Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://www.telegramstg.com/

Overview

General Information

Sample URL:http://www.telegramstg.com/
Analysis ID:1589366
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected ZipBomb
AI detected suspicious URL
Downloads suspicious files via Chrome
PE file contains section with special chars
Switches to a custom stack to bypass stack traces
Allocates memory with a write watch (potentially for evading sandboxes)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Entry point lies outside standard sections
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=3236,i,4779088425237873110,13384070832767837995,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • unarchiver.exe (PID: 5012 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)
      • 7za.exe (PID: 6920 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wdldggag.e5p" "C:\Users\user\Downloads\shater.zip" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 2064 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • shater.exe (PID: 4176 cmdline: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe MD5: D08BDF8F0948938687A6E0C1044E1962)
  • chrome.exe (PID: 3568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramstg.com/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\ea86c2be-0b22-41cf-a5d0-9b9793c9679c.tmpJoeSecurity_ZipBombYara detected ZipBombJoe Security
    C:\Users\user\Downloads\4008dc5b-d206-4513-8df6-33876d5899f7.tmpJoeSecurity_ZipBombYara detected ZipBombJoe Security
      C:\Users\user\Downloads\shater (3).zip.crdownloadJoeSecurity_ZipBombYara detected ZipBombJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: http://www.telegramstg.com/Avira URL Cloud: detection malicious, Label: phishing

        Phishing

        barindex
        AI detected suspicious URL
        Source: URLJoe Sandbox AI: AI detected Brand spoofing attempt in URL: http://www.telegramstg.com
        Source: URLJoe Sandbox AI: AI detected Typosquatting in URL: http://www.telegramstg.com
        Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: 7za.exe, 00000009.00000003.2886287552.0000000001170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: chromecache_90.3.dr, chromecache_118.3.drString found in binary or memory: https://beian.miit.gov.cn
        Source: chromecache_90.3.dr, chromecache_118.3.drString found in binary or memory: https://image.sanxiang-sh.com/telegram-favicon.ico
        Source: chromecache_90.3.dr, chromecache_118.3.drString found in binary or memory: https://image.sanxiang-sh.com/telegram-logo.png
        Source: chromecache_90.3.dr, chromecache_118.3.drString found in binary or memory: https://image.sanxiang-sh.com/tg-06/Telegram
        Source: chromecache_90.3.dr, chromecache_118.3.drString found in binary or memory: https://image.sanxiang-sh.com/tg-06/bg_errorPage_404.png
        Source: chromecache_90.3.dr, chromecache_118.3.drString found in binary or memory: https://image.sanxiang-sh.com/tg-06/top.png

        System Summary

        barindex
        Downloads suspicious files via Chrome
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile dump: C:\Users\user\Downloads\shater.zip (copy)Jump to dropped file
        PE file contains section with special chars
        Source: shater.exe.9.drStatic PE information: section name: .g=V
        Source: shater.exe.9.drStatic PE information: section name: .g\O
        Source: classification engineClassification label: mal72.evad.win@35/72@0/18
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\4008dc5b-d206-4513-8df6-33876d5899f7.tmpJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
        Source: C:\Windows\SysWOW64\unarchiver.exeFile created: C:\Users\user\AppData\Local\Temp\unarchiver.logJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=3236,i,4779088425237873110,13384070832767837995,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramstg.com/"
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wdldggag.e5p" "C:\Users\user\Downloads\shater.zip"
        Source: C:\Windows\SysWOW64\7za.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=3236,i,4779088425237873110,13384070832767837995,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wdldggag.e5p" "C:\Users\user\Downloads\shater.zip"Jump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\7za.exeSection loaded: 7z.dllJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: d3d9.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeSection loaded: wldp.dllJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\SysWOW64\unarchiver.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
        Source: initial sampleStatic PE information: section where entry point is pointing to: .g\O
        Source: shater.exe.9.drStatic PE information: section name: .g=V
        Source: shater.exe.9.drStatic PE information: section name: .TNH
        Source: shater.exe.9.drStatic PE information: section name: .g\O
        Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 8_2_04C30007 push cs; ret 8_2_04C3001E
        Source: C:\Windows\SysWOW64\7za.exeFile created: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeJump to dropped file
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Yara detected ZipBomb
        Source: Yara matchFile source: C:\Users\user\Downloads\ea86c2be-0b22-41cf-a5d0-9b9793c9679c.tmp, type: DROPPED
        Source: Yara matchFile source: C:\Users\user\Downloads\4008dc5b-d206-4513-8df6-33876d5899f7.tmp, type: DROPPED
        Source: Yara matchFile source: C:\Users\user\Downloads\shater (3).zip.crdownload, type: DROPPED
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 70A833A
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 3FCD263
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 404019B
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 7AABEF7
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 7AB09F0
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 3F95F74
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 728AC6D
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 7B02449
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 713E9BC
        Source: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeAPI/Special instruction interceptor: Address: 70F9660
        Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: E30000 memory reserve | memory write watchJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: 4A70000 memory commit | memory reserve | memory write watchJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\unarchiver.exeCode function: 8_2_00C5B1D6 GetSystemInfo,8_2_00C5B1D6
        Source: C:\Windows\SysWOW64\unarchiver.exeMemory allocated: page read and write | page guardJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wdldggag.e5p" "C:\Users\user\Downloads\shater.zip"Jump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe"Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exeJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\unarchiver.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        Browser Extensions        		11
        Process Injection        		1
        Masquerading        		OS Credential Dumping1
        Security Software Discovery        		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Virtualization/Sandbox Evasion        		LSASS Memory1
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Disable or Modify Tools        		Security Account Manager113
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
        Process Injection        		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        DLL Side-Loading        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Obfuscated Files or Information        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1589366 URL: http://www.telegramstg.com/ Startdate: 12/01/2025 Architecture: WINDOWS Score: 72 53 Antivirus / Scanner detection for submitted sample 2->53 55 Yara detected ZipBomb 2->55 57 PE file contains section with special chars 2->57 59 2 other signatures 2->59 8 chrome.exe 16 2->8         started        12 chrome.exe 2->12         started        process3 dnsIp4 47 192.168.2.4 unknown unknown 8->47 49 192.168.2.6 unknown unknown 8->49 51 239.255.255.250 unknown Reserved 8->51 33 C:\Users\user\Downloads\shater.zip (copy), Zip 8->33 dropped 35 C:\Users\user\...\shater (3).zip.crdownload, Zip 8->35 dropped 37 ea86c2be-0b22-41cf-a5d0-9b9793c9679c.tmp, Zip 8->37 dropped 39 4008dc5b-d206-4513-8df6-33876d5899f7.tmp, Zip 8->39 dropped 14 unarchiver.exe 4 8->14         started        16 chrome.exe 8->16         started        file5 process6 dnsIp7 19 cmd.exe 1 14->19         started        21 7za.exe 2 14->21         started        41 43.132.105.108 LILLY-ASUS Japan 16->41 43 142.250.185.68 GOOGLEUS United States 16->43 45 13 other IPs or domains 16->45 process8 file9 24 shater.exe 19->24         started        27 conhost.exe 19->27         started        31 C:\Users\user\AppData\Local\...\shater.exe, PE32 21->31 dropped 29 conhost.exe 21->29         started        process10 signatures11 61 Switches to a custom stack to bypass stack traces 24->61

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        http://www.telegramstg.com/100%Avira URL Cloudphishing

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe8%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://image.sanxiang-sh.com/tg-06/Telegram0%Avira URL Cloudsafe
        https://image.sanxiang-sh.com/telegram-favicon.ico0%Avira URL Cloudsafe
        https://image.sanxiang-sh.com/tg-06/bg_errorPage_404.png0%Avira URL Cloudsafe
        https://image.sanxiang-sh.com/telegram-logo.png0%Avira URL Cloudsafe
        https://image.sanxiang-sh.com/tg-06/top.png0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://www.telegramstg.com/false
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://image.sanxiang-sh.com/tg-06/bg_errorPage_404.pngchromecache_90.3.dr, chromecache_118.3.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://image.sanxiang-sh.com/tg-06/Telegramchromecache_90.3.dr, chromecache_118.3.drfalse
          • Avira URL Cloud: safe
          		unknown
          https://beian.miit.gov.cnchromecache_90.3.dr, chromecache_118.3.drfalse
            		high
            https://image.sanxiang-sh.com/telegram-favicon.icochromecache_90.3.dr, chromecache_118.3.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://image.sanxiang-sh.com/telegram-logo.pngchromecache_90.3.dr, chromecache_118.3.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://image.sanxiang-sh.com/tg-06/top.pngchromecache_90.3.dr, chromecache_118.3.drfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            1.1.1.1
            		unknownAustralia
            		13335CLOUDFLARENETUSfalse
            142.250.185.68
            		unknownUnited States
            		15169GOOGLEUSfalse
            148.153.240.68
            		unknownUnited States
            		63199CDSC-AS1USfalse
            216.58.206.67
            		unknownUnited States
            		15169GOOGLEUSfalse
            142.251.168.84
            		unknownUnited States
            		15169GOOGLEUSfalse
            172.67.193.48
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            98.98.25.19
            		unknownUnited States
            		7018ATT-INTERNET4USfalse
            149.104.73.29
            		unknownUnited States
            		174COGENT-174USfalse
            239.255.255.250
            		unknownReserved
            		unknownunknownfalse
            172.67.205.31
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            35.190.80.1
            		unknownUnited States
            		15169GOOGLEUSfalse
            216.58.212.174
            		unknownUnited States
            		15169GOOGLEUSfalse
            43.132.105.108
            		unknownJapan4249LILLY-ASUSfalse
            172.217.16.195
            		unknownUnited States
            		15169GOOGLEUSfalse
            104.21.20.160
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse
            104.21.22.141
            		unknownUnited States
            		13335CLOUDFLARENETUSfalse

            Private

            IP
            192.168.2.4
            192.168.2.6

            General Information

            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1589366
            Start date and time:2025-01-12 01:48:06 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 31s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:browseurl.jbs
            Sample URL:http://www.telegramstg.com/
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:14
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal72.evad.win@35/72@0/18
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 44
            • Number of non-executed functions: 0

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Skipping network analysis since amount of network traffic is too extensive
            • VT rate limit hit for: http://www.telegramstg.com/

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            No context

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Temp\unarchiver.log

            Download File
            Process:C:\Windows\SysWOW64\unarchiver.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1448
            Entropy (8bit):5.056319869459403
            Encrypted:false
            SSDEEP:24:Lb7JuaNiEiJWiJjWIpUiJWiJUwciJf4iJWiJFT9JGiJb4iJ0JGiJobiJyiJWiJxV:Lb9kEGWGbWGWGpcGgGWGpOGb4G7GeGyC
            MD5:F39539E7F50DA00C277E7E9E643CC66C
            SHA1:BEF6901B6F66A87DC008CA97DE9789B1CC316F70
            SHA-256:9BA804A0B9F038FC39EDC63473C9DC8BDA2428FED066D8BA0EE9BF360A88777F
            SHA-512:1889E2774481C23FDF3AE160A935E35FC5B5BA8414FEBE12D6274EA9493CBA56D833FC70BCF1DA86991E627F22EDA974C9B6F77657087376478E10195EF98C33
            Malicious:false
            Reputation:low
            Preview:01/11/2025 7:50 PM: Unpack: C:\Users\user\Downloads\shater.zip..01/11/2025 7:50 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\wdldggag.e5p..01/11/2025 7:50 PM: Received from standard out: ..01/11/2025 7:50 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..01/11/2025 7:50 PM: Received from standard out: ..01/11/2025 7:50 PM: Received from standard out: Scanning the drive for archives:..01/11/2025 7:50 PM: Received from standard out: 1 file, 62506228 bytes (60 MiB)..01/11/2025 7:50 PM: Received from standard out: ..01/11/2025 7:50 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\shater.zip..01/11/2025 7:50 PM: Received from standard out: --..01/11/2025 7:50 PM: Received from standard out: Path = C:\Users\user\Downloads\shater.zip..01/11/2025 7:50 PM: Received from standard out: Type = zip..01/11/2025 7:50 PM: Received from standard out: Physical Size = 62506228..01/11/2025 7:50 PM: Received fro

            C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe

            Download File
            Process:C:\Windows\SysWOW64\7za.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):62891960
            Entropy (8bit):7.997907680828508
            Encrypted:true
            SSDEEP:786432:77srvs1bSCxuEKvJCDAJ8W/Db6RvFosNCGtXoVaC3DIRJO734MD7EoBRwyV87/U0:3srB0XW/Dm9FFj0KJ04M0Tv7UmNUKBQc
            MD5:D08BDF8F0948938687A6E0C1044E1962
            SHA1:3D36EADA36219A56229A310174A94656C01EF002
            SHA-256:D26E5D31133EA655D4DD0066EF5A850015B20D754ABC5FFC34A1D721D2D3101C
            SHA-512:7EB70D1C8D8281CD020288D3C5728DAFC30385F834984B85803D900C9279AF19DB88ED8E4B07D98C8C7B04D0D739E9A0F00E67595010D8A8A1ABCC13E4C2E5F7
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 8%
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{g.................t...h.......[............@...........................@......R....@..................................n..h.....>..............n...9....@..................................... .>.@............................................text....r.......................... ..`.rdata..PV..........................@..@.data...$...........................@....g=V....a0p......................... ..`.TNH................................@....g\O.....~... ...................... ..`.rsrc.........>.....................@..@.reloc........@......f..............@..B................................................................................................................................................................................................................................................................................................................

