Edit tour

Windows Analysis Report
http://infected.quickconnect.to/

Overview

General Information

Sample URL:	http://infected.quickconnect.to/
Analysis ID:	1269731

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

HTML body with high number of embedded images detected

HTML body contains low number of good links

HTML title does not match URL

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 3132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://infected.quickconnect.to/ MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

chrome.exe (PID: 5464 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1736,i,10151548205462978362,4457946690694946517,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ET DNS Query for .to TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.164870532027757 07/10/23-14:27:35.771470
SID:	2027757
Source Port:	64870
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET DNS Query for .to TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.154789532027757 07/10/23-14:27:39.704312
SID:	2027757
Source Port:	54789
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET DNS Query for .to TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.162709532027757 07/10/23-14:27:41.930880
SID:	2027757
Source Port:	62709
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET DNS Query for .to TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.156365532027757 07/10/23-14:27:35.144992
SID:	2027757
Source Port:	56365
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

ET DNS Query for .to TLD - Source IP: 192.168.2.3 - Destination IP: 1.1.1.1

Timestamp:	192.168.2.31.1.1.156939532027757 07/10/23-14:27:36.036875
SID:	2027757
Source Port:	56939
Destination Port:	53
Protocol:	UDP
Classtype:	Potentially Bad Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: http://infected.quickconnect.to/

HTTP Parser: Total embedded image size: 35143

Source: https://infected.fr4.quickconnect.to/

HTTP Parser: Number of links: 0

Source: https://infected.fr4.quickconnect.to/

HTTP Parser: Title: DNR-V_001 does not match URL

Source: https://infected.fr4.quickconnect.to/

HTTP Parser: <input type="password" .../> found

Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="author".. found

Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found
Source: https://infected.fr4.quickconnect.to/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2027757 ET DNS Query for .to TLD 192.168.2.3:56365 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2027757 ET DNS Query for .to TLD 192.168.2.3:64870 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2027757 ET DNS Query for .to TLD 192.168.2.3:56939 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2027757 ET DNS Query for .to TLD 192.168.2.3:54789 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2027757 ET DNS Query for .to TLD 192.168.2.3:62709 -> 1.1.1.1:53

Source: unknown

DNS traffic detected: queries for: infected.quickconnect.to

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /connect_lib.7045c606.bundle.css HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://infected.quickconnect.to/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /573e7af50207ee0f67a3f60752802e92.png HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://infected.quickconnect.to/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /e903266b5cec648754bc4fa966c21efa.png HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://infected.quickconnect.to/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /vendor.dll.js HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Referer: http://infected.quickconnect.to/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /commons.15d0d7a8c9ba9444b179.bundle.js HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Referer: http://infected.quickconnect.to/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /connect_lib.9680d74c2abbd47665d3.bundle.js HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Referer: http://infected.quickconnect.to/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Referer: http://infected.quickconnect.to/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: syno-quickconnect-tutorial=yes; tunnel=; previous_verify_type=; previous=http:.port.5001.ext_port.56100site.dec.quickconnect.tolan_ipv4.10.188.248.105.ddns.infected.myDS.mewan_ipv4.45.11.60.211If-None-Match: W/"6461a327-18f65"If-Modified-Since: Mon, 15 May 2023 03:12:39 GMT
Source: global traffic	HTTP traffic detected: GET /573e7af50207ee0f67a3f60752802e92.png HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: syno-quickconnect-tutorial=yes; tunnel=; previous_verify_type=; previous=http:.port.5001.ext_port.56100site.dec.quickconnect.tolan_ipv4.10.188.248.105.ddns.infected.myDS.mewan_ipv4.45.11.60.211
Source: global traffic	HTTP traffic detected: GET /e903266b5cec648754bc4fa966c21efa.png HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: syno-quickconnect-tutorial=yes; tunnel=; previous_verify_type=; previous=http:.port.5001.ext_port.56100site.dec.quickconnect.tolan_ipv4.10.188.248.105.ddns.infected.myDS.mewan_ipv4.45.11.60.211
Source: global traffic	HTTP traffic detected: GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: syno-quickconnect-tutorial=yes; tunnel=; previous_verify_type=; previous=http:.port.5001.ext_port.56100site.dec.quickconnect.tolan_ipv4.10.188.248.105.ddns.infected.myDS.mewan_ipv4.45.11.60.211
Source: global traffic	HTTP traffic detected: GET /webman/pingpong.cgi?action=cors&quickconnect=true HTTP/1.1Host: infected.quickconnect.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: syno-quickconnect-tutorial=yes; previous_verify_type=; previous=http:.port.5001.ext_port.56100site.dec.quickconnect.tolan_ipv4.10.188.248.105.ddns.infected.myDS.mewan_ipv4.45.11.60.211; client_ext_ip=102.129.143.16; tunnel=trueIf-None-Match: W/"6461a327-18f65"If-Modified-Since: Mon, 15 May 2023 03:12:39 GMT

Source: classification engine

Classification label: mal48.win@25/241@16/163

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://infected.quickconnect.to/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1736,i,10151548205462978362,4457946690694946517,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1736,i,10151548205462978362,4457946690694946517,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://infected.quickconnect.to/	0%	Virustotal		Browse
http://infected.quickconnect.to/	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.synology.com	13.32.145.18	true	false	high
global.quickconnect.to	35.156.180.83	true	false	high
www.beian.gov.cn	127.0.0.1	true	false	unknown
infected.myds.me	45.11.60.211	true	false	unknown
accounts.google.com	142.250.181.237	true	false	high
dec.quickconnect.to	3.75.139.27	true	false	high
infected.fr4.quickconnect.to	185.93.2.187	true	false	high
synostatic.synology.com	13.32.110.58	true	false	high
www.google.com	142.250.74.196	true	false	high
clients.l.google.com	142.250.185.174	true	false	high
infected.quickconnect.to	13.32.121.91	true	false	high
23a72c571eab6919.cdn.jiashule.com	111.47.226.236	true	false	unknown
clients2.google.com	unknown	unknown	false	high
beian.miit.gov.cn	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
about:blank	false	low
http://infected.quickconnect.to/573e7af50207ee0f67a3f60752802e92.png	false	high
http://infected.quickconnect.to/connect_lib.9680d74c2abbd47665d3.bundle.js	false	high
http://infected.quickconnect.to/vendor.dll.js	false	high
http://infected.quickconnect.to/e903266b5cec648754bc4fa966c21efa.png	false	high
http://infected.quickconnect.to/connect_lib.7045c606.bundle.css	false	high
http://infected.quickconnect.to/commons.15d0d7a8c9ba9444b179.bundle.js	false	high
http://infected.quickconnect.to/	false	high
http://infected.quickconnect.to/	false	high
https://infected.fr4.quickconnect.to/	false	high
http://infected.quickconnect.to/webman/pingpong.cgi?action=cors&quickconnect=true	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.32.110.58	synostatic.synology.com	United States	16509	AMAZON-02US	false
142.250.184.196	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	true
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
142.250.186.170	unknown	United States	15169	GOOGLEUS	false
3.75.139.27	dec.quickconnect.to	United States	16509	AMAZON-02US	false
13.32.121.91	infected.quickconnect.to	United States	16509	AMAZON-02US	false
45.11.60.211	infected.myds.me	Poland	202004	GREENLAN-ASPL	false
142.250.181.237	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
35.156.180.83	global.quickconnect.to	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
185.93.2.187	infected.fr4.quickconnect.to	Czech Republic	60068	CDN77GB	false

Private

IP
10.188.248.105

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1269731
Start date and time:	2023-07-10 14:27:06 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://infected.quickconnect.to/
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@25/241@16/163

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.250.185.163, 34.104.35.123
Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, login.live.com, slscr.update.microsoft.com, clientservices.googleapis.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	166417
Entropy (8bit):	5.826823759582209
Encrypted:	false
SSDEEP:
MD5:	CA1A3B8F9FE47091106634FAA7523692
SHA1:	3D9D4CC3C925C24EC2D96BABEBFB191B964C6BA9
SHA-256:	F0924A6DF633579A841F4DF25B80CE647E0F4DD47F28094C1455EA315E881973
SHA-512:	C9BE3ADBB8EECAC40B166EE6575FCE41E1A845BC0B5A676D97AD7A458DDD0BE0EB3E344D63074D714463DDF368BCF1A96956770ADABF1E1EA267D9B42118632A
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/synoSDSjslib/sds.css?v=1688993505
Preview:	.scrollgeneric{line-height:1px;font-size:1px;position:absolute;top:0;left:0}.vscrollerbase,.hscrollerbase{width:0px;height:0px}.vscrollerbar,.hscrollerbar{background-position:0 0;-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=$ieOpacity)";filter:alpha(opacity=20);filter:progid:DXImageTransform.Microsoft.Alpha(Opacity=20);opacity:0.2;-moz-transition-property:opacity;-o-transition-property:opacity;-webkit-transition-property:opacity;transition-property:opacity;-moz-transition-timing-function:ease-in;-o-transition-timing-function:ease-in;-webkit-transition-timing-function:ease-in;transition-timing-function:ease-in;-moz-transition-duration:0.2s;-o-transition-duration:0.2s;-webkit-transition-duration:0.2s;transition-duration:0.2s}.vscrollerbar:hover,.hscrollerbar:hover{-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=$ieOpacity)";filter:alpha(opacity=30);filter:progid:DXImageTransform.Microsoft.Alpha(Opacity=30);opacity:0.3}.vscrollerbar:active,.hscrollerbar:active{-

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (852)
Category:	downloaded
Size (bytes):	28497
Entropy (8bit):	4.953019044591424
Encrypted:	false
SSDEEP:
MD5:	A5D3520009D448D9314D9019EDD770AE
SHA1:	F5B10B75EA5390D66484C7307B9862B27774BEBD
SHA-256:	78CBB9F835FF8D85B1D326BC694FF3B0E7B11F6B9CE9642A3F58C131327691E6
SHA-512:	1E2CEBBC6C8E57D70F2B1B5687E9BF7B5F91AA44D888834F712D4F5C24419366023913D3716473A24436081842581EFF6DD9C63E23AA04853271CA7954F44CB3
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/AntiVirus/style.css?v=1678708220
Preview:	/* DSM5.0 styles /./ McAfee styles /..synoav-schedule-scan-editorwindow .synoav-schedule-scan-editorwindow-formpanel .synoav-note-label {. color: #00A66E;.}../ DSM5.0 styles /./ McAfee styles /./ Main window appearance /..syno-av-mcafee .syno-ux-modulelist .x-tree-node-leaf.x-tree-selected {. background-color: #CD4164;.}..syno-av-mcafee .syno-ux-modulelist .x-tree-node-leaf.x-tree-node-over span {. color: #CD4164;.}..syno-av-mcafee .syno-ux-modulelist .x-tree-node-leaf.x-tree-selected.x-tree-node-over span {. color: #FFFFFF;.}..syno-av-mcafee.sds-window-v5 .x-window-tl {. border-top: 4px solid #CD4164;. background-image: linear-gradient(#FAEDF0, #FFFFFF);.}..syno-av-mcafee.sds-window-v5 .x-window-header-text {. color: #CD4164;.}../ List view icons for antivirus essential */..syno-av.syno-av-clam .syno-av-list-overview {. background-image: url("images/listview_av_overview.png");.}.@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-re

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	troff or preprocessor input, ASCII text, with very long lines (2043), with no line terminators
Category:	downloaded
Size (bytes):	2043
Entropy (8bit):	4.977229765038544
Encrypted:	false
SSDEEP:
MD5:	FDA895D1D3B69F2A33798F986ECF9DBF
SHA1:	2D13BB9C3F7D7A5EC52049E79B9482C0387BFB57
SHA-256:	825F3468513E6D24C5C3B5097FE9DEFD19300B9E5C8E2748A7439EDC05F9A5FA
SHA-512:	F9D585E27F6A6D7034FE16D1075AC96239C02929019DDC645134FF86B8A7AA21A09D6EDFED9C08A88F014A3F2242B45F0AD4E5B1337DD71B7F25C5346196EA40
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/C3/style.css?v=1614856781
Preview:	.c3 svg{font:10px sans-serif;-webkit-tap-highlight-color:transparent}.c3 line,.c3 path{fill:none;stroke:#000}.c3 text{-webkit-user-select:none;-moz-user-select:none;user-select:none}.c3-bars path,.c3-event-rect,.c3-legend-item-tile,.c3-xgrid-focus,.c3-ygrid{shape-rendering:crispEdges}.c3-chart-arc path{stroke:#fff}.c3-chart-arc text{fill:#fff;font-size:13px}.c3-grid line{stroke:#aaa}.c3-grid text{fill:#aaa}.c3-xgrid,.c3-ygrid{stroke-dasharray:3 3}.c3-text.c3-empty{fill:gray;font-size:2em}.c3-line{stroke-width:1px}.c3-circle._expanded_{stroke-width:1px;stroke:#fff}.c3-selected-circle{fill:#fff;stroke-width:2px}.c3-bar{stroke-width:0}.c3-bar._expanded_{fill-opacity:.75}.c3-target.c3-focused{opacity:1}.c3-target.c3-focused path.c3-line,.c3-target.c3-focused path.c3-step{stroke-width:2px}.c3-target.c3-defocused{opacity:.3!important}.c3-region{fill:#4682b4;fill-opacity:.1}.c3-brush .extent{fill-opacity:.1}.c3-legend-item{font-size:12px}.c3-legend-item-hidden{opacity:.15}.c3-legend-backgroun

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 4 x 44, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	157
Entropy (8bit):	5.884717655193858
Encrypted:	false
SSDEEP:
MD5:	898576D35106868C83376B0DB03D13A7
SHA1:	8CD2730C7879C60A64AD0BED8523C4BBD0277D17
SHA-256:	796D8F69BCF431D76DC21194A3B0510441C9255CDF383721BD15F901FFAE8D14
SHA-512:	5B4D2FE20CC53A25FDA267729EB047C015544508D52FD4F9D09F2DBD758AB457286B615B8A92A04CE32028BD58A0B112280F6CE14D301692F9EBA1D93F933AAE
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......,.....B..%....tEXtSoftware.Adobe ImageReadyq.e<...?IDATx.bd``...........I.,.......@....._...A.......PVt...0.;. ..g...0U......IEND.B`.

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13516)
Category:	downloaded
Size (bytes):	13517
Entropy (8bit):	4.88574321698475
Encrypted:	false
SSDEEP:
MD5:	407769194014C674B07F00EEB5C338A7
SHA1:	5C037FA484FC3B1EB5336DFB7D47762018848070
SHA-256:	1E3D69CE02B25F3014E37D708B00840124C08C97A4A2650742153DCDF54BDAE5
SHA-512:	8B15B2784AAEE3AA0601A51DFB59939776B6C090E919EACE8DF05130A7DD48DF370F5F1121587AF995628406FB6A25C301584DDEAB568B1050CDFE9A6DF18AAF
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/SystemInfoApp/style.css?v=1614856781
Preview:	.syno-sysinfo-system-health .x-panel-body{background-color:transparent}.syno-sysinfo-system-health .syno-sysinfo-system-health-status{height:84px;width:100%}.syno-sysinfo-system-health .syno-sysinfo-system-health-status .syno-sysinfo-system-health-content-wrap{width:204px;margin:10px 16px}.syno-sysinfo-system-health .syno-sysinfo-system-health-status .syno-sysinfo-system-health-west-normal,.syno-sysinfo-system-health .syno-sysinfo-system-health-status .syno-sysinfo-system-health-west-warning,.syno-sysinfo-system-health .syno-sysinfo-system-health-status .syno-sysinfo-system-health-west-initial,.syno-sysinfo-system-health .syno-sysinfo-system-health-status .syno-sysinfo-system-health-west-emergency{position:relative;margin:10px 0 10px 20px;width:64px;height:64px;background-image:url('images/1x/sprite-s90fad1d510.png');background-position:0 -192px;background-repeat:no-repeat}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohd

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	196
Entropy (8bit):	5.075895468076615
Encrypted:	false
SSDEEP:
MD5:	50C63CC94BBA6F37080031BF5EC3706A
SHA1:	D2483F4BCBC296D43343918B6AD87B21ED2F7C20
SHA-256:	64735EAC069FAFEFA2572471DD83DD8FCEEFF32D0373E4400B77E1CC5CB28017
SHA-512:	DF76D742859EAA2EC22043823442FA5903162A5D2D7F8B8FD3BD744A1B1C3DFF4D9C63B301D2B74820ECE175059F0FEF9317AF2185797874D6695AC09A2D4CEB
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webapi/entry.cgi?api=SYNO.Core.Desktop.Defs&version=1&method=getjs&v=1631672194
Preview:	_SYNOINFODEF={"is_business_model":"no","manager":"Synology DiskStation",}; function _D(s, d) {if (s in _SYNOINFODEF) {.return _SYNOINFODEF[s];}else if (typeof d == 'string'){.return d;}return '';}

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	19
Entropy (8bit):	3.3005590923909547
Encrypted:	false
SSDEEP:
MD5:	D2B50740510D48D935A012D1F66C2611
SHA1:	8D65364E89AA389D4C8B579DEDA2D29ED34D0460
SHA-256:	9458D697938627220FCC4BE23A386E02BD5DEE13C71C6E0E6348F9142C86F855
SHA-512:	FC971B6059169AB6C3C5B527DDC88279CA3AB0D34E316C2BAEBEDFDB0085BEC6FD36F026B3B2E5D5BA966E269C9BAB7B440F8050F020A9B5CD54A840C042EDAC
Malicious:	false
Reputation:	low
Preview:	dec.quickconnect.to

Chrome Cache Entry: 185

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7661)
Category:	downloaded
Size (bytes):	7662
Entropy (8bit):	5.1403593023884575
Encrypted:	false
SSDEEP:
MD5:	886438F5AA1E25595D4E7B3A56441381
SHA1:	94BBCAE88EBC2342230E113AE0868C23DFE77A5E
SHA-256:	8E0066B3B71631EA6FEC622389C508C9445B2BA62A13977EBA688A51196639E3
SHA-512:	E358495F9F680DD49E01CB50C0B9F3C0AFD7A25DB03E6966BE44DFD4E80EA728AEAB9E7622C5B1077A1E9995B7CB688A1DA466CD992399D035128D61193E7A35
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/ExternalDevices/style.css?v=1614856781
Preview:	.sds-eject-device-panel .item{border:0;border-bottom:1px solid #EBF0F5;height:40px;padding-top:9px}.sds-eject-device-panel .title{margin:-1px 0px 0px 48px;vertical-align:top;font-size:15px;color:#0086E5;font-weight:bold;background-repeat:no-repeat}.sds-eject-device-panel .msg{margin-left:48px;height:12px;font-size:12px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap;padding-bottom:10px;color:#505A64}.sds-eject-device-panel .x-btn-ml,.sds-eject-device-panel .x-btn-mc,.sds-eject-device-panel .x-btn-mr{background:none}.sds-external-device-usb{background-repeat:no-repeat;background-image:url("images/default/1x/g_icon_storage.png?v=0332182021043384");background-position:0px 0px;margin-left:8px;height:32px;width:32px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .sds-external-device-usb{background-image:url("images/default/2x/g_icon_storage.png?v=0332182021043384");background-size:32px 544px}}@media (-webkit-m

