Edit tour

Windows Analysis Report
http://www.telegramdd.org/

Overview

General Information

Sample URL:	http://www.telegramdd.org/
Analysis ID:	1589356
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

AI detected suspicious URL

Program does not show much activity (idle)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2012,i,16819281075247646738,6678826488317907814,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramdd.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://www.telegramdd.org/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.telegramdd.org
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://www.telegramdd.org

Source:

Binary string: Q.pdb source: chromecache_123.2.dr

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 42MB

Source: classification engine

Classification label: mal52.win@21/74@0/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2012,i,16819281075247646738,6678826488317907814,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramdd.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2012,i,16819281075247646738,6678826488317907814,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramdd.org/"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary string: Q.pdb source: chromecache_123.2.dr

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.telegramdd.org/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.telegramdd.org/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
199.91.74.208	unknown	United States	21859	ZNETUS	false
142.250.110.84	unknown	United States	15169	GOOGLEUS	false
90.84.161.16	unknown	France	5511	OPENTRANSITFR	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.21.16.1	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.212.131	unknown	United States	15169	GOOGLEUS	false
172.217.18.14	unknown	United States	15169	GOOGLEUS	false
104.21.64.1	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
216.58.206.36	unknown	United States	15169	GOOGLEUS	false
172.67.193.48	unknown	United States	13335	CLOUDFLARENETUS	false
149.104.73.29	unknown	United States	174	COGENT-174US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.228	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589356
Start date and time:	2025-01-12 01:38:02 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.telegramdd.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@21/74@0/16
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: http://www.telegramdd.org/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://www.telegramdd.org Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://www.telegramdd.org
URL: https://www.telegramdd.org/static/js/public.js... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript code appears to be a benign script that handles basic user interface functionality, such as a 'back to top' button and navigation menu toggling. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The script primarily interacts with the DOM and checks the user's operating system to display appropriate download links. This functionality is common in web development and does not raise significant security concerns." }
$('#to-top').click(function() { $('body,html').animate({scrollTop:0},1); return false; }); $(window).scroll(function() { const scrollTop = $(window).scrollTop(); const windowHeight = $(window).height(); if (scrollTop > 200 ) { $('#to-top').fadeIn(1).css('display', 'flex'); } else { $('#to-top').fadeOut(1).css('display', 'none'); } }); // function getOperatingSystem() { var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera; if (/android/i.test(userAgent)) { return "android"; } if (/iPad\|iPhone\|iPod/.test(userAgent) && !window.MSStream) { return "ios"; } return "pc"; } if(getOperatingSystem()=="android"){ $(".down-link").css("display",'none') $(".down-link.android").css("display",'inline-block') } if(getOperatingSystem()=="ios"){ $(".down-link").css("display",'none') $(".down-link.ios").css("display",'inline-block') } // $("header .nav.open").on("touchmove",function(event){ event.preventDefault(); }) $('#nav-btn').click(function(){ if ($(this).hasClass('open')) { $(this).removeClass('open') $('header .nav').removeClass('open') } else { $(this).addClass('open') $('header .nav').addClass('open') } }) $('.tabs .item').click(function(){ let type = $(this).data('type') $('.tabs .item').removeClass('active') $(this).addClass('active') $('.tabs-content .item').removeClass('active') $('.tabs-content .item[data-type="'+type+'"]').addClass('active') })
URL: https://www.telegramdd.org/static/js/jquery.js... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the minified version of the jQuery library, which is a widely-used and trusted JavaScript library. The code does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or suspicious redirects. The behaviors observed are typical of a legitimate JavaScript library, including DOM manipulation, event handling, and utility functions. While the code is obfuscated, this is a common practice for minified libraries to improve performance. Overall, this script poses a low risk and is likely a benign, widely-used JavaScript library." }
/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;w.fn=w.prototype={jquery:"3.3.1",constructor:w,length:0,toArray:function(){return o.call(this)},get:function(e){return null==e?o.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=w.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return w.each(this,e)},map:function(e){return this.pushStack(w.map(this,function(t,n){return e.call(t,n,t)}))},slice:function(){return this.pushStack(o.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(n>=0&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:n.sort,splice:n.splice},w.extend=w.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|g(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)n=a[t],a!==(r=e[t])&&(l&&r&&(w.isPlainObject(r)\|\|(i=Array.isArray(r)))?(i?(i=!1,o=n&&Array.isArray(n)?n:[]):o=n&&w.isPlainObject(n)?n:{},a[t]=w.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},w.extend({expando:"jQuery"+("3.3.1"+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==c.call(e))&&(!(t=i(e))\|\|"function"==typeof(n=f.call(t,"constructor")&&t.constructor)&&p.call(n)===d)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e){m(e)},each:function(e,t){var n,r=0;if(C(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},trim:function(e){return null==e?"":(e+"").replace(T,"")},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(C(Object(e))?w.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:u.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r,i=[],o=0,a=e.length,s=!n;o<a;o++)(r=!t(e[o],o))!==s&&i.push(e[o]);return i},map:function(e,t,n){var r,i,o=0,s=[];if(C(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&s.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&s.push(i);return a.apply([],s)},guid:1,support:h}),"function"==typeof Symbol&&(w.fn[Symbol.iterator]=n[Symbol.iterator]),w.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){l["[object "+t+"]"]=t.toLowerCase()});function C(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!g(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&t>0&&t-1 in e)}var E=function(e){var t,n,r,i,o,a,s,u,l,c,f,p,d,h,g,y,v,m,x,b="sizzle"+1*new Date,w=e.document,T=0,C=0,E=ae(),k=ae(),S=ae(),D=function(e,t){return e===t&&(f=!0),0},N={}.hasOwnProperty,A=[],j=A.pop,q=A.push,L=A.push,H=A.slice,O=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;retur
URL: https://www.telegramdd.org/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Telegram", "prominent_button_name": "", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false }