            C:\Users\user\Downloads\4008dc5b-d206-4513-8df6-33876d5899f7.tmp

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):15882
            Entropy (8bit):7.982089638753701
            Encrypted:false
            SSDEEP:384:jgWa2pZ6u6GWVrJqYchD2fyXwu4Mf2syUY7cMZDEtPTT+:Zxsu6GWrJu2fVu4M1ylPDEtPTT+
            MD5:76D4178E720C4EFFA46607F8CF63D512
            SHA1:23001C681F8E0AC96FE99D41C871031D038FA241
            SHA-256:75CF4C7133564F47234E5DEBB664CD71B5AF58C074755DE5355CA247DCA07777
            SHA-512:6A6CC1286E1161665E85ACC9167BE1099E2404707183A30B3EC8B39579529368D37F9BE00DFD950D1392610173FC21207301F9CB864C709531A524C7D2458F2D
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\4008dc5b-d206-4513-8df6-33876d5899f7.tmp, Author: Joe Security
            Reputation:low
            Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

            C:\Users\user\Downloads\ea86c2be-0b22-41cf-a5d0-9b9793c9679c.tmp

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):15878
            Entropy (8bit):7.9820935497762715
            Encrypted:false
            SSDEEP:384:jgWa2pZ6u6GWVrJqYchD2fyXwu4Mf2syUY7cMZDEtPTTG:Zxsu6GWrJu2fVu4M1ylPDEtPTTG
            MD5:23F5295748B895D0BF4B38A15C8367F3
            SHA1:A7A9A394C2D53B01496EC16618FEEF3CFDF5D5E0
            SHA-256:70CF35DB75C0F59B08ADB11FEC2D99F9EE82DC0FD425AEC03516D2FF5002D1FB
            SHA-512:A0E9C1394B32D6A52973C13156ACBBA675998FBB11B104FDFB2F67B5E675ACB6269E4A66CFF048CD5990E6F004D50E436BE47CD8365FE04D883D9357513359E3
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\ea86c2be-0b22-41cf-a5d0-9b9793c9679c.tmp, Author: Joe Security
            Reputation:low
            Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

            C:\Users\user\Downloads\shater (1).zip.crdownload

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):62506228
            Entropy (8bit):7.999978556244661
            Encrypted:true
            SSDEEP:786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
            MD5:115C3122F43560D183BF64DF477C0475
            SHA1:EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
            SHA-256:B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
            SHA-512:C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
            Malicious:false
            Reputation:low
            Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

            C:\Users\user\Downloads\shater (2).zip.crdownload

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):37032114
            Entropy (8bit):7.9629312019560015
            Encrypted:false
            SSDEEP:786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rb:fyzJWdkjrKNtdBo0Tq
            MD5:02C9037F91F12BF1691C5B7440D90351
            SHA1:C4717700D4B806EF17E8DC5D8A4A5861274686C9
            SHA-256:44112C21FC91F03A8098F7976A64593B582D820474C2D052DBC2E8E4A6CDDF2B
            SHA-512:9ED2CB157F54E009E22251C69655F4930714EBF1D92102BEF4D59A94F7B1FB0FF9558066960DDCDE4113B9A83F6181953311A294A4E7DC2D28C10CD012AC8DBF
            Malicious:false
            Reputation:low
            Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

            C:\Users\user\Downloads\shater (3).zip.crdownload

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):637882
            Entropy (8bit):7.632379998267264
            Encrypted:false
            SSDEEP:12288:+2/PX1e5rqve0YzbrftCzj4Dqf4LsSXsSK1ocYAgME:+2nX62e0YPz0zcDq7SX9K+M
            MD5:1FDD0E052E43065EF61E63B1CB27E41C
            SHA1:CD5013567395166DC27E2C8EE2AE3344F2079106
            SHA-256:6B12761BB6FE11228B3CECA3C20C4A922B8C99655051A8CA6219E31CBCB259B3
            SHA-512:303E5C45EB32DD578537B17E3428DFC73867A65F7B449B200CD9822972998060482212B0D76A4A0B2540BE15EC623F7C43F2DE37AA22027C09245B01EFD03FBD
            Malicious:true
            Yara Hits:
            • Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\shater (3).zip.crdownload, Author: Joe Security
            Reputation:low
            Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

            C:\Users\user\Downloads\shater.zip (copy)

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):62506228
            Entropy (8bit):7.999978556244661
            Encrypted:true
            SSDEEP:786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
            MD5:115C3122F43560D183BF64DF477C0475
            SHA1:EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
            SHA-256:B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
            SHA-512:C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
            Malicious:true
            Reputation:low
            Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

            C:\Users\user\Downloads\shater.zip.crdownload

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
            Category:dropped
            Size (bytes):62506228
            Entropy (8bit):7.999978556244661
            Encrypted:true
            SSDEEP:786432:t5zyzBk7zmMNMcyv3edyfmkjrvCN/tmiFSqndoj+6BBUhT4rbYgVDICBPqc18pp0:fyzJWdkjrKNtdBo0TqYgmTPL/ebSwR
            MD5:115C3122F43560D183BF64DF477C0475
            SHA1:EA54DAC9BEBE5DCAC44D68AD09E792790BB5C20A
            SHA-256:B7441EDB597F80DDC54CC93A144BCA4D16F122CB197AD3D87D861DCD9D729351
            SHA-512:C97C124D85639B7BF43DFE25F7681EFDB52D568303548BA44BF564BA482AE508A31065A352303714C2D200FB33EF9E0615B2D5AC866C2CB15B374E2E811545A7
            Malicious:false
            Reputation:low
            Preview:PK.........&Z.<.~..........shater.exe.y<To.7<....2..f....f4...l....i.2.e.L....H.../1.d...!.%C...}.k|..}.~........u.W.....\.:..y.sM.>q....`..@...a.=.1..#..-S.X.).j.(.qj...:vN...SG..:..p...S!...=.R..Iu..=.'N..1......2\m1.'.I...G.{...Q...i.&D........>....#...k'.E1.1...9..1q....vgA..k.RFa.........8(Hx..m.w>....5P.%.0k.0....P..&a..#..P..&..0.9r).......B..P.`......9..i/.?...yX..F.f.huN.b.V....n.+......*....S.^...^h?....a[/u..tX/..[h.]..a.A.0...5...}.;...6.m......\.Zx.g.........=F.0R..............IiKO..W...H_....%~.x....3..'.<\.g)$.1.%/.O.[.F.....ce...~6^.o.R...}..R.W..........&..%..7..]&[xG..iE.t.I......8r.5...]Z.5..$K..2..$yXA.......*..V.Zh.f...6..h..........{.......w).Q.U .Kj.........@......1.:...e.0........@.6:.,G .....?.,.X.....2.Jb..\.a.....b.......bP.Q.......N..b.u.).........S..C.C...h....(Y..fl.5\.......H.qR..N.eX@..............*s....XUtI.$".6..'..U..W.Y?....*W..].1-.\.I.+.r9.n..........:.i....WrX#...H#L..`9.z.n....R...F7....7..,....p.v.....U.pn.9B%.-...

            Chrome Cache Entry: 100

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):1867995
            Entropy (8bit):7.97135881669897
            Encrypted:false
            SSDEEP:49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
            MD5:3DDFFC96032B4B586B63950436E1B19F
            SHA1:4E648AB679826B824D2D111E1B96E6D6FEC88BFB
            SHA-256:8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
            SHA-512:0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s*.i........vf+..5...*......4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3..*...^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......*\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.

            Chrome Cache Entry: 101

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):2415534
            Entropy (8bit):7.953757920742143
            Encrypted:false
            SSDEEP:49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
            MD5:CBD2D6AF702CAB22FB23C7D159ABC428
            SHA1:C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
            SHA-256:58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
            SHA-512:E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d1.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k

            Chrome Cache Entry: 102

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):2968347
            Entropy (8bit):7.942137046837241
            Encrypted:false
            SSDEEP:49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
            MD5:5D09F9927641C16D5B62DA8F2F877F50
            SHA1:B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
            SHA-256:E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
            SHA-512:E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d9.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g*..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......*\....#J|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R

            Chrome Cache Entry: 103

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
            Category:downloaded
            Size (bytes):9739
            Entropy (8bit):7.914505260000532
            Encrypted:false
            SSDEEP:192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
            MD5:E94E30D49B2C58C8CE7BF1A96BE1458A
            SHA1:79334D2865DDD486A79F97725363F56655C80BDE
            SHA-256:93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
            SHA-512:9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/telegram-logo.png
            Preview:.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

            Chrome Cache Entry: 104

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (65536), with no line terminators
            Category:dropped
            Size (bytes):86923
            Entropy (8bit):5.288942392211126
            Encrypted:false
            SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
            MD5:B72AFE07A6F6F477120F3B0803D0A983
            SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
            SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
            SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
            Malicious:false
            Reputation:low
            Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

            Chrome Cache Entry: 105

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced
            Category:downloaded
            Size (bytes):184146
            Entropy (8bit):7.995562807399663
            Encrypted:true
            SSDEEP:3072:qKCCO9mMyY1K6SCUQB4AxtinSEItHFDukVnxJQTu6r6R7NApp4rFDwB:nzOkMy97CRR3Ljn5n2uYgGkc
            MD5:64CC9092EF64DFD97134685FBEF60DD2
            SHA1:1A4F1482F80A8EE32B32C8E856EA98A2CC3F560C
            SHA-256:ABC7252FEDC96571FEE978B7A1A41CACAE0C8F8F80383A166C5C453FF15F1763
            SHA-512:50D1EC456AA64C325D73B47F2581771C837F35805B8A68837747AA0A1E5EDF86F2CB4C5B30F79020BD7A48FE0F0D92DE025449FD1CB0EC31648501B0A2DA03D3
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/td_laptop.png
            Preview:.PNG........IHDR...H..........2}.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx....%gu...p.9..{.hF......H..D2\..?0.m.`..y...6.e..}..#...X.....X...H..@.......S....V.L+.hF...R.P......$......x-M/..r.NK..ko)..(..(O...)....v......x.v.S....).H..t-M/....Q.EQ.EQ...h..M.HB.....F.S.J..L..4.H.UQ.EQ.E9.../h......M... =I...|).I..(..(..t.i..|.7...*..Nq..T...7.EQ.EQ....hz9...v....C.]A...)...(..(...!|......O..yb.h.....#EQ.EQ....+)_....Q.....+..*+s..EQ.EQ...$....}.{wiW<~......*..EQ.EQ.#....h7.@:\.W.@Q.EQ.E9.y..W^y.v...C..d....'.EQ.EQ.....]...P.2.3EQ.EQ..(....*..5...P.EQ.EQ..V^y.'k7.@:...].(..(......I1...P.EQ.EQ.~U...j....(..(.QDY.@...(..(..(..$EQ.EQ.EQ..H..(..(..(O..v..I.D;AQ.EQ.EQ....IQ.EQ.EQ.E...(..(..(..$EQ.EQ.EQ..H..(..(..(.B.4.!.J%.[.N;BQ.EQ...e...h6...*..f...i..5o.....^.q.C.G1:A.R.F.Q...(..(.R.q.....c..d...^..uX4{_....]....AP..d.,.{..vI$.(..(..,C,E.M..^..d?1....~....EQ.EQ.EQ..H..(..(..(*..EQ.EQ.EQ.Es.......G..EQ.EQ..7...$EQ.EQ.EQ..H..(..(..(*..EQ.EQ.EQT )..(..

            Chrome Cache Entry: 106

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):1328
            Entropy (8bit):5.131835503444383
            Encrypted:false
            SSDEEP:24:sSaDlMfl2HgSE98vJ34apncroPi3i436mP8oe6u3sBoND3US:sSaDafoASE98vB5TP+JhC8+d5
            MD5:53BE4111AD5F1938650657C175A19C86
            SHA1:CC3026F85FE9BE17EC25C0A3A42EE6A41FCD92AE
            SHA-256:67D2B41879F250526EA34E3678B48365D679021F50045A970AA2857C9E43B051
            SHA-512:0DFBE4559E7FB64E91652A49F677A1CFD11594FF38A58FB8797203CCE87618DBE7D6AFF1DFB2DB8A5CE6D3BCE51C01612549BDB5C721ECC2B95778D17A9B0125
            Malicious:false
            Reputation:low
            Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad|iPhone|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..

            Chrome Cache Entry: 107

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):3222729
            Entropy (8bit):7.959136227282352
            Encrypted:false
            SSDEEP:49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
            MD5:1A1A1E97120C2DD2B6B3C8C0F77CA236
            SHA1:3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
            SHA-256:D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
            SHA-512:325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g*..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF..*..A.O*.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9|tS.Q.MN>^........?..e...-.......................................H......*\....#J.H.b...*j.... C..I...(.b....0c.I...+......@...S..H.*]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^

            Chrome Cache Entry: 108

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):2603040
            Entropy (8bit):7.962323436035343
            Encrypted:false
            SSDEEP:49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
            MD5:80515DB845D4FC2B936127D4324FF322
            SHA1:3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
            SHA-256:5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
            SHA-512:32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d8.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u*.....B.._O.A3*.m+.p5..b......XyM.///g;..|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.|.+^.8...#?.....>=.

            Chrome Cache Entry: 109

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
            Category:downloaded
            Size (bytes):4286
            Entropy (8bit):5.157520760822341
            Encrypted:false
            SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
            MD5:975B4112A366CCA6B9BF2C84E268268C
            SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
            SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
            SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/telegram-favicon.ico
            Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..