Chrome Cache Entry: 186

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.547071304875868
Encrypted:	false
SSDEEP:
MD5:	4AF72B86A2202370C2B08352051CC582
SHA1:	01B3A83119D9E0794433AD5A83984FBD9AD16410
SHA-256:	6AD6663FC5F2ECBF80E2477C5D1CCFA4A8CE92D8F2BC2E9AEFEC7C2F2412296C
SHA-512:	60832B7E6221745D70DD0E04E03C757159FC173EA974B7CADA69D3653985857EBF7F6B823E24173A7A44DC5157AA4F1E7E7B44375873E94AE9F2B6A74FE8CCF0
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/pingpong.cgi?action=cors&quickconnect=true
Preview:	{"success": true, "ezid": "d34a0a37f201b1f604027bf6a3f95b1f"}

Chrome Cache Entry: 187

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65475)
Category:	downloaded
Size (bytes):	436217
Entropy (8bit):	5.390071535634056
Encrypted:	false
SSDEEP:
MD5:	DC89C639E051CE034F7B3F25ACFD6A2D
SHA1:	05171A05E3CB7721BA98314B26116C99C3A47022
SHA-256:	5FE6C6AB5567B05C9DDCA0CC47E5B4B32E333A32568C3DDAD53767ED51065445
SHA-512:	74E61C3DB09098A0DA737DD0C30B3E5E98711FF5885D5B802332F6895B5CD480C3BCE052A041DEF5C9B9B2FA9382BBD9E9B6FEDC0B8A2D6903A79D0511531C9F
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/synoSDSjslib/sds.js?v=1614856607
Preview:	/* Copyright (c) 2021 Synology Inc. All rights reserved. */..SYNO.SDS.UIFeatures=function(){var b={previewBox:(!Ext.isIE\|\|Ext.isModernIE),expandMenuHideAll:true,windowGhost:!Ext.isIE\|\|Ext.isModernIE,disableWindowShadow:Ext.isIE&&!Ext.isModernIE,exposeWindow:(!Ext.isIE\|\|Ext.isIE10p),msPointerEnabled:window.navigator.msPointerEnabled&&window.navigator.msMaxTouchPoints>0,isTouch:("ontouchstart" in window)\|\|(window.navigator.msPointerEnabled&&window.navigator.msMaxTouchPoints>0),isRetina:function(){var d=false;var c="(-webkit-min-device-pixel-ratio: 1.5),(min--moz-device-pixel-ratio: 1.5),(-o-min-device-pixel-ratio: 3/2),(min-resolution: 1.5dppx)";if(window.devicePixelRatio>=1.5){d=true}if(window.matchMedia&&window.matchMedia(c).matches){d=true}return d}(),isSupportFullScreen:document.fullscreenEnabled\|\|document.webkitFullscreenEnabled\|\|document.mozFullScreenEnabled\|\|document.msFullscreenEnabled};var a=Ext.urlDecode(location.search.substr(1));Ext.iterate(a,function(c){var d=a[c];if(Ext.isD

Chrome Cache Entry: 188

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.377567157116928
Encrypted:	false
SSDEEP:
MD5:	DB7B0A8AE727F01124683503F12C339C
SHA1:	09C8666DC9AB4E10F0A13266233D1A18AFDA2B90
SHA-256:	5D779A78CDAA375B8C11C30A6578B6046DA565F7DD05554A6BCAA62B5156B687
SHA-512:	6A0DDDCFB8D4F3CA1F6FB89FC7B52169FF453C3E7770DDD81065FD650052FE76A1DC296486341AF42224A5482C9A8B7A9ED0D107C40A6B9012EA2D4345760BEA
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA0LjAuNTExMi4xMDISHgkfh_B6PH48whIFDeeNQA4SBQ1Xevf9EgUNyX0kuw==?alt=proto
Preview:	ChsKBw3njUAOGgAKBw1Xevf9GgAKBw3JfSS7GgA=

Chrome Cache Entry: 189

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 17 tables, 1st "GPOS", 27 names, Macintosh, Font data copyright Google 2012RobotoRegularGoogle:Roboto Regular:2013Roboto RegularVersion 1.10
Category:	downloaded
Size (bytes):	145348
Entropy (8bit):	6.6505423518949565
Encrypted:	false
SSDEEP:
MD5:	54A91B0619CCF9373D525109268219DC
SHA1:	1D1D41FCADC571DECB6444211B7993B99CE926E2
SHA-256:	B2EFABCA5EA4BC56EEA829713706B5CD0788B82ACA153BD4ADDE9B1573933B4F
SHA-512:	7F79FF3B42A672371814F42814AA5646328B1A314691D30CE09FFDC7A322ADCB1AF66625274F7FAC024CA2F22A42B625001735711C430FAEF6E077E1F1D24887
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/VideoStation/font/Roboto-Regular.ttf
Preview:	............GPOS*.......S.GSUBn.U...2x...JLTSH.......$....OS/2...;.......`cmapR.7....4...Tcvt ...T.......0fpgm/.N.........gasp...........glyf.^2;..&(...Lhead..........6hhea...6...T...$hmtxz<u3.......,locaT...........maxp.8.....x... name.>.h...t....postB..4......#.prep...P...D.............[.._.<..........G.3.......1.,...\.w.................b.......,.?..............................._.................................3.......3.....f..................P. [... ....Goog.......b.....b.+ ...O....:... . .........................P...F...n...h...@.g.P.........t.....N...0.1.#.$...R.....q.......\..._...7...........M...f...S.......c...G.....0.....:.).`...........v.E...........t.x.....C...j.=.%...R...........t.q. ...t.q.M.....a...".j.........6...B.......a.(...N.'.(...X.=.......R.f.j.....?.a...b.;.c...8...d...............................a.......b...../.g..."...........-...........^...?.........o...........b.k...F...h...........Z.....D.X...x...b.q...1.#.D.X...{.....I.c.d.q.l.j...........?.......w.-._

Chrome Cache Entry: 190

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 13373
Category:	downloaded
Size (bytes):	2578
Entropy (8bit):	7.923827177093008
Encrypted:	false
SSDEEP:
MD5:	999128989BCB9E080930B8CC22C7EE48
SHA1:	206A2167E948DB32DC280B9E5D8968E8B86ED523
SHA-256:	0230E8F90C7B716E8EC31234ADA5A794D69924CB755616EB6A9227350E2CFACC
SHA-512:	5A73ADE21969782F9778824BBA6B5F630C074030577CD7D44115808049B13B309AD9BE0D476193AA7D55FD53F56F12B535E4F444D7F155FE768E605A750347D2
Malicious:	false
Reputation:	low
URL:	http://infected.quickconnect.to/connect_lib.7045c606.bundle.css
Preview:	...........Zmo.F..+...l.T."Q..!q...i.+.^q..Kr)...H.#.....\R...".F..^..?3..C..4,X:7aX...l..9+.O..&.`...k...OW$...Lh\.dSp5...B...+.......nEn.-...o[.....Z.<'s.S....0I.....Y..9......$.y.).TP9....KV.EF.<....#..^...rj..#.w.kq...t....y...[...9.h.2P...h......%....h%3k......"...Z......r...gH/.3J..I..E....7..6....E...x..<.5...i.LW`...M.g....J{9...[el....,..%...4...5P..h...I..4.L....w.E$%..V.f,~!H..../.,.b{....g.........sg...lr.v`\|da.s.....4.......k6z.Z3........o...n6.~...4..$H.=...\|.........\|...?..8........Op..~......7.......5..@...r..;/.,.....z...}<,.....?.....1.$l.......i&.......+......2j.#..2...p+.3..n..g.Y..N8..../....>r..diDo .b<..0...9.c&."nN.YS=.W.......S..S.!.@..5I....g.%.))O..s..\K6f74...JXi.3.....Ni....-6.........u........:.....;.=.N1N..o<.2"...r+8n.A.3].(...'....).'..Z8UdD..... ..M-wX.Z*....O.0..t{.j...uc....htB...K..q..V.5....(.....GKy.....4l...mF.~.Q.4.[.D......3..MR.(...L.u..uY....q...?.....Jo..1.......x

Chrome Cache Entry: 191

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 95 x 40, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4476
Entropy (8bit):	7.8263418163005305
Encrypted:	false
SSDEEP:
MD5:	2C50CB4EAECC8BFBAAB04619B76B0C5E
SHA1:	38CC75A89C5081F785F60E2E11420CBDF7AD35BC
SHA-256:	701F2D96A76E6EBC4C76393EBC5BD9F69B1E37F6332252ECD08CBA6A3011F3FF
SHA-512:	92D63CDDA95C0B028BF39AD48CAA564B7462DB80BECDC992C2EB076F2702EEEDD1BE5CF8B3A379D6E584D6E81CD37716A97D596905F21218CCBEFB2A0B31B0D2
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/resources/images/default/1x/login/logo_synology.png?v=03321820210433193
Preview:	.PNG........IHDR..._...(......k&.....tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c" xmpMM:DocumentID="xmp.did:9304691C423011E5AB43984E1BA8EE53" xmpMM:InstanceID="xmp.iid:9304691B423011E5AB43984E1BA8EE53" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2ce5faad-bbcf-4e06-91e6-ceae7674357c" stRef:documentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>2..!....IDATx..[gT.W.f..>R..F.(...

Chrome Cache Entry: 192

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (25997)
Category:	downloaded
Size (bytes):	26458
Entropy (8bit):	5.46857655520507
Encrypted:	false
SSDEEP:
MD5:	0725EA143F8225E6AEECAFEB87BAC2F5
SHA1:	9AA14057737707A0FF2EAFF10D32F485B425631D
SHA-256:	6BB65C1C7FD24F6C5438E1959CB5C5C01C7488306692B9A019677D7557CBDFC3
SHA-512:	D07EBA66E09D167233BA05251696E17724963F0AC19610D091E9B562E84C599A966F7DE6377ECC8BD79A3FB77F75EED16AA10CBE9E20658DD4BD4B2D1CD712DF
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/scrollbar/flexcroll.js?v=1614856602
Preview:	/.This license text has to stay intact at all times:.Author: Emrah BASKAYA @ www.hesido.com..This script is registered for use by:.Synology Inc..Under the following licence agreement:.http://www.hesido.com/licenses.php?page=flexcrollcommercialunlimited..Key for this license: 20111109013412901.MD5 hash for this license: abdb3120e42f86d3af038d81a2ef5d36.End of license text---././/fleXcroll v2.0.0./* Copyright (c) 2021 Synology Inc. All rights reserved. */..var fleXenv={fleXlist:[],fleXcrollInit:function(){if(document.getElementById){document.write('<style type="text/css">.flexcroll-hide-default { overflow: hidden !important; } </style>')}this.addTrggr(window,"load",this.globalInit)},fleXcrollMain:function(aD,E){var aB=document,M=window,A=navigator,L=(A.msPointerEnabled&&A.msMaxTouchPoints>0),am={};E=E\|\|false;if(!aB.getElementById\|\|!aB.createElement){return}if(typeof(aD)=="string"){aD=document.getElementById(aD)}if(aD==null\|\|A.userAgent.indexOf("OmniWeb")!=-1\|\|((A.userAgent.indexOf("App

Chrome Cache Entry: 193

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	259094
Entropy (8bit):	5.214624486416353
Encrypted:	false
SSDEEP:
MD5:	68F2DFA96A3311EB9F4AA3F24049652B
SHA1:	1997E422FC08F07FB67E8C0BF45E7A5B8C617C6C
SHA-256:	CD4523261E4FB0A7B602694FCF6E6FDF9B1C79E93115589241458AF240E29251
SHA-512:	C37A5E4184C8997454D55C6C8DBAF2C678D911FF61CFC6839A16013E4218C0CE99E212549D41F5FBA64537920DD5C77E3B14A585093964040EE51D6D334172EA
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/SynoFinder/style.css?v=1645763533
Preview:	.syno-finder .view-section-title{height:32px;box-sizing:border-box;border-bottom:1px solid #D7E1EB;line-height:28px;font-size:15px;color:#0086E5;padding-left:8px;background:white}.business .syno-finder .view-section-title{color:#2A588C}.syno-finder .view-section-title .count{font-size:14px}.syno-finder .ellipsis{white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.syno-finder .reverse-ellipsis{text-overflow:clip;position:relative;background-color:white}.syno-finder .reverse-ellipsis::before{content:'\02026';position:absolute;z-index:1;left:-1em;background-color:inherit;padding-left:1em;margin-left:0.5em}.syno-finder .reverse-ellipsis span{min-width:100%;position:relative;display:inline-block;float:right;overflow:visible;background-color:inherit;text-indent:0.5em}.syno-finder .reverse-ellipsis span::before{content:' ';position:absolute;display:inline-block;height:20px;width:1em;background-color:inherit;z-index:200;left:.5em}.syno-finder .vertical-img span.helper{display:inline-blo

Chrome Cache Entry: 194

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (40243)
Category:	downloaded
Size (bytes):	40244
Entropy (8bit):	5.146518327227649
Encrypted:	false
SSDEEP:
MD5:	99F36EFC5D1DFC0619F075F8CCEAE3CD
SHA1:	4B514307060293E583234735E6CC0B36B23B62B9
SHA-256:	8516B1169EC55B444433672ED1F65467FCD576B539B8B7553A3168A2C41D4EF8
SHA-512:	60FA958B409E5907C2BC10974CD507D4273124E92193B0F8B92ED6026C7ECA482371B237A3F6650CFFE5DD75F9F3513FBE7D4ECE0F9E59D10135A738260D4E17
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/PDFViewer/style.css?v=1611113065
Preview:	.syno-sds-pdfviewer-panel .scale-combo,.syno-sds-pdfviewer-modal-win .scale-combo{width:51px}.syno-sds-pdfviewer-panel .syno-ux-checkbox-label,.syno-sds-pdfviewer-modal-win .syno-ux-checkbox-label{white-space:nowrap;color:#323C46;font-size:12px;padding-left:32px}.syno-sds-pdfviewer-dropdown-list.x-layer .x-combo-list-item,.syno-sds-pdfviewer-dropdown-list.x-layer .x-menu-list-item{vertical-align:top}.syno-sds-pdfviewer-dropdown-list.x-layer .x-combo-list-item .x-menu-item,.syno-sds-pdfviewer-dropdown-list.x-layer .x-menu-list-item .x-menu-item{padding-left:0;display:inline-block}.syno-sds-pdfviewer-dropdown-list.x-layer .x-combo-list-item:before,.syno-sds-pdfviewer-dropdown-list.x-layer .x-menu-list-item:before{content:' ';display:inline-block;width:28px;height:28px;vertical-align:top;background-position:center center;background-repeat:no-repeat;background-size:cover}.syno-sds-pdfviewer-dropdown-list.x-layer .divider-wrapper{padding:0px 3px;height:7px;position:relative}.syno-sds-pdfvie

Chrome Cache Entry: 195

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1212)
Category:	downloaded
Size (bytes):	1213
Entropy (8bit):	5.159911915040626
Encrypted:	false
SSDEEP:
MD5:	34DFF6812212A199566E9BB0513D77A5
SHA1:	142AA2270EAAA24DB8B1FDD1B41058010B743328
SHA-256:	A0D9C55E53EA2D4B5B071C59BE95A33F906EE85439F3F28AD23725B3432DBA22
SHA-512:	8B587A90B41C23595F1B0BD24891571677067E9AF851756D54B060628B5ED41E392DD7DF3EEAB8123354B9E0D34F1FCA88F40091906E48D93C421C167BE090A0
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/TaskSchedulerWidget/style.css?v=1614856781
Preview:	.syno-taskname{background-image:url("images/widget_schedule_waiting_icn.png");background-position:-4px -4px;width:18px;height:18px;float:left}.syno-taskscheduler-enable-taskicon,.syno-taskscheduler-disable-taskicon{background-image:url("images/widget_filelog_icons.png?v=03341820210433196");width:24px;height:24px;margin:2px 6px 2px 8px;float:left;background-position:0 -144px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-taskscheduler-enable-taskicon,.synohdpack .syno-taskscheduler-disable-taskicon{background-image:url("../../../synohdpack/images/dsm/modules/TaskSchedulerWidget/images/widget_filelog_icons.png?v=03341820210433196");background-size:24px 192px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-taskscheduler-enable-taskicon,.synohdpackdebug .syno-taskscheduler-disable-taskicon{background-image:url("../../../synohdpack/

Chrome Cache Entry: 196

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1811)
Category:	downloaded
Size (bytes):	1812
Entropy (8bit):	5.053272145033448
Encrypted:	false
SSDEEP:
MD5:	9A9D6EA52DF8E131E458392DFF4F93FB
SHA1:	B3A5361A115A339AC855EC53CD1506E78A971F96
SHA-256:	14792FD59CA9D17B56284DBBABC51802B6CAC4D478FB899949BB2482B12C5643
SHA-512:	3BBB044480148A59C71CC9110613988F56F8E28BC639433A88C4CB64D07E73DC942F069170D4673516150D41D785995992A68B5FC63D5F50C09A45735E89485A
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/ClipBoardJS/style.css?v=1614856780
Preview:	.syno-ux-button.x-btn.clipboard-btn-cut{width:30px;line-height:15px}.syno-ux-button.x-btn.clipboard-btn-cut em button{margin:1px 3px;padding:0;width:24px;height:24px;background-image:url('images/default/1x/sprite-s791ea57a27.png');background-position:0 -48px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-ux-button.x-btn.clipboard-btn-cut em button{background-image:url('images/default/2x/sprite-s73af58319b.png');background-size:24px 96px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-ux-button.x-btn.clipboard-btn-cut em button{background-image:url('images/default/2x/sprite-s73af58319b.png');background-size:24px 96px;outline:1px green dashed}}.syno-ux-button.x-btn.clipboard-btn-cut.x-item-disabled em button{background-position:0 -72px}.syno-ux-button.x-btn.clipboard-btn-copy{width:30px;line-height:15px}.syno-ux-button.x-btn.clip

Chrome Cache Entry: 197

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1485)
Category:	downloaded
Size (bytes):	1486
Entropy (8bit):	5.084829979250164
Encrypted:	false
SSDEEP:
MD5:	6A6E801CF17E0105AD5ED797C3486AD8
SHA1:	1E699EA847AA640C598DCD1D0E7CADCE66FBF276
SHA-256:	021526B0A6A9CA546C8D63F1C9A5F7FE1B97BD11C34B235E64C692FFA3E3A4F8
SHA-512:	CBEC6C6903D92BFAFC36074509833CA2CE343832CE834A37A2CACF4BFA0F952007D25D1ED9788723667E77FA41107F19D9C9E87A6CB5E76615F8C1C2C49FE0BD
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/CodecPack/style.css?v=1682560275
Preview:	.syno-ame-win .syno-ame-fieldset .x-form-item{margin-bottom:6px}.syno-ame-win .syno-ame-displayfield{margin-left:3px;padding-top:4.5px}.syno-ame-win .syno-ame-displayfield.supported-codec{padding:2px 0px}.syno-ame-win .syno-ame-install-btn{margin-left:188px}.syno-ame-win .syno-ame-supported-codec-container{display:flex;flex-direction:row;justify-content:flex-start;align-items:center;gap:0px 12px}.syno-ame-win .syno-ame-supported-codec{display:flex;flex-direction:row;align-items:center;gap:0px 4px}.syno-ame-win .syno-ame-supported-codec .codec__icon{height:24px;width:24px;background-image:url("images/1x/icon_status.png?v=__PKG_VERSION__");background-size:size("images/1x/icon_status.png");background-position:0px -24px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-ame-win .syno-ame-supported-codec .codec__icon{background-image:url("images/2x/icon_status.png?v=__PKG_VERSION__")}}@media (-webkit-min-device-pixel-