URL: https://www.telegramdd.org/ Model: Joe Sandbox AI	{ "brands": [ "Telegram" ] }
	{ "brands": [ "Telegram" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:38:58 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.977307515412327
Encrypted:	false
SSDEEP:	48:8GdlTt5HAH2idAKZdA19ehwiZUklqehty+3:8QLBay
MD5:	4214E8CD2048FC3D8E394B09C8B9A7CA
SHA1:	2DAEB0E4E0BAC3A725876722014B645E5120A132
SHA-256:	26026F462A2A6A4259025BB1712460BF5B322759C70CE000BA921A04398FC71A
SHA-512:	C4BB42C1C5F46F666D70653AAA3E3D97281A7C38BD6073E7FDECA8C2E825488C95FDE94DF8EDC6F764DAD38F03D6BF4DB8551BB5F03BC69F0785A8F8B3E36D5B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....76.].d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........zF.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:38:57 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9953326242408775
Encrypted:	false
SSDEEP:	48:8sdlTt5HAH2idAKZdA1weh/iZUkAQkqehKy+2:8qLz9QLy
MD5:	7CF77BD77B3DEED379D788ACAF44CAD8
SHA1:	0AB032A27938B1738883B7CB5DE3B265CFBE225C
SHA-256:	798D38368D2D1258044421827DFF2010B94224859A4EFA281E6018753A86FB54
SHA-512:	318482159F3135131BDEC053B132AA38CF3B95C3200F448C6694C19E3ABE13B9838B6AB704834E263CAE3358B890777AF7A7AAA11FDAF66418A67A7B9E6EE970
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....J.].d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........zF.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.0045626084567605
Encrypted:	false
SSDEEP:	48:8xqdlTt5sH2idAKZdA14tseh7sFiZUkmgqeh7sAy+BX:8xsLHnWy
MD5:	D42DC730136C6C4FCFF032671BE21B3F
SHA1:	6F1E08EB0E93FDA5AD5519C752C08BDCE464BF30
SHA-256:	F69CE643B60464554875610C0D771805835CB267A5A8083B2E06B88BBF413389
SHA-512:	8D765F74C07536C306911B946D244997D256191646554C75352145D9740BAED3B90F8193533B60BCC82A668DD8053C8DF428A527E2AAE4DDDCF4D65E9DE72D94
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........zF.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:38:57 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.994238477294536
Encrypted:	false
SSDEEP:	48:8ndlTt5HAH2idAKZdA1vehDiZUkwqehOy+R:8jLwYy
MD5:	D22D84F595C9087FCB14EBF75E3D1689
SHA1:	86D49E5DBE80F40CBFBC733A300FF26E5A5D8243
SHA-256:	BE949F8C23289732905DFC16C1C99B4E4D9C65AB080DEBABE8DBEEA656D432C9
SHA-512:	220D7DD3BB5C842579C48BB3000F00F1A1D16849388C7DD7BF0F2A3DB47F94BF31504D3C679F74D7AC31A14E779F0C52EDFB913DBE3568138DAA10EA0E92F22B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....#.].d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........zF.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:38:58 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.982579234083545
Encrypted:	false
SSDEEP:	48:87dlTt5HAH2idAKZdA1hehBiZUk1W1qeh8y+C:8/Lw9cy
MD5:	50A472571B6401497457D9653BBD900A
SHA1:	3BADD85725F0F41D51A22DAC31C73AB34285F14A
SHA-256:	B58930F4BB1FEF234E224BF740AFEED0D232347881A7FF41FACE85854531D97E
SHA-512:	E7F2429DFEF57AB882CEA745DF3E1841B603FA1F83FC626C50D68E96D8AD21BAE60A0B37A6E8FD9FA3EEB978DE6312F8B3F6850411980C3FD383A6444CDEF639
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....,..].d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........zF.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Jan 11 23:38:57 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.992293977762906
Encrypted:	false
SSDEEP:	48:8qdlTt5HAH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbWy+yT+:8sL+T/TbxWOvTbWy7T
MD5:	2972349B731983C8483B0E0998846721
SHA1:	79B9F5379181F986C5D2805B607BB8639A2B30D3
SHA-256:	D22F8617BB5045A4C16A4251572F3C3EDFA8E5EF8E31B4BF60554DEB5BCCAF92
SHA-512:	2ACF20DE89077025F10FB32192ED16534B4C169CC6AE1503ECEC1EB6E46E985C355270C22BB54B83B81DCA46774F6D88C6D8BFE5213FA1B21C881F211E003221
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....&..].d..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I,Z......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V,Z......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V,Z......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V,Z............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V,Z.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........zF.n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\3320586e-971d-4523-a674-9ed8c04e9471.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v0.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	15503
Entropy (8bit):	7.9280883280942165
Encrypted:	false
SSDEEP:	384:cK60SaQO6hnpRkLw++Fpr1f74MiVlitJ7EAkSar8q/p5QKTm:u0N65pRkLqFp1DifXAkSar8q/prm
MD5:	F84709362D2E45EA2F637F26E5014265
SHA1:	1A9DB2BAE501B6B2FA14B982C94DDD3B0410E017
SHA-256:	A6F3F777808BC3F69D2BBA338B4A3D184F6083469714DF0E669624D08468667B
SHA-512:	65EE00D7319618A1A4B6386E60B582C509C7777B32C95F5C839770576B703D7DEE94C9F74C2C94F51E1EEB059F26577446BBAB593DB139834E5F85A9048D7B1B
Malicious:	false
Reputation:	low
Preview:	PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<....R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..\|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...\|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

C:\Users\user\Downloads\Telegram (1).apk.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v0.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	41171498
Entropy (8bit):	7.941707311338131
Encrypted:	false
SSDEEP:	786432:UKBYCRUUlMYPe5ci6aswQEjZEJ+G9GsiU4suJ9zqZ6KQ5nALspx:3Bgc7kKJP8Ui9q0nUs
MD5:	0E4B8823F7E36E9051EA336A2E682ABB
SHA1:	E39024CBDACA43155FD09DB1D833694A04B9F67A
SHA-256:	8AB6BBCE1812C3BE02A4F45B0FA97754887592BD2B53CCA518C66D375CEC80EC
SHA-512:	0E7EE000BC96191041B40EF68E8A3FC9D5A28AECB00E1B0A534250D5BFFA8BF7FD3EDEF7315CE21869271227C28F6C17CFB37360B7EAEA014131D6AD08E0797A
Malicious:	false
Reputation:	low
Preview:	PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<....R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..\|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...\|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

C:\Users\user\Downloads\Telegram (2).apk.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v0.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	19085867
Entropy (8bit):	7.954823686178774
Encrypted:	false
SSDEEP:	393216:rhDuKB7QCh5UCayUUl9m1KPnnpoqvml8U1KnU1DIXi6asw:UKBYCRUUlMYPe5ci6asw
MD5:	068300E0F85D7E74EF2D011C593FEACF
SHA1:	B8B6844D9D92669E2756EB8D86C28B9F21AF1C57
SHA-256:	CE02F9C61286DF36A0AE0A95EF0B57A5151790219269BA9E09D5BDF3D96963B1
SHA-512:	D8E2A791D94344B2892A4717DD029512903C321F15BB2CF34BA4593D567F6B0DAAA9316E343B19AC95723CD0F519CC17A9D2CD8D1586EDE27C7298147A4BBAFB
Malicious:	false
Reputation:	low
Preview:	PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<....R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..\|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...\|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

C:\Users\user\Downloads\Telegram.apk.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v0.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	68942378
Entropy (8bit):	7.925800633583372
Encrypted:	false
SSDEEP:	1572864:3Bgc7kKJP8Ui9q0nUsbnBAW9uFHwV6Mq/Cqj:97tJP8Ui9q0dBSz/7
MD5:	50C48EB77CBD18276800AA1ED5B7C4D1
SHA1:	EC57A3B673E396A8081603B382A3105000AD860E
SHA-256:	953F220E4B48E8D8A56F3211FB8C7BE3E5FBA4FBE2C65F7F559FE9C6EB091532
SHA-512:	DDDDF80FB750758AA280EA5DD00C09BAFD53A3C60A90EC9F95C516CBA06EAD8ECA74178EA0F565E6358F6D8DFB225070938CE0EF8920211A9AD3A46D9995EACE
Malicious:	false
Reputation:	low
Preview:	PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<....R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..\|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...\|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