            Chrome Cache Entry: 110

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:SVG Scalable Vector Graphics image
            Category:downloaded
            Size (bytes):23116
            Entropy (8bit):4.416888886221028
            Encrypted:false
            SSDEEP:384:wWjhl+ZZx0roaRvQgeMr2VxtaA93S/JKhV3PXASow7/XP5oP5VP5uP5sP5H6NC7E:wQhl2cfvrSxtaCDPaw756TUGLfY
            MD5:E75F7F8AC71782DDA40464528A4F619B
            SHA1:1294A00A625B50FF7C3EB3119A71D49399C9AC29
            SHA-256:832FBEFD7A4FE8F651058597D9F1910883D1CBD56D0CEB343E7D6170AEECF982
            SHA-512:AF128E227ED56355357FA0D3D46C9701E3B10F076F3515D84907ACE6BBF282177A74EF577A0AC48E4E4CC1FE0DFE3D14368F7DB08797AACC767E8841032C4E31
            Malicious:false
            Reputation:low
            URL:https://www.telegramstg.com/static/image/t_logo_sprite.svg
            Preview:<svg fill="none" height="144" viewBox="0 0 4464 144" width="4464" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><linearGradient id="a"><stop offset="0" stop-color="#2aabee"/><stop offset="1" stop-color="#229ed9"/></linearGradient><linearGradient id="b" gradientUnits="userSpaceOnUse" x1="1080" x2="1080" xlink:href="#a" y1="31.7861" y2="112.214"/><linearGradient id="c" gradientUnits="userSpaceOnUse" x1="1224" x2="1224" xlink:href="#a" y1="24.856" y2="119.144"/><linearGradient id="d" gradientUnits="userSpaceOnUse" x1="1368" x2="1368" xlink:href="#a" y1="19.1113" y2="124.889"/><linearGradient id="e" gradientUnits="userSpaceOnUse" x1="1512" x2="1512" xlink:href="#a" y1="14.4526" y2="129.547"/><linearGradient id="f" gradientUnits="userSpaceOnUse" x1="1656" x2="1656" xlink:href="#a" y1="10.7817" y2="133.218"/><linearGradient id="g" gradientUnits="userSpaceOnUse" x1="1800" x2="1800" xlink:href="#a" y1="8" y2="136"/><linearGradient id="h" gradientUnits="userSpace

            Chrome Cache Entry: 111

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 76 x 76, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):4117
            Entropy (8bit):7.938862256505739
            Encrypted:false
            SSDEEP:96:lgruWUgiw7GrkGogRuDB46eYeMdQ6+HAbvNbBfi8DArfSP5eCd6G:iuntCbLgUi6eDMmngLDfNP5nsG
            MD5:CB9EF85F4D42970C9544EB64A5622451
            SHA1:88A34EF313C9874B8BABD1FB468D8DF61F8DB5BD
            SHA-256:392FE825F8A5D2E48DAC56DADE8B94019358407FED2D409F77E07568FAD8752B
            SHA-512:E4213F03A5D52801147C205E743E3D32AB647DC6269BC1686B51BF4493F6EF24DA36605E128118F90051B9C7AC774323E344DC08402B12E573B8DCABDF7C645D
            Malicious:false
            Reputation:low
            Preview:.PNG........IHDR...L...L......Q+....sRGB.........IDATx^..tT...g...#...,.,.f.!..Q.. h-..G...!H[.Gk.ak.J.i.G..A....._p...A........6...`%K".Iv.{....=..}.&z$s.=.$;3w.w....f....$k.c*.P.B.%.)..|._.....&CT..8..t..n.|G......j...y.CKz...).G.on....[.$...N?E.y....N...3.~.c..X..f..%^.\d`.dq.C.`.G.. ..I...ll.w\f...|..{Y...auLs...W.......iz.....Wg.......&..8m/..e........@m\f......V..ic...8B..V..Bs......,.:.l.X..".....fp.5.....*..D.......<... ...../.nw]..8)..kmmME..O.).._..R....B...c.._KMMm..\\..;0..1.!...xF\...*B..C..E....pdb.7".n..(.j0..J....`h..i....;..'.B+1..P/#..S....!...c..V.Gs.7,TYB..!..`0<.."..G.{...Z.z.V[.L..Ah=..|USSS]eee}UU.E.x.RXX.<..|KFFF^JJJ.J....7.B>t.\..f.3.(.....c.......!t...tww.z......Z.4.d(.......>y.....t.,..t...7..7....'........3..(ec{{{m...[QTTT..#y......4QX..{.qp.p.&Mz2!!..|.!.K.....Z....t...$..t.k...k.Ng...@..@..?..@..h.K..v.....^.......}c..3..........h.p..e....{...!..h,.@*..........;rrr....$I.NKK....45..8.......JX...~...p...$.....Xu.....

            Chrome Cache Entry: 112

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):2968347
            Entropy (8bit):7.942137046837241
            Encrypted:false
            SSDEEP:49152:LRuYOPhenQru6OFlo5OSxenUGlp+JbL7lSX7a8ZWg33IpS:QPQQru6N0JUjn89ZCU
            MD5:5D09F9927641C16D5B62DA8F2F877F50
            SHA1:B2E6234D7D9DB04DB0E1D4A2C894BA40595B5FC9
            SHA-256:E76ED8BC1CF9D0A09C8B6407AF9BC59DAD845B5B4AA220EE89037035F35ABBF8
            SHA-512:E9C9EA38645CD87C4D82A7B2E170479C86BEC240358D28DF2AE530C69F3EB3D54B5708F571FECF5D875B52CCFB157A8FC400E7E6CAD20C3D8413981013C783D4
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,J...r....GpL[$..o.Z$.........!.<....z..."n.M..... .Z"..k..n..\..m.....`..g..R.d(..h..Y.x2..I.`&.}4.g*..b..6..O..f..^..k..j..V..?.m,..K..b....._..U..?.j,..!m.S.z..b'.]&..D..d..Y.o...O..;.u0..L..h..r..:..E..N.r/..P..F..7..>..R..[..W..U........x%.I..e..<..8..@..A..E..{..........B.....H.....[..m.....i..B.....n...........n.H.>.......C.........o.]).)......v..b...P.....................%..9......z2.}7............D..U.....^..}..1.........vI,.N........V:......-..jT........l> ._G.V.................]..\..n..f..P...\P!.....o...|......l7..{i.x...<.i..z..c.......................d..x.........g6.zG.............555```?......=...s>..U..i..I........r\......w2.k.....K........PPP .{E.\^...r".W&.pA..c..J0....l.x.ppp..i..p.....L.................................H......*\....#J|X.@...&.(c.@.. C..I...(S.\i.....b.I..L.8s......c.I..Q.H.*].)J.P.B...X..l#...T...K...B.~.h...p...:.#._5.....&......<....U...#K..1..s.R

            Chrome Cache Entry: 113

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:RIFF (little-endian) data, Web/P image
            Category:downloaded
            Size (bytes):1696890
            Entropy (8bit):7.996167221864141
            Encrypted:true
            SSDEEP:49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
            MD5:6AE9949DD516F905186883C3DC5F082B
            SHA1:0574973A09CD1C4586F2237169351237A930718D
            SHA-256:424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
            SHA-512:CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d5.gif
            Preview:RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*|.p.Y.Y..a....E.|...p.|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB

            Chrome Cache Entry: 114

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):2146221
            Entropy (8bit):7.949979177664583
            Encrypted:false
            SSDEEP:49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
            MD5:B66CCB48AAE5492D0043602A8809739D
            SHA1:526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
            SHA-256:4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
            SHA-512:6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d3.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......|......'../....A..h......*............H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......*\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k

            Chrome Cache Entry: 115

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 220 x 100, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):9739
            Entropy (8bit):7.914505260000532
            Encrypted:false
            SSDEEP:192:gknlyfTf5n4b3sRbK5KvEKczTlW/aoOr7ax+SJJUWocAU9Uo0nC:bnlOnq3ybwKvszREbPUWvvqnC
            MD5:E94E30D49B2C58C8CE7BF1A96BE1458A
            SHA1:79334D2865DDD486A79F97725363F56655C80BDE
            SHA-256:93BE4E2A9B593AC4D78B29C43D2B8E7CDA4BA12299EB1517853E19E5EA9057C2
            SHA-512:9D69371DBB0223AEBC2D49D7DAAF3DD0451F865C73A146D1AC202B808498588EB26B1377BB00DB26A2A41433D1BB90933AC161FC6906DE339F0655B851C7A667
            Malicious:false
            Reputation:low
            Preview:.PNG........IHDR.......d.......^.....pHYs..........+......iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be9, 2021/12/08-19:11:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop 23.2 (Windows)" xmp:CreateDate="2024-12-06T15:09:15+08:00" xmp:ModifyDate="2024-12-17T14:20:57+08:00" xmp:MetadataDate="2024-12-17T14:20:57+08:00" dc:format="image/png" photoshop:ColorMode="3" xmpMM:InstanceID="xmp.iid:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:DocumentID="xmp.did:7d066497-e3d0-2541-8dac-189d725474c6" xmpMM:OriginalDocumentID="xmp.did:7d066497-e3d0-2541-8

            Chrome Cache Entry: 116

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
            Category:dropped
            Size (bytes):6676
            Entropy (8bit):7.96009372384108
            Encrypted:false
            SSDEEP:192:vA7jGLLVjGTN9q6LAkBkComENXQ/gTHOJ:xLqN9q6skBLomE9QaHOJ
            MD5:0B51D2A6328D9284BC3E3D156D047D30
            SHA1:623542C7991F61D1B5B1275A89A36A2AC471940A
            SHA-256:FFD84BA091349D7B20EED4E9114569DF107D646157746FE0C01ADED2B2E156BF
            SHA-512:6A2C61BF6C1D84BC200BDDD2C806C093D33DDEF9950FAE67A40D0A1A138407EF66AF59E0B3011FB6A91978DA93F0E041938A2DC2B89AD673A3518452919FAE29
            Malicious:false
            Reputation:low
            Preview:.PNG........IHDR.............<.q.....pHYs..........+......IDATx..{t\.u.?.7gF..^.eY..$.e....0$.......0...i..KX...U....r(%...!.l5.., 4....E(..m....,K.,.1...9..q,.-Y.y.......3.3....o...?a........:..!..R.R..*Z.......JT(@....<u...."(=.]@'B;..`..4...}...>5D..nv<...t .6 .lQjVw.#.@..(.X........Iz.>.f.&..h.8.....Z......O..Y..=.8.R`.(.....pG.t....S.^.}..'....X2.F.i#.5O....K.\...WD...4.v..Bk... ..j.:...'.%...Vu].1b.Q..>/.U.....o.D.>..x.Q...z........2JX.=.D..C.-w.bA7.\...t!....8..'-...}.We..1.V....e-.../..H...*..;.3.K*...........k...bEo...].e.T7U....n...o.P.M.Q..Ya.>.f.9..Dn.....t.........>....|.Zo..<'.....c.T.v.V..".*q.... ......xj..j.N.%..e..........*.b.[...<'...G.U..+(..Ao.....OW.....S......t..va...).nE....N{.e..z. [.n,.L.1i.V...+D.~..x7B.i..WD.o..K.H..).V....P,".r...^....< *.;"....S.{.~.1.0..(7....I...*....p..)#u#..e....o..fZ.3]8...~k^i......\).V....[|%...>....2.......6.'=..TaU..@,+.c...{.(....rN.....`.p \..8io../. E.......%..U.0.b.....<U...k....

            Chrome Cache Entry: 117

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (65536), with no line terminators
            Category:downloaded
            Size (bytes):86923
            Entropy (8bit):5.288942392211126
            Encrypted:false
            SSDEEP:1536:hLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:nkn6x2xe9NK6nC6N
            MD5:B72AFE07A6F6F477120F3B0803D0A983
            SHA1:78EF8329A917D65F8BEDF5E1336724C6F5B80404
            SHA-256:F1A9C17B50D6278A694406D9E5DCE160F81AFD7A2683DFDF07F0651C38BDAA8E
            SHA-512:823B863FE8840923178A5CF7DA42AD9A99C019CA237C320C080338A0B96D95A4662405E91877372BF664E0B6947E70202958A6513727B450CF9D04D29F50DA26
            Malicious:false
            Reputation:low
            URL:https://www.telegramstg.com/static/js/jquery.js
            Preview:/*!jQuery v3.3.1 | (c) JS Foundation and other contributors | jquery.org/license*/!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){"use strict";var n=[],r=e.document,i=Object.getPrototypeOf,o=n.slice,a=n.concat,s=n.push,u=n.indexOf,l={},c=l.toString,f=l.hasOwnProperty,p=f.toString,d=p.call(Object),h={},g=function e(t){return"function"==typeof t&&"number"!=typeof t.nodeType},y=function e(t){return null!=t&&t===t.window},v={type:!0,src:!0,noModule:!0};function m(e,t,n){var i,o=(t=t||r).createElement("script");if(o.text=e,n)for(i in v)n[i]&&(o[i]=n[i]);t.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?l[c.call(e)]||"object":typeof e}var b="3.3.1",w=function(e,t){return new w.fn.init(e,t)},T=/

            Chrome Cache Entry: 118

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:dropped
            Size (bytes):3146
            Entropy (8bit):6.011869125623804
            Encrypted:false
            SSDEEP:48:toyp/lbBgjclbBgj/u6PpbbCe4+b99CPyWsA1Gz9pKcz5B7RTjcRf:2IECE/usRXb9UMz/IF
            MD5:E11729B0CC8FA77A807FC6EB4B7D58DB
            SHA1:ED6BB66C360CBA0C31286ECDD2161A590E6C06D7
            SHA-256:7CC7E891E8F404637FBF0520B76A284D218EB2C7628AEAAE268069BD6E952383
            SHA-512:F60E69273FABBA904165F1AA86B717CF34E38755B23D03F9E38861F73D39E319483963868774ACA899E8690C83A85EF7006DDB2F1FA766E2D56FF1519CB7C7B3
            Malicious:false
            Reputation:low
            Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>....._TG......_Telegram..</title>...<meta name="Keywords" content="telegram..........telegram IOS.... Android........Telegram....telegram..........................................TELEGRAM...............">...<meta name="Description" content="telegram..........telegram IOS.... Android........Telegram....telegram..........................................TELEGRAM...............">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, us