Chrome Cache Entry: 198

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (63529), with no line terminators
Category:	downloaded
Size (bytes):	1148354
Entropy (8bit):	5.199251581576405
Encrypted:	false
SSDEEP:
MD5:	60F4E0D4358E17475553A470D2FBEA79
SHA1:	2E67011F06678CCAEB7B414FF812A550704CF841
SHA-256:	CBD84F28B0467EB269C7FECE2F2F980C702BCD6F5F7982ECE4E29F0F66B1C179
SHA-512:	53E6649047C1EB4B3DAB21598621318F561D3432F9D17EF0E7865BF710610DEE7167195701D6A0A6D1E40FB5780FC53BE18BF658B84381F802DCF894F7CA85DE
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webapi/entry.cgi?api=SYNO.Core.Desktop.UIString&version=1&method=getjs&lang=plk&v=1617762143-s7
Preview:	SYNO_WebManager_Strings={"mail":{"ForgetPasswordAdmin":"\"Category: System","Subject: Wykryto konfiguracje modu.u pami.ci inne ni. zalecane przez firm. Synology. Mo.esz mie. %ILLEGAL_LAYOUT%Wybierz <a class":"link-font\" target=\"_blank\" href=\"https://www.synology.com/products/accessories/ram_railkit\">oryginalne modu.y pami.ci Synology</a>, aby zwi.kszy. niezawodno.. systemu.","certificate_broken":"\"Category: System","memory_layout_memory_detect_unauthentic":"\"Category: System"},"Country":{"A1":"Zarezerwowany przez system (anonimowe proxy)","A2":"Zarezerwowany przez system (us.ugodawca satelitarny)","AD":"Andora","AE":"Zjednoczone Emiraty Arabskie","AF":"Afganistan","AG":"Antigua i Barbuda","AI":"Anguilla","AL":"Albania","AM":"Armenia","AO":"Angola","AP":"Region Azji i Pacyfiku","AQ":"Antarktyda","AR":"Argentyna","AS":"Samoa Ameryka.skie","AT":"Austria","AU":"Australia","AW":"Aruba","AX":"Wyspy Alandzkie","AZ":"Azerbejd.an","BA":"Bo.nia i Hercegowina","BB":"Barba

Chrome Cache Entry: 199

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 45 x 40, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1997
Entropy (8bit):	7.339498710629166
Encrypted:	false
SSDEEP:
MD5:	C316E8FBC5FD17B53EE907C00A260767
SHA1:	E2197BD92BEF054331899811C7FD9A3356046EBF
SHA-256:	6E54C3BC8435F697581A06BA19567EEE85C5F8AFDCAA22E7C29BDDFBCDF7BF0C
SHA-512:	75F617E55F2E0934965A2D6E4CCB83250D17CEA60C98343A761858E2F9943EF0BDA566461A88AA72E98995A8B28CDBBA6705F327B29C88489EECA9CE7D697F92
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/resources/images/default/1x/login/logo_DSM.png?v=03321820210433193
Preview:	.PNG........IHDR...-...(.....j.s)....tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c" xmpMM:DocumentID="xmp.did:68859A03424211E5AB43984E1BA8EE53" xmpMM:InstanceID="xmp.iid:68859A02424211E5AB43984E1BA8EE53" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2ce5faad-bbcf-4e06-91e6-ceae7674357c" stRef:documentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.c.....IDATx..XKL.a..]Z.@.D.....

Chrome Cache Entry: 200

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (28481)
Category:	downloaded
Size (bytes):	28482
Entropy (8bit):	5.446274878827311
Encrypted:	false
SSDEEP:
MD5:	8A95634D08F8E4FDB7497ED47DAD9BD8
SHA1:	37A20597880B3E24607D9D4F9F7E44767B641DB8
SHA-256:	794BDEBCF8C81ABAAF52D1DB1F41ADB62E829BEE857998CBB3173CEB5395246A
SHA-512:	D97867EC2169C448CF645572272164930845406369E61A9468ACBB0492BB8351ADCE14E21A373B2029557E7E9F56D0903C7435764C8551436F20090B5BAFA903
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/Utils/style.css?v=1614856781
Preview:	.syno-utils-timeline-wrapper{position:absolute;z-index:1;top:0px;left:0px;bottom:0px;right:0px;height:85px;background:#e6f5ff;overflow:hidden}.syno-utils-timeline-wrapper .syno-utils-timeline-scroller{position:absolute;z-index:1;width:10980px;height:100%;-webkit-transform:translateZ(0);-moz-transform:translateZ(0);-ms-transform:translateZ(0);-o-transform:translateZ(0);transform:translateZ(0);-webkit-touch-callout:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-text-size-adjust:none;-moz-text-size-adjust:none;-ms-text-size-adjust:none;-o-text-size-adjust:none;text-size-adjust:none}.syno-utils-timeline-wrapper .syno-utils-timeline-scroller ul{background-position:-15px -35px;background-repeat:repeat-x;position:absolute;list-style:none;padding:0;margin:0;height:100%;text-align:center}.syno-utils-timeline-wrapper .syno-utils-timeline-scroller ul .month-label{font-weight:bold;color:#0087e6;width:30px;height:42px;position:absolute;top:56px;z-i

Chrome Cache Entry: 202

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42827)
Category:	downloaded
Size (bytes):	375904
Entropy (8bit):	5.325875860474111
Encrypted:	false
SSDEEP:
MD5:	88E0E5D7A3DE7D86BEAC667A07E7FAB6
SHA1:	BC471E9ED1AF91A3621447D1EDE432F3AB184659
SHA-256:	E7866A188C6C3FB360B65AD9E3BDB0C3D1378BE7DD47A91885193B4CD75CDD2D
SHA-512:	CF18D274B83BDF15F5D538F267EEC2FD427E6231626BA237F3B42DECECC03A44F4CE1E9ADE751D5EE598ED117EE172956330F16B394F2801E5772AAB20A4BDC9
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/ext-3/ux/ux-all.js?v=1614856602
Preview:	/* Copyright (c) 2021 Synology Inc. All rights reserved. /..(function(i,b){if(i.setImmediate){return}var c=1;var o={};var h=false;var r=i.document;var l;function d(s){o[c]=f.apply(b,s);return c++}function f(t){var s=[].slice.call(arguments,1);return function(){if(typeof t==="function"){t.apply(b,s)}else{(new Function(""+t))()}}}function a(t){if(h){setTimeout(f(a,t),0)}else{var s=o[t];if(s){h=true;try{s()}finally{m(t);h=false}}}}function m(s){delete o[s]}function g(){l=function(){var s=d(arguments);process.nextTick(f(a,s));return s}}function k(){if(i.postMessage&&!i.importScripts){var t=true;var s=i.onmessage;i.onmessage=function(){t=false};i.postMessage("","");i.onmessage=s;return t}}function j(){var t="setImmediate$"+Math.random()+"$";var s=function(u){if(u.source===i&&typeof u.data==="string"&&u.data.indexOf(t)===0){a(+u.data.slice(t.length))}};if(i.addEventListener){i.addEventListener("message",s,false)}else{i.attachEvent("onmessage",s)}l=function(){var u=d(arguments);i.postMessag

Chrome Cache Entry: 203

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2632)
Category:	downloaded
Size (bytes):	2633
Entropy (8bit):	5.175087088933684
Encrypted:	false
SSDEEP:
MD5:	C561AC24BE5CB9CD6571C0EB24A791D1
SHA1:	927242D92C0AA93174FCADC80E3032E26A4E10C6
SHA-256:	1F174FEAEAF5D16FE6A4DCF7E251519A78A3714FE4EF1C38A9CF4DCDEF4A514A
SHA-512:	D2AEB5F0630088E2E02FFB1F7A095F064073B710506006022291B711462D2EA41A3A7D0CF5B83C421DEA76AFFA39EABA1AEFC7B6E10B3621F5355C3AB21CDA47
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/PollingTask/style.css?v=1614856781
Preview:	.sds-port-disabled-panel .item{border:0;border-bottom:1px solid #EBF0F5;padding-top:9px}.sds-port-disabled-panel .title{margin:-1px 0px 0px 48px;vertical-align:top;font-size:15px;color:#0086E5;font-weight:bold;background-repeat:no-repeat}.sds-port-disabled-panel .msg{margin-left:48px;font-size:12px;overflow:hidden;text-overflow:ellipsis;padding-bottom:10px;color:#505A64}.sds-port-disabled-panel .x-btn-ml,.sds-port-disabled-panel .x-btn-mc,.sds-port-disabled-panel .x-btn-mr{background:none}.sds-port-disabled-icon{background-repeat:no-repeat;background:url("../../../synoSDSjslib/images/components/g_icon_storage.png");background-position:0px -224px;margin-left:8px;height:32px;width:32px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .sds-port-disabled-icon{background-image:url("../../../synohdpack/images/dsm/resources/images/components/g_icon_storage.png?v=0355182021043462");background-size:32px}}@media (-webkit-min-d

Chrome Cache Entry: 206

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	878651
Entropy (8bit):	5.004193630904814
Encrypted:	false
SSDEEP:
MD5:	9A6F645FD6A1BD907BFA564755CFC21F
SHA1:	F3C934C26C68973C179F095976A5E831BF2E37EA
SHA-256:	D6A648E22C3ACA4959391E5FB14D0ACB7C4A5CAF1DCB5E4CCCF89F4B09DCD253
SHA-512:	0345821EF8BE25B7E00501E171497A09114F36E256D326128C8AE83911D4FBFD3043080E16B5217F79C93BC68C8F26B80323231AF5F1A7FA3589AB20D6D9C3CB
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/VideoStation/style.css?v=1678443804
Preview:	@import url("controller/ui/style.css?v=2.5.1-1668");@font-face{font-family:"Roboto";src:url("font/Roboto-Regular.ttf") format("truetype")}@font-face{font-family:"Roboto";font-weight:bold;src:url("font/Roboto-Bold.ttf") format("truetype")}@font-face{font-family:"Roboto-Slab";font-weight:bold;src:url("font/RobotoSlab-Bold.ttf") format("truetype")}@font-face{font-family:"Handwritten-Crystal-V2";src:url("font/Handwritten_Crystal_v2.ttf") format("truetype")}.syno-vs2-win .x-panel .x-panel-header,.syno-vs2-dialog .x-panel .x-panel-header,.syno-vs2-win .x-toolbar div,.syno-vs2-win .x-toolbar input,.syno-vs2-win .x-toolbar span,.syno-vs2-dialog .x-toolbar div,.syno-vs2-dialog .x-toolbar input,.syno-vs2-dialog .x-toolbar span,.syno-vs2-win .x-btn button,.syno-vs2-dialog .x-btn button,.syno-vs2-win .x-window-mc,.syno-vs2-win .x-form-field,.syno-vs2-dialog .x-window-mc,.syno-vs2-dialog .x-form-field,.syno-vs2-dropdown-menu .x-menu-list-item,.syno-vs2-combobox-list,.grid-dd-drag-proxy.vs2-dd-proxy

Chrome Cache Entry: 207

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	196034
Entropy (8bit):	5.1057614878395885
Encrypted:	false
SSDEEP:
MD5:	04F2405E277798271FAEB5E94DCEF72C
SHA1:	535E67EA908C6248F0ECA7D0F55B82FA65496AF2
SHA-256:	786E2FB7F03AE08EBC23FF8518A777BD399C03779D0BB86F0AB32126E01AD002
SHA-512:	B459ED6FE062880CACF78CCAD195C1F64946C57A4017E55E310FDBAF5C07EAB847EB8FE988D40E1F2152D5B46202B71FC21E2CFF0A2C5B834F3079CB62910EA7
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/VideoStation/controller/ui/style.css?v=2.5.1-1668
Preview:	.syno-vc-win .ext-el-mask{background-color:transparent}.syno-vc-dialog .ext-el-mask,.syno-vc-el-mask.ext-el-mask{background-color:#393C3F;filter:progid:DXImageTransform.Microsoft.Alpha(Opacity=0);opacity:0;-moz-animation:mask 0.2s forwards;-webkit-animation:mask 0.2s forwards;animation:mask 0.2s forwards}@-moz-keyframes mask{0%{opacity:0}100%{opacity:0.5}}@-webkit-keyframes mask{0%{opacity:0}100%{opacity:0.5}}@keyframes mask{0%{opacity:0}100%{opacity:0.5}}@-moz-keyframes mask-msg{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes mask-msg{0%{opacity:0}100%{opacity:1}}@keyframes mask-msg{0%{opacity:0}100%{opacity:1}}.syno-vc-win .ext-el-mask,.syno-vc-dialog .ext-el-mask,.syno-vc-el-mask.ext-el-mask{cursor:default}.syno-vc-win .ext-el-mask.delay,.syno-vc-dialog .ext-el-mask.delay,.syno-vc-el-mask.ext-el-mask.delay{-moz-animation:mask 0.2s forwards 0.3s;-webkit-animation:mask 0.2s forwards 0.3s;animation:mask 0.2s forwards 0.3s}.syno-vc-win .ext-el-mask.delay+.ext-el-mask-msg,.syno-vc-dialog

Chrome Cache Entry: 208

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41836)
Category:	downloaded
Size (bytes):	41837
Entropy (8bit):	5.056692150102146
Encrypted:	false
SSDEEP:
MD5:	1F028865E6EEC473D499A68CD1CDC76B
SHA1:	3D131019BE526E468BB513090A90770224FF26C9
SHA-256:	B7E2B517A3E5FFF983B1E8429DEC4C805B0E14808FF922A1BE3CDF4551E308D0
SHA-512:	B323DCEC9603EDAEAEBA031A37654EF0465290A13D44220498C3B4FAF1DCF6751794F6425EF0C78C184EA7526E7DD204B3353394A5B7EC1F485FE2AFCB1DE3EE
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/iSCSI/style.css?v=1614856609
Preview:	.syno-app-iscsi .iscsi-general-list-icon{background-image:url("../../../synoSDSjslib/images//components/g_icon_storage.png")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-app-iscsi .iscsi-general-list-icon{background-image:url("../../../synohdpack/images/dsm/resources/images/components/g_icon_storage.png?v=014017202207546");background-size:32px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-app-iscsi .iscsi-general-list-icon{background-image:url("../../../synohdpack/images/dsm/resources/images/components/g_icon_storage.png?v=014017202207546");background-size:32px;outline:1px green dashed}}.syno-app-iscsi .iscsi-list-status-icon{width:20px;height:20px;position:absolute;display:inline-block;top:25px;left:28px}.syno-app-iscsi .iscsi-list-status-icon-acting{background-image:url("../../../synoSDSjslib/images/components/g_icon_xxxi

Chrome Cache Entry: 209

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	18929
Entropy (8bit):	3.4230111757191897
Encrypted:	false
SSDEEP:
MD5:	E903266B5CEC648754BC4FA966C21EFA
SHA1:	6FFB6F68B5CB5208939C18D211E1592A1FB6FFBA
SHA-256:	F2330A566454EC93C1B4D986F3B672D770762431B7D0051A5E9F77D10FA34B83
SHA-512:	C7829992549D3EBC565118226D41E982A2E90FEE4156ACD3F2E2BC023B8304BE060CC8E8CEF22F24ED4B950DA5EAADF0FA339927A19F66DA78364DB180C1BA26
Malicious:	false
Reputation:	low
URL:	http://infected.quickconnect.to/e903266b5cec648754bc4fa966c21efa.png
Preview:	.PNG........IHDR.............V.W....gAMA....\|.Q.... cHRM...........R...@..}y.....<.....s<.w...9iCCPPhotoshop ICC profile..H..wTT....wz..0..z..0... ..Q.f......Ml..@D...E......H..b!(.`.H.Pb0...dF.J\|yy.......g.s..{....$O../... .'..z8.W.G....x....0Y.A..@$/7.z........H..e..O...O.T...._..lN:K.."N.....3"..$..F../JP.rb.[.}..Q..d.[..S..l1..x{..#b.G...\N..o.X3I....[ql2.....$..8.x.......t..r.p../8...p...C...f.q....K.njm.{r2.8...?......).L^6..g.,.qm."[.Z[Z....~Q....7%.."....3......R..`.j...[.~.:.. w....!.$E}k...yh.y...Rm..333..........:..}.=#.v.....e...tq.X)I)B>==......<..8..X....9<QD.h..8Q.yl....sy....0.OZ.k.(...5..H....>.....yP..........:.8......p.........Lg....k.k...$.......t.!0.V..8.7....`.........2A....@.....JP..A#h.'@.8.....:....`....`......a!2D..!UH.2.. .d..A>P ..ECq...B.......Z....:.]..B..=h...~....L...2...........5p.......N..........:\|......@...QC.....!.H,.G6 .H9R.. ]H/r..A..w(......Q.(OT...JCm@..QGQ...-.(j...MF+...6h/.t.:.]..G7....w...7......Xa<1..