C:\Users\user\Downloads\a81fd188-a1c3-45b8-85d8-ec7c86cad4c2.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v0.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	47027
Entropy (8bit):	7.955728456145479
Encrypted:	false
SSDEEP:	768:u0N65pRkLqFp1DifXAkSar8q/pr+ainNmBbNqg8qfd6EWnPwMz4nXwYkfQbFNSKm:X65jK1PP83NGNqM4EuPxDYFbFlz5q
MD5:	1803A622AC1C42DBF77C748A07BF6030
SHA1:	41AA2654D26C4F0921B9C0CAE8D8F09BE5618535
SHA-256:	C30DDE2A9860DC47D5199895FC84E47DF8A0EEB6777C8F06016AA35E6EA4AAC2
SHA-512:	1968037E25E87E7905AEE0992FB7D7FDCAC84503CA37B08A31498358C6B9F2115F8EFF5C3E59198F009122CD3ED126FC274171266596AC2F7BC3A08196603AD7
Malicious:	false
Reputation:	low
Preview:	PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<....R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..\|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...\|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	2415534
Entropy (8bit):	7.953757920742143
Encrypted:	false
SSDEEP:	49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
MD5:	CBD2D6AF702CAB22FB23C7D159ABC428
SHA1:	C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
SHA-256:	58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
SHA-512:	E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...\|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	7223
Entropy (8bit):	5.906322274225631
Encrypted:	false
SSDEEP:	96:2Lbl2blFusRP9Zf6nFbHgWX93YHy8fIEb3MaiaEUM:HP9wRUXAv
MD5:	4A952902FA2A3FBF61B686968D410C7E
SHA1:	A9BE544F3201E1EF1EBCA0AB296B7526660A52F3
SHA-256:	932BA7CE0D2C6A23A195CF7B84251AC2AC305431715E8618015294DDFAE5C300
SHA-512:	99A777A050103551FF8CFE077E93209945E059F4F9E2051A13E1FDDC3499A55134D16AF5A2390BDC82F4EAF07A584C6D6075C4F6618706DC31C39EB8F1BC28EC
Malicious:	false
Reputation:	low
URL:	https://www.telegramdd.org/
Preview:	<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>telegram.. - TG.....,.......,........</title>...<meta name="Keywords" content="Telegram.......telegram...........................................">...<meta name="Description" content="Telegram.......telegram...........................................">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=no" />...<meta name="baidu-site-verification" content="codeva-b7QlsyZZJI" />...<link href="https://image.sanxiang-sh.com/telegram-favicon.ico" rel="shortcut icon">...<link rel="stylesheet" href="/static/css/style.min.css" />...<

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	3159
Entropy (8bit):	7.835397861887022
Encrypted:	false
SSDEEP:	48:SkyPhGBqjMSGIhBiNuTqjRCe2TnySKm65vsU4YDES9KScfL+WXRu2C5AzKcqoOlB:+EBBfjRCe4fKZZDE1ScT+4upEKcaaOr
MD5:	A5389E17320111E2B5B824A9FC62BD8A
SHA1:	15AB12EDF2FD1079C413C452F50112128FBF39D9
SHA-256:	423C7D0FC1B4E89DAE93A8CB372868BB554CCACF0535378F150D312B6D917438
SHA-512:	18435CCD1A43DFD9BB794A49A8761206C1E7294B2BB6DFFAD462B465A4085A778754095033D0CA12D0AAD50D790DD65BDB86AD32BEE9285516CB0DE56A482FD4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............>a.....sRGB.........IDATx^...-G...A..).........J...-.).....h)....Bq.B.`!E.k~t6]....;r.9......3.;Gg.5.Z..T=.6y5.T.......%P......P...~.....@..o;@.@...\|.m.h..\..O......K.......r.T>...4.l......%..........2.D6q....kH......g.O.B6...qI.J..{.H.......kK....I.p.U...7..`TKV.p>I7u.$.:....WKzy.1.vm...I....g..R{..gJ.h.q..g.....V..J.._..87l=Y...$...O..8I/2.S.V...HI.%..N?....z1.....$.A.mPN...@..,..C...J.^.v..-.[....IO.2....C..%..x....../%....../..7.J...$......I........~...K..A.'.T..w.t.$N.......*....$.)..%........o.v$\|...4.^"....}.'.@.ObH..t..7db.s9.~.IW..CI....$.... i.P.3..!g....?k.Gu..M8.b.y%]W.~...t.-.....u$}$..L.#H.:.}%.c".....8I?....1..6<.$..<..........$=y.Pr4.U..G..cx..\|......V...3.........H.........%..>I.z...T.?F........!.J....oK:e0...<[.F..........aMNz.... .9.ghs.I...g..e`e..W....o.^,..MT.>.....9e..8;..1J...%i.Y..m.nI7...N.K...WH".b.....\..,..7..$.C.Q....S..s.T..-..G.=..aX.3J.;.%._..ao..i,..kv..%...b1......1B_...h.

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 775 x 825, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	268481
Entropy (8bit):	7.98467490175069
Encrypted:	false
SSDEEP:	6144:WOaPEe8NIm92iKb84rnQt/GUCOw5wgvXrZDvh9T1aDSWL6YuEf1ye:WOa18mCWb80Qt/BUVbzTQPL6ZEEe
MD5:	A2FFCD73EDDD76A01F35ADFF0BE467D8
SHA1:	B29C51BC3DDD3C8210190BFCEE247313CF197C87
SHA-256:	9B261666109DDE22C348C6EFE0707AB57192C1E93D9A6BD126F44E855FA7B7EE
SHA-512:	7351CD7764218BA21352E58F4B55FA46893F2F5F460C9ECCF99DD11FAFD54F3048487920E49638F5F5D74D4EE602921894F75C34A0B8CD6D138B7FD13426E8EE
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/ios_zh.png
Preview:	.PNG........IHDR.......9......J......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...7IDATx....@1.C....f}.@.n...)88E53.....].I..!.......!d.'...3..b.m...J..r.3m....`...$f`......l.bd...a.......h.U4....g.1.4........<\.....).`..'..@,.A0..\|.._K...V.m4....M....ZB.z..M.Q0...........F..I.V...`....2.F.0....5...a..."...R.-......D..a..^E.%3#.}U.{....$O.....}.n..iG.+..[.'C.....LU..M.t.....`..V...0l#.B....CC.E..Y.X"..../x...?.......ks.f...k....B..{...=.z..1^C.....C....cf7/H.V_((...`........Imgq.......RRN..+bm....s...G........J.Zq>......G..R..D$RB!p.B.'...S.....n..oF=..@./..+..../..t..X....`..6..&..w...HE.GB.xuY,..]h$a......8..0.c...ZWUS..k.1.q...\.Z..an......jH...y.@..J..h.EW..77....84.-..k.d.H.9(...)U......z.........i...!..w..+"...NT...b."...$X..y.k.......).;W. .D.,....N~..........(......Bt..7....=.{w)....F.......u..w!wH..T..9./EQU.....B.I...y.... ..bH.(!.$..............S.D..h..`Q0...4....R.,.$...A.;....E.1..j.$.3ak...v