            Chrome Cache Entry: 119

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 290x270, components 3
            Category:downloaded
            Size (bytes):21090
            Entropy (8bit):7.878614475283644
            Encrypted:false
            SSDEEP:384:3j0OJMdamjE0cVsRQK80uxr+IsTJo7qvrgAK56GEUUW5tXnwu:34fHEGupslo7q8AK56U5tXwu
            MD5:F5EB8DCF9B18F19053034101E920574E
            SHA1:9513C6C5E39669AD27132D470008955DBAAE61F0
            SHA-256:15A94720D72ED1727FB281ED4AF914E17CD8166BB18F5A8484F32F9FAFF4F365
            SHA-512:950178CC71BD88274F49E6248A078F4F0FAA95E7188C2E69E2EDC62D874CABF5EDDA83DECE9FEE9C657B05CF52760E513F5161B34BF5FE8232923E008DCA34C3
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/SiteAndroid.jpg
            Preview:......JFIF.....H.H.....@Exif..MM.*.......i..........................."...................8Photoshop 3.0.8BIM........8BIM.%..................B~........".."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C...................................................................................?.....(...(...(....O....e...[..0.x.Z..i).......rT.........N.....).\.._Q...u...K._.*.TnC[.(24~.#.{.Z.....?...Nl....7Z5..o..l..k=2.<.{,.Q....J..h....Z<q.[.UT.&.P0@P.0...n........D.='....k.%.G..}u.........o.[..-....7..._..x.F.e.h..7....fVQ..gl{.x

            Chrome Cache Entry: 120

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 76 x 76, 8-bit/color RGBA, non-interlaced
            Category:downloaded
            Size (bytes):4117
            Entropy (8bit):7.938862256505739
            Encrypted:false
            SSDEEP:96:lgruWUgiw7GrkGogRuDB46eYeMdQ6+HAbvNbBfi8DArfSP5eCd6G:iuntCbLgUi6eDMmngLDfNP5nsG
            MD5:CB9EF85F4D42970C9544EB64A5622451
            SHA1:88A34EF313C9874B8BABD1FB468D8DF61F8DB5BD
            SHA-256:392FE825F8A5D2E48DAC56DADE8B94019358407FED2D409F77E07568FAD8752B
            SHA-512:E4213F03A5D52801147C205E743E3D32AB647DC6269BC1686B51BF4493F6EF24DA36605E128118F90051B9C7AC774323E344DC08402B12E573B8DCABDF7C645D
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-06/top.png
            Preview:.PNG........IHDR...L...L......Q+....sRGB.........IDATx^..tT...g...#...,.,.f.!..Q.. h-..G...!H[.Gk.ak.J.i.G..A....._p...A........6...`%K".Iv.{....=..}.&z$s.=.$;3w.w....f....$k.c*.P.B.%.)..|._.....&CT..8..t..n.|G......j...y.CKz...).G.on....[.$...N?E.y....N...3.~.c..X..f..%^.\d`.dq.C.`.G.. ..I...ll.w\f...|..{Y...auLs...W.......iz.....Wg.......&..8m/..e........@m\f......V..ic...8B..V..Bs......,.:.l.X..".....fp.5.....*..D.......<... ...../.nw]..8)..kmmME..O.).._..R....B...c.._KMMm..\\..;0..1.!...xF\...*B..C..E....pdb.7".n..(.j0..J....`h..i....;..'.B+1..P/#..S....!...c..V.Gs.7,TYB..!..`0<.."..G.{...Z.z.V[.L..Ah=..|USSS]eee}UU.E.x.RXX.<..|KFFF^JJJ.J....7.B>t.\..f.3.(.....c.......!t...tww.z......Z.4.d(.......>y.....t.,..t...7..7....'........3..(ec{{{m...[QTTT..#y......4QX..{.qp.p.&Mz2!!..|.!.K.....Z....t...$..t.k...k.Ng...@..@..?..@..h.K..v.....^.......}c..3..........h.p..e....{...!..h,.@*..........;rrr....$I.NKK....45..8.......JX...~...p...$.....Xu.....

            Chrome Cache Entry: 121

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 442x270, components 3
            Category:dropped
            Size (bytes):31305
            Entropy (8bit):7.8603716620080535
            Encrypted:false
            SSDEEP:768:3OqzWWjlwuxS+TRqYXz7xlPcuYq8KkTwWq7Pku4kz2R:3nr5zdPn8QSkz2R
            MD5:89486A05599A1CFD549F8FB2D70E7D73
            SHA1:24867697525DF19B88E79D75FF32384EBA57B321
            SHA-256:5A2C666B6E4F30FF921353CD9A3ECCC09B9314C5C5AB11E1A3928936E497B2DC
            SHA-512:BF59EA2F4CDC21464BCE9ABA5401C5DF0522769F998B432DBC79E7863737B87521E0FAA7501DBCE72115B256A181B6DA2C4F2FDBCDFF3E1ABBD4F73AC3177714
            Malicious:false
            Reputation:low
            Preview:......JFIF.....H.H.....@Exif..MM.*.......i...............................................8Photoshop 3.0.8BIM........8BIM.%..................B~..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C...................................................................................?.....(...(...(...(.........I'..._......._.....9.-.Isv....m.7Www. ..@.(=...3.+.......|3..<c..../...M.E.a..........t-;....T.[..\.......3..........X;.J..3.....3..j1>g_....).F..x.[6R...N..~.Cs....a..d......_......G...q.........|S...;X..V..b;..

            Chrome Cache Entry: 81

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):2146221
            Entropy (8bit):7.949979177664583
            Encrypted:false
            SSDEEP:49152:eVubeutaLtNl7gtSClIaxufRDLC/QctyWLEzL:eVuTWtNldiP4iHPLq
            MD5:B66CCB48AAE5492D0043602A8809739D
            SHA1:526459A2D2F37F16F2FA6ABA4F0E7A6A7A4E3D29
            SHA-256:4461CFEC85ED4D48B6AA70F9FEB464520862CF001DD3B36CE84401112EBDC5F1
            SHA-512:6EC6359A7B35F97D6C740479A3B58CB37483D196F49FFE3A7D0662A01DCEA9EC3076860486959F7AD24AABAF4E39C796C2C0FF5E9CDC5D3DCACFCA1E6C32C8FD
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.]..5....r....6........!...}................\.. ...q......N.r...Z... ....I.....7.....>..R..W......... .?...... .U..9... ....<...... ..........\..q..T.......F..H..D..... .. .. ....3...3z....!........0@6.x...d(.....t......|......'../....A..h......*............H......-.....=......}......)........$.......5..Y.)......L.l._Q...d.....F.........t..>....YMD..$.....:...c...N...O..v.|G.?......X....m3..8..C...5..C..p;..O...'''c....../....!..5....U.....:......o^.....b............]]]S..!...r8.....n...................s..E...N.....}~...u@.y...R..h.....B.....t..5.....z...j.............o......b....2.. .....x......ez.Ug..].......]...w..T........@@@..o..1............ppp.....]..u...M......s......8...w..>6.........9....f...........................H......*\....#J.H....3j......8..I...(S.\..K........8s......3.N.I...H.*u.4hP.K.J.J...N......`.f.....h...T..p.m...x...I.n..........P.+^....#K....V.3k

            Chrome Cache Entry: 82

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 290x270, components 3
            Category:dropped
            Size (bytes):21090
            Entropy (8bit):7.878614475283644
            Encrypted:false
            SSDEEP:384:3j0OJMdamjE0cVsRQK80uxr+IsTJo7qvrgAK56GEUUW5tXnwu:34fHEGupslo7q8AK56U5tXwu
            MD5:F5EB8DCF9B18F19053034101E920574E
            SHA1:9513C6C5E39669AD27132D470008955DBAAE61F0
            SHA-256:15A94720D72ED1727FB281ED4AF914E17CD8166BB18F5A8484F32F9FAFF4F365
            SHA-512:950178CC71BD88274F49E6248A078F4F0FAA95E7188C2E69E2EDC62D874CABF5EDDA83DECE9FEE9C657B05CF52760E513F5161B34BF5FE8232923E008DCA34C3
            Malicious:false
            Reputation:low
            Preview:......JFIF.....H.H.....@Exif..MM.*.......i..........................."...................8Photoshop 3.0.8BIM........8BIM.%..................B~........".."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C...................................................................................?.....(...(...(....O....e...[..0.x.Z..i).......rT.........N.....).\.._Q...u...K._.*.TnC[.(24~.#.{.Z.....?...Nl....7Z5..o..l..k=2.<.{,.Q....J..h....Z<q.[.UT.&.P0@P.0...n........D.='....k.%.G..}u.........o.[..-....7..._..x.F.e.h..7....fVQ..gl{.x

            Chrome Cache Entry: 83

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
            Category:dropped
            Size (bytes):4286
            Entropy (8bit):5.157520760822341
            Encrypted:false
            SSDEEP:48:er7z41Fi4mXEJyfetrETUzkPPgl0TzcHdCC8ZzsVhRItkhXj4FOKWXG8Q:u7z41c4mXEpHzk3gqzNCBKwKWWB
            MD5:975B4112A366CCA6B9BF2C84E268268C
            SHA1:97992BEA1D222B36E9B77B1E0E2C9F0CFDE0CCF5
            SHA-256:181349B08B8DA309823B3B6A670CE13581FF82AF7B03DB71BA60C705D0620261
            SHA-512:1440CD81F276F753DE3B6DFC7851D569689E998F14C55DCE698F68B4487D36E18B9D010DE66EC791FC97704CCC674AB65B26AC46F298A97B664FFE7BCCC90034
            Malicious:false
            Reputation:low
            Preview:...... .... .........(... ...@..... ..................................................................+..+G.'..(..)..(..)..(..(..'..(G.+..........................................................................+..)..(..(..(..(..(..(..(..(..(..(..(..(..)..+..........................................................I..)..)..)..)..(..)..(..(..(..(..(..(..(..(..(..(..)..)..I..............................................+..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..)..+......................................,..+..*..)..*..)..)..*..)..*..*..)..*..)..)..)..)..)..)..)..)..)..*..--.............................+..+..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..*..+..+......................I..*..+..*..*..*..*..*..*..+..*..+..+..+..+..+..+..*..+..*..*..+..*..+..+..*..,..I..................+..+..+..+..+..+..+..+..

            Chrome Cache Entry: 84

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:ASCII text, with very long lines (19883), with no line terminators
            Category:downloaded
            Size (bytes):19883
            Entropy (8bit):4.9607374572762435
            Encrypted:false
            SSDEEP:192:0T2Jf8Gsy6QoVUHbPOylbFvsCxKKIu+4ifrhmeg9bjow+FXiJ/ofoPoxoZouzA34:xyGn6/w+Jv5gwyauzA30NpDp8SUTA
            MD5:C7DDD70511364BD62C50EB4EB129DB5E
            SHA1:0160433F51400030242AC822A87BBFE091E0E249
            SHA-256:B6F3FDDDCA5176ECA858671B765B738DA0126B8B177DF83F5FA2F62EF43CB777
            SHA-512:D3A7FEAA1507AFC15FED202DFFF49F13A72E147DAC2FB23EF81FD3E22F560A4733CED6104483A9E1CA87123B122FA045BA3CE5D35EC81F10D6A83535050B2F6F
            Malicious:false
            Reputation:low
            URL:https://www.telegramstg.com/static/css/style.min.css
            Preview::root{--headerHeight: 100px;--padding: 15px;--themeColor: #15bafb;--maxWidth: 1100px}*{-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;padding:0}a{text-decoration:none}.p-lr{padding-left:var(--padding);padding-right:var(--padding)}body{font:12px;color:#434343;background:#fff;overflow-x:hidden;font-weight:400}.android,.ios,.pc{display:inline-block}.android,.ios{display:none}#to-top{position:fixed;bottom:120px;right:30px;cursor:pointer;z-index:1000;display:none;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;background-color:#fff;border-radius:5px;overflow:hidden}#to-top img{width:72px;height:72px}.head{background-color:#fff;padding:0 15px;position:fixed;left:0;top:0;width:100%;height:var(--headerHeight);z-index:99;background-color:#fff}.head .wrapper{display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-a

            Chrome Cache Entry: 85

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
            Category:downloaded
            Size (bytes):6676
            Entropy (8bit):7.96009372384108
            Encrypted:false
            SSDEEP:192:vA7jGLLVjGTN9q6LAkBkComENXQ/gTHOJ:xLqN9q6skBLomE9QaHOJ
            MD5:0B51D2A6328D9284BC3E3D156D047D30
            SHA1:623542C7991F61D1B5B1275A89A36A2AC471940A
            SHA-256:FFD84BA091349D7B20EED4E9114569DF107D646157746FE0C01ADED2B2E156BF
            SHA-512:6A2C61BF6C1D84BC200BDDD2C806C093D33DDEF9950FAE67A40D0A1A138407EF66AF59E0B3011FB6A91978DA93F0E041938A2DC2B89AD673A3518452919FAE29
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-06/Telegram%20150.png
            Preview:.PNG........IHDR.............<.q.....pHYs..........+......IDATx..{t\.u.?.7gF..^.eY..$.e....0$.......0...i..KX...U....r(%...!.l5.., 4....E(..m....,K.,.1...9..q,.-Y.y.......3.3....o...?a........:..!..R.R..*Z.......JT(@....<u...."(=.]@'B;..`..4...}...>5D..nv<...t .6 .lQjVw.#.@..(.X........Iz.>.f.&..h.8.....Z......O..Y..=.8.R`.(.....pG.t....S.^.}..'....X2.F.i#.5O....K.\...WD...4.v..Bk... ..j.:...'.%...Vu].1b.Q..>/.U.....o.D.>..x.Q...z........2JX.=.D..C.-w.bA7.\...t!....8..'-...}.We..1.V....e-.../..H...*..;.3.K*...........k...bEo...].e.T7U....n...o.P.M.Q..Ya.>.f.9..Dn.....t.........>....|.Zo..<'.....c.T.v.V..".*q.... ......xj..j.N.%..e..........*.b.[...<'...G.U..+(..Ao.....OW.....S......t..va...).nE....N{.e..z. [.n,.L.1i.V...+D.~..x7B.i..WD.o..K.H..).V....P,".r...^....< *.;"....S.{.~.1.0..(7....I...*....p..)#u#..e....o..fZ.3]8...~k^i......\).V....[|%...>....2.......6.'=..TaU..@,+.c...{.(....rN.....`.p \..8io../. E.......%..U.0.b.....<U...k....