Chrome Cache Entry: 211

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (35089)
Category:	downloaded
Size (bytes):	35090
Entropy (8bit):	5.0661243404633405
Encrypted:	false
SSDEEP:
MD5:	5C6DFE7BE73ECA0D9E4ECE8A58C29510
SHA1:	91060960C4DE5BD117B6C284FB75C10183AB60A9
SHA-256:	FD98F89011C9F50E179E3C6EBEB39C50DC282333D9F6726BE0F54694E0B4696C
SHA-512:	C7F5C0295A98D5EBEA0642D136D939C305E59DB1ACF67AF367A30628232530875C4ED1F7129E8505973827442DEADD560EB242EB9153218F43B528B0B02B7E3B
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/PkgManApp/style.css?v=1614856781
Preview:	.synopkg-empty-pkglist-mask{position:absolute;top:0;bottom:0;left:0;right:0;display:flex;flex-direction:column;align-items:center;justify-content:center;background:#FFFFFF;z-index:10}.synopkg-empty-pkglist-icon{width:120px;height:120px;background-image:url("images/1x/icn_empty_package.png?v=03581820210434105");background-repeat:no-repeat}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .synopkg-empty-pkglist-icon{background-image:url("images/2x/icn_empty_package.png?v=03581820210434105");background-size:120px 120px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .synopkg-empty-pkglist-icon{background-image:url("images/2x/icn_empty_package.png?v=03581820210434105");background-size:120px 120px;outline:1px green dashed}}.synopkg-empty-pkglist-msg{display:inline-block;height:20px;max-width:100%;margin-top:20px;color:#8c96a0;text-align:center;lin

Chrome Cache Entry: 212

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6241)
Category:	downloaded
Size (bytes):	6242
Entropy (8bit):	5.024544430877761
Encrypted:	false
SSDEEP:
MD5:	BECE2DB93F9032C765BDFEA22C88918B
SHA1:	F37154EF43BA05A75AB810C43BBE52C09603F956
SHA-256:	2D6A4B86E916138D0F6CFEDB645887F70E334ECD03E4BDACEADDDCF85F34EAA0
SHA-512:	4CC21F4369672CEAE3214ACA1C0A9F182F0B387AB2872DD634A261CB4A8E77E3AB491823D7AD21224B5C28817C0420A4B6DBBCC180FC23C27AAFF90F93F5DDC1
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/PersonalSettings/style.css?v=1614856781
Preview:	.syno-sds-personal-option-form img.thumb-customize{max-width:160px;max-height:120px;margin-right:10px}.syno-sds-personal-option-form .color_field .x-form-element{padding-left:170px !important}.syno-sds-personal-option-form .wallpaper-filename{min-width:200px;height:32px}.syno-sds-personal-option-form .thumb-customize{position:absolute}.syno-sds-personal-option-form .wallpaper-select-btn-container{height:32px}.syno-sds-personal-option-form .wallpaper-select-btn{margin-bottom:5px}.syno-sds-personal-social-account{height:188px;width:136px;background-color:#EFF6FB;border-radius:3px;padding:12px}.syno-sds-personal-social-account img.thumb-user-icon{height:128px;width:128px;margin-left:4px;margin-right:4px}.syno-sds-personal-social-account-name{font-size:15px;height:28px;padding-bottom:4px;line-height:28px;position:relative}.syno-sds-personal-social-user-name{font-size:12px !important;height:24px;width:100%;text-align:center;line-height:28px !important;font-weight:bold}.syno-sds-personal-soc

Chrome Cache Entry: 213

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (477)
Category:	downloaded
Size (bytes):	478
Entropy (8bit):	4.858757001552565
Encrypted:	false
SSDEEP:
MD5:	1ADBB206991E2D4E9C08AC2411EB528B
SHA1:	713C4F89D6ECC5A1B64C7505DB6132D55F1FCB25
SHA-256:	B34AB2E2A36CBEC94C6CD5857A6BB41EC8705C2D6151B55108B1CE79F1124F88
SHA-512:	4BEB3A40D2B6B4BD7DEA5A4B14EDA79B4D712B4F92AEAD6C76967300E5FFFA05140C5A1F0B3C8C030B6CE07B789EA4A02353B1D738D19981816AF064BC9E7A8E
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/ResetAdminApp/style.css?v=1614856781
Preview:	.syno-reset-admin-app .x-window-tl{display:none}.reset-admin-page .reset-admin-user-field a{position:absolute;top:20px;right:40px;filter:drop-shadow(0px 2px 8px rgba(0,0,0,0.3))}.reset-admin-page .reset-admin-note{color:#FFFFFF;padding-top:22px;font-size:13px}.reset-admin-page .reset-admin-note .note-style{color:#21D6EB}.reset-admin-page .syno-ux-combobox{box-shadow:none}.reset-admin-page .syno-ux-combobox-trigger{border:none !important;box-shadow:none !important;top:12px}.

Chrome Cache Entry: 214

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 38 x 10
Category:	dropped
Size (bytes):	164
Entropy (8bit):	6.045371422219432
Encrypted:	false
SSDEEP:
MD5:	D5449663DB06C74C4D8FADA9B2572FF9
SHA1:	8BA3EB1EF2A264402DD5BD2CABFBD6C34EB5CD12
SHA-256:	A8AB176BEB8670CB0012026A39F41657D02D2450958088DC114759D8AD43B6B3
SHA-512:	1ADC776E0C1C9EC0E2A623C2DB02EA7B4256887B5C3E5D494BB634B3B5D5E73D20839408B00E075154FAB3411D978D485D0F346BD92300765F2ACB103661A6B6
Malicious:	false
Reputation:	low
Preview:	GIF89a&..............................!.......,....&.....iXZ.E.H.Ih..KV..3L.....j.7tJ`z...Szi.0J......l:L....C...VR...FM2..f..*.9KP!&7.,'QRW.B.Y-.....wxn'.6.......;

Chrome Cache Entry: 215

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	39
Entropy (8bit):	3.90657048781565
Encrypted:	false
SSDEEP:
MD5:	D064AEF5AA7169E90116C68BF63BFC96
SHA1:	C90E10C6668D9999573AE1E1403ED4D038FBF0D1
SHA-256:	CBD6EEDE91FC947151B0514EA37FCBBFFA01C47A20E07A80611652F0E274B222
SHA-512:	471CA887AAA16720D82CEB72A02210FBD2D8BE0091A6E70654144CEF90018A15B042921CA3B05E1A985C942B78F032153A7FDA6FA506A3D0248001608D6DF557
Malicious:	false
Reputation:	low
Preview:	{"error":{"code":101},"success":false}.

Chrome Cache Entry: 216

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (9627)
Category:	downloaded
Size (bytes):	10053
Entropy (8bit):	5.17966621476195
Encrypted:	false
SSDEEP:
MD5:	F9D5FA6F33A19365525CEC748B017C40
SHA1:	DEB8DE485608B74F427520A4C48975C85955A1FC
SHA-256:	03B64FD01B05A49AD0D53FB7D73D88790FA2F3B1CA19456D51400D97F40E98DF
SHA-512:	A1B2512816019128C5D5984219F3ADF308AC4C2E3E6E3DACF80B5077741B8B68338632C1F621854B330E0CCDBFC51CA05ED165364B2C3088ABC9A9DE6BC6022A
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webapi/entry.cgi?api=SYNO.Core.Desktop.JSUIString&version=1&method=getjs&lang=plk&v=1617762139-s7
Preview:	SYNOJSLIB_Strings={"common":{"clear_input":"Wyczy.. pole wprowadzenia","commit":"Zastosuj","disabled":"Wy..czone","error_system":"Operacja nie powiod.a si.. Zaloguj si. ponownie do DSM i spr.buj jeszcze raz.","loading":".adowanie.","reset":"Resetuj","setting_applied":"Zastosowano zmiany."},"extlang":{"afterPageText":"z {0}","afterdate":"Data w tym polu musi mie. warto.. {0} lub p..niejsz.","aftertime":"Czas w tym polu musi by. p..niejszy ni. {0}","alphaText":"To pole powinno zawiera. tylko litery i znaki podkre.lenia (_).","alphanumText":"To pole powinno zawiera. tylko litery, cyfry i znaki podkre.lenia (_).","apr":"Kwiecie.","aug":"Sierpie.","beforePageText":"Strona","beforedate":"Data w tym polu musi mie. warto.. {0} lub wcze.niejsz.","beforetime":"Czas w tym polu musi by. wcze.niejszy ni. {0}","cancel":"Anuluj","closeText":"Zamknij t. zak.adk.","columnsText":"Kolumny","date_format":"Y/M/D","ddText":"{0} wybranych wierszy","dec":"Grudzie.","disp

Chrome Cache Entry: 217

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65475)
Category:	downloaded
Size (bytes):	129872
Entropy (8bit):	5.411841092440744
Encrypted:	false
SSDEEP:
MD5:	B22564E3962E00B2B31BB8FFFBFD1C9C
SHA1:	60A13F4A1E54FA0BC34C251731ECBFFB27A0FDE0
SHA-256:	CBB5C93DE6481C62156A2FF1071DC3435344BB85BF0EDB2775537DC62D8C5F83
SHA-512:	98F2DBE8944064617487F8AE3BC57AB45E87EF805E710A07915703EEA7DD250ECD3A29F1CAD4FCB29B0B3CBF4E2ACF8714223AFF7C5FCF2EB39B7F6969EFB8F8
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/prototype-1.7.2/prototype.js?v=1614856602
Preview:	/* Copyright (c) 2021 Synology Inc. All rights reserved. /..var Prototype={Version:"1.7.2",Browser:(function(){var b=navigator.userAgent;var a=Object.prototype.toString.call(window.opera)=="[object Opera]";return{IE:!!window.attachEvent&&!a,Opera:a,WebKit:b.indexOf("AppleWebKit/")>-1,Gecko:b.indexOf("Gecko")>-1&&b.indexOf("KHTML")===-1,MobileSafari:/Apple.Mobile/.test(b)}})(),BrowserFeatures:{XPath:!!document.evaluate,SelectorsAPI:!!document.querySelector,ElementExtensions:(function(){var a=window.Element\|\|window.HTMLElement;return !!(a&&a.prototype)})(),SpecificElementExtensions:(function(){if(typeof window.HTMLDivElement!=="undefined"){return true}var c=document.createElement("div"),b=document.createElement("form"),a=false;if(c.__proto__&&(c.__proto__!==b.__proto__)){a=true}c=b=null;return a})()},ScriptFragment:"<script[^>]>([\\S\\s]?)<\/script\\s>",JSONFilter:/^\/\-secure-([\s\S])\\/\s*$/,emptyFunction:function(){},K:function(a){return a}};if(Prototype.Browser.MobileSafari){

Chrome Cache Entry: 218

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4976)
Category:	downloaded
Size (bytes):	4977
Entropy (8bit):	5.176928930029786
Encrypted:	false
SSDEEP:
MD5:	5A3040FA845CB85C245A425292227B81
SHA1:	BD31C3BA38697639DDCA05FB4D3C19893B25EA16
SHA-256:	23F917129C43CFF0673B9CB0C5E281F37B94DF2669B3AEF76E4B42E0057C4739
SHA-512:	F1CA8385AC6BDB564202DF8CB9EBD00E7F0292A7F1C9B62E5B5413B7DF1FDBFE8D59CC92732DD55CE4112FE05EE7FF61C9A1323174ADE1F4BD6AAE3E91B94761
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/ThumbConvertProgress/style.css?v=1614856801
Preview:	.syno_thumb_convert_progress .loading{height:16px !important;width:16px !important;background-repeat:no-repeat;background-image:url(../../resources/images/taskbar/loading.gif)}.syno_thumb_div{border-bottom:solid 1px #EBF0F5}.syno_thumb_label_font{color:#0086E5;font-size:15px}.syno_thumb_value{font-size:14px}.syno_thumb_status_div{height:24px}.thumb_conv_progress_desc{padding-left:6px;padding-right:6px}.thumb_conv_progress_composite{padding-left:6px}.syno_thumb_conv_btn_resume{background-image:url("images/default/1x/thumbnail_converter.png?v=03391920210404119");background-position:4px 1px !important;background-origin:border-box !important}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno_thumb_conv_btn_resume{background-image:url("images/default/2x/thumbnail_converter.png?v=03391920210404119");background-size:24px 48px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolut

Chrome Cache Entry: 219

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 17 tables, 1st "GPOS", 27 names, Macintosh, Font data copyright Google 2012RobotoBoldGoogle:Roboto Bold:2013Roboto BoldVersion 1.100141; 201
Category:	downloaded
Size (bytes):	135820
Entropy (8bit):	6.607233012840498
Encrypted:	false
SSDEEP:
MD5:	AFA7A91DADD77B23634A0FDF18C148F3
SHA1:	6CBB57BA2355CF442E06899898FF5AF55867103E
SHA-256:	9287925CAE90AC480804094FF0876832065E2DB116470DA1F524D79ED9C18B70
SHA-512:	84D123B67505522C256F4FF79C3822EABE2D63036023896E9854298FF39E050BEF7894F6320CCF950592015760354683C4DBD19AA203D433A04A5D6BB28E8115
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/VideoStation/font/Roboto-Bold.ttf
Preview:	............GPOS.....(..O.GSUB8......@...JLTSHFG".... ....OS/2...d.......`cmap$(3....0....cvt ...........<fpgmG.T.........gasp............glyf5.....'...n(head..(........6hhea...E...T...$hmtx...........(loca.G`.........maxp.8.....x... nameGE........._post..4....d..#.prep J....................._.<....................".......\|.................b.....O..................................._.................................3.......3.....f..................P. [... ....Goog. .....b.....b.+ ...O....:... . ...................-.....2...0...\..._.B.=.J.2...\|.........].8...?.!.q.T...9....._.......G...A...9...i...c...<...[...R.F...2.r...6.....".w.......1.....".....].>...........Y.c.....Y.....:.+...T...........w.\.6.....\.J.....U.......x...................M.:.w._...:.....,.......M.L.7...p.$.>...C.<.M.......C...i.#.......I.p.#.....p...k...C...p...C...p. .:.......i...................K...0......."./.i.....D.....H...\...P...........^.B...F.V...p...b.i.~.!.q.F.V.......~.M.Z.\.f.X.Y...l.....6.=.k...%.a.=.N

Chrome Cache Entry: 220

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 28 x 168, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1899
Entropy (8bit):	7.265897204131058
Encrypted:	false
SSDEEP:
MD5:	06239812D2DF502B0523697E2CCC933C
SHA1:	B9820E1BD8F9C5B14C4A17BD6F3AD9FBDC607CCE
SHA-256:	AB30AFD9802BF24D2BA3E96E41D824D915B41A72004E8F38040E27B981D81A07
SHA-512:	CD7F841DBF1CC184AF365BD9BDF6CCBA1256E361940FE7A0F4925E664D8CDF6553E4D3D30AE86601F28130430448C4FB1E15F129237E715A86CF0DF7CF071DD8
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............V......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:f7614d5c-f537-45f5-8b42-bcd57c8be78c" xmpMM:DocumentID="xmp.did:D7A6E2993A8D11E5ABFBE23DD072417F" xmpMM:InstanceID="xmp.iid:D7A6E2983A8D11E5ABFBE23DD072417F" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:073bc47c-1fa5-413e-86e0-68fc98a44fe0" stRef:documentID="adobe:docid:photoshop:b594a7f4-7301-1178-8387-90b975675243"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.../...{IDATx...]HSQ

Chrome Cache Entry: 221

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	116735
Entropy (8bit):	5.306601954984878
Encrypted:	false
SSDEEP:
MD5:	4E921D5BB1D657AE850E23B030B8C5B4
SHA1:	5100210A95DC1D5C38A80436294A4BF6ECF99052
SHA-256:	6ED0A7F444BF906912A38477F347F1C2863971E98F43CBD490AE641C4F88B3AF
SHA-512:	2E72D7BF481D17DB19AAB45D65673BE8A99113CA1BC88531AF803B8F4592F551F205724BEEA74B7618CE120AE8BF3725FC8CBBA8CF7B1AEC0CEF361C6F293BE0
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/FileBrowser/style.css?v=1612254381
Preview:	.webfm-search-history-panel{box-shadow:0px 2px 8px rgba(0,0,0,0.5);border:1px solid #d0d0d0}.webfm-search-history-panel .x-combo-list-item{padding:0px 16px;height:28px;line-height:28px}.webfm-search-history-panel .x-combo-selected .webfm-search-history-path{color:#FFF}.webfm-search-history-view{border:none;border-bottom:1px solid #EDEDED;padding-bottom:4px;background-color:#FFF}.webfm-search-clear-history{text-align:center;border:none;height:28px;line-height:28px;width:100% !important;display:block;background-image:none !important;background-color:#FFF;margin:4px 0px 0px 0px}.webfm-search-clear-history button{overflow:hidden;white-space:nowrap;text-overflow:ellipsis;color:#0086E5 !important}.webfm-search-clear-history.x-btn-over{border:none;background-image:none !important;background-color:#0086E5;border-radius:0px}.webfm-search-clear-history.x-btn-over button{color:#FFF !important}.business .webfm-search-clear-history button{color:#2A588C !important}.business .webfm-search-clear-histo

Chrome Cache Entry: 222

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2157)
Category:	downloaded
Size (bytes):	2158
Entropy (8bit):	4.9052083627354435
Encrypted:	false
SSDEEP:
MD5:	B37026F2ABCFD2C56D901D3269F82819
SHA1:	7B60901D091AD9243BC2FF033DE624D381209071
SHA-256:	C9428C1D28A386943E6B5877D1491F95FD1A1224D52E1EC96B51FF5F7DE9D556
SHA-512:	A4999324645D2974B1022A92F747D4D852A9AF99A5B6ACE49BC3E5E39D472E8FCF9D77829E72393690F7433371CECE6165DDB61877D8C63D98E2787F469591E5
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/OAuthService/style.css?v=1609749254
Preview:	.syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-application-list{background-image:url("images/1x/c_icon_application_list.png")}@media (-webkit-min-device-pixel-ratio: 1.5), (min-resolution: 144dpi), (-o-min-device-pixel-ratio: 3 / 2){.synohdpack .syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-application-list{background-image:url("images/2x/c_icon_application_list.png");background-size:24px 96px}}@media (-webkit-min-device-pixel-ratio: 1.5), (min-resolution: 144dpi), (-o-min-device-pixel-ratio: 3 / 2){.synohdpackdebug .syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-application-list{background-image:url("images/2x/c_icon_application_list.png");background-size:24px 96px;outline:1px red dashed}}.syno-app-oauthservice .syno-ux-modulelist .x-tree-node-icon.icon-client-list{background-image:url("images/1x/c_icon_client_list.png")}@media (-webkit-min-device-pixel-ratio: 1.5), (min-resolution: 144dpi), (-o-min-device-pixel-ratio: 3 / 2){.sy

Chrome Cache Entry: 223

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	55
Entropy (8bit):	4.608099258743189
Encrypted:	false
SSDEEP:
MD5:	916BDDEB94A3C3FB8E5C608C644A6E19
SHA1:	C0E4E048B0A692869AFAABF97845A076F5A95FD5
SHA-256:	946DFF955188D529627C7EE554977D43066EE29F2BA5DDA0CCAFA9D62AF8C3BF
SHA-512:	4B55C68A463188F19B694F7CC135A27E9B6B69A26D7D739548F132AC6A34679348E4BC070CF9FBCB5389AABAB8CBD2C8C1FDF7BF92C1DB22C53BA44E776EC865
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/SupportForm/style.css?v=1614856781
Preview:	.syno-supportform-expire{color:#FF7F00;font-size:15px}.