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	3373417
Entropy (8bit):	7.978140019775728
Encrypted:	false
SSDEEP:	49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
MD5:	28746CEA3FA3FE45E9A77EAC83CC83EB
SHA1:	5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
SHA-256:	1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
SHA-512:	501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d4.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.\|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C.....?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......\|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..\|....A..e.>t.-..%..,...#w4..O...."..`......dW.\|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	1867995
Entropy (8bit):	7.97135881669897
Encrypted:	false
SSDEEP:	49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
MD5:	3DDFFC96032B4B586B63950436E1B19F
SHA1:	4E648AB679826B824D2D111E1B96E6D6FEC88BFB
SHA-256:	8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
SHA-512:	0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...\|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s.i........vf+..5.........4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....\|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3.....^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	3222729
Entropy (8bit):	7.959136227282352
Encrypted:	false
SSDEEP:	49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
MD5:	1A1A1E97120C2DD2B6B3C8C0F77CA236
SHA1:	3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
SHA-256:	D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
SHA-512:	325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF....A.O.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9\|tS.Q.MN>^........?..e...-.......................................H......\....#J.H.b...j.... C..I...(.b....0c.I...+......@...S..H.]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	1696890
Entropy (8bit):	7.996167221864141
Encrypted:	true
SSDEEP:	49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
MD5:	6AE9949DD516F905186883C3DC5F082B
SHA1:	0574973A09CD1C4586F2237169351237A930718D
SHA-256:	424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
SHA-512:	CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d5.gif
Preview:	RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.\|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*\|.p.Y.Y..a....E.\|...p.\|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	1867995
Entropy (8bit):	7.97135881669897
Encrypted:	false
SSDEEP:	49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
MD5:	3DDFFC96032B4B586B63950436E1B19F
SHA1:	4E648AB679826B824D2D111E1B96E6D6FEC88BFB
SHA-256:	8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
SHA-512:	0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d2.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...\|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s.i........vf+..5.........4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....\|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3.....^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	3159
Entropy (8bit):	7.835397861887022
Encrypted:	false
SSDEEP:	48:SkyPhGBqjMSGIhBiNuTqjRCe2TnySKm65vsU4YDES9KScfL+WXRu2C5AzKcqoOlB:+EBBfjRCe4fKZZDE1ScT+4upEKcaaOr
MD5:	A5389E17320111E2B5B824A9FC62BD8A
SHA1:	15AB12EDF2FD1079C413C452F50112128FBF39D9
SHA-256:	423C7D0FC1B4E89DAE93A8CB372868BB554CCACF0535378F150D312B6D917438
SHA-512:	18435CCD1A43DFD9BB794A49A8761206C1E7294B2BB6DFFAD462B465A4085A778754095033D0CA12D0AAD50D790DD65BDB86AD32BEE9285516CB0DE56A482FD4
Malicious:	false
Reputation:	low
URL:	https://www.telegramdd.org/static/image/pc.png
Preview:	.PNG........IHDR..............>a.....sRGB.........IDATx^...-G...A..).........J...-.).....h)....Bq.B.`!E.k~t6]....;r.9......3.;Gg.5.Z..T=.6y5.T.......%P......P...~.....@..o;@.@...\|.m.h..\..O......K.......r.T>...4.l......%..........2.D6q....kH......g.O.B6...qI.J..{.H.......kK....I.p.U...7..`TKV.p>I7u.$.:....WKzy.1.vm...I....g..R{..gJ.h.q..g.....V..J.._..87l=Y...$...O..8I/2.S.V...HI.%..N?....z1.....$.A.mPN...@..,..C...J.^.v..-.[....IO.2....C..%..x....../%....../..7.J...$......I........~...K..A.'.T..w.t.$N.......*....$.)..%........o.v$\|...4.^"....}.'.@.ObH..t..7db.s9.~.IW..CI....$.... i.P.3..!g....?k.Gu..M8.b.y%]W.~...t.-.....u$}$..L.#H.:.}%.c".....8I?....1..6<.$..<..........$=y.Pr4.U..G..cx..\|......V...3.........H.........%..>I.z...T.?F........!.J....oK:e0...<[.F..........aMNz.... .9.ghs.I...g..e`e..W....o.^,..MT.>.....9e..8;..1J...%i.Y..m.nI7...N.K...WH".b.....\..,..7..$.C.Q....S..s.T..-..G.=..aX.3J.;.%._..ao..i,..kv..%...b1......1B_...h.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 63, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	7.769704549672646
Encrypted:	false
SSDEEP:	24:iFZrInkuhL6tDNIlF7ctLs1ZYH7Ep/j53EfVlh5du:iD8r1F2AYg/j53ylvs
MD5:	8A6C32150A458C45102CC078078B1C87
SHA1:	9064F80DEF2B442C37F55E3F0B65C1CF60FA0E79
SHA-256:	0948A22B613B3CEA6367872B8E317A0A4250236C70DDE94D0C2DBF31639F5E94
SHA-512:	52493F400C36B59168C9C015E36443C841CF79E6ED2B8410EF470569AC79B2CC5864D799DC9B7D7759D70ADACAE6D2FEE9999C663E4AA0AE03EFD355BFF2B635
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...3...?.....Mc.Q....pHYs..!8..!8.E.1`....sRGB.........gAMA......a....fIDATx..]n.F..g..@.[:A.^..[.:-.....j.@.S..i....'.\|.''0.X....X..D'6......ah1^....~...........R......}8.....W.6..t.)..n.T.?5....C....c.....F#....g.M.z..(....v ..2p......(.tY..9n.tu...4.S...;.......n.....=....@{..Q.1P..b.1....$.@....\|.L.......d$..a.y.b_.V-..z..1..~ ...0.......=.W9.......[.Q........q..>x....HIaH.mZ.:...D.VA..........3B.......Msy.T.*]...C......h.R.Yo\|p`J..3..).b.......R.....#.......%.5"..%....?...jflZ..'.k[B.\|....\...Y).D.....xf....'6..P(w-......{C};..!).=.N.kG.{..`lgH..C6.3.F........j'Tz)z`.<.N.{e^..B.z...h..+..Q.w..-3....0..A......Ke.SX.j... ...>.....^.P..%X.......N..".N.m.aF..;...}.<.k.S.....Q....3...9...y!;B.C..ZZ..%.g.1... 9..j.\|92.......)y@..&.2...V.j.T....V%.M..3Eg.F!L^)..+.0y..&....B..R..W.0..5...G....).I..7........s..D.A..Slm..@.n&..G.sw..Q.J....Qm...Ru.N..2...]._.2...mV.t.+-)...r:t.O..q)..H. ....b&_Z.....{#.^..R..WL.Y.

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	3373417
Entropy (8bit):	7.978140019775728
Encrypted:	false
SSDEEP:	49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
MD5:	28746CEA3FA3FE45E9A77EAC83CC83EB
SHA1:	5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
SHA-256:	1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
SHA-512:	501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.\|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C.....?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......\|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..\|....A..e.>t.-..%..,...#w4..O...."..`......dW.\|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	2415534
Entropy (8bit):	7.953757920742143
Encrypted:	false
SSDEEP:	49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
MD5:	CBD2D6AF702CAB22FB23C7D159ABC428
SHA1:	C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
SHA-256:	58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
SHA-512:	E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d1.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...\|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	2146221
Entropy (8bit):	7.949979177664583
Encrypted:	false
SSDEEP:	49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
MD5:	B66CCB48AAE5492D0043602A8809739D
SHA1:	526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
SHA-256:	4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
SHA-512:	6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......\|......'../....A..h..................H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.\|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	2968347
Entropy (8bit):	7.942137046837241
Encrypted:	false
SSDEEP:	49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
MD5:	5D09F9927641C16D5B62DA8F2F877F50
SHA1:	B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
SHA-256:	E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
SHA-512:	E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d9.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...\|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......\....#J\|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	4286
Entropy (8bit):	5.157520760822341
Encrypted:	false
SSDEEP:	48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
MD5:	975B4112A366CCA6B9BF2C84E268268C
SHA1:	97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
SHA-256:	181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
SHA-512:	1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-favicon.ico
Preview:	...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+....)....)..)....)......)....)..)..)..)..)..)..)..)..)....--.............................+..+..............................................+..+......................I....+..............+....+..+..+..+..+..+....+......+....+..+....,..I..................+..+..+..+..+..+..+..+..

