....A...H._d..?..d..?.].....A..@_.....R..s......g...tb.{.\|.c\....:.6.......(....I.{.<.cO.D=.......(....I.{.

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14769), with no line terminators
Category:	downloaded
Size (bytes):	14769
Entropy (8bit):	4.958736601355022
Encrypted:	false
SSDEEP:	192:zTT2OmpBnFb9pjfVJQaXXbxKKsuifr3mHhP/9mM3wytavGxs6id/O/2opo4op85d:z2bT/TVxKzp88NEjZ28SUuo
MD5:	7543B4B53B5D3989C2AD34F839C9C5CC
SHA1:	890E5A78DF3A77E46E4CA04FC4DE9DA7C4786B26
SHA-256:	B968D32A53B7B2E89CCDC663AE44F2EF5D82CDCB46F9EB13BA38EDEE6BB11F0A
SHA-512:	4E2DA1D18795010014A9A00D52E5A594EBBB3E6FCF079BD3BB1E05AB6EE701389ADBF09C959407281D5D69C109DF04408C9EF9DE57FDB0DA88890F2B29AB5281
Malicious:	false
Reputation:	low
URL:	https://www.telegramii.org/static/css/style.min.css
Preview:	:root{--headerHeight: 64px;--padding: 72px;--themeColor: #179cde}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{background-color:#fff}.android,.ios,.pc{display:inline-block}.android,.ios{display:none}#to-top{position:fixed;bottom:120px;right:30px;cursor:pointer;color:#3d73ed;z-index:1000;display:none;width:50px;height:50px;border-radius:50%;border:2px solid #3d73ed;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;background-color:#fff}#to-top img{width:30px;height:30px}header{background-color:#fff;position:relative;-webkit-box-shadow:0 2px 6px 0 rgba(32,33,37,.1);box-shadow:0 2px 6px 0 rgba(32,33,37,.1);padding:0 12px;position:fixed;left:0;top:0;width:100%;height:var(--headerHeight);z-index:99;background-color:#fff}header .wrapper{disp

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 187x112, components 3
Category:	downloaded
Size (bytes):	6620
Entropy (8bit):	7.921898058291516
Encrypted:	false
SSDEEP:	192:yRWoplGr/T3ba9eckIQqLJh2hG2rfBDYt6IPOqZm:yRWoplGr3a9eckIPUhG2rf0mqZm
MD5:	EE12AE8E6F2563706CED238BBA47F838
SHA1:	7253116387F119B9EC838B41DAB96DD13FAC4D76
SHA-256:	B3B47D264FD53307D39169B6B2E6CC476D001959F0DF13143341A1C711185A60
SHA-512:	E7A99881F74C9BF8B9D4BAAEB376E629A48E848C0E64020C49F947E291ADA6E36555A90B5EDB601C0A93662B07E2CAC47E6F2B808529490D58BFBC8CAB75F973
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_12013.jpg
Preview:	..............................................................................................................................................p...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..#.8..rsQF9.J....Z...c..jUR.I..3.RS[..QEY-.(...v.QW.7.o...UM..z..{!.Z..4.....s.QV.4..IF+v..l.....(.I.~.j..W._........MK.o..c......B....I>........>..&....C.j.........;.>.....G.T....G?)>9..#.Un.2O.?7..]y.sO.N1._,[...+iM..=....3.(#..>....n.(.jB2....y.R.2..5-.Wa.P....;....\..R.?... .5....R.AS.Y.tA..G..OaV...W.X=.....&1..W8...8...2[..rs....G T.Q$(.....]..o.....I.....$.6.r..X.pdn.....\K.*

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	dropped
Size (bytes):	5963
Entropy (8bit):	7.890819216630827
Encrypted:	false
SSDEEP:	96:yNEte+VLtNaEhN0kR9P3K+JrXbupDflDQaEOsutmYvx226D0Gs39Z3HxweaT0xoF:yN8bVtNaw7RNKWXbuzE7buYUxGZcZL1S
MD5:	A811B25E799361D0A9A01E22DEDD6DA0
SHA1:	F756BD7B57969CF366AE938C1CADC10F069F7F97
SHA-256:	0329EC9483A0379B12E7B12FC9B6FB67E3611E9D89F773ECD1A365303870FEFD
SHA-512:	E5BC5513DCC42637D450778ADF3BB341605147F167900E9183EADA9D623B14186764C9EA38EABF528510FF5208D36AC8F31EA609E35865F0AD38CE9FA1B728F7
Malicious:	false
Reputation:	low
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(..?+.(...(...k8..H....d.......%...y1.i.L.g.P.&zT7r..I..T...i._J...J.,s.<./&9.$...j.......y;T-&9.#.PI)."..IOAP..}i.NqP.&...I...q.V.f~.$..;T.N.....3c.Q....J:.....>.&."..=*)$.SM.m...PK)=O.I..,.g..Q.."....J...v...{}.Q^....PH.....y..I$.....<....IXW........).f..^.......T/)<.I$.....y=.&.RW.K;.@I'...'.{...._..0..^...I......=....X~.3z.R~._.lu;.>-...eK9.:$2.W._.>.R.........P....8b.&......c...E.^..