Chrome Cache Entry: 224

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23605)
Category:	downloaded
Size (bytes):	23606
Entropy (8bit):	5.333745752433641
Encrypted:	false
SSDEEP:
MD5:	8C373C4C21FBCBBBC7F9FAB836037787
SHA1:	9C7294C593E8D1B32C70DEA84C30272CE3CD83CE
SHA-256:	B7ED88234D0975402EC3165B48AFD99E997121E94F9E539DD7BE48FD45D1F07B
SHA-512:	9CE5113387CF2BC69DF6D1F645E46B704270096F729681561EDADB9F84D4C59DADBB26C51A56223E0AF6ED891D9477FBF6D1E4525D1BF219E24D65ADE4AF8B62
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/PhotoViewer/style.css?v=1614856781
Preview:	.syno_photo_viewer .x-window-body{background:#202020;border-bottom:0 none}.syno_photo_viewer .loading-indicator{width:16px;height:16px;background:transparent url(images/1x/loading.gif) no-repeat center center}.syno_photo_viewer .image-container{position:absolute;max-width:100%;max-height:100%}.syno_photo_viewer .before-fade-in{opacity:0}.syno_photo_viewer .fade-in{-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=$ieOpacity)";filter:alpha(opacity=100);filter:progid:DXImageTransform.Microsoft.Alpha(enabled=false);opacity:1;-moz-transition-property:opacity;-o-transition-property:opacity;-webkit-transition-property:opacity;transition-property:opacity;-moz-transition-timing-function:ease-in-out;-o-transition-timing-function:ease-in-out;-webkit-transition-timing-function:ease-in-out;transition-timing-function:ease-in-out;-moz-transition-duration:0.25s;-o-transition-duration:0.25s;-webkit-transition-duration:0.25s;transition-duration:0.25s}.syno_photo_viewer .fade-out{-ms-filter:"p

Chrome Cache Entry: 226

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10674)
Category:	downloaded
Size (bytes):	10675
Entropy (8bit):	5.105895094449124
Encrypted:	false
SSDEEP:
MD5:	E5562612D2B672D5B76CBC452E10D8FE
SHA1:	EE53B53C11FEE15A2710C87F3F1C64381AFF6CCC
SHA-256:	700E722C42A99736C2B7552D8B23FEBD0463CAE1DFC569EF82E9AADD07736FE8
SHA-512:	875C9E06EB7EE7F2373A759A73409DD75358551E5FD06FF3DAB45A21C3E68C5C623D28D0CB534B9B68E699071FE6AABAE750213C2BA789A0C8D1C703ACA63308
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/BandwidthControl/style.css?v=1614856609
Preview:	.syno-simple-button{background-color:transparent}.sds-window .x-toolbar .syno-simple-button button{background-color:transparent;border:none}.syno-sds-set-schedule button{vertical-align:top}table.syno-sds-bw2-schedule-table{border-collapse:collapse}table.syno-sds-bw2-schedule-table td{border:1px solid #C8D2DC;width:24px;height:24px}td.syno-sds-bw2-schedule-select-all-td{background-image:url("images/default/1x/bg_schedule_select_all.png?v=0304182021045099");background-position:0px 0px;width:36px !important}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack td.syno-sds-bw2-schedule-select-all-td{background-image:url("images/default/2x/bg_schedule_select_all.png?v=0304182021045099");background-size:36px 48px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug td.syno-sds-bw2-schedule-select-all-td{background-image:url("images/default/2x/bg_schedule_se

Chrome Cache Entry: 227

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 271224
Category:	downloaded
Size (bytes):	98771
Entropy (8bit):	7.9961547134631
Encrypted:	true
SSDEEP:
MD5:	78CEC5AC22C02D333E32E482970ECE63
SHA1:	4627B16D34A8DDCB2BB5CBF60BE58E80DE39CC4A
SHA-256:	01526F652025EB824D2795BAE92E842ABEF024A4840593AF6FA85B5C527DD347
SHA-512:	496B7C43D750E05C97D592DE34F58740814F7AEAE7AF926F86BC05EA9C10EB4158F32D2D7A2470E5A8F0C91611CDE1A8994235C7DAEE07394E75796280EF09E3
Malicious:	false
Reputation:	low
URL:	http://infected.quickconnect.to/connect_lib.9680d74c2abbd47665d3.bundle.js
Preview:	............r.Y...* vmvBH..(Q..$F........{Sl..&.,.., A.ErG...a....8..\8..+../.M..1.....!3A.".w.g.....V..........`....,=.v...h...$K.<L.q^.M..4.$..;.Lj.(.:.0....f.m7.~y>...F8.\|K.<..p.8W.a8...Qx...y.Yxj~.........~..E..IWe..';...E......5W..\.N&Y..g'q.G.....Q..8.+..F.N.{.l..kIZ;]^..QL...(.F........i......lg...u.....pyy....p...,/..p.Q..d.....t....8.7..Fg.Y8d.4.....-.E...,...Q#..c.0.U4n\.&.a6..$...Em.~.u..6.....#.~..7..!Z....z..;....:.&.4.^....]...^Y...8OF..$....h.}..c...S.7.dZK..6Hk....0_.7z.8.M.Z~y./.....x...A}.O..$=.>./.....(...o.t.U......V+..(..^.%.z#h....x?..+......&.[FR..:q....~ei)....A><b"......h{{v...C...(;m_..<...l.....l~.].r!p....d.~..i;...9[.}..}...!....f.U...P...C..~e}.....l<.{yw.........FP....7.m}.".N.e...[.\|.../....NnqW......v....s3To...fS.0.&..V..A.....q.~v&k..Z?.4[.....;..?....q....>.......z#(...n..R.......'.I<....>...q^.WY.Q..o.L~.f...5.6..l.{ik.)z../.W..G.@ifv.(.\-.I.5H.....,..%......./..Swy.1....t.M,r..N....9.O..Yl....;.n..

Chrome Cache Entry: 228

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12450)
Category:	downloaded
Size (bytes):	12451
Entropy (8bit):	5.197362204693103
Encrypted:	false
SSDEEP:
MD5:	8D5F48B4C6E917F43853F5F1C35E2C64
SHA1:	78568DB98CF7B3D984A5B5A823F83F4EEEF46727
SHA-256:	47A5A8BF8D1641F3239975EE9B951EDBD3B6745F6F05E2DE73BB15874C89C1BD
SHA-512:	03E636DB58C6501EC3105EA7CA149355EC2F0888B52F6C9940573284654B4676B0272CA84362C884A57C66C17EA2D61B4D7DEF9EAAE925EAE09671A8C1B2BDCD
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/LogCenter/style.css?v=1614856763
Preview:	.syno-syslog .syno-ux-modulelist .x-tree-root-node{width:212px}.syno-syslog .syno-ux-modulelist:before{z-index:-99}.syno-syslog .syno-ux-modulelist .x-tree-node-icon.icon-search{background-image:url("images/c_icon_search.png?v=03311820210435169")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-syslog .syno-ux-modulelist .x-tree-node-icon.icon-search{background-image:url("../../../synohdpack/images/dsm/modules/LogCenter/images/c_icon_search.png?v=03311820210435169");background-size:24px 96px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-syslog .syno-ux-modulelist .x-tree-node-icon.icon-search{background-image:url("../../../synohdpack/images/dsm/modules/LogCenter/images/c_icon_search.png?v=03311820210435169");background-size:24px 96px;outline:1px green dashed}}.business .syno-syslog .syno-ux-modulelist .x-tree-node-icon.icon-sea

Chrome Cache Entry: 229

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	177433
Entropy (8bit):	5.605601457758339
Encrypted:	false
SSDEEP:
MD5:	62312FAE68F8DFF0AD51D5706F6156DC
SHA1:	D019F5E7241FA951B93470B507E14ABEA3AAA978
SHA-256:	EDBF9B1B19DA3DF9388C25CEB8724D7B5A2AAFB59B04D3BEC4B369A7EA463D4C
SHA-512:	302A75478561D9197A71899FE1173391A25CCA723C1093AF38109390502005A2437EE5C0C28DC57732666EA237BE11B179FF820639C9B86DC2DA844D85641C4A
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/AdminCenter/style.css?v=1614856812
Preview:	.syno-wireless-bluetooth .bluetooth-device-unpaired .item-status{color:#505A64}.syno-wireless-adapterlist .net-client-disabled .item-status,.syno-wireless-adapterlist .net-hotspot-disabled .item-status,.syno-wireless-adapterlist .bluetooth-adapter-disabled .item-status,.syno-wireless-bluetooth .bluetooth-device-disconnected .item-status,.syno-wireless-bluetooth .bluetooth-device-unknown .item-status,.syno-dhcpserver-clientlist .disable-font .x-grid3-cell-inner,.syno-dhcpserver .syno-dhcpserver-interfacelist .item-summary .disable-font{color:#96A0AA}.syno-dhcpserver-pxe .note-font,.syno-dhcpserver-clientlist .note-font{color:#00A66E}.syno-app-admin-center a.link{font-weight:bold}.syno-dhcpserver-clientlist .blue-status{color:#0086E5}.accessible .syno-app-admin-center .home-screen-panel .item-wrap.x-view-selected{outline-width:1px !important;outline-color:blue !important;outline-style:solid !important;outline-offset:-1px}.syno-app-admin-center .syno-sds-ac-home{margin-right:8px !importan

Chrome Cache Entry: 230

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27376)
Category:	downloaded
Size (bytes):	27377
Entropy (8bit):	5.121131127956404
Encrypted:	false
SSDEEP:
MD5:	AA3A452041949C4DBC1809C81BA15EBF
SHA1:	7B61E085A9DC42AF1DB5BA12A066BA3EDB08F680
SHA-256:	5A2DB504C34D882A1E8DE3FDA5F01D623F06077814FD30401F36D85989297A80
SHA-512:	BF16DBE46510111CD6D5517E2094D2EAF771704EDA69658EB8EBCC603F810B1F783866CF482656871CE48A5D3DDAB7FB2462E3A27FA74A14C8A2BE397941E7D0
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/SecurityScan/style.css?v=1614856801
Preview:	.syno-app-securityscan .syno-ux-modulelist .x-tree-node-icon.icon-securityscan-overview{background-image:url("images/1x/c_icon_overview.png?v=03311820210436141")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-app-securityscan .syno-ux-modulelist .x-tree-node-icon.icon-securityscan-overview{background-image:url("images/2x/c_icon_overview.png?v=03311820210436141");background-size:24px 96px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-app-securityscan .syno-ux-modulelist .x-tree-node-icon.icon-securityscan-overview{background-image:url("images/2x/c_icon_overview.png?v=03311820210436141");background-size:24px 96px;outline:1px green dashed}}.syno-app-securityscan .syno-ux-modulelist .x-tree-node-icon.icon-securityscan-securityscan{background-image:url("images/1x/c_icon_security_scan.png?v=03311820210436141")}@media (-webkit-min-d

Chrome Cache Entry: 231

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8383)
Category:	downloaded
Size (bytes):	8384
Entropy (8bit):	5.0270558137119625
Encrypted:	false
SSDEEP:
MD5:	E4DE0A7324A1D9DC1A960C70774696E7
SHA1:	C0945768A887E62B09408075C981FA04C8FAC81D
SHA-256:	8B761BEBCC39260332875DB906CFB3720C9B3B520F0EC6A5D5CA3894E44C28B4
SHA-512:	3867F7630476E3C869C1559C46AAB5C1DCBE4187FAFAF81885F32EC1F640C399D941F6A8467DB9B5117D105CE93645659A07C1E8E9E3E150D4C30361F155B636
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/TextEditor/style.css?v=1555482242
Preview:	.syno-sds-aceeditor-window .x-resizable-handle-east{width:2px}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-panel-tbar .x-toolbar-layout-ct{border:none;padding:8px 12px !important}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-panel-bbar .x-toolbar{border:none;padding:12px}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-tab-panel-header{color:red}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-tab-panel-header li.x-tab-strip-closable a.x-tab-strip-close{margin-top:-1px}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-tab-panel-header li.x-tab-strip-closable a.x-tab-right{margin-top:2px}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-tab-panel-body{padding:0px 12px !important}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-panel-body{border-width:0px}.syno-sds-aceeditor-window .syno-sds-aceeditor-main-panel .x-toolbar-right-row .syno-ux-button{margin:0px 0px 0px 6px !important}.syno-sds-aceedito

Chrome Cache Entry: 232

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 37780, version 1.0
Category:	downloaded
Size (bytes):	37780
Entropy (8bit):	7.992323824807917
Encrypted:	true
SSDEEP:
MD5:	E09CA52560D42E4626656B4FC70D970B
SHA1:	8EBC2396198A586A15352044DD1AA962018970E1
SHA-256:	ACDC8F60059CBF557957869F544DCE756689A499C506856522204B3EA06BE8C7
SHA-512:	42C6E7292562BA4760BB799C66BE6C9B511592763923EE43ADD5D1B9C261E6D70B5A6777AC0A81BC72261BAE91006F36DB9AED8C9C8040F57CB52E8863D72D5C
Malicious:	false
Reputation:	low
URL:	https://synostatic.synology.com/font/inter/inter-w400-7.woff2
Preview:	wOF2..............l....#..........................U.......?HVAR.?.`?STAT.8.../l.....t..:..4.0....6.$..d. ..\. ..[.XqA.....\.mc!......K.../f.....y@..M.K..?)..I..k...,'F..`eg.......5.......y......;..dSmf..i.2gdO...5d.0+..]c&..H.w(.R..'..?.J6?d..u'.n.62.I;.Z..@.m.......H......I..a..;.....HP.W..?L..u&}!....Z./.... .\X..-.aXd\.?.s....''...!....!....Hi.)..b....vP.b.J+m.A.m.h.s....[..Q..x..qx.s..sy>f.....GF.Ck.....4$>>.^.rt.I.....m....C..CL..r..NaN..Rq.(.0.)LA.S8v.2....{g[{...F+v....h7.V.q..........[.].Z.....2f)HeH..-c.Z.@......2.e.P....V(C@D....'((Ups/..../..?...0..V..Dq.8....a.....T~.....-...t.l./v.6v........ .......gx.... .$.i.])..6!f..L....N.qd8.y.m...y3K...6.$\Y.q<j....]#...P.......Q.;W.t....N....O.pb'.4...st...d..)...!..-.m\|...R...n.$..5q.np..Nk..5.[L...+..Z\0....J.t....~.z%..1.1. .>.{....T.V....-..p...K...X..{.\|F..N...C.S]....y.V&.K...Xi]<......Q..2q)...$\.^.$.M...h...v...j............f.....RYvw.7.b....X.e..J]T.."{.9~O7.b

Chrome Cache Entry: 233

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21777)
Category:	downloaded
Size (bytes):	21778
Entropy (8bit):	5.084230124194617
Encrypted:	false
SSDEEP:
MD5:	89355A18380DE47873D907BBE78602A9
SHA1:	645AA41146A1927EB4CFE438F39F7286038507AA
SHA-256:	FCCB6B3750AC409D40B7E8EBD6DF3380206C304DBB12517BFEA1DCE6084EDAE9
SHA-512:	F361B16CEF7EFB43499120F22C73A1526B7DAB40AEB6EA5F947A091E2CBCC17224E55E63C8C99E77B1848C631F2F67E93975C5A3EE1A6FCD03574EA58A0E9CC5
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/Widgets/style.css?v=1614856781
Preview:	.sds-widget-window.sds-window-v5 .x-window-tl .x-window-header .x-tool,.sds-widget-window.sds-window-v5 .x-window-tl .x-window-header.sds-widget-over .x-tool{-moz-transition-property:opacity;-o-transition-property:opacity;-webkit-transition-property:opacity;transition-property:opacity;-moz-transition-timing-function:ease-in;-o-transition-timing-function:ease-in;-webkit-transition-timing-function:ease-in;transition-timing-function:ease-in;-moz-transition-duration:0.2s;-o-transition-duration:0.2s;-webkit-transition-duration:0.2s;transition-duration:0.2s}.sds-widget-window.sds-window-v5{width:322px;box-shadow:none;background:#f5faff;background:rgba(245,250,255,0.85);border:1px solid #AFB9C3}.business .sds-widget-window.sds-window-v5{background:#f5faff;background:rgba(245,250,255,0.95)}.ext-ie8 .sds-widget-window.sds-window-v5{border-top-style:solid}.sds-widget-window.sds-window-v5.x-window-maximized.scale-item.add-wdiget-effect{-moz-transform:scale(0.8, 0.8);-ms-transform:scale(0.8, 0.8);

Chrome Cache Entry: 234

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 22 x 198, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2185
Entropy (8bit):	7.444459913744157
Encrypted:	false
SSDEEP:
MD5:	D75182B9947C9F51EDDF12281FB55253
SHA1:	E967B529C2B25564E77CFD9D7F09D1131EB5EFBE
SHA-256:	C7A02301E1D5BC2F4059FC8918D9E29FC1D72120BD4D460367D4FA2AE51A9F1F
SHA-512:	42F4022440EDC3C9E03845B3ABE3CB1A8748FBCEE3B7FA08641073D3D9C0712429381D2BFD1A1753D221CBC8EEB2D85E61454A95F5340E0D31B5F3EBF11909AB
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............p.....tEXtSoftware.Adobe ImageReadyq.e<...iiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:6268E4AF482068118A6D848E26EAB213" xmpMM:DocumentID="xmp.did:E11E17CC5F4811E4BCBA8EA848AC1E13" xmpMM:InstanceID="xmp.iid:E11E17CB5F4811E4BCBA8EA848AC1E13" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:559792f3-bff1-5f48-b0b1-5792cdfd58b0" stRef:documentID="xmp.did:6268E4AF482068118A6D848E26EAB213"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..mL[U...m/-o....f....n."...nc.....