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9739
Entropy (8bit):	7.914505260000532
Encrypted:	false
SSDEEP:	192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
MD5:	E94E30D49B2C58C8CE7BF1A96BE1458A
SHA1:	79334D2865DDD486A79F97725363F56655C80BDE
SHA-256:	93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
SHA-512:	9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/telegram-logo.png
Preview:	.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 775 x 511, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	269915
Entropy (8bit):	7.997318625620062
Encrypted:	true
SSDEEP:	6144:eUHIRpvqzhFuCCfsBeFHvVP61UZtBdy9P+Bo0suvken8aPgb9dlA:eCsyz3vCAeIOtBc9EoJu8engq
MD5:	A3E4DF3C003560CC296AF06B198390B4
SHA1:	B1D9C70957302A8D0884694052439432407BF8D5
SHA-256:	5BFE27A076F070C98104425FA065C987195CE8ADEC010D52EF104A59B7F5653E
SHA-512:	2913378C0B7FA73C89A5F4CF0EFD90A191E5EE4E7BCD9BC2DE82939357882AB733A9F5C60BA8FCE57015312ABC0400E906D97BBA47A56C838A36A257D93D1E1E
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/extension_pc_zh.png
Preview:	.PNG........IHDR..............d6E.. .IDATx..Y.$.y.........&{..&)R.H...1... a.E........G?............."<.F.8.E..H.l.Mv7...}.[n...../.dd..uoV....y.......wNDT..q%....@@ .........D.{......@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!....o.......F#.z....G@ ...............?v...XPV...j.s..&48....Q$.q,8.&y8.......@@.}.....k.oj.kp..l...gAY..eY.RI.x.p....\...}.# ..........cG...NiKk{U...M..u......,..32...........m...c.....@@ ..8v....6..2.....fh..l.$."...#.."n..p..;.\.z...^{.7.....=..,....@@ .......@;......<..SO=..+......m.F`b.h...B. C.....]...o~.._.....vaH..}.$."@.d.................[...&Z.Vk6.kkk...g~.~....V...A....eE@iHmnn~.[...........YV.X2.\"p67...."@.d................z...w...@P..........?.~..YPV.F..2...............Ss....A..n.& .........O.P..2LS......U ..>...../..K/..D.

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	1639
Entropy (8bit):	5.074367357020033
Encrypted:	false
SSDEEP:	24:sSaDlMfl2HgSE98vJ34apncroPi3i436P8o+q+PB4tD7EEUk1kE1FEN:sSaDafoASE98vB5TP+JOyPudLvN16
MD5:	2A533634725670DB7F7D86E9DE86E242
SHA1:	844367E9EA8FCC24AD3ED4FF23ABFC29D07FE42D
SHA-256:	5D2271ADD83434D0A9820547260E155AFB076463457C2B036FD5FD6B2436A7F7
SHA-512:	8EBE8BC2B5B80A13FC970C337B7B5C2019EC56654B63EC047634E7AEC85184AE3F0E16D124E7AA4A45834B05AC0402BF790C65569F22FFC106E7D4B9737DFE84
Malicious:	false
Reputation:	low
Preview:	$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad\|iPhone\|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	1999661
Entropy (8bit):	7.95888108485966
Encrypted:	false
SSDEEP:	49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
MD5:	443B2A218BA5A3010B778986488AF448
SHA1:	957E3B8E8951351B28F5106E8006F96255AD200B
SHA-256:	DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
SHA-512:	277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......w..]....555.5......!}...T...fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q....y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/..TE0YYY.n".h#..(..W..^....s...O...................................................H......\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#......)c

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	2603040
Entropy (8bit):	7.962323436035343
Encrypted:	false
SSDEEP:	49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
MD5:	80515DB845D4FC2B936127D4324FF322
SHA1:	3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
SHA-256:	5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
SHA-512:	32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d8.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..\|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u.....B.._O.A3.m+.p5..b......XyM.///g;..\|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.\|.+^.8...#?.....>=.

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	86923
Entropy (8bit):	5.288942392211126
Encrypted:	false
SSDEEP:	1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
MD5:	B72AFE07A6F6F477120F3B0803D0A983
SHA1:	78EF8329A917D65F8BEDF5E1336724C6F5B80404
SHA-256:	F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
SHA-512:	823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
Malicious:	false
Reputation:	low
Preview:	/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	9739
Entropy (8bit):	7.914505260000532
Encrypted:	false
SSDEEP:	192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
MD5:	E94E30D49B2C58C8CE7BF1A96BE1458A
SHA1:	79334D2865DDD486A79F97725363F56655C80BDE
SHA-256:	93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
SHA-512:	9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v0.0 to extract, compression method=deflate
Category:	downloaded
Size (bytes):	17807915
Entropy (8bit):	7.77495400074691
Encrypted:	false
SSDEEP:	393216:rhDuKB7QCh5UCayUUl9m1KPnnpoqvml8U1KnU1DI:UKBYCRUUlMYPe5
MD5:	70882FCBAC8CF3E4F141A9688FC2EC80
SHA1:	CE0E30D9531F16C076BDD306A2F276A6A137229E
SHA-256:	A462B3C69E2B76377CBA608B9F5524FEB108E688A21B2A0D0F228C0C3F5878BA
SHA-512:	91E514A9161893E8F137DED2805A776397D092AAA536674341C0C8870F2CAE7EC1D3F00C74CB9FAF9D1FC5FF7AB53EBF83B3730E77CC6577A057FC0CC29DF5BF
Malicious:	false
Reputation:	low
URL:	https://www.sanxiang-sh.com/upload/Telegram.apk
Preview:	PK........!.!... 4...8...9...META-INF/com/android/build/gradle/app-metadata.propertiesK,(.M-ILI,I.K-...5.3.J.K)..Lq/JL.I..)M..I[...q..PK........!.!.....v...x...'...META-INF/version-control-info.textproto+J-./.,./.L-V..RP(.,.I.Rp....r..s...K...K2...T....\.C.]<....R.2.3..R&F))II.ff..F.)i.&....).F.F...F)..i.iJ\.\.PK........!.!..g9.............assets/dexopt/baseline.prof.pro.010..!.......x..ohUe..s.....;..uM=..BH.N...X$.R..E...ra..kP+R.i.."*...0...!.....z......!........u.w.x..?\..}....<....9.....v+M...Y....u....\GG{.....L.k.......R.V.x.......k3.q$..F..z..=l1...c.du.!..9..n.c..;..E."....9$#.....C......."....:....A..X.r...).\....Y.......tk.=t.u.XO]..M..:....F:.g...{.X..{P..E......Gq<jA....!...^.....6..D.>...f..b....\..;.#..-..E._9.o.im..\|.F.z....#?z....#N........x..1.b.}...).B`G.h..5t.....GD`C..6.@>.........#.b.......?z...o....6[..{D<l?F=bq.5..`.......z> .......y0...5!..q...\|..l...97...K..y.<.H..;..i..uGz..:...;..^..c...!.i?3Z..@....s]'b`S_.e.`/..>.!