            Chrome Cache Entry: 86

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):1999661
            Entropy (8bit):7.95888108485966
            Encrypted:false
            SSDEEP:49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
            MD5:443B2A218BA5A3010B778986488AF448
            SHA1:957E3B8E8951351B28F5106E8006F96255AD200B
            SHA-256:DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
            SHA-512:277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d6.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.*.....w..]....555.5......!}...T..*.fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q..*..y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/.*.TE0YYY.n".h#..(..W..^....s...O...................................................H......*\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#.*.....)c

            Chrome Cache Entry: 87

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):2603040
            Entropy (8bit):7.962323436035343
            Encrypted:false
            SSDEEP:49152:/dzrYgvQzfUMFTW2Y6/aXQ3UtMX34Vxz7i6NJNO107JvhVocq:F0zfHWAaA3U+nmZ7lJNOaJ5a
            MD5:80515DB845D4FC2B936127D4324FF322
            SHA1:3B80E77D5C81BFDA37A513A0670AB7D2AC40D105
            SHA-256:5D362FD03C23BF20A038ED5B9E3169EF8CB07DF1F7D17EA3B03C6752641CF523
            SHA-512:32C60F28ADA8D336F5E017DD9236749F3C2D1CD34A31659BACEF4473F1F2A3F336E45EA01CAC9FD150D93FF101831E7E093520433EBF85F54685C1BB4E51B1BA
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,7........GpL..'.......r....`......!....5.}...]...q.....q...........&.. ..".....$..%....`...&..........v.. .......#..%.....#..........!.....$............................".............{.."..$.<...!....`...".....s.....%...........G?;... ...B...&..x........f...........&!^MD.{4..b.X..|...r.J...x.n..s..............5...=3........w..f......@3..9......$.v..`.....zg\~i.2"..}..R..S...7.....#.`......sg.n.....o.....!..E..P.J..vg]V.iX.J.....#....?..r..Q..........k..2..l.....V..$...l......L........`..J...h....3.!....P9..E.....#..p.....m..u*.....B.._O.A3*.m+.p5..b......XyM.///g;..|...j.+..G..yJ.wc.F........oVH....v..-..T..U....Q."..........rpoRQP.;..2......WD9.`.....h,.-...}....b%...........t..................................H......*\....#J........4.@....'..I...(S.\.....< @...8mz.H..@...J....1w.\.)..3.T4J...X...8..N=j.K...-{"...W.h..K7.R.x..D..........a.|.+^.8...#?.....>=.

            Chrome Cache Entry: 88

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:RIFF (little-endian) data, Web/P image
            Category:dropped
            Size (bytes):1696890
            Entropy (8bit):7.996167221864141
            Encrypted:true
            SSDEEP:49152:Bg4naLjkPZuewPkIrSCQmj+QkRKfTWVmYBS9:6AZPS5rSXmiQeqIBS9
            MD5:6AE9949DD516F905186883C3DC5F082B
            SHA1:0574973A09CD1C4586F2237169351237A930718D
            SHA-256:424F0701DCB8542900712D39693B91DB8758A1DDB0A33C21CFB502A8A71CDAD8
            SHA-512:CC2C08687DB872467BD08467D7BCD93540AE0097231DB3BEA19C20BC312C46F655E4F5000C6659E8BEA40681226195E4E8258138092F96C37FE9D25DE992717A
            Malicious:false
            Reputation:low
            Preview:RIFFr...WEBPVP8X..............ANIM..........ANMF.?..................ALPH......0....nl[.E.R....D.(.~..m...)...B...fJ..Fw..{^?.FD.'....#;......Tff.U.9@uf.P......P9.@.....y..4......Y.a.|.0.._...7.2_[..W..H{..xs...bx..q...h.G.X.9b..p`......qH...2........g.&....g..\..p............N.7.x7..[I]..[....m}.j.p....."..5..0.n.De...D.U..\.`].....T..\..pS.S.7...4U....8M$cU...W...u..7.X.h.p...2..o........,.u..xAA....ue...H.g..FW. ..0$..........Gxc.kp.....5....:\{5F_.+py...&\_K.....@............Q.h....W..o^Y..W..A!..2.v....?^;..U_E.)p...o.x..W...".........`f....\ff.p..q..p...ZD.p....[9b}...j23#5>:.q.q....z.a.E..k...@.....d.0F.U.Q..D[..})B.......lX.....F....`l$.....k..-..l9uu.k[A]...VR7.x..(..VY.p.S...&..u..0C =..`e,i.%.$....G./.j"......%]$Rgf.:.H*|.p.Y.Y..a....E.|...p.|.[............x....{.......T....%86p.......w4%.........CS.n.J"\.c.xV.hqrU..+Z.\.K..rY.y<+Fj......O..\.....TO.....hr..-U=Q.9P..23kb...F...Y...E....MQ.......S.Y8.x..dua..'...c.i..5..V...1Z....Lk....yB

            Chrome Cache Entry: 89

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):1999661
            Entropy (8bit):7.95888108485966
            Encrypted:false
            SSDEEP:49152:fmVByy/8VM00Z9zaamH0+5Vy69WNk/4rx/gYh5aPdCR7scn:OVMyGSZ9zaWDFNkqudCR7scn
            MD5:443B2A218BA5A3010B778986488AF448
            SHA1:957E3B8E8951351B28F5106E8006F96255AD200B
            SHA-256:DE5CCAB1886506B6C45B16B5037A80F20E1BA53B3E5FDA65E174A784559E8E30
            SHA-512:277646CF1AFEE94621EFD1B5B14B33AFD6BAF897342963C2F70E7227F3D3129EC82FFC9A198933ACF9AF2BB06E15DA06758C6045B7CAD73C2184638498533D59
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!.*.....w..]....555.5......!}...T..*.fff.c..>...........)......... .U... .......)..J.....M..'..O............ ....G..B.@@@.W..P...... .E..[........Y.MMM.. ..........'..................... .......R...... ........ .......]..B..K... ....G..9..)..=........7.....l..S... .y..C..H..U.......O..S... ............./..Z...8/(..@...%..G.......6..d'..1............l..[..[...i.....q..*..y.....2..J...............?6..W..D..a..-...W.............X..h..r...@............aaa.6..&..z..t...............P........o^..(..}C.....N..s..~~~OC..,..H..%..=..M..9......O....}..........<..;..#..i...._Q.000.o..p5.._.......A..D............qqqHHH..g....F.......@6.<:9.y..4....UUU....>.......... fS/.*.TE0YYY.n".h#..(..W..^....s...O...................................................H......*\....#J.H....3j..#.. ...H...(S.\....C.I...8s....L.=...J......D...P.rT.R..X.j.J...`.......h.]..,.p..}.v..x.B.....r...L.pV...+^<.+..#.*.....)c

            Chrome Cache Entry: 90

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:downloaded
            Size (bytes):3146
            Entropy (8bit):6.011869125623804
            Encrypted:false
            SSDEEP:48:toyp/lbBgjclbBgj/u6PpbbCe4+b99CPyWsA1Gz9pKcz5B7RTjcRf:2IECE/usRXb9UMz/IF
            MD5:E11729B0CC8FA77A807FC6EB4B7D58DB
            SHA1:ED6BB66C360CBA0C31286ECDD2161A590E6C06D7
            SHA-256:7CC7E891E8F404637FBF0520B76A284D218EB2C7628AEAAE268069BD6E952383
            SHA-512:F60E69273FABBA904165F1AA86B717CF34E38755B23D03F9E38861F73D39E319483963868774ACA899E8690C83A85EF7006DDB2F1FA766E2D56FF1519CB7C7B3
            Malicious:false
            Reputation:low
            URL:https://www.telegramstg.com/static/image/SiteIconAndroid.svg
            Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>....._TG......_Telegram..</title>...<meta name="Keywords" content="telegram..........telegram IOS.... Android........Telegram....telegram..........................................TELEGRAM...............">...<meta name="Description" content="telegram..........telegram IOS.... Android........Telegram....telegram..........................................TELEGRAM...............">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, us

            Chrome Cache Entry: 91

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):3222729
            Entropy (8bit):7.959136227282352
            Encrypted:false
            SSDEEP:49152:Pj84KxnrQ6ozwdPyAoLibGcuA77M62mN1PmfbDE4raiivJLUvjIeTD:bkxazOPyAo7MXj5N1+fFrPpxTD
            MD5:1A1A1E97120C2DD2B6B3C8C0F77CA236
            SHA1:3EA42EA52850E71668D26EFAA9CAB88C2E901EFC
            SHA-256:D6037E1CEA2E2EC907C6315E6FCFF8CF5AB39A6857408AB5800504B7F28897D7
            SHA-512:325D494B456270F152E54EF092A4779F45F91DAA17155CCFFE0831F3775AC17D7B4186EDB6EF92046575132EE880C6C76CD32BFFB41DF7F4C88260D4F55F9264
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d7.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.....&....Y........]..5..2R.. ..!.......X..VTV..}...W...............&...........'..%..........................#..$....j...............#.m......"..!..!.....".....%.[..]......... .......c.....Cm..#.s..`..T.....p..v..y..{......7..$.../'..=..."..C.N..7..Y..G..Ix..!.Z..S....J....~..>.^N.@5..<c.f..[..6Y.....%..R..........$....Q...%...$..OB..j..M...Q....."o\.....].C..(...F...j........."........6............l......].......x..g*..L"f..R...w...OM..... ..... ..6..3....{..........<;..0..'....{.!......!?K.FE.."L}o.%&./..I..r...G..xd.<..L...>...%.<..Y..O2pz.q..d.......T.[.i.)......T...eT.r.`f.e.6..'...#."..A.u;.p)..b..BxtyF..*..A.O*.....0..oB"..Y..U...3dm].h/.xI?IB`9.<dp.}>.. ..lJ6.7P..}`3aV9|tS.Q.MN>^........?..e...-.......................................H......*\....#J.H.b...*j.... C..I...(.b....0c.I...+......@...S..H.*]..J.P.J.J.*..,.j...W.X/~.K...a.]..[.i..K...q3.../.~.....0.....S...[..L..e.y.^

            Chrome Cache Entry: 92

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 442x270, components 3
            Category:downloaded
            Size (bytes):31305
            Entropy (8bit):7.8603716620080535
            Encrypted:false
            SSDEEP:768:3OqzWWjlwuxS+TRqYXz7xlPcuYq8KkTwWq7Pku4kz2R:3nr5zdPn8QSkz2R
            MD5:89486A05599A1CFD549F8FB2D70E7D73
            SHA1:24867697525DF19B88E79D75FF32384EBA57B321
            SHA-256:5A2C666B6E4F30FF921353CD9A3ECCC09B9314C5C5AB11E1A3928936E497B2DC
            SHA-512:BF59EA2F4CDC21464BCE9ABA5401C5DF0522769F998B432DBC79E7863737B87521E0FAA7501DBCE72115B256A181B6DA2C4F2FDBCDFF3E1ABBD4F73AC3177714
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/SiteiOS.jpg
            Preview:......JFIF.....H.H.....@Exif..MM.*.......i...............................................8Photoshop 3.0.8BIM........8BIM.%..................B~..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C...................................................................................?.....(...(...(...(.........I'..._......._.....9.-.Isv....m.7Www. ..@.(=...3.+.......|3..<c..../...M.E.a..........t-;....T.[..\.......3..........X;.J..3.....3..j1>g_....).F..x.[6R...N..~.Cs....a..d......_......G...q.........|S...;X..V..b;..