Chrome Cache Entry: 235

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65434)
Category:	downloaded
Size (bytes):	246045
Entropy (8bit):	5.271778164011994
Encrypted:	false
SSDEEP:
MD5:	EC6DC653B66F748D0A5C8CD7486F0FB0
SHA1:	7B51CB8E68D93A4CF585EC9D419B4568236B67F0
SHA-256:	CFE2AB601A762818FBB17709095EFC3E5399A21FD6727AFED25D9910ABE8BB39
SHA-512:	DE1AD66B41D22BECC8560BF16A1E8E64E5CC65CEDC78562DAB31DA788A26B542F5738DC628E55DBB37ED8208E98D59588F6C23F211587154D9DECF208B8C95AA
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/ext-3/ux/ux-all.css?v=1688993505
Preview:	.syno-ux-gridpanel div,.syno-ux-editorgridpanel div,.syno-ux-grid-hd-menu .x-menu-list-item span,.syno-ux-editorgrid-hd-menu .x-menu-list-item span,.syno-ux-groupcheck-menu .x-menu-list-item span,.syno-ux-searchfield-menu .x-menu-list-item span,.syno-ux-menu .x-menu-list-item span,.syno-ux-schedule-menu .x-menu-list-item span,.syno-ux-button-menu .x-menu-list-item span,.syno-ux-textfield,.ext-strict .x-small-editor .syno-ux-textfield.x-form-text,.syno-ux-numberfield,.x-form-item .x-form-item-label.syno-ux-item-label,.syno-ux-triggerfield,.syno-ux-combobox,.syno-ux-colorfield,.syno-ux-schedulefield,.syno-ux-datefield,.syno-ux-timefield,.syno-ux-superboxselect,.syno-ux-checkbox-label,.syno-ux-displayfield.x-form-display-field,.syno-ux-button-grey.x-btn button,.syno-ux-button-grey.x-btn-over.x-btn button,.syno-ux-button-grey:hover.x-btn button,.syno-ux-button-grey.x-btn-focus.x-btn button,.syno-ux-button-grey.x-btn-click.x-btn button,.syno-ux-button-grey:active.x-btn button,.syno-ux-butto

Chrome Cache Entry: 236

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	154375
Entropy (8bit):	5.158697123963595
Encrypted:	false
SSDEEP:
MD5:	8AD03728D23A69993F2D7046B6DAA1F9
SHA1:	E071E5CFDE24D9DFD053354CF35340090C4B7127
SHA-256:	F857731D2EFF9EEFD6A22F09EBD8503269BE3418399825BBD9879E4EE04D23A0
SHA-512:	8F80FD4C270DA2AB7DDDD583137D93113CA71ADA9A5ACD4806D50978224CEFC912CB43B7AB4FB3571569D3E9C5F07A4E405D4CD268AEB75AF55867D01BECE260
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/resources/css/desktop.css?v=1688993505
Preview:	.accessible .sds-appview-app-item.accessible-active-item{outline-width:1px !important;outline-color:blue !important;outline-style:solid !important;outline-offset:-1px}.syno-no-script{width:100%;height:100%;background-color:#3D8ECC}.syno-no-script .align-center{width:460px;margin-left:auto;margin-right:auto;text-align:center}.syno-no-script .title{color:#FFFFFF;font-size:44px;line-height:44px;text-shadow:0px 1px 2px rgba(0,0,0,0.25);padding-top:100px}.syno-no-script .desc{color:#FFFFFF;font-size:26px;line-height:26px;padding-top:8px}.syno-no-script .icon{width:300px;height:190px;padding-top:16px;background-repeat:no-repeat;background-image:url('../images/default/1x/desktop/sprite-s3238d5bc7a.png');background-position:0 -224px;background-position:0 -224px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-no-script .icon{background-image:url('../images/default/2x/desktop/sprite-s0c8ee47fa3.png');background-size:300

Chrome Cache Entry: 237

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 18
Category:	downloaded
Size (bytes):	819
Entropy (8bit):	0.7545346465954151
Encrypted:	false
SSDEEP:
MD5:	D5BA54C1F417E6A72CBCE8B909078727
SHA1:	14CE153D393B3C489F8A4E6B9A9383E7D8F4C911
SHA-256:	7E188CE20EC98DC68E6325BDDB607F097FEE0429824E472BD087CD46D2FE0C69
SHA-512:	DFD7A809425A067C526A025666D0938C1B618BDDD0CEC9D0FBB2C15A970419D74101B9458FDA175579D2D08CE98DC8076A554CB819E274483266E02CCFD1CDDD
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/ext-3/resources/images/default/form/text-bg.gif
Preview:	GIF89a.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!.......,...............0.@....(\.0 .;

Chrome Cache Entry: 239

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 102245
Category:	downloaded
Size (bytes):	65202
Entropy (8bit):	7.990116439387962
Encrypted:	true
SSDEEP:
MD5:	683B8A8AFF95FA89AC277E39E573384F
SHA1:	CA9FF05F356E0036006707C1A3E6624653F5899C
SHA-256:	DC4A17C1F08DB4C312C8E2B0A0F1668DF13A086CEAB29CD02F9474926C12F58A
SHA-512:	13DDDEDD8CF9485844AB1CD6A4A142ADEC3162D493AD6A863AE4829D6B98248E4184E628F06653FE3EF228213978C53625C756BAB4F6A7FC384B2B0FCA9D4597
Malicious:	false
Reputation:	low
URL:	http://infected.quickconnect.to/
Preview:	...........[..H.&.Wb._t...>.5.......Yg!....H......wDfDT...s.az..+co!.........o.6......M../...#...nH....:..k;.r..X.............._._...&.chp...>...W....}...>(.\|...t......K.........g.O[x.X.u.W..=M...../..~^...W_....OC..c.......#..h.,...^/}..............CJ......R...~.....R3x....c.U!$x.....~.g.........:n...6j...[G ....d.#\|........F...F.~...c...."!}!.H...A......6.?>............i..~.'Ho....7C.....x)..^..@.. .y.2.#7.".c.tw.'...'4.........l..Y...m!...X.....`.....^E..-...../z.....'.b..<:d.{j....Oq.?.q...2..B....L..G...=B.E.2...a....+....0.f..G{.?..(.vGf..H...h.^N.g&...?%.O.../...s..?.........}...k[....g....<....Y....Z.......P...F..'...Q...2..Z$..7.j.a......b..$....$.f.f..FG.(..e._B.^0R...9.#..W~..?_....}_......h..Q..h.......6.!...H......F...eP.Z.2..b.K. .^y...>.....};.........`.v#...Q.....m....V.;....T.$...GTZ..x.x..T..6....j.v..E.`,_.cC.'.i......h..-:...j...~D.r.N...m.QZ..[C...{......U.#..h.=..g.i...>.037p:..40r......pC.<.HH.......5.H....

Chrome Cache Entry: 240

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (54598)
Category:	downloaded
Size (bytes):	54599
Entropy (8bit):	5.787000011318342
Encrypted:	false
SSDEEP:
MD5:	80A70A86EC7D302A0A6F8F0995295FC6
SHA1:	16A0F8FBB925207B47F201001EC191CACDFF0080
SHA-256:	6ED9EA10CD35A87578F12D75B5FC6D5EFCD9B2FC035F12373AEEE1D0E0AEBAF8
SHA-512:	8B8EF484CA7D57D4586B0F86B401EE641AA6480D0DF0C7D4BDF678497C31F7FAF1659DA787B4E379D00A36AD9227A45598479D173D3E37750B5870F3DB94A4FE
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/HelpBrowser/style.css?v=1614856781
Preview:	.x-menu-list-item .x-menu-check-item.syno-sds-hb-option img.x-menu-item-icon{background-image:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABwAAAA4CAYAAADuMJi0AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAalJREFUeNrslzFLw0AYhi9WhILQSVBc/R/torhWkIKDo4NUKkgGwVEQKhXBoDh1CjgV4iTdXBQdK24dBaVOgiAVy/kefsUzpGly3lWQe+EZkkvuyd19uaYO55yNMmNsxLFCK0yd8aiTzt6jls759ozxEeZADeymGqFiiuAUTIFrk2soRuWDBsnOwYIpYR7cgxU6PgFL4NWEsASaYJaOD8A66Km+FllQB25EWxmcgQk69sCW8mtB8akQRObBKngCFXAoXSfWbFPHiy+m51YStkA1JLujB+npEIrRFGgEjCpQnt5nKpAXnVvbG3Xqhc6/g2XQNrGXiunaIPpTtwMute2lA+LRiNbAvtbNOyYXhHIc+xFlhVZohVZohf9fOPS/BRO/h5oogg7/ytWg63SIcsDn3wnApClhHjxIsmOQibvnN7IS6EqyWpL74hqzoA7ciLYy/5mjpA8a19iQOmyCaTpfCcmCYdOYVCgEN1LHogKrIVmLiobpEPanNeDREQ8wl3btk1yUoTWS06UKZSaEcqF8kNBVre60NyxSMSm/TvZT3wqt8O+FnwIMALBCAhWNyLjYAAAAAElFTkSuQmCC');background-position:0 0;width:28px;height:28px;margin-top:-4px;visibility:hidden}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144d

Chrome Cache Entry: 244

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (737)
Category:	downloaded
Size (bytes):	738
Entropy (8bit):	5.163832264826279
Encrypted:	false
SSDEEP:
MD5:	775DA2A46318A248201C767257A8681C
SHA1:	0AF351BDE0797DC12E0A6F3F1FC55CF6A725AAAE
SHA-256:	4677BE0A9D718FF7D8E43EE5272851031739A2B3B4195D3FC05459BD87F9DA88
SHA-512:	056FBE71FF0BCF24611E68A10A447F83EFC466C3F38DEC610FDDD2423CFEFE0747A43D13AD4AB42E0B3B5A75B90A403850701CE40E5D37A3C66C212BDCA0EAEC
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/Share/style.css?v=1614856781
Preview:	.syno-share-filter-btn em button{background-color:transparent;background-image:url("images/default/1x/icon_filter.png?v=0355182021043477");background-position:center 1px;outline:none;height:24px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-share-filter-btn em button{background-image:url("images/default/2x/icon_filter.png?v=0355182021043477");background-size:24px 24px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-share-filter-btn em button{background-image:url("images/default/2x/icon_filter.png?v=0355182021043477");background-size:24px 24px;outline:1px green dashed}}.

Chrome Cache Entry: 247

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	169814
Entropy (8bit):	5.103594404088663
Encrypted:	false
SSDEEP:
MD5:	50819B43DC5CFFFFFF51B1CDF73C6190
SHA1:	2FD63E595FEBD57122738E796DB69A964A51BEE4
SHA-256:	10650789A5CD197DFA1EFFCB6AD602C3BC61A2F36EE18EFBF427915846C1B3B3
SHA-512:	BC56F72242F7EF0C2CDD5AAF8CD81BA52F327F0ACDEDEEF0D1741226878634F79CF54FEBEA03C32E230459E5F77547E8CBA99AFB251B262602CA5B5847DB9DE1
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/AudioStation/style.css?v=1678691390
Preview:	.syno-as-win .x-window-tl,.syno-as-dialog .x-window-tl{background-image:url('data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4gPHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJncmFkIiBncmFkaWVudFVuaXRzPSJvYmplY3RCb3VuZGluZ0JveCIgeDE9IjAuNSIgeTE9IjAuMCIgeDI9IjAuNSIgeTI9IjEuMCI+PHN0b3Agb2Zmc2V0PSIwJSIgc3RvcC1jb2xvcj0iI2U3ZmZmZCIvPjxzdG9wIG9mZnNldD0iMTAwJSIgc3RvcC1jb2xvcj0iI2ZmZmZmZiIvPjwvbGluZWFyR3JhZGllbnQ+PC9kZWZzPjxyZWN0IHg9IjAiIHk9IjAiIHdpZHRoPSIxMDAlIiBoZWlnaHQ9IjEwMCUiIGZpbGw9InVybCgjZ3JhZCkiIC8+PC9zdmc+IA==');background-size:100%;background-image:-webkit-gradient(linear, 50% 0%, 50% 100%, color-stop(0%, #e7fffd),color-stop(100%, #ffffff));background-image:-moz-linear-gradient(#e7fffd,#ffffff);background-image:-webkit-linear-gradient(#e7fffd,#ffffff);background-image:linear-gradient(#e7fffd,#ffffff);border-top-color:#00BEAE}.syno-as-win .x-window-header-text,.syno-as-dialog .x-window-header-text{c

Chrome Cache Entry: 248

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11686)
Category:	downloaded
Size (bytes):	11687
Entropy (8bit):	4.999004858928172
Encrypted:	false
SSDEEP:
MD5:	9669B4BD83BF1FC3F269E1CF081ADDFA
SHA1:	F7B536BE2D599370C602F3070D988E6DFE20E000
SHA-256:	E71EC5EFE2180CE0A62FDDD8556D1913E5347870386257558F69088F3D5E5DE8
SHA-512:	A3E6BA8F0D0EB460BAAE11CEF1878E8EE0232C4ED756A28E13E6D3E2BFD05949586F7BB4ABDD24B2131375D1FFE11033B9131E560982F8C010B8ADD1963EC301
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/ConfigBackup/style.css?v=1614856777
Preview:	.syno-config-backup-tri-tree-node .syno-config-backup-tri-tree-node-cb{vertical-align:top;margin-top:3px;margin-right:4px}.syno-config-backup-tri-tree-node .x-tree-ec-icon{margin-left:3px;margin-right:3px}.syno-config-backup-tri-tree-node .x-tree-node-loading .x-tree-node-icon,.syno-config-backup-tri-tree-node .x-tree-node-icon{vertical-align:top !important;margin-top:6px;height:16px;width:16px}.syno-config-backup-tri-tree-node .x-tree-node-loading .x-tree-node-icon.syno-config-backup-app,.syno-config-backup-tri-tree-node .x-tree-node-icon.syno-config-backup-app{background-image:url("images/t_icon_application.png?v=03571820210454191") !important;background-position:0px 0px}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-config-backup-tri-tree-node .x-tree-node-loading .x-tree-node-icon.syno-config-backup-app,.synohdpack .syno-config-backup-tri-tree-node .x-tree-node-icon.syno-config-backup-app{background-image

Chrome Cache Entry: 250

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	95365
Entropy (8bit):	5.092709086818871
Encrypted:	false
SSDEEP:
MD5:	813DEB473D470D33ACED8C11B29ECD31
SHA1:	E807DCA75F54DB1F7BC0175881C893B282F82888
SHA-256:	37859BD4125C4333B127DFCAF1BE9B1F6C22FFFBB311D1F3207FB95E1D94E84F
SHA-512:	18EAF4730EB76F743C247AC6047CAD2990ADA8CAE32705EB2259D23297B5AB73D25425AB11BE7127C6EE2EE30E641E644FB485C1CBB7D30A7153B7C18AD2BD79
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/DownloadStation/style.css?v=1613720775
Preview:	.x-window.syno-dl-win .x-window-body,.x-window.syno-dl-win .x-window-footer,.x-window.syno-dl-dialog .x-window-body,.x-window.syno-dl-dialog .x-window-footer{background-color:#FFFFFF}.syno-dl-win .syno-dl-textblod{font-weight:bold}.x-window.syno-dl-captcha-win.download-captcha-formpanel .x-form-item.x-hide-label{padding-left:185px}.x-window.syno-dl-captcha-win.download-captcha-formpanel .captcha-image-field{height:100px;display:table-cell;vertical-align:bottom}.x-window.syno-dl-captcha-win.download-captcha-formpanel .captcha-image-field img{max-height:87px}.x-window.syno-dl-captcha-win.download-captcha-formpanel .captcha-error-message{line-height:18px;padding-top:5px;padding-bottom:1px;color:#FA4B4B}.x-window.syno-dl-captcha-win.download-captcha-formpanel .syno-ux-formpanel .x-form-item .captcha-info{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.x-window.syno-dl-captcha-win.download-captcha-formpanel .syno-ux-formpanel .x-form-item .syno-ux-button.status-image{background-r

Chrome Cache Entry: 251

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (23867)
Category:	downloaded
Size (bytes):	23868
Entropy (8bit):	5.0903592630324495
Encrypted:	false
SSDEEP:
MD5:	24C064552578BC4543287E56D6CF220A
SHA1:	3663F062FF3FD17CF68E8D6CDBB6DA2648FAC5E1
SHA-256:	E2171B7D02A18C88AE438AD026CB0EAB77533D8954F1495DC30C96C31F00C74C
SHA-512:	035BB432C81DA7E86A9FD20DD5C6904D402727327C4F89E58F353E6E317D458B138D64A973F6583934CC8DAC66C46D5ED7AFB1A24A04F25D03B649D832C729BA
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/AudioPlayer/style.css?v=1614856781
Preview:	@font-face{font-family:'audio-icon';src:url("fonts/audio-icon.eot?-fmivyf");src:url("fonts/audio-icon.eot?#iefix-fmivyf") format("embedded-opentype"),url("fonts/audio-icon.woff?-fmivyf") format("woff"),url("fonts/audio-icon.ttf?-fmivyf") format("truetype"),url("fonts/audio-icon.svg?-fmivyf#audio-icon") format("svg");font-weight:normal;font-style:normal}[class^="webfont-"],[class*=" webfont-"]{font-family:'audio-icon';speak:none;font-style:normal;font-weight:normal;font-variant:normal;text-transform:none;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.webfont-icon-close-window:before{content:"\e600"}.webfont-icon-min-window:before{content:"\e601"}.webfont-audio-repeat-one:before{content:"\e606"}.webfont-audio-repeat-all:before{content:"\e607"}.webfont-audio-next:before{content:"\e602"}.webfont-audio-prev:before{content:"\e605"}.webfont-audio-stop:before{content:"\e608"}.webfont-audio-mute:before{content:"\e609"}.webfont-audio-volume:before{content:"\e

Chrome Cache Entry: 252

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	37688
Entropy (8bit):	5.002364164032244
Encrypted:	false
SSDEEP:
MD5:	66C80B2DE311FB2092CC5EF995B71EBD
SHA1:	0A464622826EA559BE743B51E172D4FB30CFCA6A
SHA-256:	2AB991A8E939C791B669F9120D1D8455CC0F000FD1793FE77F2AB756B02D0D3B
SHA-512:	2300E9B79AEDF612729C9038DCEDB065851CC43EDB18A15EAA41FAF00E558C70FCAB62283BECAC9AD11C5BCC8C7B9766E8595DDDC3AD8EABBB8DBFBBE8330556
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/ext-3/resources/css/xtheme-gray.css?v=1614856602
Preview:	/!. Ext JS Library 3.4.0. * Copyright(c) 2006-2011 Sencha Inc.. * licensing@sencha.com. * http://www.sencha.com/license. /..ext-el-mask {. background-color: #ccc;.}...ext-el-mask-msg {. border-color:#999;. background-color:#ddd;. background-image:url(../images/gray/panel/white-top-bottom.gif);. background-position: 0 -1px;.}..ext-el-mask-msg div {. background-color: #eee;. border-color:#d0d0d0;. color:#222;. font-weight: normal;..font-size: 12px;.}...x-mask-loading div {. background-color:#fbfbfb;. background-image:url(../images/default/grid/loading.gif);.}...x-item-disabled {. color: gray;.}...x-item-disabled {. color: gray !important;.}...x-splitbar-proxy {. background-color: #aaa;.}...x-color-palette a {. border-color:#fff;.}...x-color-palette a:hover, .x-color-palette a.x-color-palette-sel {. border-color:#CFCFCF;. background-color: #eaeaea;.}../*..x-color-palette em:hover, .x-color-palette span:hover{ . background-color

Chrome Cache Entry: 253

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	191923
Entropy (8bit):	5.897003060397133
Encrypted:	false
SSDEEP:
MD5:	D29ACC0FBB5B7383253448B08E75CD94
SHA1:	EACC865B4E28784A27E443FF91A0D0FF663F0C45
SHA-256:	CE82CC0648D6C19AF53E7D0AEED5C96017CFEA37D66E6231AA7E80088FC63A89
SHA-512:	1B69F774AC6234FE09F8D51A9D5BCE079D251E84D572494688FB49012037B5AC91337D926A178D385A3926D8FE21ECCD24BDA18F1D988E07F3D57F83009D4D6C
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/ResourceMonitor/style.css?v=1614856781
Preview:	.resource-monitor-performance .x-grid3-row-checker.x-grid3-hd-checker-on{height:22px;margin-top:2px;background-repeat:no-repeat;background-position:center -66px;background-image:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAADGCAYAAADWinAUAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA2ppVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDo2MjY4RTRBRjQ4MjA2ODExOEE2RDg0OEUyNkVBQjIxMyIgeG1wTU06RG9jdW1lbnRJRD0ieG1