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	3222729
Entropy (8bit):	7.959136227282352
Encrypted:	false
SSDEEP:	49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
MD5:	1A1A1E97120C2DD2B6B3C8C0F77CA236
SHA1:	3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
SHA-256:	D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
SHA-512:	325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d7.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF....A.O.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9\|tS.Q.MN>^........?..e...-.......................................H......\....#J.H.b...j.... C..I...(.b....0c.I...+......@...S..H.]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (17573), with no line terminators
Category:	downloaded
Size (bytes):	17573
Entropy (8bit):	4.986564347948523
Encrypted:	false
SSDEEP:	192:wT2JfUBa6/VEXXGU+N7vknCPxKKyQfifrhmi9J9SZHorZ/wdcF/oHSoPo8oZouzE:N2LdfVHGoFwHauzMb7UqJ8SUTA
MD5:	77595F2B863513C18A9188E14C5636C4
SHA1:	AC360519B3424B3560573513D231033E03203A55
SHA-256:	0F3873DADD2C83705BBFD2FDB7F3E4DF55BD1C8D453B4232ADDF0C3C52DDC5DB
SHA-512:	B5986660FC7E6F4B320920404D0FDA5935E7ADE23B02020A1E625FFA2DF1F8A6F1150E3FCA95DDE30A60F8263B0CCE454F3E6C1411B5D45952CA185B60FAD66A
Malicious:	false
Reputation:	low
URL:	https://www.telegramdd.org/static/css/style.min.css
Preview:	:root{--headerHeight: 76px;--padding: 15px;--themeColor: #144977;--maxWidth: 1200px}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{background:#fff;overflow-x:hidden;color:#081340;font-size:14px}.android,.ios,.pc{display:inline-block}.android,.ios{display:none}#to-top{position:fixed;bottom:120px;right:30px;cursor:pointer;z-index:1000;display:none;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;background-color:#fff;border-radius:50%}#to-top img{width:50px;height:50px}header{background-color:#fff;width:100%;height:var(--headerHeight);position:fixed;z-index:99;top:0;left:0;-webkit-box-shadow:0 1px 3px rgba(0,0,0,.1);box-shadow:0 1px 3px rgba(0,0,0,.1)}header .wrapper{width:100%;height:100%;display:-webkit-box;display:-ms-flexbox;display:

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	1639
Entropy (8bit):	5.074367357020033
Encrypted:	false
SSDEEP:	24:sSaDlMfl2HgSE98vJ34apncroPi3i436P8o+q+PB4tD7EEUk1kE1FEN:sSaDafoASE98vB5TP+JOyPudLvN16
MD5:	2A533634725670DB7F7D86E9DE86E242
SHA1:	844367E9EA8FCC24AD3ED4FF23ABFC29D07FE42D
SHA-256:	5D2271ADD83434D0A9820547260E155AFB076463457C2B036FD5FD6B2436A7F7
SHA-512:	8EBE8BC2B5B80A13FC970C337B7B5C2019EC56654B63EC047634E7AEC85184AE3F0E16D124E7AA4A45834B05AC0402BF790C65569F22FFC106E7D4B9737DFE84
Malicious:	false
Reputation:	low
URL:	https://www.telegramdd.org/static/js/public.js
Preview:	$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent \|\| navigator.vendor \|\| window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad\|iPhone\|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	2603040
Entropy (8bit):	7.962323436035343
Encrypted:	false
SSDEEP:	49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
MD5:	80515DB845D4FC2B936127D4324FF322
SHA1:	3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
SHA-256:	5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
SHA-512:	32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..\|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u.....B.._O.A3.m+.p5..b......XyM.///g;..\|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.\|.+^.8...#?.....>=.

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	418
Entropy (8bit):	7.434132413050049
Encrypted:	false
SSDEEP:	6:RZ8gBOL8i4KajpoDZVxggMvO4AETL3kiKhNd4sCgC+aRS6LfLrjAgtlrF672PSpF:JO4itd5prETrrKbd4jmkf/FKqOh
MD5:	74A78C820E0549111044D2E4AE96FEB6
SHA1:	8CD4D09C5B9B663E6C27577BC71C1EE172F85B02
SHA-256:	219172AA474B2AF9FC53CA45C029317EF4B15C47899CF36F8F9FDC6280AC06B1
SHA-512:	B3268ADC9E4E41BAD4AFC5F8FF104A6DF6268DE7333F6CAF7A6D2F67329F8FB6CD058D77FB9640B701DDF63F1D40C8553E82438AC4B8AF928F66E32E28555F5D
Malicious:	false
Reputation:	low
URL:	https://www.telegramdd.org/static/image/ios.png
Preview:	RIFF....WEBPVP8L..../,..._..m$I.s....nh.L.8.....mRG./.C.F.f.~.....`.\|.......y..b.b.....d...u7.'$ C"t0...po...m.i..g.....z..G.'.....O.Z.._.....I.Y...x5...........Y..e.`...(.V%....yN...j[.e.q........[:.....K.r.5..^.......1j]..n..n.x.2......y2vJ........O........d.T.3....G.}.f<.2.....6.9\|......ItF.D..E..n,zL.4zp@...x...s.1..4..64.Dh$..d...).X.R....\Q..Z.R.ekc...4G.y...z.j-.\|.y...b.2s\|.l}mK.t.k..D..

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	1696890
Entropy (8bit):	7.996167221864141
Encrypted:	true
SSDEEP:	49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
MD5:	6AE9949DD516F905186883C3DC5F082B
SHA1:	0574973A09CD1C4586F2237169351237A930718D
SHA-256:	424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
SHA-512:	CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
Malicious:	false
Reputation:	low
Preview:	RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.\|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*\|.p.Y.Y..a....E.\|...p.\|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 775 x 825, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	268481
Entropy (8bit):	7.98467490175069
Encrypted:	false
SSDEEP:	6144:WOaPEe8NIm92iKb84rnQt/GUCOw5wgvXrZDvh9T1aDSWL6YuEf1ye:WOa18mCWb80Qt/BUVbzTQPL6ZEEe
MD5:	A2FFCD73EDDD76A01F35ADFF0BE467D8
SHA1:	B29C51BC3DDD3C8210190BFCEE247313CF197C87
SHA-256:	9B261666109DDE22C348C6EFE0707AB57192C1E93D9A6BD126F44E855FA7B7EE
SHA-512:	7351CD7764218BA21352E58F4B55FA46893F2F5F460C9ECCF99DD11FAFD54F3048487920E49638F5F5D74D4EE602921894F75C34A0B8CD6D138B7FD13426E8EE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......9......J......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...7IDATx....@1.C....f}.@.n...)88E53.....].I..!.......!d.'...3..b.m...J..r.3m....`...$f`......l.bd...a.......h.U4....g.1.4........<\.....).`..'..@,.A0..\|.._K...V.m4....M....ZB.z..M.Q0...........F..I.V...`....2.F.0....5...a..."...R.-......D..a..^E.%3#.}U.{....$O.....}.n..iG.+..[.'C.....LU..M.t.....`..V...0l#.B....CC.E..Y.X"..../x...?.......ks.f...k....B..{...=.z..1^C.....C....cf7/H.V_((...`........Imgq.......RRN..+bm....s...G........J.Zq>......G..R..D$RB!p.B.'...S.....n..oF=..@./..+..../..t..X....`..6..&..w...HE.GB.xuY,..]h$a......8..0.c...ZWUS..k.1.q...\.Z..an......jH...y.@..J..h.EW..77....84.-..k.d.H.9(...)U......z.........i...!..w..+"...NT...b."...$X..y.k.......).;W. .D.,....N~..........(......Bt..7....=.{w)....F.......u..w!wH..T..9./EQU.....B.I...y.... ..bH.(!.$..............S.D..h..`Q0...4....R.,.$...A.;....E.1..j.$.3ak...v