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 245 x 122, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	10075
Entropy (8bit):	7.965005426042753
Encrypted:	false
SSDEEP:	192:08yiR8eR/c+1JoAFkbn8aqKJiWX2qrxk6niF973T1oz8Zu2zSgzsF/6:eiRK+MfLGMsvLFzSgzsFy
MD5:	E479114964B8AE33BD1A6598CBEB2B28
SHA1:	FEC58800576ABC72711C8ACC7D9A4A816631A979
SHA-256:	73F12094B5CC41A25DA18E2BDA2C5FA16E458189F5ECA2DCDDA37070E8F65FA6
SHA-512:	BA9A26EE29F91BF7788D2BBAFAA66CD405373C96610F93CDDDE16B1DADDBA999CAE4EC8B55B77CA870FFEC5A7897E3F4438EC3896935ACA77FF4A372C9B9C7AE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......z......5.?..'"IDATx...e[v...nN..h.}/_.[e.....V....e\6S..BB...@.<....L....G.a@.@....W..K.W..>..n........2"#3_d.....E.{.s.Y....V.......B.....KDo.=.3."......B.{\f....2.......}............q...w.........w...{\f....2...=.3z...2......=?.q........}......eF.{\f....e......z.xY...e.B...3..........}...P..{\^(......P=;.q......}}..eF_..q...'(o..p..1.@d.....!C..x...j.y`...(....[.XIF. ..W<.T...4H.a.#,.k.~8....].X.z...g....z.`.d..;f!..V6.lj..[.....;.....{..G..........u...4X0 .5T.q<.PK.3..7?......r. ....[K.'N........}.6...#..j.o..;.$...+.YdJ.Pk...9../."..}?'...K.z.......6.V......o.8.+..o...p.4..._.4.\|\|.@H....z....K...I2..D. k....5.............\.$.....W.Z ....R.d@....g.>.\|.@F$!.$Z..]{-..S...p..o.F.7....LS...ww7.tc.9.........*.D../..=.>g.'"..P..'....-........k....MK$<...C!.N.'.&.....=.`&....+.R..z..A._u.`d...cGG0i..yg.....>...kE,...-A. .$VJT.o?..?\............dK~rP...............~5$.s......V.[.....,...riI"..920......o....c..Z.

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 116, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	10554
Entropy (8bit):	7.973820453547006
Encrypted:	false
SSDEEP:	192:IeEH7S1GZAMZ8jwoaOZGxTefB6fxXRPhOvEQ13LWWDUlCBCs2L9NOqAMYmDQzZBQ:lEbS1GRZ+5YxyaxVhO8QlLTUlC8L9NOg
MD5:	CE75BD62F217D0205CF43967EF44BD3B
SHA1:	2F1CCB71AF39861C7D8516D4CCA1D8AA6EE4AFD6
SHA-256:	89C4C0CC492D5FCD4B7DE2FB7147AB6700A6EE095F1382E5CAFE32199D67BB08
SHA-512:	DBDB50005BEBF4E3062D8B061F64CBF3FDA911B524EDAF0DED4F7F24682B5A8D0E3DAC3218C8C1F82D3945CB07186211B74BC1490D7BDE1E957A7D6ED017C38B
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_image-236.png
Preview:	.PNG........IHDR.......t.....F.J...).IDATx....\.u7^...{..L..X..F+h...Y.b06.N.`....6../.;...8..Kbb'q../.@,..... ..$$!.BB..[.tO.o....ff4...3.A.;}.Z=......n.....EU...!....8......(.....E ......a'.d...B..I..t.T.I....].k...jl.T.l.`........99..e.....u. U....ds.......'.[V........u. ..,fT.l.`.)....qQ.VN.......KQ...85..g.........`.FU.f.@."t\.z..FU.f...-H.H...S.d..C.7V...d3.Pc)....76-T.l6..:.p..N.....B...4hV...d3.F........B>]...O..y..J...b.....DUV..q....1...e.).'`.e.!..2....:...QW.[.U9...B...d.........l.......J./..S..T.3.P.E.FuQ93,..a..!......W....Dhkk....u0..;.R......7.`..N.Vb(:m..%...'.N.0 ..Q.....$.Fll. .?yqcH.??.^.r..2..1@:...w......@..\|..Ev;....2@.0.I.MMQM"LP....C..[..;3......&.XG...)..S.e....T.....3.U\|............6y.5ma.0......-..?.....c.NuZ..F.".{..k..._......) ......5f....OL$...n-Ch..z...?a..S.`q.8....B..P\...8..."eo.o.Q....2q........G..akk...I.L..W..Z..@........a......k......S/*.E.I?.6.....v.....Ew....e..#...%.B.....p...7..u(..

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x115, components 3
Category:	downloaded
Size (bytes):	9091
Entropy (8bit):	7.898668893648029
Encrypted:	false
SSDEEP:	192:yNfEufkIJsxyj4q9s9+P0ppdNFJPYuhCEHgBxPcBgHT8mTDuqBZ:yN1fjJsOOVdNHPY+0xogzJnH/
MD5:	1C1BC9F0F634CDC139FC54C1050F3324
SHA1:	41E148262CAED1EA6E0813B35243ACA90D60E490
SHA-256:	38760335A0C016D3CE7A19F8205F132AFF2A1EDC1EFEDA41E845AFEA6CAB4B29
SHA-512:	081FC12820FB9A51DC5187CD857F907854B560045109C53A399C4953B5D62967EFCC4DE394F18ED8FA124BB7654C3FE0AA99AEA38988AE8AC8E622D74940ADD0
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_maxresdefault-2024-08-28T064515.883.jpg
Preview:	..............................................................................................................................................s...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(..:.......`.,H?)..]&.......r..d.$..R.....(.W..:......t.......X.6x.../.?.\|2.gw...>!...]Kqw#.i..A......$j...wPT._.............3..,....#.U.w....x#X.....VsH&..X..e.YI..F..}q....x'.><..~;i.*..Q.s.X..I.+..g"n..+...u.._.:....~......N.4..i..:..C,...P.$.k..Ng..V..RZ.......Ih..j..(...$.....L....~...'mv........w...$.g..J...'j.'.q.=k.5...'.tt.S......S.S.......!....+....K.e.At?.m_....uZ[.......

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1734
Entropy (8bit):	5.05685263555574
Encrypted:	false
SSDEEP:	48:sSaDafoASE99PPEpMEXaHvB5TP+JOOP+du:XaGUpKJpP+JO+
MD5:	45FA04438A564600785830CBFF0B507F
SHA1:	7AFB7668DE4BA0ED485720EA7212F8D624B0E098
SHA-256:	8CA11CC9520EB4FA744708ED8BABA68CEC8903C6FF8940AA0DC0FEACD04B309C
SHA-512:	6414CAD666044A7B51DD40377CA8B05275B7A535EECB232246F7C00B5E119AABEEDC68E392C287853C9E2DF2352EC6DE88E89732BD42E0147738A0C5320250AD
Malicious:	false
Reputation:	low
URL:	https://www.telegramii.org/static/js/public.js
Preview:	$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }.... // if (scrollTop > 400 ) {.. // $('header .button-box').addClass('on').. // } else {.. // $('header .button-box').removeClass('on').. // }.. .. if ($('.index-container .section3').length > 0) {.. if (scrollTop + windowHeight > $('.index-container .section3').offset().top ) {.. $('.index-container .section3').addClass('animated').. }.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera;.. if (/android/i.test(userAgent)) {.. return "android";..