Chrome Cache Entry: 255

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31977)
Category:	downloaded
Size (bytes):	32164
Entropy (8bit):	5.5107446201505415
Encrypted:	false
SSDEEP:
MD5:	E11C607210ABEDD20755C220A68EDF68
SHA1:	394A3AF6D4D60F53909C7C9CE06C5A07C7DCC6A2
SHA-256:	789DB94A7DAE4EC135FBA20EDA7E103BBE58D1739DA10E4450061FD1C2296195
SHA-512:	5AA3C38C5F4453CCD6877A6FA73FCF3EFFF5ACBB18523D3AE3AA21F637FD7C6F845C3C98D3E45CCAA181DAA0886CF62CDB58C96AD2C8A8B4A9D065004E242EF1
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/ext-3/adapter/ext/ext-base.js?v=1614856602
Preview:	/* Copyright (c) 2021 Synology Inc. All rights reserved. /../. * Ext JS Library 3.4.0. * Copyright(c) 2006-2011 Sencha Inc.. * licensing@sencha.com. * http://www.sencha.com/license. */.window.undefined=window.undefined;Ext={version:"3.4.1",versionDetail:{major:3,minor:4,patch:1}};Ext.apply=function(d,e,b){if(b){Ext.apply(d,b)}if(d&&e&&typeof e=="object"){for(var a in e){d[a]=e[a]}}return d};(function(){var i=0,f=Object.prototype.toString,F=navigator.userAgent.toLowerCase(),q=function(e){return e.test(F)},w=document,s=w.documentMode,x=w.compatMode=="CSS1Compat",E=(q(/edge/)),a=q(/opera/),P=!E&&q(/\bchrome\b/),G=!E&&q(/webkit/),d=!(P\|\|E)&&q(/safari/),N=d&&q(/applewebkit\/4/),L=d&&q(/version\/3/),J=d&&q(/version\/4/),I=d&&q(/version\/5/),l=!a&&q(/msie/),C=(q(/trident\/7/)),h=C,g=(q(/edge\/(\d+)./)),k=l&&(q(/msie 10/)\|\|q(/trident\/6/)),D=l&&(q(/trident\/6/)),A=D&&(q(/touch;/)),K=l&&q(/trident\/5/),M=l&&!K&&!k&&!h&&q(/trident/),O=l&&!M&&!K&&!k&&!h&&q(/msie 7/),R=l&&!O&&!M&&!K&&!k&&!h&&q(/

Chrome Cache Entry: 256

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.16293190511019
Encrypted:	false
SSDEEP:
MD5:	FC94FB0C3ED8A8F909DBC7630A0987FF
SHA1:	56D45F8A17F5078A20AF9962C992CA4678450765
SHA-256:	2DFE28CBDB83F01C940DE6A88AB86200154FD772D568035AC568664E52068363
SHA-512:	C87BF81FD70CF6434CA3A6C05AD6E9BD3F1D96F77DDDAD8D45EE043B126B2CB07A5CF23B4137B9D8462CD8A9ADF2B463AB6DE2B38C93DB72D2D511CA60E3B57E
Malicious:	false
Reputation:	low
Preview:	GIF89a.............!.......,...........D..;

Chrome Cache Entry: 257

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12682)
Category:	downloaded
Size (bytes):	12683
Entropy (8bit):	5.095567670842347
Encrypted:	false
SSDEEP:
MD5:	F4F948167CC0E3A417454071DE1A1E2F
SHA1:	1D289AAFEB7604EBD417B740AB19E9413F2AAEE9
SHA-256:	51BB7129EDF1400EF4CD940F87DC3DCEF42D1C787C2520C20DE5A7B48018EF8C
SHA-512:	81D0DB0E6F8C0F3C57CC5CBC50A9D94960679D85E27CA43060B51D591C32BCCD96A3ADEFD14C8F0DC397BDE43CBF49B5FF05E9878B3D36B523812CE591ACA99A
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/FileTaskMonitor/style.css?v=1612254375
Preview:	.sds-filemonitor-tray-panel{padding:0px 10px}.sds-filemonitor-tray-panel .x-panel-header{padding:4px 0 0 0;line-height:20px}.sds-filemonitor-tray-panel .x-panel-header .x-panel-header-text{color:#505A64;font-size:12px;font-weight:bold}.sds-filemonitor-tray-panel.x-grid-panel.syno-ux-gridpanel .x-panel-bwrap{padding-bottom:10px}.sds-filemonitor-tray-panel .x-grid3-row{padding:6px 0 8px 0}.sds-filemonitor-tray-panel .x-grid3-row .x-grid3-cell{height:auto}.sds-filemonitor-tray-panel .x-grid3-row .x-grid3-row-last{border:none}.sds-filemonitor-tray-panel .x-grid3-row.x-grid3-row-last{border-bottom-width:0}.sds-filemonitor-tray-panel .x-grid3-row .x-grid3-cell-first .x-grid3-cell-inner{padding:0 0 0 12px;position:relative;overflow:visible}.sds-filemonitor-tray-panel .x-grid3-row .x-grid3-cell-first .x-grid3-cell-inner table{padding-top:8px;border-collapse:collapse}.sds-filemonitor-tray-panel .x-grid3-row .x-grid3-cell-last .x-grid3-cell-inner{padding:0 10px 0 0}.sds-filemonitor-tray-panel .s

Chrome Cache Entry: 258

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5883)
Category:	downloaded
Size (bytes):	5884
Entropy (8bit):	4.9122123821784776
Encrypted:	false
SSDEEP:
MD5:	8202826517AEC94071D3F0C111F47B96
SHA1:	B63D9529640CAD6E9FC0F5B729A7F96F4EC8945C
SHA-256:	73139EE3F2D532636E9A47BD7451553C7D4CFC1EAC59FC307A821021CE30080B
SHA-512:	A1B72FB0821C4F0C6D5393A0CD8A4DEAEA8F26AE5BD2CBBE68CFFE5FBD5298561CCBF64CADD753B065F693620B7A4D7AD3D5330D27F020507C5DCB295BE3BC00
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/3rdparty/MediaServer/style.css?v=1676712018
Preview:	.x-tree-node .x-tree-node-disabled a span .syno-mediaserver-disable-font{color:#B4BEC8 !important}.syno-mediaserver-no-icon .x-tree-node-icon{display:none !important}.syno-ux-treepanel .x-tree-arrows .syno-mediaserver-tree-arrow-icon-gray .x-tree-elbow-plus{background-image:url("images/1x/tree_arrow.png");background-position:-80px 0}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-ux-treepanel .x-tree-arrows .syno-mediaserver-tree-arrow-icon-gray .x-tree-elbow-plus{background-image:url("images/2x/tree_arrow.png");background-size:96px 16px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-ux-treepanel .x-tree-arrows .syno-mediaserver-tree-arrow-icon-gray .x-tree-elbow-plus{background-image:url("images/2x/tree_arrow.png");background-size:96px 16px;outline:1px red dashed}}.syno-ux-treepanel .x-tree-arrows .syno-mediaserver-tree-arrow-

Chrome Cache Entry: 259

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3203)
Category:	downloaded
Size (bytes):	3204
Entropy (8bit):	5.16809438342717
Encrypted:	false
SSDEEP:
MD5:	A89AFCBC73D6633EE6E85E547E8F0DD4
SHA1:	3E0CEBF7D1CB60D73FA83CE5D9FD61DADA4C3158
SHA-256:	A4A0029D3D6EA4CCA55BFDBB536FB5C0956FCC89ABFC820E0854C09F7BAFDAD1
SHA-512:	D7904A2A3D999FD765D48EB0C34327557313F1F93066A462717A541604EF93FDEF6B6B70F3FDE443F1AE399C47F760B19945E1160A2ADBA41A877FC22BD5316C
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/EzInternet/style.css?v=1614856781
Preview:	.syno-ezinternet .wrapper-ez-1{background-image:url("images/default/1x/ez-1.png?v=0332182021043326")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-ezinternet .wrapper-ez-1{background-image:url("images/default/2x/ez-1.png?v=0332182021043326");background-size:552px 80px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .syno-ezinternet .wrapper-ez-1{background-image:url("images/default/2x/ez-1.png?v=0332182021043326");background-size:552px 80px;outline:1px green dashed}}.syno-ezinternet .wrapper-ez-2{background-image:url("images/default/1x/ez-2.png?v=0332182021043326")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .syno-ezinternet .wrapper-ez-2{background-image:url("images/default/2x/ez-2.png?v=0332182021043326");background-size:552px 80px}}@media (-webkit-min-devi

Chrome Cache Entry: 260

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	104
Entropy (8bit):	4.806545700170941
Encrypted:	false
SSDEEP:
MD5:	E5852FFCA83F9AF9EC19DB05D564A774
SHA1:	4B126E925DA5A0FFD2B8BCB5793FC58379E1571C
SHA-256:	A30D0E30EA7025B3686A6F8AAA82C2D3C3FFF4F5D230E3199BDACA9D70A5732B
SHA-512:	C961FFFF995531D87100FF95BB7397A1A97B04C54055153CE994101FEF8C74862272876BB9FA756AA51049ADA3669B26BFE94FE807EF75DB28F5DD3174526C91
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/TaskSchedulerUtils/style.css?v=1614856781
Preview:	.recycletask-advanced-dialog .syno-ux-superboxselect{margin-left:30px;max-height:100px;overflow-y:auto}.

Chrome Cache Entry: 261

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8069)
Category:	downloaded
Size (bytes):	8070
Entropy (8bit):	4.987993255247586
Encrypted:	false
SSDEEP:
MD5:	2D0033400A5E82DBFE67B2902539DC40
SHA1:	BF3AF4B9782D545BC2E1F8D5E9A89F6462DC186F
SHA-256:	5A8224CDF05253ECCB9C190B3EC13CD4FE9174BA7BB6E8E62A23B76DC0F3D60C
SHA-512:	4DF49E13791BDE9F4754AD97B2EF2A5B08B82B5FEB0AE0F50C5316EF5F2C72EA7BA06214A1DFDF8818191554E01C8EE175B2A096A6732AF9D31F96D51BDF4205
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/HotkeyManager/style.css?v=1614856781
Preview:	.hotkey-manager.sds-window-v5 .x-tab-panel.syno-ux-tab-panel .x-tab-strip-active .x-tab-strip-text,.hotkey-manager.sds-window-v5 .syno-ux-fieldset .x-fieldset-header .x-fieldset-header-text{color:#69C1FF}.hotkey-manager.sds-window-v5 .x-form-item-label.syno-ux-item-label,.hotkey-manager.sds-window-v5 .x-form-display-field.syno-ux-displayfield,.hotkey-manager.sds-window-v5 .syno-ux-form-check-wrap .syno-ux-checkbox-label,.syno-hotkeymap-grid.syno-ux-gridpanel .x-grid3 .x-grid3-row .x-grid3-cell .x-grid3-cell-inner{color:#FFFFFF;font-size:13px}.hotkey-manager.sds-window-v5 .x-window-tl .x-window-header .x-tool-close,.hotkey-manager.sds-window-v5 .x-window-tl .x-window-header-text{left:-10000px;right:-10000px;position:absolute}.hotkey-manager.sds-window-v5{border-radius:8px;overflow:hidden;box-shadow:2px 4px 8px rgba(0,0,0,0.7)}.hotkey-manager.sds-window-v5 .x-window-mc{background-color:transparent}.hotkey-manager.sds-window-v5 .x-window-tl{position:absolute;right:10px;top:12px;z-index:2;

Chrome Cache Entry: 262

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65475)
Category:	downloaded
Size (bytes):	176088
Entropy (8bit):	5.373412862043235
Encrypted:	false
SSDEEP:
MD5:	108C9F6082BB04193E73F9853F735403
SHA1:	0E55CB6C93ED3DFE559D698CE9E03C0ECFECF72E
SHA-256:	5B6CF5BF4FE4405A4BF0ADED71470F6EDAD9E7AA8F44824747746B755DDB6D2A
SHA-512:	E35304CDA3C53AA11919A91BA2CBD52241586AD4928DD80587148FBFE570A18A6F65ED6B8A740C4FA852E23BBB737FD5A9B4A1D7108BCDD30B71E893CB3F952C
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/desktop.js?v=1614856781
Preview:	/* Copyright (c) 2021 Synology Inc. All rights reserved. */..Ext.define("SYNO.SDS.TransitionEndHandler",{extend:"Ext.util.Observable",constructor:function(a){var b=this;b.el=a;a.on("transitionend",this.endTransition,this);b.callParent(arguments)},start:function(){this.startTime=new Date()},endTransition:function(){var a=this;a.fireEvent("aftertransition",a,(new Date()-a.startTime))}});Ext.define("SYNO.SDS._DeskTopManager",{extend:"Ext.util.Observable",list:null,front:null,desktopId:"sds-desktop",constructor:function(){var a=this;a.list={};a.callParent()},register:function(b){var a=this;if(b.manager){b.manager.unregister(b)}b.manager=this;a.list[b.id]=b;if(b.id===a.desktopId\|\|b===a.desktopId){a.showDesktop()}},unregister:function(b){var a=this;delete b.manager;delete a.list[b.id]},isDesktopOnTop:function(){var a=this;return a.front===a.get(a.desktopId)},showDesktop:function(){var a=this,b=a.get(a.desktopId);a.bringToFront(b)},get:function(a){return typeof a=="object"?a:this.list[a]},upd

Chrome Cache Entry: 263

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 40, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1372
Entropy (8bit):	6.714855897849521
Encrypted:	false
SSDEEP:
MD5:	4AE28D976BE75EB155B9D10919CC4042
SHA1:	FE1D45BA2EC24585940F4BAAD4293DD3A7593A34
SHA-256:	8C3869D24C6976D7629FBE5A298B70B443C5135104645E565FB592BE1945B9C7
SHA-512:	A05558BF770C56EBC29F8B4ACEEA0C49334C93B6BD9A0D3802238467911B1AED244330E37AB600229F91A1763801642A1FC123AEF40B65256AEC6A12B6FABE22
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/resources/images/default/1x/login/logo_2.png?v=03321820210433193
Preview:	.PNG........IHDR.......(.......z.....tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c" xmpMM:DocumentID="xmp.did:FCF74F11424211E5AB43984E1BA8EE53" xmpMM:InstanceID="xmp.iid:FCF74F10424211E5AB43984E1BA8EE53" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2ce5faad-bbcf-4e06-91e6-ceae7674357c" stRef:documentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...{...zIDATx.b...?.%...B0j.......

Chrome Cache Entry: 264

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 28 x 168, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1837
Entropy (8bit):	7.390738089497441
Encrypted:	false
SSDEEP:
MD5:	7454F0DA7C7BF2B45F95BCB564B95F69
SHA1:	B76E0D9462377374C27059C55259D7CA1E158844
SHA-256:	4FDDB300B7AA27ADB05E294925CD6BBC63B17E09F81D2B63C037395A23AE4294
SHA-512:	EA4E7DC64DF59D564BA2B31D0F7E391063AE9DBBCA4D4C142400BB2A42B2A94F6B18C620194C3FE75C2610FD8922C41FF741A9828D1E3F1614C6F89FE1579550
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............~....:PLTE................................................................................................!..)&&<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FP<FPC@@QNN_\\`]]\|zz.}}..............................................................................................................................................................................................................................................tRNS........................"'*/89:?#C...........+,89;<>FMNQTU]acdnyz~.........................................,RE?23.nn..]^j......."..]g.V^Y/0.....<=...Qt.hi................................hx.....IDATx..Kh.Q..O..m....&....B...,...Zu....\|......Uk.._...........p'....u...U..i...df....w.4...\.s....s&T.r_........t.g#.~^..!K...8v.../.bn....h.......-UaO.!].`..A[.A...Gk

Chrome Cache Entry: 265

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 700 x 280, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	17183
Entropy (8bit):	2.7960008218992707
Encrypted:	false
SSDEEP:
MD5:	573E7AF50207EE0F67A3F60752802E92
SHA1:	4C862CB778552608D56D15B41686472AA8A88084
SHA-256:	9167F8E41207CFE8626D377C85EA6B57FD893D6F28F693F2A3BA53D5547BE5F9
SHA-512:	FECB1217893618FCC1935617EC9CD851751FA4B5FACB582A0A38B658ADAF0720BB3A286279444391685E7C426A1213917540DC95D743A36C57369DB7755AFE09
Malicious:	false
Reputation:	low
URL:	http://infected.quickconnect.to/573e7af50207ee0f67a3f60752802e92.png
Preview:	.PNG........IHDR...............%&....pHYs...............8*iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2017 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2018-11-08T11:54:51+08:00</xmp:CreateDate>. <xmp:ModifyDate>2018-12-20T14:08:24+08:00</xmp:ModifyDate>. <xmp

Chrome Cache Entry: 267

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19815)
Category:	downloaded
Size (bytes):	19816
Entropy (8bit):	5.028429451038713
Encrypted:	false
SSDEEP:
MD5:	420610560DD23B0F2CC1C03AA5DB778F
SHA1:	0C4D518CC6FF7176541F3F63AEF69603C253824D
SHA-256:	BECD6946347019CF330CD4EC2AFF0EF3D9AE961074F8B79F49AFCA492BC1F2E7
SHA-512:	F6AB1C6ADA71F87B9CE97D3AC74CC1D5BE53115225D9EE404CC04B051A8058707C95C8F9FD439E5024C1E1F5A88B41C664E071ECCF1D903BDBF358A2F795964B
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/VideoPlayer2/style.css?v=1614856774
Preview:	.syno-vp-appwin.x-window .x-window-tl{display:none}.syno-vp-appwin.x-window .x-window-body{padding-top:15px;background-color:#000000}.syno-vp-appwin.hide-controls .x-window-body{padding-top:0}.syno-vp-appwin.x-window .syno-vp-body{width:100%;height:100%;background-color:transparent;background-image:none}.syno-vp-appwin.x-window .syno-vp-body .meta-display{background-color:#000000}.syno-vp-appwin.x-window .syno-vp-body .meta-display .status-text{font:14pt bold;font-family:verdana;width:80%;margin-right:auto;margin-left:auto;padding-top:10px;text-align:center;color:#C8D2DC;text-shadow:0 1px 1px #000000}.syno-vp-appwin.x-window .syno-vp-body .meta-display .frame,.syno-vp-appwin.x-window .syno-vp-body .meta-display.buffer .cover-frame,.syno-vp-appwin.x-window .syno-vp-body .meta-display.error .cover-frame{position:relative;overflow:hidden;margin-right:auto;margin-left:auto;vertical-align:middle}.syno-vp-appwin.x-window .syno-vp-body .meta-display.buffer .frame,.syno-vp-appwin.x-window .syn

Chrome Cache Entry: 268

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15086
Entropy (8bit):	2.3310877319211105
Encrypted:	false
SSDEEP:
MD5:	C60EA375C39D1AB273C4D1BEE717287A
SHA1:	A140022C56B14D4F92E568FD4039525CBF7578CD
SHA-256:	6B8BDBBAAA1C79CBEA70AD3F7205C93FED597D5BED1A7E855FA9E4A128705BAB
SHA-512:	AECD9B5F83FD8DEDE58E26DBE632A4226A4C66A985DCB3813E837C3679A813006E61F60230B8DD93804CF678610069518A21498AFBF5261CEBB3A74A073B225B
Malicious:	false
Reputation:	low
Preview:	............ .h...6... .... .........00.... ..%..F...(....... ..... ...........................J............................................J....................................................................................................................................................................................................r...r...r...z......r...r...z......r............r.................................................................................z...r.................r..................................................r.......r.............r...r...r..............r...r.........................................................................................................................................................................................................................................