            Chrome Cache Entry: 93

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:Unicode text, UTF-8 text, with CRLF line terminators
            Category:downloaded
            Size (bytes):1328
            Entropy (8bit):5.131835503444383
            Encrypted:false
            SSDEEP:24:sSaDlMfl2HgSE98vJ34apncroPi3i436mP8oe6u3sBoND3US:sSaDafoASE98vB5TP+JhC8+d5
            MD5:53BE4111AD5F1938650657C175A19C86
            SHA1:CC3026F85FE9BE17EC25C0A3A42EE6A41FCD92AE
            SHA-256:67D2B41879F250526EA34E3678B48365D679021F50045A970AA2857C9E43B051
            SHA-512:0DFBE4559E7FB64E91652A49F677A1CFD11594FF38A58FB8797203CCE87618DBE7D6AFF1DFB2DB8A5CE6D3BCE51C01612549BDB5C721ECC2B95778D17A9B0125
            Malicious:false
            Reputation:low
            URL:https://www.telegramstg.com/static/js/public.js
            Preview:$('#to-top').click(function() {.. $('body,html').animate({scrollTop:0},1);.. return false;..});....$(window).scroll(function() {.. const scrollTop = $(window).scrollTop();.. const windowHeight = $(window).height();.. if (scrollTop > 200 ) {.. $('#to-top').fadeIn(1).css('display', 'flex');.. } else {.. $('#to-top').fadeOut(1).css('display', 'none');.. }..});....// ........function getOperatingSystem() {.. var userAgent = navigator.userAgent || navigator.vendor || window.opera;.. if (/android/i.test(userAgent)) {.. return "android";.. }.. if (/iPad|iPhone|iPod/.test(userAgent) && !window.MSStream) {.. return "ios";.. }.. return "pc";..}....if(getOperatingSystem()=="android"){.. $(".down-link").css("display",'none').. $(".down-link.android").css("display",'inline-block')..}..if(getOperatingSystem()=="ios"){.. $(".down-link").css("display",'none').. $(".down-link.ios").css("display",'inline-block')..

            Chrome Cache Entry: 94

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):3373417
            Entropy (8bit):7.978140019775728
            Encrypted:false
            SSDEEP:49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
            MD5:28746CEA3FA3FE45E9A77EAC83CC83EB
            SHA1:5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
            SHA-256:1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
            SHA-512:501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d4.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C..*...?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..|....A..e.>t.-..%..,...#w4..O...."..`......dW.|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......*\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k

            Chrome Cache Entry: 95

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):3373417
            Entropy (8bit):7.978140019775728
            Encrypted:false
            SSDEEP:49152:+pBKATna8Oybkckt3G6KSv0AyGQXRCaeYx/5dO8eDyj8HoXBkBWmfYFnVvLDo9q:8HnfHm3GCsAUBoYx/jO94JkBWmSA9q
            MD5:28746CEA3FA3FE45E9A77EAC83CC83EB
            SHA1:5C88FCD0E0E67358EBE61AF5B8D7509331CC4104
            SHA-256:1ADA80884D0AD4DF743330129D9FBDCF0CA1603EF669276D3772B84697DAFF16
            SHA-512:501DCF86A141AA14F910E0E1242EBA72BCD6C8AC3105793CC38463C40473DDAA35828B0C6C26B47171BEF988907BCC76CEA1DC3D0E9ED7858D53C33B744FF721
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL..!......`...{....z...]. .._.........5...D.i7..y......}....q..!.........`..y........................y...................>>>....9........?.................O5.........K..S.|..Y...i..X..J.....r9.r.C...3................,.@...[..;.C..*...?.`..(..&.N...$...............O...m..._ZW(......3..V......Jj............r..c......F.......|<..........`}zbjh..B`.................G..`... ...a&%_..]./E.2...........d..S.........U..f).. ....`65.5..P..B@.~E.o...,..b.. ....b.......aGE7..@@@..X_....^.....z.p6..l.s.......Jk.......)..`..x..|....A..e.>t.-..%..,...#w4..O...."..`......dW.|.....U.ee.....!..'j.f.l../...........^5..#..W...7{1Y..........(.X..@..g.."....~kz...F=.%...\..r...~~~@._r.......9{RF.........e....,.;.}%...%.w..v1.q^x+...............H......*\....#J.H..@..0j.....9..H...(S.\...0c.,x...6s...dM.5g..J...H.*...(N.P.J..t..X.j..kK.S..+.hP.h.]...d......x....R.X.........z4+......K.L....3k

            Chrome Cache Entry: 96

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
            Category:downloaded
            Size (bytes):6257
            Entropy (8bit):5.985463807603884
            Encrypted:false
            SSDEEP:96:2IECE/usRXb9UU8pxMcMXgG8gK36VkEt5Km3FQRtX+5NLE2:1ECE1L978P8XHG09LKsF0dYdE2
            MD5:A45F71347F88CA9D7976B61520AAA42B
            SHA1:FB1E5286F8401C6960F0AA3DB32A688F53757A5A
            SHA-256:3E5F5D0432553F9B7547BE69EBB12C68D18B500648B11E92DC609C77A4D23A63
            SHA-512:BF2B4DD22F04D09EEA34F774B48681FBE099C91A84260C124DFCD06C97CA77D33242B99EDACAE5ACE6E365A6BB007B2A5A2F0C73F7374A52217280AE5E6A84B6
            Malicious:false
            Reputation:low
            URL:https://www.telegramstg.com/
            Preview:<!DOCTYPE html>..<html lang="zh-CN">..<head>...<meta charset="UTF-8">...<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />...<title>....._TG......_Telegram..</title>...<meta name="Keywords" content="telegram..........telegram IOS.... Android........Telegram....telegram..........................................TELEGRAM...............">...<meta name="Description" content="telegram..........telegram IOS.... Android........Telegram....telegram..........................................TELEGRAM...............">...<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, us

            Chrome Cache Entry: 97

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:dropped
            Size (bytes):2415534
            Entropy (8bit):7.953757920742143
            Encrypted:false
            SSDEEP:49152:eQzLLAUpnaj+wmdT6MNOancgZXJI7+iNWrcPWmC96Jne7:eQzACajLKTZNOancgZXJIC8tumCUM7
            MD5:CBD2D6AF702CAB22FB23C7D159ABC428
            SHA1:C0B6C9DA2C8DA897C00DF0A6569D2FD2540DBC1F
            SHA-256:58A9156F7CB557EB157598032FD67ADE899A5A8B635455FBEB46C7BFA0F122E4
            SHA-512:E6647C8E088ED3BC3B0CED3CE6192473B4B2E878AE7E9AAD20E7B5569C7B7314CD84FDA1370DB47A797C8FE6CCFBBE7E18C1BF9A5163D143ECBA3134C467282E
            Malicious:false
            Reputation:low
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,........... ..!}.........5........]..................... ............................................................................. ..... ..........Z.....S..C.....>.........G.....=.........O.....................s.......N...........f..... ............:..'.. .........J...............K.....6........q..........W.. ._Q..'......... .9......W....].....l........#.V.....>......r....S..............P.............?6...........?.......+.u;....\.........K.6..-..d'........K...5..e..p..~........@/(........I...Y....E..........F............r...|..l0.g...{...E:....U...y.....~.h..._.8...W.3..HOC..[..O.....Q..i....&................/.....).H.......o^.....7...m..[.J.....:.;}.......V....9p_...[..j..o..8..........`...............y..0....E.M..T..H..G.........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k

            Chrome Cache Entry: 98

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:GIF image data, version 89a, 512 x 512
            Category:downloaded
            Size (bytes):1867995
            Entropy (8bit):7.97135881669897
            Encrypted:false
            SSDEEP:49152:yHSoeLy8K0YjI9NE4AjEq6EmnUCCG5LEge:yHSfK00I6jEyC95LM
            MD5:3DDFFC96032B4B586B63950436E1B19F
            SHA1:4E648AB679826B824D2D111E1B96E6D6FEC88BFB
            SHA-256:8ACBAEBD980880BE300562B4721FDA46636837C7CA7E174EDFE0DC8F9248D97B
            SHA-512:0F34DF4D68CC7CAA178193D1D5643A1AE727828BEEEC1ABAC1A3CF2922D4988C1D3E423C6A6BC5A1FE95FB947E543D19B69BE013E0DF951DAA0A78DB609896F7
            Malicious:false
            Reputation:low
            URL:https://image.sanxiang-sh.com/tg-08/d2.gif
            Preview:GIF89a.............!..NETSCAPE2.0.....!.......,.........GpL.~h..'......>9-....vb.]... ..q.5...|3+....NMM...5/ .....!}.....c[J50!=8-...2........333.}g.............{e.xb..... ......GA3.....%.yd.."...B</...yp\...nfSZTE$...T.......LF8..$vmY.>.iaO...QK<...VO@}t_..!_XG.I...m..$rjV...ZYY....."........qf^M.. ..z..v..#.E..va$...Y.......-....0'....MLL..Cgff.&...9.O.......uiB+$..{.....4..x.K..y../..i[+RQP......_^^OF,..)...Y..5..:..m......XN+.s*.i........vf+..5...*......4/...2......zR..v..E...,..{.......O>.:7+.l.....>...K.....X.....|{{---`T+.~>.u..b..(...B7.\E..1...c.T.Y........sss....#..]...0..-......gF...'.....-...].-.U.....n2.~..d'..'.&g...........3..*...^..J......=5&..B.%..N..>4..'..d.3.g..1..kkk.}P....4....[...A,.g[>@...c..tG..h..q.v;.C..]......Z.......S...v$..L.....L.;.B...............H......*\....#.......-f..q#5. C..I...(S.\..../..9...8s..1...a..J...H.*%.q.N.O.J..gE.K.j....+mN.K...h.......p...:..7-..".qU..[.c...#.K....41..W.B.t'.

            Chrome Cache Entry: 99

            Download File
            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
            File Type:SVG Scalable Vector Graphics image
            Category:dropped
            Size (bytes):23116
            Entropy (8bit):4.416888886221028
            Encrypted:false
            SSDEEP:384:wWjhl+ZZx0roaRvQgeMr2VxtaA93S/JKhV3PXASow7/XP5oP5VP5uP5sP5H6NC7E:wQhl2cfvrSxtaCDPaw756TUGLfY
            MD5:E75F7F8AC71782DDA40464528A4F619B
            SHA1:1294A00A625B50FF7C3EB3119A71D49399C9AC29
            SHA-256:832FBEFD7A4FE8F651058597D9F1910883D1CBD56D0CEB343E7D6170AEECF982
            SHA-512:AF128E227ED56355357FA0D3D46C9701E3B10F076F3515D84907ACE6BBF282177A74EF577A0AC48E4E4CC1FE0DFE3D14368F7DB08797AACC767E8841032C4E31
            Malicious:false
            Reputation:low
            Preview:<svg fill="none" height="144" viewBox="0 0 4464 144" width="4464" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><linearGradient id="a"><stop offset="0" stop-color="#2aabee"/><stop offset="1" stop-color="#229ed9"/></linearGradient><linearGradient id="b" gradientUnits="userSpaceOnUse" x1="1080" x2="1080" xlink:href="#a" y1="31.7861" y2="112.214"/><linearGradient id="c" gradientUnits="userSpaceOnUse" x1="1224" x2="1224" xlink:href="#a" y1="24.856" y2="119.144"/><linearGradient id="d" gradientUnits="userSpaceOnUse" x1="1368" x2="1368" xlink:href="#a" y1="19.1113" y2="124.889"/><linearGradient id="e" gradientUnits="userSpaceOnUse" x1="1512" x2="1512" xlink:href="#a" y1="14.4526" y2="129.547"/><linearGradient id="f" gradientUnits="userSpaceOnUse" x1="1656" x2="1656" xlink:href="#a" y1="10.7817" y2="133.218"/><linearGradient id="g" gradientUnits="userSpaceOnUse" x1="1800" x2="1800" xlink:href="#a" y1="8" y2="136"/><linearGradient id="h" gradientUnits="userSpace

            Static File Info

            No static file info

            Network Behavior

            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:1
            Start time:19:48:54
            Start date:11/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:3
            Start time:19:48:59
            Start date:11/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=3236,i,4779088425237873110,13384070832767837995,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:4
            Start time:19:49:05
            Start date:11/01/2025
            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://www.telegramstg.com/"
            Imagebase:0x7ff684c40000
            File size:3'242'272 bytes
            MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:8
            Start time:19:50:11
            Start date:11/01/2025
            Path:C:\Windows\SysWOW64\unarchiver.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\shater.zip"
            Imagebase:0x470000
            File size:12'800 bytes
            MD5 hash:16FF3CC6CC330A08EED70CBC1D35F5D2
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:9
            Start time:19:50:11
            Start date:11/01/2025
            Path:C:\Windows\SysWOW64\7za.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wdldggag.e5p" "C:\Users\user\Downloads\shater.zip"
            Imagebase:0xfe0000
            File size:289'792 bytes
            MD5 hash:77E556CDFDC5C592F5C46DB4127C6F4C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:10
            Start time:19:50:11
            Start date:11/01/2025
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff66e660000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:true

            General

            Target ID:11
            Start time:19:50:14
            Start date:11/01/2025
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:"cmd.exe" /C "C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe"
            Imagebase:0x7ff799c70000
            File size:236'544 bytes
            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:12
            Start time:19:50:14
            Start date:11/01/2025
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff66e660000
            File size:862'208 bytes
            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:low
            Has exited:false

            General

            Target ID:13
            Start time:19:50:14
            Start date:11/01/2025
            Path:C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe
            Wow64 process (32bit):true
            Commandline:C:\Users\user\AppData\Local\Temp\wdldggag.e5p\shater.exe
            Imagebase:0x730000
            File size:62'891'960 bytes
            MD5 hash:D08BDF8F0948938687A6E0C1044E1962
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Antivirus matches:
            • Detection: 8%, ReversingLabs
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Executed Functions