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 168 x 115, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	42093
Entropy (8bit):	7.988071399302453
Encrypted:	false
SSDEEP:	768:DDsIeoDkGjplNLJassQy/vILZSIHJSagdzz5yYzb/oq3VB0b:HsIe8R9lNLsvQy/24IpSa8z1yEb/LlB8
MD5:	A586A0B950DD69E95FAC57F5CF58C48E
SHA1:	BA31B98D3DADD59C170E9018709629BFD8FAACC1
SHA-256:	F7C783FBE4C3C5F68DA60198098C5CCC9A25EA4FB4F7FFD30B756705E693C2EC
SHA-512:	C4E8A3F84DE4FD0247012C89CA0133F808D77D84B267BC9045023BE0B753B806FF484A6214600FE76C5517A8F26810004A09F8F34399DD90A2593C462D969335
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_Pasted-245-1.png
Preview:	.PNG........IHDR.......s.............IDATx.d.....y&..T.s...g0... ..L`..(Q.%K.W.....'yW.%.d..:...e.+...K*R... A....sO.\.s.....6....].]u..~..."........\|...%....Fe........-.. ...H8....@.0t.2.........A.1...q.i6..V.]].-..g.s....[..?.O...}...6_n..[GA....I.E....P.@&. .....;>....z...+??{.bwgg@....s..T,.XV4. ....j..z.........z....g.0.:eJi.^....E.....?O.....ym=/h............oD.EB@Y.`...-...#......\|.,a..U^.0..^......t%lH,..eP.$A.Q.R.W:..hD.k......}!...R...if:..aIP../.1..\.W....m......paf...5..,...D..1...[Y....3...r....X8L)...>.b.\|`.6..6.gx..........{+.!AP.@.....I.ns.]q..Q.P.o...3..q.^.ezv...4...+.?.xog......R1.K`.=..\|....o_..[..S...c.0.eQV.....(.F."D.......e.3....!..s%.....\|.J....0.DQ.( +.J,.J.#XR.@..R... ..5)G:.P.....)....1.....@.8...D.d....' R.VF.n..-g.....r......"<s...7........;..K&TYc^.#..9F.i6^~.g\V...DA.....K..k..tGZ..a+z.P...Z..}...o.i4..._..F....l.....WL.,.a.. b..n...Z.y.eY..:.Q...z..]/.=..0....KK..r!.Hv...P.a..~p;.p~.'.>C.H.)..o.....b....kj.UZ.E

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 204x118, components 3
Category:	downloaded
Size (bytes):	10751
Entropy (8bit):	7.906583331916719
Encrypted:	false
SSDEEP:	192:y0OYfP04BRQrPYyzAR/X0XqA2yWpkXtj97733QTIrgRPOxodPn5:y0OeronARh6Xtj93gIrgRmxk5
MD5:	0F0AA14D1C150BCC3DF8A1BBA148B3D8
SHA1:	6CDC0798E359F0AF9B5EBE626D876F32737707C1
SHA-256:	E82D176A429B81AB8067F9631A11F2258B2AC796705F164E66781B4D9ACD0D7B
SHA-512:	30D767212D0EFCFD3432651BD6FB4BA78F89F5344778E6C4E7FCA6D399C9444F246C1D40EE5EA74E17C4F69F7817A7C80C222FFFB5BA8062E8B1DE81674B5AB1
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_1644499014-0c97040fe2da46a986b9c2ccb471c7b1-3-1-1024x558.jpg
Preview:	..............................................................................................................................................v...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...f.~s...........~...8.3.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RQ@.............}RPHPY..u$...o...F.....T.78.Uc..........$...v...T.En.'."...o............X[......K....q.72..:UL.J#(.^...(.4......Tno...HHQ....N*..k......Y..........$....FG.P...oV5.5t.......}R..$...ON..P...?ZJW...I@..(...(...(...(...(........R...J.BO.j.%

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 204 x 109, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	34215
Entropy (8bit):	7.981831865504436
Encrypted:	false
SSDEEP:	768:GcnxVGlB40UMMNqqZj3VYhkCm11va5CLqfz8rmxPLLX3MIzvJuVH:Nn+ruNnZj7DYQLqrxPLL9Dy
MD5:	93885869CB5F149E90600DCCB2170A82
SHA1:	EEB005C342213B91F6ECB94D27E216F7C3A4E258
SHA-256:	65FDE2B70F23AB89F3C04F4FD14B544B5E41D275EFB59653FD12D4C997373361
SHA-512:	FBA6B43B458BD2C8D3B76AD024305833FCA7135916C24D8D53E2DA5FF451DF3A7511B2576BB5FD0EC831CEBA970C4DDDE0C11184CCFAD41D426C3E83585810AA
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......m.....b.......IDATx...y.].Y'..3..'..-Y...v.'....NLB.PL..P..jzA.]..4....44U4.kQ@.R..h.(.!.+.c..I...Q..Y..w:.j.o.s.}O..8......{.....q..?.2..#...d./.x.....\|.:X[...a..7.~..wo....c<....\X[[..Y.(.s.....c0.Q.EqL.E.k..PZal)...d........_.....1.Xd....%.#.,"..C..F[.?k..... ..;..d....87Bp{..Z.".R..TDq..L..i$Zi.M.4.8...;4.....m....c..W5x...~.....5J).did....c..&.rD.!.....$..=.....(&.....c.).....AH..iC,A.`..s....q.....t'e..j.;.$I.w......j..R..CVe...Q1..V.....}i..%...0.H0...b.....?..._LZ.d...&Uc...q.$YZU.6...0.k....hJ....,F.`...:..DO..F...:...3b..q/....H[..c.S.}.......[D....4.C.!..B.9....".3J8..qA.!........h.m.......j...O....{$......C........2......{..y?..7...!.~.../..t.....#.P..0......k..L......'I[../.v.v..wx..e...uc...$Iz.......;.......y.1...&.R.D.3..E..e,%s CZ;L..V1..q C k.`...x.u...j..0..;.A.U~B.%..f....3.... ..]..f.a.q3.n...60. .........9...........V..".=.......b...I.!.F..d.S;....K......Tc......?1.o/.......%H@m3..)...o.qv%4.