Chrome Cache Entry: 269

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65475)
Category:	downloaded
Size (bytes):	830407
Entropy (8bit):	5.3009834855776985
Encrypted:	false
SSDEEP:
MD5:	BF8782ACF92E64602A9AC15D4B17B869
SHA1:	269C01A078FD9941F23CE10D67D6A00608E00535
SHA-256:	B6EC72D8544FD4FACD73F38353F9BDF85B25A87A4A5BFD90B74FB7CF1A33CB24
SHA-512:	0590866FCFF7E8AE39008DCDD7399601F146525AD20CB558D038DA5997A998F7104201525478CD4888EA601FA83773FDA648DD81071764CC10941CAC57CAB6D6
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/ext-3/ext-all.js?v=1614856602
Preview:	/* Copyright (c) 2021 Synology Inc. All rights reserved. */..(function(){var h=Ext.util,j=Ext.each,g=true,i=false;h.Observable=function(){var k=this,l=k.events;if(k.listeners){k.on(k.listeners);delete k.listeners}k.events=l\|\|{}};h.Observable.prototype={filterOptRe:/^(?:scope\|delay\|buffer\|single)$/,fireEvent:function(){var k=Array.prototype.slice.call(arguments,0),m=k[0].toLowerCase(),n=this,l=g,p=n.events[m],s,o,r;if(n.eventsSuspended===g){if(o=n.eventQueue){o.push(k)}}else{if(typeof p=="object"){if(p.bubble){if(p.fire.apply(p,k.slice(1))===i){return i}r=n.getBubbleTarget&&n.getBubbleTarget();if(r&&r.enableBubble){s=r.events[m];if(!s\|\|typeof s!="object"\|\|!s.bubble){r.enableBubble(m)}return r.fireEvent.apply(r,k)}}else{k.shift();l=p.fire.apply(p,k)}}}return l},addListener:function(k,m,l,r){var n=this,q,s,p;if(typeof k=="object"){r=k;for(q in r){s=r[q];if(!n.filterOptRe.test(q)){n.addListener(q,s.fn\|\|s,s.scope\|\|r.scope,s.fn?s:r)}}}else{k=k.toLowerCase();p=n.events[k]\|\|g;if(typeof p=="boo

Chrome Cache Entry: 270

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6337)
Category:	downloaded
Size (bytes):	6338
Entropy (8bit):	5.080101305985981
Encrypted:	false
SSDEEP:
MD5:	05365380B711B1A04EAFF704422AB8AB
SHA1:	0800B5F5C2992FF945E40CAC2B7AE01A365E4041
SHA-256:	B29B59061E5732EAE3BFFBF319A5AD87D8BE1002558BFF7F6A77BD098C282AA8
SHA-512:	000C17D45E65A7929CB1A20BDC82AFCFE0267C631A39BCDF09022B000FE22655130048240B80E6657C2B4432CE79A76F2321D2437E689C9C34587991F4F9D6EB
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/WelcomeTip/style.css?v=1614856781
Preview:	.syno-sds-welcome-tip .x-panel-body,.syno-sds-welcome-tip .x-window-body,.syno-sds-welcome-tip .x-window-mc{border:none !important}.syno-sds-welcome-tip .x-panel-body,.syno-sds-welcome-tip .x-panel-ml,.syno-sds-welcome-tip .x-panel-mc,.syno-sds-welcome-tip .x-panel-mr,.syno-sds-welcome-tip .x-window-body,.syno-sds-welcome-tip .x-window-mc{background:transparent}.syno-sds-welcome-tip .x-window-ml,.syno-sds-welcome-tip .x-window-mr,.syno-sds-welcome-tip .x-window-mc{background-image:none}.syno-sds-welcome-tip .welcome-content .x-panel-tl,.syno-sds-welcome-tip .welcome-content .x-panel-tr,.syno-sds-welcome-tip .welcome-content .x-panel-tc,.syno-sds-welcome-tip .welcome-content .x-panel-bl,.syno-sds-welcome-tip .welcome-content .x-panel-br,.syno-sds-welcome-tip .welcome-content .x-panel-bc{display:none}.syno-sds-welcome-tip .x-window-tl{display:none;background-image:none;background-color:transparent}.syno-sds-welcome-tip.welcome-tip-bg .x-window-body{background-image:none}.syno-sds-welcome

Chrome Cache Entry: 271

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8913)
Category:	downloaded
Size (bytes):	8914
Entropy (8bit):	5.1162226240731865
Encrypted:	false
SSDEEP:
MD5:	5B466B5549915C4604E6810E09EA31EF
SHA1:	37C2427700EACE05294890E661BC123F5596A840
SHA-256:	2F507BB4B84FACE47959CEDB657BF4D5DD215CC81E42AF0EB2F3874599ADAA77
SHA-512:	68E49386A4C182478D0473D9435C1143733F3D4D1F9CCA24B4FF20AA22DBBDB814EE09164CEC3E38F17FA071B2162F967F9C1E32E20D8517998DA50B50C2C507
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/DSMNotify/style.css?v=1614856781
Preview:	.accessible .sds-notify-tray-panel-dataview .x-view-selected{outline-width:1px !important;outline-color:blue !important;outline-style:solid !important;outline-offset:-1px}.sds-notify-tray-panel{padding:0;color:#505050;width:340px;box-shadow:-2px 5px 8px rgba(0,0,0,0.5);background-image:url("images/default/1x/taskbar_shadow.png?v=03551820210434170");background-color:white;background-repeat:repeat-x}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .sds-notify-tray-panel{background-image:url("images/default/2x/taskbar_shadow.png?v=03551820210434170");background-size:4px 4px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .sds-notify-tray-panel{background-image:url("images/default/2x/taskbar_shadow.png?v=03551820210434170");background-size:4px 4px;outline:1px green dashed}}.sds-notify-tray-panel .sds-notify-empty-text{vertical-align:middle;text-

Chrome Cache Entry: 272

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	110276
Entropy (8bit):	4.895655718375089
Encrypted:	false
SSDEEP:
MD5:	6CE3F48A10C1E3CB11B1FBE6BFAE3CF6
SHA1:	7E122645C89AB3D00B0E701C138B7558A6FF01BE
SHA-256:	0CF2C776747F2757129534453A44A848E9DFD90481B9607C1E9C9A7691E412DF
SHA-512:	8553D2FA40613712ADD8A9FDF87C8F1B4323EA1F99FAB68AECEEABC129535B27AAC496F36B7118E4D9E9BA882638715FF71FB959455EC42064AADC9634B8068F
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/scripts/ext-3/resources/css/ext-all.css?v=1614856602
Preview:	.ext-el-mask,.ext-el-mask-msg,.ext-shim{position:absolute;left:0;top:0;}.x-form-label-left label.x-form-item-label,caption,th{text-align:left;}.x-grid3 table,table.x-date-inner{table-layout:fixed;}blockquote,body,dd,div,dl,dt,fieldset,form,h1,h2,h3,h4,h5,h6,html,input,li,ol,p,pre,td,th,ul{margin:0;padding:0;}body,html,img{border:0;}address,caption,cite,code,dfn,em,strong,th,var{font-style:normal;font-weight:400;}ol,ul{list-style:none;}h1,h2,h3,h4,h5,h6{font-size:100%;}q:after,q:before{content:'';}.ext-forced-border-box,.ext-forced-border-box *{-moz-box-sizing:border-box;-ms-box-sizing:border-box;-webkit-box-sizing:border-box;}.ext-el-mask{z-index:100;-moz-opacity:.5;opacity:.5;filter:alpha(opacity=50);width:100%;height:100%;zoom:1;}.ext-el-mask-msg{z-index:20001;border:1px solid;background:0 -16px repeat-x;padding:2px;}.ext-el-mask-msg div{padding:5px 10px;border:1px solid;}.ext-shim{visibility:hidden;overflow:hidden;}.ext-ie .ext-shim{filter:alpha(opacity=0);}.ext-ie6 .ext-shim{margin

Chrome Cache Entry: 273

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 1578
Category:	downloaded
Size (bytes):	733
Entropy (8bit):	7.716661594249324
Encrypted:	false
SSDEEP:
MD5:	8BD2F2B50502FE7DC6F18B24A190F147
SHA1:	FBA4E84C4BE703F02AFCBB5C008502E13AD26A89
SHA-256:	37109407C88BAA406F169B70F6BD5F34C5A1DD00A3291466F2A2150134393855
SHA-512:	E0333ED496CA32A1F5BD8EC3907E2A360FCD30D268726DB6C6E3C3E86F178387A1CDC11E8741D3A0A5A0876A763F34F5E36D7D6B5A61BF0E7706A2A482BA3254
Malicious:	false
Reputation:	low
URL:	http://infected.quickconnect.to/commons.15d0d7a8c9ba9444b179.bundle.js
Preview:	...........T.n.0.........Q.B..z.T%R..U..n...!......4I...{..7....{].4...B.... kb.zG..........].T..r....i...M.lp.....T.J...2..XP\(.Z.{.ck~..2.. .mQ......o.....&Y.5.K<B.j.X....].~5.........5row.n.].ti.w...z..0...#......_.......[.6Ew{.w....\.d%M...r.%~..DO...P.].5..B...=..!Y..C.....=......7\|p...[.\....HKn.[.m.....H....NS-.......cCit-.z[.......Vk. 3.:...\|:...$...^t?L.+q.,....R\|......g.>.,.b....,.c...C.`SF.-.?..K,....5........u...92l..g...\|...D..%.9.O..\|.v..Q.Zu:....V..,XP...U@.a.HUY...a.)....V..D..A...V......I.../.....Avu...s.4...B.......>{...z.j.9........QI.wc.o"....cg;....!.v\$....P$...Dl.y.......&p.&...g:........ps:}..9...D.#...f.P..0.9.T.....qVa#8.{}.../..z.He..7.._f....R.T9........

Chrome Cache Entry: 274

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (54644)
Category:	downloaded
Size (bytes):	54645
Entropy (8bit):	5.077729685264398
Encrypted:	false
SSDEEP:
MD5:	24864674EDA89B940E6F3DA7298D65B7
SHA1:	0CF96264D581D95D26BBACBFA5D4F57C0C2FACC7
SHA-256:	723F1ACC7049900ED1610260DAD7D837193F9DE415FC39F7743ACD2879D51D9C
SHA-512:	3D9669A9E76387BDC1B588FD6D1EED9C193EDE33BA6A5A197CF146FBAB5F1FE9DF2FE6CC73AD5FA817E859C6EEE0F85AC8F5B1145B73D538EFD22A64D04E4320
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/WelcomeApp/style.css?v=1614856781
Preview:	.syno-udc-win{background-color:rgba(0,0,0,0.4)}.syno-udc-win .x-window-tl{display:none}.syno-udc-win .x-window-body,.syno-udc-win .x-window-mc{background-color:transparent}.syno-udc-win .inner-panel{width:100%;height:282px;top:198px;position:absolute}.syno-udc-win .inner-panel .content{margin-left:68px;margin-right:68px}.syno-udc-win .inner-panel .title{padding-top:18px;line-height:28px;height:28px;font-size:20px;color:#2A323B;text-align:center}.syno-udc-win .inner-panel .desc{line-height:22px;font-size:12px;color:rgba(42,50,59,0.8);padding-top:12px;padding-bottom:8px}.syno-udc-win .inner-panel .question{line-height:22px;font-size:12px;color:rgba(42,50,59,0.8)}.syno-udc-win .inner-panel a{color:#0086E5;text-decoration:underline}.syno-udc-win .inner-panel a:hover{color:#0066CC}.syno-udc-win .inner-panel a:active{color:#0053A6}.syno-udc-win .inner-panel .bbar .syno-ux-button .x-btn-text{font-size:13px}.udc-welcome-panel .bbar{position:absolute;bottom:20px;height:68px;left:130px;right:130

Chrome Cache Entry: 276

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	167455
Entropy (8bit):	5.550799233855743
Encrypted:	false
SSDEEP:
MD5:	374D11732A073A25A9AB14D2541CABBE
SHA1:	A4303F9EA960034F7D43B9EDF7E0FDEBCF372538
SHA-256:	B1C87613B916FF7B962398E1CB88E7DD050A08888BF97357FBF9AF33E0CB4F0B
SHA-512:	6E477A1EC35E84553E9D47C0861A5531875D8A29E2D25E82E8987EF091D4FA86CF2E724FBE2E3BA755853EEF43AD06D12A5C132E905A3B2D9E2DCF88C0242999
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/StorageManager/style.css?v=1614856781
Preview:	.syno-app-storage-manager ::-webkit-scrollbar{-webkit-appearance:none;width:7px}.syno-app-storage-manager ::-webkit-scrollbar-thumb{border-radius:4px;background-color:rgba(0,0,0,0.5);-webkit-box-shadow:0 0 1px rgba(255,255,255,0.5)}.syno-app-storage-manager .syno-ux-modulelist span{display:inline-block;word-wrap:break-word;word-break:break-word;white-space:normal;line-height:24px}.syno-app-storage-manager .item-detail{padding-right:60px}.sm-list-icon{background-image:url("../../../synoSDSjslib/images//components/g_icon_storage.png")}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpack .sm-list-icon{background-image:url("../../../synohdpack/images/dsm/resources/images/components/g_icon_storage.png?v=03341820210433186");background-size:32px}}@media (-webkit-min-device-pixel-ratio: 1.5), (-o-min-device-pixel-ratio: 3 / 2), (min-resolution: 144dpi){.synohdpackdebug .sm-list-icon{background-image:url("../../../synohdpack/imag

Chrome Cache Entry: 277

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	444
Entropy (8bit):	4.95330331247286
Encrypted:	false
SSDEEP:
MD5:	0F675E5BCD6D8A9580CFBA26C3A2EA3E
SHA1:	4DBE67DFB63ECCF8108887512BF07BA6587EE307
SHA-256:	BAF6889774DAC4E34BC06756F01532520A6131C0710E6868922C12D7005A255C
SHA-512:	55ABCB16DCB46F1FD58A6819BAA0EF5AD5B6D4B40963B68A305C6246AA0349D9FA756A45A6D8B45EC1F3782E71786A25A9C427777FEAD92731584789CD3FC957
Malicious:	false
Reputation:	low
URL:	https://infected.fr4.quickconnect.to/webman/modules/DiskMessageHandler/style.css?v=1614856781
Preview:	.syno-diskremap .x-window-header {..padding-left: 0px!important;.}...sas-exp-fw-update.sds-window-v5.x-window-dlg .syno-mb-progress-status {..position: absolute;..right: 20px;..top: 51px;..line-height: 16px;.}...sas-exp-fw-update.sds-window-v5 .x-progress-inner {..background: #D2DCE6;..border-radius: 3px;..overflow: hidden;..height: 16px;..width: 440px;.}...sas-exp-fw-update.sds-window-v5.x-window-dlg .ext-mb-content {..line-height: 20px;.}

Chrome Cache Entry: 278

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from Unix, original size modulo 2^32 91534
Category:	downloaded
Size (bytes):	37178
Entropy (8bit):	7.992855941221083
Encrypted:	true
SSDEEP:
MD5:	1704A6FEFE735265060F62C70B4FB21D
SHA1:	8D491CE72CA412922ECF78A34C8061C873F00543
SHA-256:	9446D6A3A1D4BA04F7B10412A95209DED417D47569226599892B1E7F5A3CA8CF
SHA-512:	7A72408639FB418A10D04A477BCB1C957EEF56909E923DEE29801BC3B092805030A392B996814BFC0FFC13F7C3CD0DC745E305FBEFEB60A9072969BB8DABDBAA
Malicious:	false
Reputation:	low
URL:	http://infected.quickconnect.to/vendor.dll.js
Preview:	.............v.....~..M].h.i..4...N.6..J.V2(...S.B...Q...8.t^.\|.s]..T...}2Z...}.5.s.w........g..\|<.I......n..N..n.n1....Y...;z.g.W.Z...P..Uz....l.{...........d<.u.P7.....c.......v...6..e.%U....;m.8)..Y..n.........E......W....vR.g..r>>.e6.by.._..yV..w.;./...n.X......?f./..r...u..n.<..x9...[>6.2..Ig.a.I...FwI...3...UY.\e......E..[R..\|.v:I.....w....P..n...)].....I>\|.p.?v.....e6........d._U;_8@.y.a....sQUW...G?....Iy.......l..:..Y..i.,...?-.5..W7.......+..z..rYL..q1.)..l...U..tY.sk..l....t..\|.....wf.$+.Y.O?.r~...../.U6.y\|................\|z...q.l.:.E..`...3..d.4..g;....G.......+...[%....T8{...,..U....N...y9...n.o.<.y..Y........?...B.^8{:.w...&:Z(..ig7...?r...E....H..mk.aIv..([."-V..... ().?.g...Y.yv;..!....~.]W:.3&..(v.f.n.V ...s..Un.Y..o.R.....h...koX./..?..~../..[..W.9#...f.yvY....8..P^@n..,M..l...ln.j......t...3..{L!T...;[.3...........]..H5....3~<x.....v......h...S.'..4...X.......%....wf.8._.<_./m.._._...s.W..>.o..&....2.w.,..+..ny.

Chrome Cache Entry: 279

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 17 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1385
Entropy (8bit):	6.707197101123378
Encrypted:	false
SSDEEP:
MD5:	4DBDB1E9F369C182CBD18F3441DD782D
SHA1:	DF913037CCA29B668A4CB9D9D65485548F749AAD
SHA-256:	6677D7CB6B32A9B4A8475AE597CD524BEE5D6C8D2EAED6E05F14D8F80071648E
SHA-512:	486578079DF6029BE5F5ED63105FC01E7F3EFD3143E63AAAB42C602ABA706668285C0C6B3BF3C36009E1AC738F332B50FCF7451F8429CB665528EE80D467A610
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR.......(.............tEXtSoftware.Adobe ImageReadyq.e<...xiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c" xmpMM:DocumentID="xmp.did:68859A07424211E5AB43984E1BA8EE53" xmpMM:InstanceID="xmp.iid:68859A06424211E5AB43984E1BA8EE53" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2ce5faad-bbcf-4e06-91e6-ceae7674357c" stRef:documentID="xmp.did:2ce5faad-bbcf-4e06-91e6-ceae7674357c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......IDATx.b...?......`.QCF...

Static File Info

⊘No static file info

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://infected.quickconnect.to/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

Chrome Cache Entry: 177

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Chrome Cache Entry: 193

Chrome Cache Entry: 194

Chrome Cache Entry: 195

Chrome Cache Entry: 196

Chrome Cache Entry: 197

Chrome Cache Entry: 198

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 202

Chrome Cache Entry: 203

Chrome Cache Entry: 206

Chrome Cache Entry: 207

Chrome Cache Entry: 208

Chrome Cache Entry: 209

Chrome Cache Entry: 211

Chrome Cache Entry: 212

Chrome Cache Entry: 213

Chrome Cache Entry: 214

Chrome Cache Entry: 215

Chrome Cache Entry: 216

Chrome Cache Entry: 217

Chrome Cache Entry: 218

Chrome Cache Entry: 219

Chrome Cache Entry: 220

Chrome Cache Entry: 221

Windows Analysis Report
http://infected.quickconnect.to/