              Function 00C5B1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
              Download Yara Rule
              APIs
              • GetSystemInfo.KERNELBASE(?), ref: 00C5B208
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: InfoSystem
              • String ID:
              • API String ID: 31276548-0
              • Opcode ID: 5af16f977bedac2131dd8f9cbab5ed67c7e4bc0c56b66d61b41d4402367f7d46
              • Instruction ID: 9dcac5eeca6d2f54fcc9042dcf55069276ab86e6f03147e2e52ce2bd0e640521
              • Opcode Fuzzy Hash: 5af16f977bedac2131dd8f9cbab5ed67c7e4bc0c56b66d61b41d4402367f7d46
              • Instruction Fuzzy Hash: 60018B788042449FDB10CF16DD89B69FFE4EF05321F08C4AADD488F252D379A958CBA2
              Function 00C5B246 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5B2F3
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 77f1d8206e83fab60d004157c67f69b1215a52c4fa45283e821d926c8a16c296
              • Instruction ID: 01a50eb8b80c223edd674e84323f25130030a0f5d361704b7b74117ffca5299a
              • Opcode Fuzzy Hash: 77f1d8206e83fab60d004157c67f69b1215a52c4fa45283e821d926c8a16c296
              • Instruction Fuzzy Hash: 2031D4754043446FEB228B21CC45FA6BFBCEF06324F04889AE985CB162D334A909CB71
              Function 00C5AD04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5ADA7
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 44b24a5dbce0742eb89f9c4ca3acd12e39233a708f324ce6a638fc85d93897cb
              • Instruction ID: fa673e1aa1a154730545cf9b8487ee09223c52170228bd0f6e1c50d478ead50b
              • Opcode Fuzzy Hash: 44b24a5dbce0742eb89f9c4ca3acd12e39233a708f324ce6a638fc85d93897cb
              • Instruction Fuzzy Hash: 2131C171404344AFEB228B65CC45FA7BFBCEF06324F04889AE985CB552D234A959CB61
              Function 00C5AB76 Relevance: 1.6, APIs: 1, Instructions: 93pipeCOMMON
              Download Yara Rule
              APIs
              • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00C5AC36
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CreatePipe
              • String ID:
              • API String ID: 2719314638-0
              • Opcode ID: 4899e36bc85ca34550ceeaba5812ee7257fc32866abc19f79165e178eb5e91a3
              • Instruction ID: 17ec07a123c6983531d837583c17b9b8296cf861ee516e8f78027f86801b3a44
              • Opcode Fuzzy Hash: 4899e36bc85ca34550ceeaba5812ee7257fc32866abc19f79165e178eb5e91a3
              • Instruction Fuzzy Hash: 38318D7250E3C06FD3038B718C65A55BFB4AF47210F1A84CBD8C4DF1A3D2696909C7A2
              Function 00C5A5DC Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C5A67D
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 71c6d7103191728febb9e960e51330dacc22b98837424c437db4b1bb751b0fd4
              • Instruction ID: cf6eb5dae79ed7e1406e416e9a8cf8a92323d9572fb4db619b4af45ae8e4158a
              • Opcode Fuzzy Hash: 71c6d7103191728febb9e960e51330dacc22b98837424c437db4b1bb751b0fd4
              • Instruction Fuzzy Hash: 9631AF75504340AFE721CF26DC45F66BBE8EF05220F08899EED858B252D375E909CB71
              Function 00C5A120 Relevance: 1.6, APIs: 1, Instructions: 83fileCOMMON
              Download Yara Rule
              APIs
              • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00C5A1C2
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FileFindNext
              • String ID:
              • API String ID: 2029273394-0
              • Opcode ID: 0817d014df9ce71eb04f47d20dd827befcee811a2b4748cc5aaac5c099f56e63
              • Instruction ID: ac4fec9b9e0d88f45bf7c61a56e58d5e7b9ba1553f26295698f66509173fb89a
              • Opcode Fuzzy Hash: 0817d014df9ce71eb04f47d20dd827befcee811a2b4748cc5aaac5c099f56e63
              • Instruction Fuzzy Hash: B421D37140D3C06FD3128B258C51B66BFB4EF47620F0985CBD8848F693D225A909C7A2
              Function 00C5B276 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5B2F3
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: ccc73efd20ec34aab47848d76a56226ecb0d3ca7ef2a56c6f23ce4f57c92a6b2
              • Instruction ID: d574d1d8c10254bf384d4c42f50aa5e74a80041e4f4fa4b86660769df5e5bf1f
              • Opcode Fuzzy Hash: ccc73efd20ec34aab47848d76a56226ecb0d3ca7ef2a56c6f23ce4f57c92a6b2
              • Instruction Fuzzy Hash: 0021E275400304AFEB21CF65CC45FAAFBECEF04324F04882AEE459B251D774E9588BA1
              Function 00C5A370 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A40C
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 02610ffa30251aea991e3c5d78a783146a15b8390b79cfb63d7d7a2e56aaa1ca
              • Instruction ID: a598311e05ae464d0a99634ce68c2194906cd7c7a2a9aeb1026525711005ae72
              • Opcode Fuzzy Hash: 02610ffa30251aea991e3c5d78a783146a15b8390b79cfb63d7d7a2e56aaa1ca
              • Instruction Fuzzy Hash: 10218D75504344AFD721CF26CC84FA6BBF8EF05724F08859AE985CB262D364E948CB76
              Function 00C5AD2A Relevance: 1.6, APIs: 1, Instructions: 80COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5ADA7
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: e7ed4ca985dbf478f3eeecb6e8ec1a0c8f975ec64f0a4bbc5e272e8f2014c9ed
              • Instruction ID: 89599641f8a0cfa1d695c029ccbcfe35420dbfdf628560f3be377415b66a8099
              • Opcode Fuzzy Hash: e7ed4ca985dbf478f3eeecb6e8ec1a0c8f975ec64f0a4bbc5e272e8f2014c9ed
              • Instruction Fuzzy Hash: 4921E275500304AFEB21DF65CC45FABBBECEF04324F04891AEE458B651D774E5588BA1
              Function 00C5A850 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
              Download Yara Rule
              APIs
              • SetFilePointer.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A8DE
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: 337485c2f7d062a7dc794dfdf29a492008c58383c088f0c58b5af059b5f31efc
              • Instruction ID: f81ea9f6e69032cfbc9d1a6bd0dacf348e6a9efcd113625621b7f93c775c5ca8
              • Opcode Fuzzy Hash: 337485c2f7d062a7dc794dfdf29a492008c58383c088f0c58b5af059b5f31efc
              • Instruction Fuzzy Hash: FB21D8754043806FE7228B25DC45FA6BFB8EF46724F0984DAED848F152C274A909C776
              Function 00C5A933 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
              Download Yara Rule
              APIs
              • WriteFile.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A9C1
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: bee6597616ed697c0d3756db5f90814e8e90e436f95e697ea9f0890235317df9
              • Instruction ID: b4b4228cd73ef39d6060aff687f6ecf30744a5ab528c5b28297fb9f87fdaf127
              • Opcode Fuzzy Hash: bee6597616ed697c0d3756db5f90814e8e90e436f95e697ea9f0890235317df9
              • Instruction Fuzzy Hash: A321E271009380AFDB22CF25CC45F96BFB8EF06314F08889AE9849F152C375A508CBB2
              Function 00C5A5FE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C5A67D
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: ce474579abb8bd560aaca5183aba5edb2ac49810ca4cf3c93ce21bc774d42e9d
              • Instruction ID: 10831498d4920f6fc935f0e85c7d1806bba1309e530c5fe8185fd2bd1c5e1af3
              • Opcode Fuzzy Hash: ce474579abb8bd560aaca5183aba5edb2ac49810ca4cf3c93ce21bc774d42e9d
              • Instruction Fuzzy Hash: C6219C75500200AFEB20CF26DD85F66FBE8EF08320F088969ED858B251D775E948CB66
              Function 00C5A78F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A815
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 6d9be3774981305b152c389a5cfe2fe6558c80745d6e3da1d1b92f934feaec24
              • Instruction ID: 412a1e1a87dbd472aec6551efc3aae9e594307319c011e3af3a805b540c6002f
              • Opcode Fuzzy Hash: 6d9be3774981305b152c389a5cfe2fe6558c80745d6e3da1d1b92f934feaec24
              • Instruction Fuzzy Hash: 6A21EE754083806FE7128B25DC45FA6BFB8DF47314F0884DBED848B293D268A909C775
              Function 00C5AA0B Relevance: 1.6, APIs: 1, Instructions: 70COMMON
              Download Yara Rule
              APIs
              • CreateDirectoryW.KERNELBASE(?,?), ref: 00C5AA8B
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CreateDirectory
              • String ID:
              • API String ID: 4241100979-0
              • Opcode ID: c10d3113a06fe099fd637dc9d23e8fe4109643f84ebe24f52f15254af9c14901
              • Instruction ID: 6fce5dc4c51fc5958212cd3d8c07136682292e71d457f5060514bc4347a785bb
              • Opcode Fuzzy Hash: c10d3113a06fe099fd637dc9d23e8fe4109643f84ebe24f52f15254af9c14901
              • Instruction Fuzzy Hash: 8521AF755083805FDB12CB29DC55B92BFE8AF06324F0D85EAEC84CB153D225D949CB62
              Function 00C5A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A40C
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 87fdcbf5290b26bf89a9e6809f82557d839edf7c0bc5a9b704d07e9f4d90f1a4
              • Instruction ID: c9fb958b7e16b4bd785390448c51cf73ac8f518c0a76721db223ad4a03db5f76
              • Opcode Fuzzy Hash: 87fdcbf5290b26bf89a9e6809f82557d839edf7c0bc5a9b704d07e9f4d90f1a4
              • Instruction Fuzzy Hash: DE21AE791003049FEB20CF66CC85FA6B7ECEF04725F08855AEE458B251D3B4E949CAB6
              Function 00C5A962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
              Download Yara Rule
              APIs
              • WriteFile.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A9C1
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: 43452c3aec4632016bcf1505a9545b67d9868fbda8fff884081c06d487fa1cbd
              • Instruction ID: 43900d086347b7cb5e0c3104f5c49b87499e831327185efa2533665e7de09909
              • Opcode Fuzzy Hash: 43452c3aec4632016bcf1505a9545b67d9868fbda8fff884081c06d487fa1cbd
              • Instruction Fuzzy Hash: 6F112B75400304AFDB21CF66CC85F96FBE8EF44325F04895AEE458B251C378A548CBB6
              Function 00C5A882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
              Download Yara Rule
              APIs
              • SetFilePointer.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A8DE
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: 7bd671d118c0c260c7df172a9f0029db4836a887e84bb02ce98c1b8080c1a88c
              • Instruction ID: 2b9ca8f2061aefca4c02bf82ea44c88112224ec47741e70b72f2d3472025b82a
              • Opcode Fuzzy Hash: 7bd671d118c0c260c7df172a9f0029db4836a887e84bb02ce98c1b8080c1a88c
              • Instruction Fuzzy Hash: F6113675400300AFEB20CF66DC85FA6FBE8EF44324F04885AEE449B241C378A548CBB6
              Function 00C5A2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 00C5A30C
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: 8d2182560f457e0a4afae4213277a1d5dd5c34797844ec0b3244ce18d5b91f0e
              • Instruction ID: 4f887f3cdec78e795737188b26bbe43e1e7646370375ffdea9431f6b56636ee5
              • Opcode Fuzzy Hash: 8d2182560f457e0a4afae4213277a1d5dd5c34797844ec0b3244ce18d5b91f0e
              • Instruction Fuzzy Hash: E611A3754093C09FDB228B26DC94A52BFB4DF17224F0981DBDD848F263D269A948CB72
              Function 00C5AA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • CreateDirectoryW.KERNELBASE(?,?), ref: 00C5AA8B
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CreateDirectory
              • String ID:
              • API String ID: 4241100979-0
              • Opcode ID: 5747dbcc38ce17116577f939111aa69e2803ca87ae2390baeca2a266e35264a0
              • Instruction ID: 7a3e1b23f1372eebf56057488ebc020b71023bf0b79ac67a3b2fdab10db4abf5
              • Opcode Fuzzy Hash: 5747dbcc38ce17116577f939111aa69e2803ca87ae2390baeca2a266e35264a0
              • Instruction Fuzzy Hash: 7B11E1756002009FEB10CF2AD985B56FBD8EF04321F08C5AAED08CB241E378E948DF62
              Function 00C5A7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E24,962508A1,00000000,00000000,00000000,00000000), ref: 00C5A815
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 8fa4ae463036985b5c99760e77c583265a0fbfb3bf01cb0bdd3d426e1c18ff1e
              • Instruction ID: 813d72427ab27267d25de1b0c67adca22f72f7301e607d870384e9ee78ae80c4
              • Opcode Fuzzy Hash: 8fa4ae463036985b5c99760e77c583265a0fbfb3bf01cb0bdd3d426e1c18ff1e
              • Instruction Fuzzy Hash: 7401F979500304AEE720CB26DC85FA6FBD8DF45725F14C45AEE058B381D378E9498AB6
              Function 00C5AF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CloseFind
              • String ID:
              • API String ID: 1863332320-0
              • Opcode ID: 2d2c2599df63368c10547c0db11e310df30c575ac7d8e9e6fe3262d1d9d12439
              • Instruction ID: e339c56eda26e11fa494723c00bb8b9dc93192bcebc9c7a2d6c0226fba1ab3ff
              • Opcode Fuzzy Hash: 2d2c2599df63368c10547c0db11e310df30c575ac7d8e9e6fe3262d1d9d12439
              • Instruction Fuzzy Hash: F311A3755093C09FDB128B25DC85A52FFF4EF46220F0984DADD858B262D379A858CB61
              Function 00C5B1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • GetSystemInfo.KERNELBASE(?), ref: 00C5B208