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 146x109, components 3
Category:	downloaded
Size (bytes):	9023
Entropy (8bit):	7.888582845403039
Encrypted:	false
SSDEEP:	192:y9URiK1ThhHwT0hE96CDfmo1WwKTP+0mO8t7q:y9UoKRwT0hE4m+nwKhy0
MD5:	A04392B322A467B6FA53E08C951B630A
SHA1:	1CC445D21BFCF17CD4981718597B89FA9066C5EE
SHA-256:	3219A07B396FF9D134675CA29D772CF2938770B358E54BAB329D2884FAA1135C
SHA-512:	235E5EDBE36D422570E63A776EE3F66AA01380432B170EC59E60032031F598E2F99CBC0E16069930D27A5933768224E2DD58E8ACD9F0062C650A5A32CF05DCDD
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/thumb_uVryd7f11689849626-1024x544-1.jpg
Preview:	..............................................................................................................................................m...."........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......I.k..q...0.$.xU..O`+..f..%.......[..m.G.../.5....:..yc..N...m.a/...We......yw.-.+o.~".[.$...8.$l=yVa..P.....~1....$.I..h6.d.......H..A..\|.@.....O.x.(qL..."tiQ.[.nQRm.get.{i{]...6S.b.X.q0S.I4..J.%.F..K..o...O......?....to.[...m.x.;.^.u-..4$.......^Yo.jx........................'....e..x.T....jv..s.....6.#v.1b...Y..'>...!g..[...\|E...:t+..C.h.j.s.l....$q... W..x.e_.......Y.K..@.

Static File Info

⊘No static file info

Network Behavior

⊘Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2332, Parent PID: 3096

General

Target ID:	0
Start time:	19:34:47
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3592, Parent PID: 2332

General

Target ID:	2
Start time:	19:34:50
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1944,i,14542417775159232016,7630197861589992790,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6512, Parent PID: 3096

General

Target ID:	3
Start time:	19:34:55
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramii.org/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: unarchiver.exePID: 6820, Parent PID: 2332

General

Target ID:	7
Start time:	19:36:00
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\unarchiver.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
Imagebase:	0x710000
File size:	12'800 bytes
MD5 hash:	16FF3CC6CC330A08EED70CBC1D35F5D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: 7za.exePID: 7052, Parent PID: 6820

General

Target ID:	8
Start time:	19:36:00
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\7za.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\erzzxmog.1b1" "C:\Users\user\Downloads\shater.zip"
Imagebase:	0x60000
File size:	289'792 bytes
MD5 hash:	77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 2212, Parent PID: 7052

General

Target ID:	9
Start time:	19:36:00
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5252, Parent PID: 6820

General

Target ID:	10
Start time:	19:36:02
Start date:	11/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C "C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 3552, Parent PID: 5252

General

Target ID:	11
Start time:	19:36:02
Start date:	11/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: shater.exePID: 7156, Parent PID: 5252

General

Target ID:	12
Start time:	19:36:03
Start date:	11/01/2025
Path:	C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe
Imagebase:	0xac0000
File size:	62'891'960 bytes
MD5 hash:	D08BDF8F0948938687A6E0C1044E1962
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 8%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: unarchiver.exePID: 6820, Parent PID: 2332COMMON

Executed Functions

Function 00CFB1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 00CFB208

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 9920b7a8ba8950202f53463fb7607591166d663e5cfc7a7b8944d72a781a4159
Instruction ID: 30de3f1ff89ae6136e31c4fa1bb1570ec4114605c80e5c20dcfea5c1e46ae06a
Opcode Fuzzy Hash: 9920b7a8ba8950202f53463fb7607591166d663e5cfc7a7b8944d72a781a4159
Instruction Fuzzy Hash: C301D1709042449FEB50CF15E885B69FBE4EF44320F18C4ABDE488F256D37AA904CBA2

Function 04ED0C99 Relevance: 5.1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

Strings

`wj, xrefs: 04ED0D37
`wj, xrefs: 04ED0D62
e]qj^, xrefs: 04ED0D6E, 04ED0D73
Pyj, xrefs: 04ED0CC8

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID: Pyj$`wj$`wj$e]qj^
API String ID: 0-3997289958
Opcode ID: ccfc10a7c68019882024da3c310ba08584c46475c028f18287f5343bdc39ccc7
Instruction ID: a6fb626e7633439c5a9873d2c08e3e87a294f903ddc03d22d70a1b7306a1701b
Opcode Fuzzy Hash: ccfc10a7c68019882024da3c310ba08584c46475c028f18287f5343bdc39ccc7
Instruction Fuzzy Hash: 82213A307002549FCB55EB3985007AE7EE25F86208F4A452DD086CB382DF36ED06C7A6

Function 04ED0CA8 Relevance: 5.1, Strings: 4, Instructions: 82COMMON

Download Yara Rule

Strings

`wj, xrefs: 04ED0D37
`wj, xrefs: 04ED0D62
e]qj^, xrefs: 04ED0D6E, 04ED0D73
Pyj, xrefs: 04ED0CC8

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID: Pyj$`wj$`wj$e]qj^
API String ID: 0-3997289958
Opcode ID: f6c7d8aa3010d6e4ffcc95a25c2d2f6bc1d3d7a58c157a534c4e85c09037acab
Instruction ID: 7ae26125dc96afcd8ab89704b6d4c2d6909c9772b42a0ffb02f853d2060de1d3
Opcode Fuzzy Hash: f6c7d8aa3010d6e4ffcc95a25c2d2f6bc1d3d7a58c157a534c4e85c09037acab
Instruction Fuzzy Hash: 432127307002189FCB14EB35C500BAEBBE69FC5208B45882DC186CB386DF7AED0697D2

