C24723b1-25b1-1f90-49ca-04421a0e6770_telegram.zip May 2026

Based on the structure of the filename, this file likely originates from one of two scenarios:

with an updated EDR or Antivirus solution to locate the primary malware. C24723B1-25B1-1F90-49CA-04421A0E6770_Telegram.zip

Forensic tools (like Cellebrite, Magnet AXIOM, or Belkasoft) often export specific application data using GUIDs to maintain a link to the original database. In this case, the file likely contains a backup of Telegram Messenger data—including chat logs, media, contacts, and session tokens—from a specific device or user account. Based on the structure of the filename, this

Encrypted data files containing the local message database. Encrypted data files containing the local message database

Treat it as a high-threat indicator. It may suggest that an Infostealer has accessed your Telegram session.

via Telegram Settings > Devices > Terminate all other sessions. Enable Two-Step Verification (2FA) if not already active.

The filename follows a naming convention typically associated with forensic data extractions or automated malware exfiltration . The string of characters is a GUID (Globally Unique Identifier), often used by software to uniquely identify a specific user profile, device session, or database entry. Contextual Analysis