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	4286
Entropy (8bit):	5.157520760822341
Encrypted:	false
SSDEEP:	48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
MD5:	975B4112A366CCA6B9BF2C84E268268C
SHA1:	97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
SHA-256:	181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
SHA-512:	1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
Malicious:	false
Reputation:	low
Preview:	...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+....)....)..)....)......)....)..)..)..)..)..)..)..)..)....--.............................+..+..............................................+..+......................I....+..............+....+..+..+..+..+..+....+......+....+..+....,..I..................+..+..+..+..+..+..+..+..

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 775 x 511, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	269915
Entropy (8bit):	7.997318625620062
Encrypted:	true
SSDEEP:	6144:eUHIRpvqzhFuCCfsBeFHvVP61UZtBdy9P+Bo0suvken8aPgb9dlA:eCsyz3vCAeIOtBc9EoJu8engq
MD5:	A3E4DF3C003560CC296AF06B198390B4
SHA1:	B1D9C70957302A8D0884694052439432407BF8D5
SHA-256:	5BFE27A076F070C98104425FA065C987195CE8ADEC010D52EF104A59B7F5653E
SHA-512:	2913378C0B7FA73C89A5F4CF0EFD90A191E5EE4E7BCD9BC2DE82939357882AB733A9F5C60BA8FCE57015312ABC0400E906D97BBA47A56C838A36A257D93D1E1E
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............d6E.. .IDATx..Y.$.y.........&{..&)R.H...1... a.E........G?............."<.F.8.E..H.l.Mv7...}.[n...../.dd..uoV....y.......wNDT..q%....@@ .........D.{......@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!.XQ.....@@ .......@`E.........@@ .......~...........@@@..V..A@ ..........!....o.......F#.z....G@ ...............?v...XPV...j.s..&48....Q$.q,8.&y8.......@@.}.....k.oj.kp..l...gAY..eY.RI.x.p....\...}.# ..........cG...NiKk{U...M..u......,..32...........m...c.....@@ ..8v....6..2.....fh..l.$."...#.."n..p..;.\.z...^{.7.....=..,....@@ .......@;......<..SO=..+......m.F`b.h...B. C.....]...o~.._.....vaH..}.$."@.d.................[...&Z.Vk6.kkk...g~.~....V...A....eE@iHmnn~.[...........YV.X2.\"p67...."@.d................z...w...@P..........?.~..YPV.F..2...............Ss....A..n.& .........O.P..2LS......U ..>...../..K/..D.

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 51 x 63, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1233
Entropy (8bit):	7.769704549672646
Encrypted:	false
SSDEEP:	24:iFZrInkuhL6tDNIlF7ctLs1ZYH7Ep/j53EfVlh5du:iD8r1F2AYg/j53ylvs
MD5:	8A6C32150A458C45102CC078078B1C87
SHA1:	9064F80DEF2B442C37F55E3F0B65C1CF60FA0E79
SHA-256:	0948A22B613B3CEA6367872B8E317A0A4250236C70DDE94D0C2DBF31639F5E94
SHA-512:	52493F400C36B59168C9C015E36443C841CF79E6ED2B8410EF470569AC79B2CC5864D799DC9B7D7759D70ADACAE6D2FEE9999C663E4AA0AE03EFD355BFF2B635
Malicious:	false
Reputation:	low
URL:	https://www.telegramdd.org/static/image/android-active.png
Preview:	.PNG........IHDR...3...?.....Mc.Q....pHYs..!8..!8.E.1`....sRGB.........gAMA......a....fIDATx..]n.F..g..@.[:A.^..[.:-.....j.@.S..i....'.\|.''0.X....X..D'6......ah1^....~...........R......}8.....W.6..t.)..n.T.?5....C....c.....F#....g.M.z..(....v ..2p......(.tY..9n.tu...4.S...;.......n.....=....@{..Q.1P..b.1....$.@....\|.L.......d$..a.y.b_.V-..z..1..~ ...0.......=.W9.......[.Q........q..>x....HIaH.mZ.:...D.VA..........3B.......Msy.T.*]...C......h.R.Yo\|p`J..3..).b.......R.....#.......%.5"..%....?...jflZ..'.k[B.\|....\...Y).D.....xf....'6..P(w-......{C};..!).=.N.kG.{..`lgH..C6.3.F........j'Tz)z`.<.N.{e^..B.z...h..+..Q.w..-3....0..A......Ke.SX.j... ...>.....^.P..%X.......N..".N.m.aF..;...}.<.k.S.....Q....3...9...y!;B.C..ZZ..%.g.1... 9..j.\|92.......)y@..&.2...V.j.T....V%.M..3Eg.F!L^)..+.0y..&....B..R..W.0..5...G....).I..7........s..D.A..Slm..@.n&..G.sw..Q.J....Qm...Ru.N..2...]._.2...mV.t.+-)...r:t.O..q)..H. ....b&_Z.....{#.^..R..WL.Y.

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6304
Entropy (8bit):	7.950640892736205
Encrypted:	false
SSDEEP:	96:zjFCVn08FA2hQhIizN354105+RPRNjE07RT+ZS9g0ZJVNPiJY987VHmT77PLq:9CVnb+JXOYAPRa0tT+wpNaJuzPLq
MD5:	79F8ED56C055FE96EE12F5E4D2139930
SHA1:	98B641E0AAAB796013AFB8EAA1B86B780E6251C2
SHA-256:	9616F028E86B1A1D40BDA93FBB8D7D355DACC20DBFC9314F00EC6D74637204B1
SHA-512:	CFA21F669D6B90B8A3969D504B463259AB6ED127DC123E6DD98172E0565FA37CF0332F81C978FE2A0E921321503A2F5E111C5065691A41D7EFE3767C020B8556
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...Y...Y.....U.......sRGB........ZIDATx^.].XT..{...f..+.Fe....=. ...Jfu........9Bv0N.:e.%je..87)..T.@BxUL'...'..100..mM..Y.f...s.....z..o.......#@....Y....6K..,....-..p....GA.(..P...........s...P...........y(@...S..9..\|..+W.qww.....C(...4..KQ.......r....vbb....V. ....e~g.....>X 3.@0..y.A..j...[.l....C...f.....E=b!..JU.V..:::.VWW..Z.....U..\..?..=. ..2..^y....zj....3vvvs-......]]].444d...K.r... ..6..f.iM......._.........`...."..Z.a.....i.^[[[.._......`0.....q.E..\.T.........-F...........V.XQC...'.H..1bK.Q......'ON...{....Y..M.4MW......V.@.M....{(.r.(JDQ.0>.......x.q$I.-Y...}....JKKk.r6..%...k+.q..'&&..Z...GG..P._....Pi....[...b)../3%j.P...A2.,...a....$I......w.....s.}U[[.D...JLMa.s[..., .BPXX.....1I.bc..4}_.T....:...u....(.....6c....<....+....$ig...R......>>...hF9.z.&...5{....q.../...s.X,~..@.V.o..6c..0.A.\.T.o.....C.o.9....$.X...(.C.A.t...e.f.:C.D.......p2.........._....C..T.........O`.:.(....>p.U.c.....lsvv^g.-kkk.....)*...