Function 00CFB246 Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CFB2F3

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 85cbe3fd5fcc36aed36363e4292f7c6d551dfdec89dac256453f30a8aab4c29c
Instruction ID: cfa9e7d73d75f1a7f25d98a1a26f7b7ec9941226a1709bc502c3387df476eeb3
Opcode Fuzzy Hash: 85cbe3fd5fcc36aed36363e4292f7c6d551dfdec89dac256453f30a8aab4c29c
Instruction Fuzzy Hash: F031C671404344AFEB228B21DC45FA7BFBCEF45314F04849AFA85CB162D324A909CBB1

Function 00CFAD04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CFADA7

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2f8f710e362a1e7b9c875a999056554216adb4b388b7960b9856b95cefa3ffff
Instruction ID: 4230b3eab85a4676607be3e2f5593feee8237b37de66848aedc3b5a9f4725b2a
Opcode Fuzzy Hash: 2f8f710e362a1e7b9c875a999056554216adb4b388b7960b9856b95cefa3ffff
Instruction Fuzzy Hash: 4F31D571404384AFEB228B24DC45FA7BFBCEF49314F04849EF985DB152D224A909CB71

Function 00CFAB76 Relevance: 1.6, APIs: 1, Instructions: 92pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00CFAC36

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: 67b2fd5ab419c888c1d899c267622efcf791e29b34e511246b3fc923e057ffea
Instruction ID: 3ccb3548dede568b248e7c2754c0a0c70845488a2a39da5e5c9b77b4f55db61b
Opcode Fuzzy Hash: 67b2fd5ab419c888c1d899c267622efcf791e29b34e511246b3fc923e057ffea
Instruction Fuzzy Hash: F0315A7250E3C05FD3038B718C65A65BFB4AF47610F1A84CBD8C4DF1A3D2296919CBA2

Function 00CFA5DC Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00CFA67D

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6a4b1f112e80035cf6f3bdbd03d3af415f7ab1f72dae0de63cffec46afc18e0f
Instruction ID: 4dfb2831fd6f4dbc559b0441b7b642cc47865d53dd5595b1fa59b26ed09e73d8
Opcode Fuzzy Hash: 6a4b1f112e80035cf6f3bdbd03d3af415f7ab1f72dae0de63cffec46afc18e0f
Instruction Fuzzy Hash: 8B316FB1504344AFE721CB25DC45F66BFF8EF09224F08849EE9858B252D265E909CB72

Function 00CFA120 Relevance: 1.6, APIs: 1, Instructions: 82fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00CFA1C2

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 41e340a222835072db55820d4abd75e70f57980d6fa035f909fa161da2314a00
Instruction ID: 5faad387b3f55e30b9139fb52f86ada21f2608faa416640649ffce99f60fc3c4
Opcode Fuzzy Hash: 41e340a222835072db55820d4abd75e70f57980d6fa035f909fa161da2314a00
Instruction Fuzzy Hash: 0A21B27150D3C06FD3128B258C61B66BFB4EF47610F0985CBE884DF293D225A919C7B2

Function 00CFB276 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CFB2F3

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 101a9be29cf2a4181cfc38bb9790b047e706161b18cf44cbcd67b38e126a4f26
Instruction ID: 96c66e40a0a2f4b578a63c2d63975dc0a4a863e49a38b4218f5bbbcf029baec1
Opcode Fuzzy Hash: 101a9be29cf2a4181cfc38bb9790b047e706161b18cf44cbcd67b38e126a4f26
Instruction Fuzzy Hash: 5821B071500204AFEB219F65DC45FAAFBACEF08324F14886AEA459B151D775A9088BA1

Function 00CFA370 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA40C

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 20b010d204bb830bc668cbd43bc59f1e49a0891d7f7b4146acf19e2f4081e736
Instruction ID: 14b58670e90d6743efe45a2d071dfcb45aa4e97bf59c47ef2b0f3447eea2092f
Opcode Fuzzy Hash: 20b010d204bb830bc668cbd43bc59f1e49a0891d7f7b4146acf19e2f4081e736
Instruction Fuzzy Hash: 6D215EB5504744AFD721CF15DC84FA6FBF8EF05610F08849AEA498B252D364E909CBA2

Function 00CFA50F Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetTempPathW.KERNELBASE(?,00000E24,?,?), ref: 00CFA5B6

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: da66e8c6d4118f4c0f9f4251279016edb9f9fdbfc250b636a9a9472ce6b93ea8
Instruction ID: a92c1265dc75d894ec822f8839608e6be3d3d2468868d2557b8e316f6232e7dc
Opcode Fuzzy Hash: da66e8c6d4118f4c0f9f4251279016edb9f9fdbfc250b636a9a9472ce6b93ea8
Instruction Fuzzy Hash: 8E21917140D3806FD3138B25DC51F62BFB8EF87614F0A81DBE8849B593D6246919C7B2

Function 00CFAD2A Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00CFADA7

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b5ad0a0a200305766d8769c3033176ca035ce4806fb3a2bd153a902fe0f1b173
Instruction ID: 87d5a71fe37844bfac1711d1c98f4a95fc137e5d5561857bb241f22e0b6ddb19
Opcode Fuzzy Hash: b5ad0a0a200305766d8769c3033176ca035ce4806fb3a2bd153a902fe0f1b173
Instruction Fuzzy Hash: 4A21B271500204AFEB219F65DC45FABFBACEF08324F14846AEA459A551D735A908CBB2

Function 00CFA850 Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA8DE

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: a4466e6a997d12ad2101c46599c8580f252c806061a8d205707f2516ba90b360
Instruction ID: 1283290d64d5015e641be531abfc9d521a9d610501993e176b27061d6716196c
Opcode Fuzzy Hash: a4466e6a997d12ad2101c46599c8580f252c806061a8d205707f2516ba90b360
Instruction Fuzzy Hash: 8521A7714083806FE7128B24DC44F66BFB8EF46714F1984DAE984DF153C265A909C7B2

Function 00CFA933 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA9C1

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 5941087d8fd6fb37c8360a903b35b81d564438a7b7a035a1ab08c8b3c9eb180a
Instruction ID: 6815c9560e93adb7219317be0941d808889cf459f96063bf73b88a338b159b48
Opcode Fuzzy Hash: 5941087d8fd6fb37c8360a903b35b81d564438a7b7a035a1ab08c8b3c9eb180a
Instruction Fuzzy Hash: 88219571409380AFDB22CF65DC45F56FFB8EF46314F08849AE9849F152C275A509CBB2