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: InfoSystem
              • String ID:
              • API String ID: 31276548-0
              • Opcode ID: 1506c962b88a99061ab11ae57676baaf7c86335cd8bd20936021f6fe56498563
              • Instruction ID: d4f14c6218a42e1c1ec185765e14ec05a6cda8873426dbed72298221318184c1
              • Opcode Fuzzy Hash: 1506c962b88a99061ab11ae57676baaf7c86335cd8bd20936021f6fe56498563
              • Instruction Fuzzy Hash: 7111A0714093809FCB12CF15DC84B56FFA4DF06221F0884EAED848F252D279A908CB72
              Function 00C5ABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON
              Download Yara Rule
              APIs
              • CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00C5AC36
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CreatePipe
              • String ID:
              • API String ID: 2719314638-0
              • Opcode ID: 14b179c0466f788fc22a738d3ca72acf20de814b75f410b13a89e8d46786b198
              • Instruction ID: 3b82db68b7053332e1ae06dcd0fa794503b06cb316c7906469cbdd7f8c4e7d88
              • Opcode Fuzzy Hash: 14b179c0466f788fc22a738d3ca72acf20de814b75f410b13a89e8d46786b198
              • Instruction Fuzzy Hash: C501B171540200AFD310DF26CC86B26FBE8FB88A20F14851AEC489B741D735F915CBE1
              Function 00C5A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
              Download Yara Rule
              APIs
              • FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00C5A1C2
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: FileFindNext
              • String ID:
              • API String ID: 2029273394-0
              • Opcode ID: 3073f36a1eb56071f1b2a66d877a52d4d8d8e7b93d9b9ef66e8a28daf4ad0f34
              • Instruction ID: cfcf3237582275da2ba85299b41a80c2c27739f0b82f4b46824c152b3683b8ae
              • Opcode Fuzzy Hash: 3073f36a1eb56071f1b2a66d877a52d4d8d8e7b93d9b9ef66e8a28daf4ad0f34
              • Instruction Fuzzy Hash: AC01D471540200AFD710DF26CC86B26FBE8FB88A20F14855AEC089B741D735F911CBE1
              Function 00C5AFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CloseFind
              • String ID:
              • API String ID: 1863332320-0
              • Opcode ID: 855948d24165ea81bab61d898eee9cbab4ea08ac38d5f5210a946995a00f8110
              • Instruction ID: e7f360fc71ef20acecc1c1ef634a11e71dd5d432fb3da474f3923f5a0898596b
              • Opcode Fuzzy Hash: 855948d24165ea81bab61d898eee9cbab4ea08ac38d5f5210a946995a00f8110
              • Instruction Fuzzy Hash: 7901D6795002448FDB10CF16DC85762FFD4EF44321F08C1AADD494B651D379E858DAA2
              Function 00C5A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 00C5A30C
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: 8f6d7a792099b5dafc295afa4a3af71324bec88f913419ad2a9f38ae59f4dd03
              • Instruction ID: ab42c192d690fab20a4b1616c245bb36f5644097f55e163dcc6993d01ebc2a55
              • Opcode Fuzzy Hash: 8f6d7a792099b5dafc295afa4a3af71324bec88f913419ad2a9f38ae59f4dd03
              • Instruction Fuzzy Hash: F4F0AF784042448FDB20DF17D885761FBE0EF44729F08C1AADD494B262D3B9E958CAA6
              Function 00C5A6D4 Relevance: 1.3, APIs: 1, Instructions: 68COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?), ref: 00C5A748
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: 701896f90d1f6a473b878b0f1a7395d5a5769942e313870c6fcb3a22b06c4843
              • Instruction ID: 1c5ed9d0a38eb2de39ed4c281110543c147b275bfc58c103149f10ec5c37c51a
              • Opcode Fuzzy Hash: 701896f90d1f6a473b878b0f1a7395d5a5769942e313870c6fcb3a22b06c4843
              • Instruction Fuzzy Hash: E221C2B55097C05FDB128B25DC95792BFB4EF07320F0984DADC858F1A3D2649908C772
              Function 00C5A716 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • CloseHandle.KERNELBASE(?), ref: 00C5A748
              Memory Dump Source
              • Source File: 00000008.00000002.2996056950.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false
              Similarity
              • API ID: CloseHandle
              • String ID:
              • API String ID: 2962429428-0
              • Opcode ID: bd8ad7bb218dc5dd64da8770be74dd3cf5feab2ea527de903e9aff6f96ea1c35
              • Instruction ID: 7d9aaa8304bc3a308c9ea99bdb566df8ba5187607c11b2c7b78ea105132a58f0
              • Opcode Fuzzy Hash: bd8ad7bb218dc5dd64da8770be74dd3cf5feab2ea527de903e9aff6f96ea1c35
              • Instruction Fuzzy Hash: 4301F2799002408FDB10CF2AD985766FBE4EF04361F08C4AADD498F252D279E958CAA2
              Function 04C302C0 Relevance: .3, Instructions: 285COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2ecbbded2547858d3d9d548dafaba441a13b65f7d7c3a70ad31d8ed70839b21
              • Instruction ID: ddab944ec1b369cf2399669b2de33e658cfa45e9a750e61be5c6543c0ade9ec0
              • Opcode Fuzzy Hash: d2ecbbded2547858d3d9d548dafaba441a13b65f7d7c3a70ad31d8ed70839b21
              • Instruction Fuzzy Hash: 1CB11835701210CFC718EB65ED98B5E7BB2FF88341B558828E9069B359DB31AD43CBA1
              Function 04C30799 Relevance: .3, Instructions: 281COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d11b25facb4da2c0e2e97b04d3bd7f38f3eefe0bf0e29b9e75be55c010b7e155
              • Instruction ID: f59fb95f2e0f051d912c261360897d04006f0d16b88e790089aba661fc7f776f
              • Opcode Fuzzy Hash: d11b25facb4da2c0e2e97b04d3bd7f38f3eefe0bf0e29b9e75be55c010b7e155
              • Instruction Fuzzy Hash: 2BA18D34B002048FDB14AB79D89572E77F3FB84309F158829D9069B39ADF789D42CB92
              Function 04C30CA8 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7d566e7bb41210df5bf6d25581a6c47c6ac9dd9dbe75db60932ab3fbec927c39
              • Instruction ID: d85f8e425482d8fe8282956c616c4d727d1ba8732d42f253277bd864fcb4fdcc
              • Opcode Fuzzy Hash: 7d566e7bb41210df5bf6d25581a6c47c6ac9dd9dbe75db60932ab3fbec927c39
              • Instruction Fuzzy Hash: F021D6717002048FCB14EB3A889476EBBD7ABC5204B45882CD44ADB386DF79E9069795
              Function 04C30C99 Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7d50fb7c477f1752bd7b692bd5f85abf3049c99ae48ddeecd1e2899eac7911d
              • Instruction ID: 8009e7f190d826c2322a8e885be01a095a520f67b813fd10081b71fbd10ff5e4
              • Opcode Fuzzy Hash: c7d50fb7c477f1752bd7b692bd5f85abf3049c99ae48ddeecd1e2899eac7911d
              • Instruction Fuzzy Hash: 2D2129707002448FCB15EB3A884436E7BD7AFC5304B4A882CD84ADB382DF76E90697A5
              Function 04C30B8F Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f1e08000d0cc4a4d14ca04008e538f536976e89b157cf9cfc96c1edde25774b0
              • Instruction ID: 4b9fb963ef68f231d9e9090696f3351119d10cce57c5fffa4cb2569b283ffaf2
              • Opcode Fuzzy Hash: f1e08000d0cc4a4d14ca04008e538f536976e89b157cf9cfc96c1edde25774b0
              • Instruction Fuzzy Hash: 8911B935A102189FCB059F74DC5899E7BF2FF49204B164479D605E7265DF309806CB91
              Function 04C30BA0 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5c74e243fbf846a41b306690a9d31c121935a6e7c6508022929eb96dfa4ab75
              • Instruction ID: 311a4defd306bad65fd3482c9daa79bb8f17ae2fd6079b3d68c90c3405aa0df8
              • Opcode Fuzzy Hash: d5c74e243fbf846a41b306690a9d31c121935a6e7c6508022929eb96dfa4ab75
              • Instruction Fuzzy Hash: F611A731B102186FCB04AB74DC5899F77F6FF88214B164479E605E7325DF31980687C1
              Function 00E8080A Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2996960742.0000000000E80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b0688556b0cbe1afab14fbf012797317f4033ec864110f27d45792793c96aaa
              • Instruction ID: 8e9018e6b3479cebd542c934186a97b55dac72d27a581d19e291135f0506575a
              • Opcode Fuzzy Hash: 6b0688556b0cbe1afab14fbf012797317f4033ec864110f27d45792793c96aaa
              • Instruction Fuzzy Hash: 310184B24496446FD301DB55EC81C57BBE8DF96524B09C4AAEC488B202D265B919CBB2
              Function 00E805E2 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2996960742.0000000000E80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c618547978c8b8209637f301b83cd6abfb684bde6c7b300134b9476455cc5ebe
              • Instruction ID: 73bfa789d1b81a0273cb854c3965ec4f542bcd10ed141027e3f7350cfd9bb046
              • Opcode Fuzzy Hash: c618547978c8b8209637f301b83cd6abfb684bde6c7b300134b9476455cc5ebe
              • Instruction Fuzzy Hash: 6101F9B65093806FC7128B169C40863FFF8DF87130709C4AFEC898B612D129B809CB72
              Function 00E8082E Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2996960742.0000000000E80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5aa608ee522d9f253daeea651b9619d7d2c160889c64d72827cce8937baddd19
              • Instruction ID: c0d68f0cc591d365b583eb078479e8058deb0e76568bd26041e02009e6dd1ef4
              • Opcode Fuzzy Hash: 5aa608ee522d9f253daeea651b9619d7d2c160889c64d72827cce8937baddd19
              • Instruction Fuzzy Hash: 2AF082B28452046F9200DF15ED86856F7ECEF85525F08C53AEC488B700E276B9158AE2
              Function 00E80606 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2996960742.0000000000E80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E80000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a29e543e0eeaf0c50e24ece9984732e9e71a7d3bf1ba15bac334d9eff5bf6e5
              • Instruction ID: e3aa7fd6bae88467a540d62bb919656bc0eff3d91f5fb21f5d06d184041997b8
              • Opcode Fuzzy Hash: 8a29e543e0eeaf0c50e24ece9984732e9e71a7d3bf1ba15bac334d9eff5bf6e5
              • Instruction Fuzzy Hash: 15E092BA6006004B9750CF0BEC81452F7D8EB84630708C47FDC0D8B701E279B504CAA6
              Function 04C30C50 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8d5b4b00c64552e64038e74b079b6d5c8f363695afc9e167bafd0d83abd9e43a
              • Instruction ID: 5abc8bdf3b0aad48bbbdb3db1fba6bf80a2ef440b9b585ddac4f7a5a46f52fb1
              • Opcode Fuzzy Hash: 8d5b4b00c64552e64038e74b079b6d5c8f363695afc9e167bafd0d83abd9e43a
              • Instruction Fuzzy Hash: 5FE0DF71F053A42FCB44DFB8884499E7FE9DF85110B5A45BDD008D7242EE3598028790
              Function 04C30C60 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39df840396ab5a5c653d6924eccf0592343f8e6227c9d15d8bcaebece567c67b
              • Instruction ID: d9d17be7c81d3ac3a246d197b6cbf74cde1a2e6d6912686e44ef1ce207c64679
              • Opcode Fuzzy Hash: 39df840396ab5a5c653d6924eccf0592343f8e6227c9d15d8bcaebece567c67b
              • Instruction Fuzzy Hash: DDD01231F042281B8B48DEF9584455F7BEA9BC4154B56447DD009D7341EE35994287D0
              Function 04C30DD1 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 853f6c821056aea2df50855be0397b689be2eaba6b121fdfcac7931dcc949577
              • Instruction ID: 771ea26fba380e0f6aaae8a56d58b3d8ea0155ff4e52ed3b5b0b9e2adaee8da1
              • Opcode Fuzzy Hash: 853f6c821056aea2df50855be0397b689be2eaba6b121fdfcac7931dcc949577
              • Instruction Fuzzy Hash: 19D05E752003048FDB059B25D848B957B96AF84309F468494900C5B765CB78E841D694
              Function 00C523F4 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2996024580.0000000000C52000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C52000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 139a4d7881d43d2210b7de47f7d730c5f93d71539eff6ff7a4634d3b2e342efb
              • Instruction ID: 3e90881f8e36fbfaa71de9aefb36b6df73db4456cd56deba6d2de9220d6c312f
              • Opcode Fuzzy Hash: 139a4d7881d43d2210b7de47f7d730c5f93d71539eff6ff7a4634d3b2e342efb
              • Instruction Fuzzy Hash: F2D05E7D2057814FD3269A1CC5A5B9937D4AB52719F4A44F9AC00CB763C768DAC5E600
              Function 00C523BC Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2996024580.0000000000C52000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C52000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4f29de4805c7cd352207cae6539925dedb348b4327c1c21cef6b5f37fc5ab38
              • Instruction ID: f5268b4c46a63bffa61bea27ef3983579258d0c35be22e84dd9fb617a2570578
              • Opcode Fuzzy Hash: a4f29de4805c7cd352207cae6539925dedb348b4327c1c21cef6b5f37fc5ab38
              • Instruction Fuzzy Hash: 6BD05E382002818BC725DA1CC2D4F5933D8AB41715F0644F8AC208B272C7A9D9C4DA00
              Function 04C30DE0 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.2997660585.0000000004C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C30000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c42b51a9d06573d2fa0cc83770700eacae4f0ea8e34b2314a473a00f1294ebf
              • Instruction ID: c1faabc09205087a2d287a7c357d9cccad3b3baa2b7ebbbbea8ca95bfad32624
              • Opcode Fuzzy Hash: 9c42b51a9d06573d2fa0cc83770700eacae4f0ea8e34b2314a473a00f1294ebf
              • Instruction Fuzzy Hash: FAC012313002048BD704A769D859A297397ABC0309F4AC56484080B359CA74F841D684