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	2146221
Entropy (8bit):	7.949979177664583
Encrypted:	false
SSDEEP:	49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
MD5:	B66CCB48AAE5492D0043602A8809739D
SHA1:	526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
SHA-256:	4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
SHA-512:	6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d3.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......\|......'../....A..h..................H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.\|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	dropped
Size (bytes):	2968347
Entropy (8bit):	7.942137046837241
Encrypted:	false
SSDEEP:	49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
MD5:	5D09F9927641C16D5B62DA8F2F877F50
SHA1:	B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
SHA-256:	E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
SHA-512:	E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...\|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......\....#J\|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	86923
Entropy (8bit):	5.288942392211126
Encrypted:	false
SSDEEP:	1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
MD5:	B72AFE07A6F6F477120F3B0803D0A983
SHA1:	78EF8329A917D65F8BEDF5E1336724C6F5B80404
SHA-256:	F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
SHA-512:	823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
Malicious:	false
Reputation:	low
URL:	https://www.telegramdd.org/static/js/jquery.js
Preview:	/!jQuery v3.3.1 \| (c) JS Foundation and other contributors \| jquery.org/license/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t\|\|r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?l[c.call(e)]\|\|"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	418
Entropy (8bit):	7.434132413050049
Encrypted:	false
SSDEEP:	6:RZ8gBOL8i4KajpoDZVxggMvO4AETL3kiKhNd4sCgC+aRS6LfLrjAgtlrF672PSpF:JO4itd5prETrrKbd4jmkf/FKqOh
MD5:	74A78C820E0549111044D2E4AE96FEB6
SHA1:	8CD4D09C5B9B663E6C27577BC71C1EE172F85B02
SHA-256:	219172AA474B2AF9FC53CA45C029317EF4B15C47899CF36F8F9FDC6280AC06B1
SHA-512:	B3268ADC9E4E41BAD4AFC5F8FF104A6DF6268DE7333F6CAF7A6D2F67329F8FB6CD058D77FB9640B701DDF63F1D40C8553E82438AC4B8AF928F66E32E28555F5D
Malicious:	false
Reputation:	low
Preview:	RIFF....WEBPVP8L..../,..._..m$I.s....nh.L.8.....mRG./.C.F.f.~.....`.\|.......y..b.b.....d...u7.'$ C"t0...po...m.i..g.....z..G.'.....O.Z.._.....I.Y...x5...........Y..e.`...(.V%....yN...j[.e.q........[:.....K.r.5..^.......1j]..n..n.x.2......y2vJ........O........d.T.3....G.}.f<.2.....6.9\|......ItF.D..E..n,zL.4zp@...x...s.1..4..64.Dh$..d...).X.R....\Q..Z.R.ekc...4G.y...z.j-.\|.y...b.2s\|.l}mK.t.k..D..

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6304
Entropy (8bit):	7.950640892736205
Encrypted:	false
SSDEEP:	96:zjFCVn08FA2hQhIizN354105+RPRNjE07RT+ZS9g0ZJVNPiJY987VHmT77PLq:9CVnb+JXOYAPRa0tT+wpNaJuzPLq
MD5:	79F8ED56C055FE96EE12F5E4D2139930
SHA1:	98B641E0AAAB796013AFB8EAA1B86B780E6251C2
SHA-256:	9616F028E86B1A1D40BDA93FBB8D7D355DACC20DBFC9314F00EC6D74637204B1
SHA-512:	CFA21F669D6B90B8A3969D504B463259AB6ED127DC123E6DD98172E0565FA37CF0332F81C978FE2A0E921321503A2F5E111C5065691A41D7EFE3767C020B8556
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/top.png
Preview:	.PNG........IHDR...Y...Y.....U.......sRGB........ZIDATx^.].XT..{...f..+.Fe....=. ...Jfu........9Bv0N.:e.%je..87)..T.@BxUL'...'..100..mM..Y.f...s.....z..o.......#@....Y....6K..,....-..p....GA.(..P...........s...P...........y(@...S..9..\|..+W.qww.....C(...4..KQ.......r....vbb....V. ....e~g.....>X 3.@0..y.A..j...[.l....C...f.....E=b!..JU.V..:::.VWW..Z.....U..\..?..=. ..2..^y....zj....3vvvs-......]]].444d...K.r... ..6..f.iM......._.........`...."..Z.a.....i.^[[[.._......`0.....q.E..\.T.........-F...........V.XQC...'.H..1bK.Q......'ON...{....Y..M.4MW......V.@.M....{(.r.(JDQ.0>.......x.q$I.-Y...}....JKKk.r6..%...k+.q..'&&..Z...GG..P._....Pi....[...b)../3%j.P...A2.,...a....$I......w.....s.}U[[.D...JLMa.s[..., .BPXX.....1I.bc..4}_.T....:...u....(.....6c....<....+....$ig...R......>>...hF9.z.&...5{....q.../...s.X,~..@.V.o..6c..0.A.\.T.o.....C.o.9....$.X...(.C.A.t...e.f.:C.D.......p2.........._....C..T.........O`.:.(....>p.U.c.....lsvv^g.-kkk.....)*...

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 512 x 512
Category:	downloaded
Size (bytes):	1999661
Entropy (8bit):	7.95888108485966
Encrypted:	false
SSDEEP:	49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
MD5:	443B2A218BA5A3010B778986488AF448
SHA1:	957E3B8E8951351B28F5106E8006F96255AD200B
SHA-256:	DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
SHA-512:	277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
Malicious:	false
Reputation:	low
URL:	https://image.sanxiang-sh.com/tg-04/d6.gif
Preview:	GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......w..]....555.5......!}...T...fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q....y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/..TE0YYY.n".h#..(..W..^....s...O...................................................H......\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#......)c

Static File Info

⊘No static file info

Network Behavior

⊘Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6112, Parent PID: 5436

General

Target ID:	0
Start time:	19:38:50
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4448, Parent PID: 6112

General

Target ID:	2
Start time:	19:38:55
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=2012,i,16819281075247646738,6678826488317907814,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6008, Parent PID: 5436

General

Target ID:	3
Start time:	19:39:01
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramdd.org/"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://www.telegramdd.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Software Vulnerabilities

System Summary

Boot Survival

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\3320586e-971d-4523-a674-9ed8c04e9471.tmp

C:\Users\user\Downloads\Telegram (1).apk.crdownload

C:\Users\user\Downloads\Telegram (2).apk.crdownload

C:\Users\user\Downloads\Telegram.apk.crdownload

C:\Users\user\Downloads\a81fd188-a1c3-45b8-85d8-ec7c86cad4c2.tmp

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Windows Analysis Report
http://www.telegramdd.org/