Function 00CFA5FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00CFA67D

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6c44a9a0d894179006201f7e14ca86ef34c3d68a962ae8cbceb319063c2ea1c7
Instruction ID: caf9246a58c6704d456ce899b7e556bbf7bd2440c15d50125a2b947de775e17d
Opcode Fuzzy Hash: 6c44a9a0d894179006201f7e14ca86ef34c3d68a962ae8cbceb319063c2ea1c7
Instruction Fuzzy Hash: 4B217FB1500204AFE721DF25DD45F66FBE8EF08314F18846DEA49CB251D375E504CAB2

Function 00CFA78F Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA815

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 9fb519548274fc180dd836d57310ca7526921c3414fcda7a05b5ea063542d412
Instruction ID: b306295324c4ff9a268d06d5b9beea0edec48905cfa1f8f92e090f729b3b8849
Opcode Fuzzy Hash: 9fb519548274fc180dd836d57310ca7526921c3414fcda7a05b5ea063542d412
Instruction Fuzzy Hash: AA21D8B54083846FE7128B21DC45FA6BFB8DF46314F1880DBE9848B193D268A909C7B6

Function 00CFAA0B Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 00CFAA8B

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: bd12ed3f5a0667cef9344004d045337e6c7ca1febb3ca0917873f3447140ee9f
Instruction ID: 694369d064e90635f888d99244e0d41f2f5a6de7ad9458934d3f3b2a5c51d0c8
Opcode Fuzzy Hash: bd12ed3f5a0667cef9344004d045337e6c7ca1febb3ca0917873f3447140ee9f
Instruction Fuzzy Hash: 7A2183B15083C45FDB12CB25DC55B92BFE8AF06314F0D84EAE988CB253D225D909CB62

Function 00CFA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA40C

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9d1329b1ca3e525c9ee9dbae2a779454a95abc49a7a8cc0ff82daa6ac5289289
Instruction ID: 08c6e5917dc37626e5838feb68c565e7843998a57d0c9188435911c685c0790e
Opcode Fuzzy Hash: 9d1329b1ca3e525c9ee9dbae2a779454a95abc49a7a8cc0ff82daa6ac5289289
Instruction Fuzzy Hash: 062190B5500708AFE760CF25DC85FA6FBECEF04710F18845AEA498B251D375E909DAB2

Function 00CFA962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA9C1

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: a7ee04c24e8c15b89843ac1d59696562d7ac610335aa76fe5930b366a2986c1b
Instruction ID: d8a414e3bc56dc8e8ec2b63ab9b02afe29bff1704251f1be8261f286912c8096
Opcode Fuzzy Hash: a7ee04c24e8c15b89843ac1d59696562d7ac610335aa76fe5930b366a2986c1b
Instruction Fuzzy Hash: 68112771400304AFEB21CF25DC45F6AFBE8EF04324F14846AEA498B241C379A508CBF2

Function 00CFA882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA8DE

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: fe368c06408369635db5368854c6ed4f4e740e6fd82e179d9d03f3550347e73e
Instruction ID: 595163f33ef1efb1718859117ee9e0562f56627f04b1e8a03cde58f6ed2f3e2d
Opcode Fuzzy Hash: fe368c06408369635db5368854c6ed4f4e740e6fd82e179d9d03f3550347e73e
Instruction Fuzzy Hash: E211E771500304AFEB21DF55DC45F66FBE8EF44324F14846AEA499B245C375A504CBB2

Function 00CFA2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00CFA30C

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: c51f2c41ca5a931f5713f840183ac1c08b9edf68831904a658a0af919007b360
Instruction ID: 4d494881ef99fae5ea317268a3646d6271b6a2829fbacb1eddf78c578116b24b
Opcode Fuzzy Hash: c51f2c41ca5a931f5713f840183ac1c08b9edf68831904a658a0af919007b360
Instruction Fuzzy Hash: 101191B54093C49FDB228B25DC54A52FFB4DF17224F0980DBD9848F263D265A909CB72

Function 00CFAA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 00CFAA8B

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: c1e3124ae78640ddb2722f0724b54c37f8216b243a242fcb66adbb095022287b
Instruction ID: d3c85e4fdd7d366ba773df2028127fad7fe9c31b8b6e6c4312d6aa560fbe6dc2
Opcode Fuzzy Hash: c1e3124ae78640ddb2722f0724b54c37f8216b243a242fcb66adbb095022287b
Instruction Fuzzy Hash: 421165B16042459FEB50CF25D985B66FBE8EF04710F08C4AADD49CB251E275D908DF62

Function 00CFA7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,8B83423B,00000000,00000000,00000000,00000000), ref: 00CFA815

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 47a1ad4de82e80feb3876987c9f0164b1a5177d62ab12e739890122bd6974118
Instruction ID: ba22a84c5fdaa3ad0370d19100e3e2b9e21cee1974adb5563448ef2d902166ee
Opcode Fuzzy Hash: 47a1ad4de82e80feb3876987c9f0164b1a5177d62ab12e739890122bd6974118
Instruction Fuzzy Hash: 64010471404204AFE7209B15DC85FB6FBE8DF04724F14C05AEE088B282D3B9A908CAF2

Function 00CFAF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 00CFAFE4

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: f7a8e61fdd5d9a19c6313a80608a5c10b07728ec9a1512fdc3e02fd35756a37e
Instruction ID: eb2b7910ddfb82f504e44dc97c9e5e9b13cef25ec269d09c51b6461e4a3dee2d
Opcode Fuzzy Hash: f7a8e61fdd5d9a19c6313a80608a5c10b07728ec9a1512fdc3e02fd35756a37e
Instruction Fuzzy Hash: CA11A0715093C49FDB128B25DC85B52BFF4EF06220F0984DBED858B263D375A808DB62

Function 00CFB1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 00CFB208

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 66eaaeb5c6ae5b295a22b508c8916156f57370e1f0deea22583d86c982942f2a
Instruction ID: 493ffdd8a646d35e954cacea825319348016d5b08250ab6678c1c4bdd03ed579
Opcode Fuzzy Hash: 66eaaeb5c6ae5b295a22b508c8916156f57370e1f0deea22583d86c982942f2a
Instruction Fuzzy Hash: BE117C714093C4AFDB128F15DC94B56BFB4EF56224F0884EAED849F252D279A908CB72

Function 00CFABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00CFAC36

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: 27114adc8a0875422860c1435cae29cdd6d1d8d9e275b8448c3d4a6be47bc13a
Instruction ID: 6f1f9af63d8c58652146abb3aafc27ed630b60e30418c65790c54f766d309fff
Opcode Fuzzy Hash: 27114adc8a0875422860c1435cae29cdd6d1d8d9e275b8448c3d4a6be47bc13a
Instruction Fuzzy Hash: EF017171600200ABD350EF26DC86F36FBE8FB88A20F14855AED489B745D735B915CBE6

Function 00CFA172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00CFA1C2

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 4d28ca1bf2f51de47666d38e75fed930875b4db83d5e67152c3665ad389d0c05
Instruction ID: 4085f2af04f9a9cb9cbc146b7989096811caa85c42c15d7a19f0f4d38eac43de
Opcode Fuzzy Hash: 4d28ca1bf2f51de47666d38e75fed930875b4db83d5e67152c3665ad389d0c05
Instruction Fuzzy Hash: 28017171600200ABD710DF26DC86F36FBE8FB88A20F14855AED489B745D735B915CBE6

Function 00CFA566 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetTempPathW.KERNELBASE(?,00000E24,?,?), ref: 00CFA5B6

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 25b5d98d101086f31fa3a8cdb444560a06712c679f0d2789a275c645b1522be7
Instruction ID: 5ccf4e99d2766b147c9100cf8b1f4cb961f228eec10d2edfa42b8fd7823d2882
Opcode Fuzzy Hash: 25b5d98d101086f31fa3a8cdb444560a06712c679f0d2789a275c645b1522be7
Instruction Fuzzy Hash: 8A014B71600201ABD350EF1ADC86F26FBE8FB88A20F14815AED085B741D775B915CAE6

Function 00CFAFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 00CFAFE4

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: fec8fa4dba7350215ae47e9391a94b9973ba9704698fd06152d0600c17ec1140
Instruction ID: ef04cad91e68af6b906ec78d0b83742b5c4400baa479b8a4850dc2c642d8204a
Opcode Fuzzy Hash: fec8fa4dba7350215ae47e9391a94b9973ba9704698fd06152d0600c17ec1140
Instruction Fuzzy Hash: A501F9B45002449FEB508F15D885766FBE4EF04320F08C0AADD0A4F352D775E844DEA3

Function 00CFA2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00CFA30C

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 4f87458ea9105b3246ab818bd9ee4e82a0e69a4a2bbc164e98baf3b63dc88026
Instruction ID: c75256a6fef9267c08975dbe8d5aafb067188abe4faf2ae39057f998d91d8d48
Opcode Fuzzy Hash: 4f87458ea9105b3246ab818bd9ee4e82a0e69a4a2bbc164e98baf3b63dc88026
Instruction Fuzzy Hash: 62F0A474404644DFEB508F16D885765FBE0EF04724F08C09ADE094B362D379E508DAA3

Function 00CFA6D4 Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00CFA748

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 6798f8eae5db109566b8f1238458f0f001570fed94880e80b663440f228c837c
Instruction ID: 00fbec4fc377bbe3e36464b281fbb00ef5172609ea93abe481ff9036409d7bbe
Opcode Fuzzy Hash: 6798f8eae5db109566b8f1238458f0f001570fed94880e80b663440f228c837c
Instruction Fuzzy Hash: D021C5B55097C05FD7128B25DC54752BFB4EF06324F0980DBDC858F593D2249909C772

Function 00CFA716 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00CFA748

Memory Dump Source

Source File: 00000007.00000002.2510010123.0000000000CFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CFA000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 991f074067f74cbcde4cc3bef4174df49120860104c0e615c206187f7b2680af
Instruction ID: d508a259aa7c2ab57e16e4d6e56f929064be2c5cedf5bd1076c9f49df721af21
Opcode Fuzzy Hash: 991f074067f74cbcde4cc3bef4174df49120860104c0e615c206187f7b2680af
Instruction Fuzzy Hash: 3701F7B05002448FEB50DF15D885B65FBE4DF04320F18C4ABDD098F352D279E904CAA3

Function 04ED02C0 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5d79736c834394cf093b101ae0c6dd44c5841dd963727760c9cd55ebacbd008
Instruction ID: 5bc58fc04cd20064c6ab43e24e166b4df36f255249854fdd3a671681609727eb
Opcode Fuzzy Hash: d5d79736c834394cf093b101ae0c6dd44c5841dd963727760c9cd55ebacbd008
Instruction Fuzzy Hash: DEB12B34A12200CFCB18EF64E958B6E7BB6FF88344B14842AD906DB359DF709D41DBA1

Function 04ED0799 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48940fab0fe699b16e834b3b9ec36b6b832dcad3c87b27275772a9457e3ab10d
Instruction ID: a98925edc64329f0d126b252d89a9fa1a3589a16ae89233ea171dcf2423f0c60
Opcode Fuzzy Hash: 48940fab0fe699b16e834b3b9ec36b6b832dcad3c87b27275772a9457e3ab10d
Instruction Fuzzy Hash: 4CA18C30B012048FDB09AB74D85977E77B6AF8830CF19842AD90AD7399DF799C42DB91

Function 04ED0BA0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ed03309956d25775b3428caac10521f169b2450df020e7a154141163d578c62
Instruction ID: 7aab21a2c3bcf370e8ea0c72bca66142db16b5f21d0129d31001fe2499ac1ab2
Opcode Fuzzy Hash: 3ed03309956d25775b3428caac10521f169b2450df020e7a154141163d578c62
Instruction Fuzzy Hash: CF116D31A10118AFCF04ABB4D8489DE7BF6FF88214B064576E206E7225EE31EC459780

Function 00D40808 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2510360945.0000000000D40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06fc2095d84f64f6c26f8c26c2454e48b3b184c84dced151e6a9b6f9cf6d4e95
Instruction ID: 486d8465839e7e4c26fbc31cf18da9ec1e81e142f2539fd34894fe513fac3dc5
Opcode Fuzzy Hash: 06fc2095d84f64f6c26f8c26c2454e48b3b184c84dced151e6a9b6f9cf6d4e95
Instruction Fuzzy Hash: 860175B64097406FD701CB55AC41C56BFF8EF86524B0984AAEC448B216E225A9198BB2

Function 00D405E1 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2510360945.0000000000D40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3429cf9b9bf6c9a40b10119ddded8a63dfd30073e993162e73ec3d65ce9c5
Instruction ID: 2e743c9741de75ff29d6e9b490d4242db878c8267b3f6da8e3af7eea24937f36
Opcode Fuzzy Hash: dde3429cf9b9bf6c9a40b10119ddded8a63dfd30073e993162e73ec3d65ce9c5
Instruction Fuzzy Hash: CF01DB764093845FC7118F16AC41862FFB8DF46630708849FEC498B752D2396919CBB2

Function 00D4082E Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2510360945.0000000000D40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbfb3a55fe7cc91e8ac278f3f1a1ae1688c73bfec5c489e131ef2818dbb95f5
Instruction ID: 79d596d81441222314d92a9422e687a90e244419afb7a1a7eed96ceaa13b9cbd
Opcode Fuzzy Hash: 1fbfb3a55fe7cc91e8ac278f3f1a1ae1688c73bfec5c489e131ef2818dbb95f5
Instruction Fuzzy Hash: 8CF082B2809204AB9240DF15ED46856F7ECEFC4521F08C52EEC088B305E276AD158AF2

Function 00D40606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2510360945.0000000000D40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96837f52b4a4f8f4d67e9b119c3ba69edcb4350115a2ec59683646a89825acc2
Instruction ID: 2c0a03aded5f6da1a7d3f1589d2f5602e33cda6f5215b5556bf0e2c198f46e07
Opcode Fuzzy Hash: 96837f52b4a4f8f4d67e9b119c3ba69edcb4350115a2ec59683646a89825acc2
Instruction Fuzzy Hash: 65E092B66006008B9750DF0BFC81452F7E8EB88630718C47FDC0D8BB01D239B508CAE5

Function 04ED0C50 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e28a8463f1e311215839a36e3606a3f72cb98425546e6e8c780e2258bdc0801a
Instruction ID: d9a81db8b1cfd8f7bb04420b4e5cb231025d633bf183cadfcd3f1ae6ddcce3e8
Opcode Fuzzy Hash: e28a8463f1e311215839a36e3606a3f72cb98425546e6e8c780e2258bdc0801a
Instruction Fuzzy Hash: E0E0DF31F152941FDB05EBF854946BE7FA6DB82164FCA44BAC008D7292EE318D438391

Function 04ED0C60 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 238e54eecde6434bc66e5c73105b9ecde9eb726dd5ce1f3883a4e99d9d284dff
Instruction ID: 13faa5d1f6b04181387bf185ea8ee7cffff395d7907f8636adc45835b37af40d
Opcode Fuzzy Hash: 238e54eecde6434bc66e5c73105b9ecde9eb726dd5ce1f3883a4e99d9d284dff
Instruction Fuzzy Hash: F7D0C231F002182B8B44EBF848845BE7AEA9B80154B46407AC009D3341EF309D418380

Function 04ED0DD1 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 888c359a66e23f3bfeca979704ce98fe588cb435a029428e84e83207d15a11e1
Instruction ID: 1f26e6ca4b85a9d367482dab01130b2995f6ea803b2c888cd9b29c63f98eb6c5
Opcode Fuzzy Hash: 888c359a66e23f3bfeca979704ce98fe588cb435a029428e84e83207d15a11e1
Instruction Fuzzy Hash: 56E086242493804FDB03933458549E93F611F83208F4F90D9C484CB5E3C5649C55D791

Function 00CF23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2509908802.0000000000CF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f90f0dfd504f6623677822a1ddc236c175b934b17ad2ee1dea711fd0b6b73a7d
Instruction ID: f0124c1435f44e3a8dba5b6fc4faabed1b0fb3691a40aba562e33176d6a56f26
Opcode Fuzzy Hash: f90f0dfd504f6623677822a1ddc236c175b934b17ad2ee1dea711fd0b6b73a7d
Instruction Fuzzy Hash: 41D02E3A200A804FD3138A1CC1A4FA53BD4AB40708F0B00FEA8008B363C3A8DA80E200

Function 00CF23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2509908802.0000000000CF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CF2000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 661020d91d09b6697007fcbe5b0fdcc4236c85183a4198321abd10973bfd5696
Instruction ID: 3126df4f5ea004b7b8f031d3cfa99eea622ceee96fdef2cbc8005ccd39b566a9
Opcode Fuzzy Hash: 661020d91d09b6697007fcbe5b0fdcc4236c85183a4198321abd10973bfd5696
Instruction Fuzzy Hash: 42D05E792006854BC725DA1CC2D4F6933D8AF40714F0644ECAC208B372C7A8D9C4CA41

Function 04ED0DE0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2512395422.0000000004ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f7f369ef4fec63f989087ffa8247308a859110f32935ecb5830f21f23c2a1b
Instruction ID: 6c867c7295b04c5d52251d693c304314ae1109b175aba321df2db1f47f825521
Opcode Fuzzy Hash: e3f7f369ef4fec63f989087ffa8247308a859110f32935ecb5830f21f23c2a1b
Instruction Fuzzy Hash: 18C012302102048BDB04A768D91CA2E73965BC070CF4DC064C4484B265CA70FC91C680

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.telegramii.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\erzzxmog.1b1\shater.exe

C:\Users\user\AppData\Local\Temp\unarchiver.log

C:\Users\user\Downloads\c858a26a-b5df-43f4-b8a6-1298ff5996bc.tmp

C:\Users\user\Downloads\dcd6a57e-0a6b-48ef-99ac-65e7a289196c.tmp

C:\Users\user\Downloads\shater (1).zip.crdownload

C:\Users\user\Downloads\shater (2).zip.crdownload

C:\Users\user\Downloads\shater (3).zip.crdownload

C:\Users\user\Downloads\shater.zip (copy)

C:\Users\user\Downloads\shater.zip.crdownload

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Windows Analysis Report
http://www.telegramii.org/